From 77d7f402643b360d21eee717b85d19b41ce68272 Mon Sep 17 00:00:00 2001 From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com> Date: Mon, 30 Mar 2020 16:41:45 -0600 Subject: [PATCH 001/384] Update metadata descriptions 3_30 3 --- .../set-up-mdt-for-bitlocker.md | 3 +- ...compatibility-administrator-users-guide.md | 3 +- ...se-management-strategies-and-deployment.md | 9 +- windows/deployment/update/waas-morenews.md | 6 +- windows/deployment/upgrade/log-files.md | 2 +- windows/deployment/usmt/usmt-log-files.md | 12 +- ...ivate-using-key-management-service-vamt.md | 290 +++++++++--------- ...t-to-microsoft-during-activation-client.md | 144 ++++----- .../monitor-activation-client.md | 90 +++--- .../windows-10-deployment-tools-reference.md | 4 +- .../deployment/windows-10-deployment-tools.md | 4 +- 11 files changed, 289 insertions(+), 278 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index d54f06dc77..e68b815828 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -4,7 +4,7 @@ ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 ms.mktglfcycl: deploy @@ -14,6 +14,7 @@ ms.pagetype: mdt audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Set up MDT for BitLocker diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index afbb20379c..30dcd0de23 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -4,7 +4,7 @@ ms.assetid: 0ce05f66-9009-4739-a789-60f3ce380e76 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -12,6 +12,7 @@ ms.sitesec: library audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Administrator User's Guide diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 162ad2c153..18f52b5803 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -4,7 +4,7 @@ ms.assetid: fdfbf02f-c4c4-4739-a400-782204fd3c6c ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn about deploying your compatibility fixes as part of an application-installation package or through a centralized compatibility-fix database. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -13,6 +13,7 @@ audience: itpro author: greg-lindsay ms.date: 04/19/2017 ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Fix Database Management Strategies and Deployment @@ -88,7 +89,7 @@ This approach tends to work best for organizations that have a well-developed de ### Merging Centralized Compatibility-Fix Databases -If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. +If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. **To merge your custom-compatibility databases** @@ -113,7 +114,7 @@ If you decide to use the centralized compatibility-fix database deployment strat Deploying your custom compatibility-fix database into your organization requires you to perform the following actions: -1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization’s computers. +1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization's computers. 2. Use the Sdbinst.exe command-line tool to install the custom compatibility-fix database locally. @@ -124,7 +125,7 @@ In order to meet the two requirements above, we recommend that you use one of th You can package your .sdb file and a custom deployment script into an .msi file, and then deploy the .msi file into your organization. > [!IMPORTANT] - > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: + > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: >`msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal)` diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index b23dfbb017..28ac9a4c6c 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -11,6 +11,8 @@ ms.reviewer: manager: laurawi ms.localizationpriority: high ms.topic: article +description: Read news articles about Windows as a service, including Windows 10, Windows 10 Enterprise, Windows 10 Pro. +ms.custom: seo-marvel-mar2020 --- # Windows as a service - More news @@ -19,8 +21,8 @@ Here's more news about [Windows as a service](windows-as-a-service.md):

You can either:

    -

  1. Specify up to three <role> elements within a <component> — one “Binaries” role element, one “Settings” role element and one “Data” role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    2. -

  2. Specify one “Container” <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

    3. +

  3. Specify up to three <role> elements within a <component> — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    4. +

  4. Specify one "Container" <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

<component context="UserAndSystem" type="Application">
   <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
@@ -3847,7 +3845,7 @@ See the last component in the MigUser.xml file for an example of this element.
 ~~~
 **Example:**
 
-If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile.
+If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X's profile.
 
 The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected.
 
@@ -4104,12 +4102,12 @@ Syntax:
 
 
name

 
Yes

-
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component’s name to avoid namespace collisions. For example, if your component’s name is MyComponent, and you want a variable that is your component’s install path, you could specify MyComponent.InstallPath.

+
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component's name to avoid namespace collisions. For example, if your component's name is MyComponent, and you want a variable that is your component's install path, you could specify MyComponent.InstallPath.

 
 
 
remap

 
No, default = FALSE

-
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable’s value are automatically moved to where the environment variable points on the destination computer.

+
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable's value are automatically moved to where the environment variable points on the destination computer.

 
 
 
@@ -4228,27 +4226,27 @@ The following functions are for internal USMT use only. Do not use them in an .x
 
 You can use the following version tags with various helper functions:
 
--   “CompanyName”
+-   "CompanyName"
 
--   “FileDescription”
+-   "FileDescription"
 
--   “FileVersion”
+-   "FileVersion"
 
--   “InternalName”
+-   "InternalName"
 
--   “LegalCopyright”
+-   "LegalCopyright"
 
--   “OriginalFilename”
+-   "OriginalFilename"
 
--   “ProductName”
+-   "ProductName"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 The following version tags contain values that can be compared:
 
--   “FileVersion”
+-   "FileVersion"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 ## Related topics
 
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index 06e514f5b7..e9f8587729 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section contains topics that you can use to work with and to customize the migration XML files.
 
-## In This Section
+## In this section
 
 
 
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index e5c224c42c..88176e8e84 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -23,7 +23,7 @@ When you migrate files and settings during a typical PC-refresh migration, the u
 
 -   All of the files being migrated.
 
--   The user’s settings.
+-   The user's settings.
 
 -   A catalog file that contains metadata for all files in the migration store.
 
@@ -37,7 +37,7 @@ When you use the **/verify** option, you can specify what type of information to
 
 -   **Failure only**: Displays only the files that are corrupted.
 
-## In This Topic
+## In this topic
 
 
 The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file.
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index d35f96bdc7..b86f415221 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index fe9b3114ee..21bedde961 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -21,7 +21,7 @@ ms.topic: article
 
 This section describes how to install and configure the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index 72013798ef..646d92f8a9 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -18,12 +18,12 @@ ms.topic: article
 
 # Introduction to VAMT
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
 
 **Note**  
 VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated.
 
-## In this Topic
+## In this topic
 -   [Managing Multiple Activation Key (MAK) and Retail Activation](#bkmk-managingmak)
 -   [Managing Key Management Service (KMS) Activation](#bkmk-managingkms)
 -   [Enterprise Environment](#bkmk-enterpriseenvironment)
@@ -46,7 +46,7 @@ VAMT is commonly implemented in enterprise environments. The following illustrat
 
 ![VAMT in the enterprise](images/dep-win8-l-vamt-image001-enterprise.jpg)
 
-In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
+In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
 The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab.
 
 ## VAMT User Interface
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index f1f3ce5baf..a2699960b3 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to activate a client computer, by using a variety of activation methods.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index 64027a69f0..c363018e6d 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -19,7 +19,7 @@ ms.topic: article
 # Manage Product Keys
 
 This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database.
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 889a9d6975..1d0a211e37 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 |Topic |Description |
 |------|------------|
 |[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index 75c2d8b3f0..c203fe7ea5 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -14,7 +14,7 @@ audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Monitor activation
@@ -41,6 +41,6 @@ You can monitor the success of the activation process for a computer running Win
 - See [Troubleshooting activation error codes](https://docs.microsoft.com/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
 - The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
 
-## See also
+## Related topics
 
 [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 61096c7c82..4ce4e78992 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -28,7 +28,7 @@ The Secure Zone represents higher-security Core Network computers that have addi
 
 ![VAMT firewall configuration for multiple subnets](images/dep-win8-l-vamt-makindependentactivationscenario.jpg)
 
-## In This Topic
+## In this topic
 -   [Install and start VAMT on a networked host computer](#bkmk-partone)
 -   [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo)
 -   [Connect to VAMT database](#bkmk-partthree)
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index a99e7fd10a..98bc193c4f 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -20,13 +20,13 @@ ms.topic: article
 
 This section provides step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; the scenarios in this section describe some of the most common to get you started.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
 |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. |
 |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. |
-|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
+|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
 
 ## Related topics
 - [Introduction to VAMT](introduction-vamt.md)
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index c73cbc4546..23c0a83614 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -13,13 +13,14 @@ audience: itpro
 author: greg-lindsay
 ms.date: 04/25/2017
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Volume Activation Management Tool (VAMT) Technical Reference
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
 VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems:
--   Windows® 7 or above
+-   Windows® 7 or above
 -   Windows Server 2008 R2 or above
 
 
@@ -28,7 +29,7 @@ VAMT is designed to manage volume activation for: Windows 7, Windows 8, Window
 
 VAMT is only available in an EN-US (x86) package.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/windows-autopilot/bitlocker.md b/windows/deployment/windows-autopilot/bitlocker.md
index 234ae17fcc..02790d704c 100644
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ b/windows/deployment/windows-autopilot/bitlocker.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -49,6 +50,6 @@ Note: It is also recommended to set Windows Encryption -> Windows Settings -> En
 
 Windows 10, version 1809 or later.
 
-## See also
+## Related topics
 
 [Bitlocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)

From 6c8fd18af3a5b910770b227e871ad90f20a68e90 Mon Sep 17 00:00:00 2001
From: jdmartinez36 <62392619+jdmartinez36@users.noreply.github.com>
Date: Mon, 27 Apr 2020 17:00:35 -0600
Subject: [PATCH 014/384] Description and anchorlink text edits

Description and anchorlink text edits.
---
 ...-custom-windows-pe-boot-image-with-configuration-manager.md | 3 ++-
 .../upgrade-to-windows-10-with-configuraton-manager.md         | 3 ++-
 windows/deployment/windows-autopilot/autopilot-mbr.md          | 2 +-
 .../windows-autopilot/demonstrate-deployment-on-vm.md          | 2 +-
 windows/deployment/windows-autopilot/registration-auth.md      | 3 ++-
 windows/deployment/windows-autopilot/self-deploying.md         | 3 ++-
 .../windows-autopilot/windows-autopilot-scenarios.md           | 3 ++-
 7 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 82fdff74b3..772a703dd2 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
+description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 ms.reviewer: 
 manager: laurawi
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Create a custom Windows PE boot image with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
index 553be3b239..e4b97b8f74 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a Microsoft Endpoint Configuration Manager task sequence.
+description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Configuration Manager task sequence.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 ms.reviewer: 
 manager: laurawi
@@ -12,6 +12,7 @@ ms.mktglfcycl: deploy
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Perform an in-place upgrade to Windows 10 using Configuration Manager
diff --git a/windows/deployment/windows-autopilot/autopilot-mbr.md b/windows/deployment/windows-autopilot/autopilot-mbr.md
index 24cf4eb654..dc01756f7c 100644
--- a/windows/deployment/windows-autopilot/autopilot-mbr.md
+++ b/windows/deployment/windows-autopilot/autopilot-mbr.md
@@ -70,7 +70,7 @@ To deregister an Autopilot device from Intune, an IT Admin would:
 
 The deregistration process will take about 15 minutes.  You can accelerate the process by clicking the "Sync" button, then "Refresh" the display until the device is no longer present.
 
-More details on deregistering devices from Intune can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
+More details on deregistering devices from Intune can be found at [Enroll Windows devices in Intune by using the Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
 
 ### Deregister from MPC
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index c2481e9f46..93415f3702 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -571,7 +571,7 @@ Windows Autopilot will now take over to automatically join your device into Azur
 
 ## Remove devices from Autopilot
 
-To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [here](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
+To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
 
 ### Delete (deregister) Autopilot device
 
diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md
index a91c17be27..ff5a02322e 100644
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -45,7 +46,7 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
     ![Request a reseller relationship](images/csp1.png)
     - Select the checkbox indicating whether or not you want delegated admin rights:
     ![Delegated rights](images/csp2.png)
-    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal:  https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
+    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal by going to [Customers delegate administration privileges to partners](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges).
     - Send the template above to the customer via email.
 2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
 
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index 4bdb15131d..32a9fc9283 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Autopilot Self-Deploying mode
-description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device.
+description: Self-deploying mode allows a device to be deployed with little user interaction and deploys Windows 10 as a kiosk, digital signage device, or a shared device.
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.reviewer: mniehaus
 manager: laurawi
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Autopilot Self-Deploying mode
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index ab95bacbee..307d43a3b9 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -59,7 +60,7 @@ The key value is a DWORD with  **0** = disabled and **1** = enabled.
 | 1 | Cortana voiceover is enabled |
 | No value | Device will fall back to default behavior of the edition |
 
-To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
+To change this key value, use WCD tool to create as PPKG as documented in [OOBE (Windows Configuration Designer reference)](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
 
 ### Bitlocker encryption
 

From 9c4a5e6193eb2fdcf8211738f6e5d169fe874561 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Mon, 27 Apr 2020 18:22:26 -0700
Subject: [PATCH 015/384] exception text

---
 .../tvm-security-recommendation.md                     | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index c3e900103b..0a890f34ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -127,12 +127,18 @@ There are many reasons why organizations create exceptions for a recommendation.
 
 Exceptions can be created for both Security update and Configuration change recommendations.
 
-When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
+When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes from **Active** to **Exception** (global and all machine groups) or **Partially active** (specific machine groups selected).
 
 1. Select a security recommendation you would like create an exception for, and then **Exception options**.
 ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png)
 
-2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
+2. Select your exception scope. There are two types of exceptions:
+    - **Global exception**: Global admins will be able to create a global exception. It affects all current and future machine groups in your organization. It can only be cancelled by someone with admin privileges.
+    - **Exception by machine groups**: Apply the exception to all machine groups, or choose specific machine groups. Machine groups that already have an exception will not be displayed. If you have filtered by machine group, just your filtered machine groups will appear as options.
+
+    If a recommendation is under global exception, then new exceptions for machine groups will be suspended until the global exception has expired.
+
+3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
 
     The following list details the justifications behind the exception options:
 

From 871309e121b8e97059786a82842d128f64492cc1 Mon Sep 17 00:00:00 2001
From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com>
Date: Wed, 29 Apr 2020 15:01:34 -0600
Subject: [PATCH 016/384] Update metadata seo marvel 4_29

---
 .../deployment/configure-a-pxe-server-to-load-windows-pe.md   | 3 +--
 windows/deployment/mbr-to-gpt.md                              | 2 --
 windows/deployment/update/PSFxWhitepaper.md                   | 3 +--
 windows/deployment/usmt/usmt-configxml-file.md                | 2 +-
 ...-information-sent-to-microsoft-during-activation-client.md | 4 ++--
 5 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index f9405d730e..10ca75dcc9 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -15,6 +15,7 @@ audience: itpro
 author: greg-lindsay
 ms.author: greglin
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Configure a PXE server to load Windows PE
@@ -23,8 +24,6 @@ ms.topic: article
 
 -   Windows 10
 
-## Summary
-
 This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
 
 ## Prerequisites
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 069506bda7..63942c3c38 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -23,8 +23,6 @@ ms.custom: seo-marvel-apr2020
 **Applies to**
 -   Windows 10
 
-## Summary
-
 **MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. 
 
 >MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 8f73fcdfd0..4a6d9ab0f1 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -12,6 +12,7 @@ ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Updates using forward and reverse differentials
@@ -37,8 +38,6 @@ The following general terms apply throughout this document:
 - *Revision*: Minor releases in between the major version releases, such as KB4464330 (Windows 10 Build 17763.55)
 - *Baseless Patch Storage Files (Baseless PSF)*: Patch storage files that contain full binaries or files
 
-## Introduction
-
 In this paper, we introduce a new technique that can produce compact software
 updates optimized for any origin/destination revision pair. It does this by
 calculating forward the differential of a changed file from the base version and
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index f8f45b4983..4c13ebf641 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -34,7 +34,7 @@ To exclude a component from the Config.xml file, set the **migrate** value to **
 
  
 
-## In This Topic
+## In this topic
 
 
 In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only.
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index 1d78a11ea3..82f515da68 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -15,7 +15,7 @@ author: greg-lindsay
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Appendix: Information sent to Microsoft during activation
@@ -66,7 +66,7 @@ Standard computer information is also sent, but your computer's IP address is on
 Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
 For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
 
-## See also
+## Related topics
 
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
  

From ba1ebe05ae281ada212a7e536e875e559738c0b0 Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 5 May 2020 18:05:34 -0700
Subject: [PATCH 017/384] fixing meta

---
 .../replace-a-windows-7-computer-with-a-windows-10-computer.md  | 2 +-
 windows/deployment/planning/sua-users-guide.md                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 1d0f3af3ab..84daf20005 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,7 +1,7 @@
 ---
 title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
 description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 ms.reviewer: 
 manager: laurawi
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index e896536b7d..2d34aa8326 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -1,7 +1,7 @@
 ---
 title: SUA User's Guide (Windows 10)
 description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
 ms.reviewer: 
 manager: laurawi

From dda752b272b485db68276ad48a655287ca8ab3e3 Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:26:39 -0700
Subject: [PATCH 018/384] Update
 add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md

---
 ...10-deployment-with-windows-pe-using-configuration-manager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index ca669792bb..4bb5ffd7a4 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -1,5 +1,5 @@
 ---
-title: Add drivers to Windows 10 with Windows PE using Configuration Manager
+title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
 description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
 ms.reviewer: 

From 02418ae3f8e00014f4f7ed4d42873cf2695385fb Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:30:55 -0700
Subject: [PATCH 019/384] Update features-lifecycle.md

---
 windows/deployment/planning/features-lifecycle.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index be5c414b84..e89d1cec9f 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 features lifecycle
-description: In this article, learn about the lifecycle of Windows 10 features, such as what's new and what's been removed.
+description: In this article, learn about the lifecycle of Windows 10 features, such as what's no longer being developed and what's been removed.
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.localizationpriority: medium

From ae8ec06b5c176e2a8eaa0910c817ebcdb02cf52c Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 10 Jul 2020 21:05:56 -0700
Subject: [PATCH 020/384] devices

---
 .../tvm-security-recommendation.md            | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index 4dfbba217a..7dd13f87d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -96,9 +96,9 @@ From the flyout, you can do any of the following:
 >[!NOTE]
 >When a change is made on a device, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center.
 
-### Investigate changes in machine exposure or impact
+### Investigate changes in device exposure or impact
 
-If there is a large jump in the number of exposed machines, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating.
+If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating.
 
 1. Select the recommendation and **Open software page**
 2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md)
@@ -141,24 +141,27 @@ When an exception is created for a recommendation, the recommendation is no long
 ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png)
 
 2. Select your exception scope. There are two types of exceptions:
-    - **Global exception**: Global admins will be able to create a global exception. It affects all current and future machine groups in your organization. It can only be cancelled by someone with admin privileges.
-    - **Exception by machine groups**: Apply the exception to all machine groups, or choose specific machine groups. Machine groups that already have an exception will not be displayed. If you have filtered by machine group, just your filtered machine groups will appear as options.
+    - **Global exception**: Global admins will be able to create a global exception. It affects all current and future device groups in your organization. It can only be cancelled by someone with admin privileges.
+    - **Exception by device groups**: Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed. If you have filtered by device group, just your filtered device groups will appear as options.
 
-    If a recommendation is under global exception, then new exceptions for machine groups will be suspended until the global exception has expired.
+    Some things to keep in mind:
+    - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired.
+    - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires.
 
 3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
 
     The following list details the justifications behind the exception options:
 
-    - **Compensating/alternate control** - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall -   -   prevents access to a device, third party antivirus
-    - **Productivity/business need** - Remediation will impact productivity or interrupt business-critical workflow
-    - **Accept risk** - Poses low risk and/or implementing a compensating control is too expensive
+    - **Third party control** - A third party product or software already addresses this recommendation
+        - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced
+    - **Alternate mitigation** - An internal tool already addresses this recommendation
+        - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced
+    - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
     - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
-    - **Other** - False positive
 
-3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
+4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
 
-4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past).
+5. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past).
 
 ## Report inaccuracy
 

From 7255a9f4730b625545760cf13e8710fa7b17dbd1 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 24 Jul 2020 15:44:36 -0700
Subject: [PATCH 021/384] new images

---
 .../images/tvm-after-exceptions.png           | Bin 0 -> 29069 bytes
 .../tvm-exception-cancel-device-group.png     | Bin 0 -> 16894 bytes
 .../tvm-exception-cancel-global-400.png       | Bin 0 -> 12719 bytes
 .../images/tvm-exception-cancel-global.png    | Bin 0 -> 13617 bytes
 .../tvm-exception-device-group-hover.png      | Bin 0 -> 11884 bytes
 .../images/tvm-exception-option.png           | Bin 159108 -> 0 bytes
 .../images/tvm-exception-options.png          | Bin 0 -> 4753 bytes
 .../images/tvm-exception-tab.png              | Bin 0 -> 16105 bytes
 .../images/tvm-exception-tab400.png           | Bin 0 -> 19531 bytes
 .../tvm-security-recommendation.md            |  84 ++++++++++++++----
 10 files changed, 65 insertions(+), 19 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png
 delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-option.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-options.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png
new file mode 100644
index 0000000000000000000000000000000000000000..c4ae7c83186b37cbddfcb53477d4a6df5dcdfa70
GIT binary patch
literal 29069
zcmb5VbyOU|*DVT3a19>Z-JM_w?jGFTU4jR92<{MqySsa^!CiyQ-~@Mg&F{PSyX(HU
zp8YXv*7S6DRh_CjXYYMZMJOpqq9EcULP0^HNK1*SKtVx=0Uu|0Sl|lrSDZQE3&BxJ
z%LNJwb>Qs-oy>qr09=G~m6jKW+l9l!p&=UHRi=l6B88F``>OUm>v-K?Qw@^+@AZ~;
z#CXA#&9Y}{*QsSq-^Lo@{fUWM37W7gZd+}5X4TgbMhuT!G5ENQqSeUAkE>_q*rIIf
zHs$-GYQ~x05cC@30;{memT_Q~61-{S_P(|R$e54$K7yT6t1l|Ep^52h$83--)
zC3u{O>LHR5m;CGt%CKj>!q!
z3@XrA6eoJwwyyLzqj&Gam
z)PAe>w0Q5L+x7ATkxPwQj+~KE?hzMJ5T|LJjrH1_rg3Mrk2^7-b(QIhpbj!@%G0be
z{Q@P&ydf$530JJXlZ6F;Q;3;CdStI5sWnK}w)|u!#q!ABFLN=W$oNhj=Cy6PXAPyt
zdo0bG_3HAI3|cCxgVD%1ZA#KYJH)RhgzA&q__Gs3b`ue$mOlBxb1
z5`i`IdWzm?nOgok+W7jJB)#s1l%1F2s?}1?Q~kpAX)$_^T%Gdc?zxlN7`HP*<%J@A
zY*t`87wEFNA+7}p4G-Zn$4}9}HpH!t{+_d_@-3Co%2?#r?S!PuPy%mcPp-6hHy_ZJ
z9EEM8$3<;&$h`OacUAY%9_QeGg}ASG_amxYx8lQ+@S)xg>fRO_M{;^R@R)N_P?JKT
za;CXNXkGvB)3Aj|WS9lI$MOdL?mv`fcHin#9O_jrLz_?~%s?J-S1RT0g$;9OY8M)I
zDmOVtD)#sCm)?6kTvReI8UAWz8U7@!#bjKXTwy#uHZ|+Ri}djYbnSlmC%0+jg;hGr
zS;HE;(S&BHh2IWr?bO`O#OVu8RWh)}4=S_^#n>gaJQ}nPj%~l;`)8E`KbNhYs>kZZ
zWwI~FS~p4w@0k&!Jm_%w`IBG1=^iFkmX;?GS)kG%Wes=CloEP=3UOGZ1y#)Lm{+RI
zuCKChcIZKred8f~yB(oRsMZjYNVa+3t_Q+mj+vy&>uj0&?wtkod@L&n83&m5DE5K4
z5%h$bvs`96t~A*^PQu+LB--Pm#echibEdR-`I3{pn4G&nr<1EuO~GNXl*efeacVY8
ztvlqawAEidZaP+Cw-7H|{LSM|r_&ir;d?T^v$8dr&Ag`pw?N0xee0h*>;7tyKjSOU
z*ZJtSmrSCDYCQ4RrQWe&No0ngTng#vtnJ!X))!$l@Yz-W3_Js(+>fB#8OB|1#JfBF
z2y9HP$8R;ZiWE2A*`^(fG8Ps@Iu`S_jOSdj?kz41{L`a#>u#Jce+H%(Inr8x#}<%q
z&FD5pgHHI8vM<`I?~P&2va?;?-Df^X)mSVkG&k|)Vg|@+`p*Z&@kp7
z*PYSSbY_aGm=hK8D9o%ZkM<5G?tj(m-jaZY)8Rj;*o-_FXHU=dii`p&b2*h@fPg
z5d&?4dusFNUO}Ld+l`@@6LLhAnBWj`W9@tV>cP4C*QCKl`=VkKR_yBQ@63$a%#|K2=j&Mi;7YjHIHzknnLNF={3o`0
zg}21pe*U^%7u+=?GvuA^>Oo9)GFk`K$T4vzOvb#kT5)&buyosx=r;}i7PM~#!9BCz
zqp@?jZ~wOGqok)L%2t%&@#NAK{>8$ZMvyEoSg<`Mt6IcziIO^a
zs|*wts>%CcE-3AQRZ63q7T>Ulq-o}#nSXscW(UlKVPy2c)fxtS4Tpyrv(;=rt59<=
z=do^`w?T$zW6`^kMB(+qMt?GjMb7LnH&7h6rH}e>fyhp$+t*@?gTx
zTG$~`_EZMbD9>oz#~$I+4g29Fzs5}LtQ4j!j>QjOX1?kIBcP*Av?#}^H6E_BzVBP6
zr8N|3^ZZkK%jUjF+M$X&0Cynur)7wq8uRN|Gkwh-8>?eyy_p%Lfy9u{6qQ4qKn$Oj
z{FUNh!sW(EPbSF`vhha8VPyaGh$x~RS~OP|S_X9qfY#;+KIo57(NITE)uc0OWd-;u
z3Z{Ck4x>FIObVUReEAL&x-UtxbVk^hR=*TpS&HPRF*$wt^U4dBxbiw)mF-=sZ4;E|
z6**@_pb0c9bH?R`Hx=?PaK=Onm@B;#UPglMW25
zl<6K
z5)q9a9}g7mZaO%{(6M?(p%fR|@{?-2xVF*yY5S@See(|d*+y59c?aFyF(}2mWq(
zCGzP#`VgBnI{Q5tDg0?xle`r2yXtUdeghFNBI~#tFW_c!i!I>>{4t|lhfcOr%>Iy@
z(YHES^2hfh{ti#eG+5Z;2p3HVGJ1-7OGECO25S6OzMiQZiDAxqwyT?4>&x|8Kn|w(
zE}_22Gyy*?Eo!0R^(yh>61m?;>ND_Ydn#
zmRpl6Z{*YqVXHjD6gYd+CGbz)pKRqp2!6F`+o6AoI*;mPI)bR1n|>Kr$H$&@DcRI(
zE-tRUw&YkRNsV`>OKq3|wovo%=DHsGCk*_j*0m^mJ<@}&X_$EQ6_IwdcXjp_eI*US^$-B3;
z*%JEJhd1Xk8Ef@H4ovLwjr+CfyVQGZkf>V~U(zTejYpRrBw%p7arN}L4`tErThlV6
z9$yF*?EjdJ(Pi?lYs`K>Sx&_2P%f(S-=o#(e&u%Q>W*&R7(B6iMJ68;#&*1tK@$vS
zw~}$}wsul|KXCL4p{jfJ!-Mn97vXu5b&Erq<1E+N^sZuT%2C;DD*4^Dk`^fgt+lh*DKAS)HNSY@Fja
zJ0sEZvV|?G$fIAiuE~Og)hA87RX@QHD6m7WIpy^9mW~f0sD(&lwG?w!2QfvI;F^%%
z{uPVK!|6Jd(oq~WSh$vp(aguMPT`Rz&r2NIKQy0b7%KecIar~BmUOIoKksdg;1_~T
zV^mz6!xHl4dHmKYX;0in7hsMWHl){OCYlr9-L6U#aDwiN?tSxm^;SiPEJq2zP2}Q70m(wb!2F~q&oUF18@}xiw7;=WLal&
z8r!g&;6EXSXOiYmqc3rp$rp&Gt_2|r2hgwr)IAu_DEa+2SN
zZm6~v*RptZVOi?u16_0XIj5@`=~2|%pPcJMBR{EjDM6HW0TGif-OK~~-zIVTb@3Ur
zALm`kU_mdZ7)9nos4pywa3}JxI8Eus%df^1G3D|>-`ak_9$bGi8kdtJ-)CZ{&)IhH>tR`a24m<{Dda7n-_2ZXz}qd=?fQOuK0pwe{plimqstD@<+^
zgt4`g$=~mUbJ;~%iMoB@6ig&4hX&VN2iU2F2ZU2rwuCm2G4&HJphy(zN9$r1V|ZCH
zZKi3*#YmY0VCc62PCQ5c**Ca;QZ5DrvS2*<&}o)}5J2L<{cpVjkT`~eyh)iP1U-GI
z2L73|;sq)&^nOK76T*`+L^r-u#Tumea)rZ4$r}!>+_B-dgN%wn8H|^c70`3N@_oGl
z5KF|m58n5!w|lgDoaG$len21##q~wUSmJ*-I=$CgUBZAzUiS0OpQc4I_kC$8$p##!
zXJ>cHq@xKSued009p$xw0c|-REieK1Aqa5apXV`Wpp(Pry6f&NRO$#k{p%OFni8#Y
zS!ur^6%NGwI?IC%3~X|~0T{9t(Ek%JiT&MmEXKEPdYpWPXR8C+EuI8XU=R-c7zwf<
zlPEF-=^>yRf9ddlq7KI63*_^s`u{2&g$h2FUgDwpuuHZ2_N4?~sx_dgxWAv?7*7a{
zDQJwWAsaUbI8h6x%}Z1+*8)R%nvP~y@mrhu|IrD
zsDLctpJTyc(j26?t0>RBORxWv#ZEa$pnO~m;%Ed{*@M2{K+s;g%7wSi+A-c!0ke*D
z2=n0vBHaHKBEGXNY1<0Vht|QF>v-|>AtB}60$kU*G987M$8^`-$IwXggp2%e!WH8P
zeLx8lt?o?!#)YP;aYY5*hX_AYEkNIJyVbq)@PTtQUYSRILfsV0{k_-HK^cK{R|pz7
z#A8JQGB#b0f;XoEG~aDk{SH;}6N_t6AM78j9L%Lhi1f#TTd~)FEQb74pqHttld~Bb
zmGX-Ws&5d-74G|0xubQexTG?r0KMgsT4?~+xJKNt_wc;qVZhq!;V(?9s8~?44a-eB
z)2{pQyrrDzn!3pI{NYwe$RAr&{&C8;Nm(o~2+#TE(tm5JVwiVH=lA7F*0>L>S*g1d
z@3b6fR#{B{DZF$+(vnH#Ol1D%7J*PMtDtC>g@69IbzK#bzIsz)(^{68sIHl?oLdxO
z57sXJh2<;V{;N@m%?2Y~b*{&e^?@#FK)Q!UEeo*$RIJt@oL4!Enm+kUAg1Y1nqx)0?o(zL-pK@GY0Kctlf@I~va565gp2Tm;J*k-QeUOxVxdCA1ru5*
z=6z9>UR@Lub;20+9l6lpzRME`2gbI
z{v&qsE~2fHiE1%o;tCfJiaNe^&UZQsQ}Ay9cREp7Yh)gn{?|fIQeol`1^Rb>{+O%^
zt>u39i;x4R&JV%8)NkuAY~{fzP!WMDg`jFAFw#XEGup)y-o0nxg;m;*CCNieeaAD;
zt*qHy73-PGp8>`SV<^1*kjVFu2vuC}xKm=c6ZOlZTMou`?=|O}ueyir_T{_0vruK|EAKfST{s?sKsD}1apmDs&uoFf9h&CIFX>+f|X+`AUU7*z5Lr(Tf3wJEFi+
zQ+@gv0y;-XFkipcRQH!jwU@zy;~+8Dig@HfI}F;VBZj7TUZ60|dY#+x_;?MsLYKx>
zd-mn#N-T1vx_GiI_A53Zuw>QrRe3@y1@+`1HbA$smtQH3x4LP6Bmb2Jx
zA|IgInErXiN7R?t@Iz{I>Jf}VGZrQMzjU~55Q!bC{U2l-sBNBC^h6^*WLNxj~B
zFWjf(9BWqP88?$bG9I)B7~_Ku;@ZiHc={w%CrmhvX6j~t0!Aa>U}q;SIi|&Qq&T2l${>I-+v07w1hru!x$!e>0nr?W8|+seiNqgtxY!@
zGbkzo<3i8Q=N=W&YQGCYSD2}wlxP(6-Y}auOuc_T^PfBwJWI%Wa_c?-cWkY?NQc+T
zS)&@O@$1~4jc49+B_wt$Oq6l}@zACuigF+v$W*YE0TC(gd}o-$@9De!X4^zRny|o}
zIEJy<&y4@1B2-+^O-46g*0qWK?#SxuIX(&d5$+7fKo|_t`Q`>OjF;lKNQaVOkX~?`
z9X8D;a}b$zAHuyo&T4rDlXoevzczkABvS+8S=z;ufgs$Mjq=UHy&V@zS$eGwt)d9>rZBF0tEl_FXqvu!bFxO$CTq`9nE^*t_7a
z0m;8S3s~F?VmNyNiFI5X0CM7_&soU{rSi-;vJKM5IQm+Y$GacQvI$
zv;8_aFO2w*KM&pH#|L04J6=w7jdSkVH+7l|H;?q&7pAKX$pUirP
z9XMUfcID3Q<;K5z$p7{BT4*-)q;!j+-u&XY-oO{C5YzZB5$I@TG7A$8A6>wG#6cFn
zN3TOhyT{o@kpCT-|LZz=DHnVm1%NX0S3<9C*zj}7uUR2}TK8GrELxcVtm^0c
zLjLN!Z*ZS$5c7BDUYlCc&$c9rVW7rH3HE_rmJJM~+?AL=P80exKb(ru_MfLb@b;=VJ+vGU@;Wol~kI#w|%3~vHUteDuuM>G*
zUS4o;upuj+zy>1#!#U(i2^lEn3T39-6?ZiG)#S|8dO%dG2%n`ya
zU##Qc<1=v*uKr2JcFx0-iw}rhC^Ftw?|E(HoVK+3J*^^7o+~g_hrqTH9Tmm(F;yet
z{oKB;inLjd`|VNI+4e7XmXHaH+XNyTWADV|6JigU6;~aqdn)w`Dp0$n@Ac&9&C-|q
zIP#AOl%V?QHP}Nxms2Fji;9h5GH692;#)ia#fHJl0+9`J#n|`Aw&3%C#5C1#cX>JU
zbDnioqBBUF4K~$-;8O2j-LsX@rc7tPC%;+--{Hqr>m2#PfkOM=
zIM-``svl62J@p%hp}3H2A|js3WUf1=KnQW#C6eja!$H!Eg!%l{9Si4wHXFwexz=AB
za#meQ>H#xvzsq^uk9E1eY(h6oufI8|cOde+F*C^Bq=zW`(?$Ny@@A0mynaR%uO(5}
z=h~wWJBi%RGO$(daHS1%X{Li@sREsy)oePrh&WFp$@JDd_@}*??3eU!3HPRdw7fMe
z8C6^v)Va4&9Qj;xai{~qauXhE5qfQHHg51OD0w`pbXoE7KSGW1zCES$INSJUztK_Z
zbF*wABP$!_{I?HgaC(FLpIr5``iSOY0s6m9J~O@kVwubCY>jA;r^B({yw4G*wm3Yc;
zS*^R5)ATkl&m4l^-gwoTXjcq
z_ORVQt9d&w!ZYo**jtxmO}!l8$wQ$@zQUzlH@VC;vy<=sncnGUncl1Vj|(oJ(F|W&o%_(Tz8;;r`mtW#Oa=3&^!4)
zeOdp2%>1`LvDH~Srhj3U8^a>Z=02%@g>OMd4smRfdv?Y>R8_l@f_Xt~EwXcNMf=G@
zK;%Rx&$o$uNhw2tSKWHlW;v^DLUCQ}WY4^EC`lYd?&dGgF;p)=lkKQ92G
z!Aw9Jbgd{QJ-!G!z_idEj^ux}Oql4J)u?KVEBiHLz3MaV8S6clbk6(Q
zZ$X3U-;|EiquiM2+h&9O@xYcg+T*NV+-7Y|7xI-P@Zl*WXR(pZjTmJd^7>I%>|I3a
zSnWHm)I?9Vcl(uay&W-xEN&!s`4hm#S065!a5&>Ew4ss0@y1`=@{~rnnYwB|wKO#x
zo*CZ%y!~sd?K6?Cp(CQjc`P-~Z13MSEaU19QIi);sN;!PqiUf80SY2_f=2(0K3`ur
z8=x^P=OU(TSCC_*DffqaD7Q^S%*QJZu=rm~yCQdq$X6E&i6qEVIBijGCAe$DD|>yQ
zZ%LlGKBZYC(4!5wJbRoG&7*KcrOL2sGSN1fBks&%Wr(b0N7?DxKL2-MS#YSGp0a;lDJ_J8BOE8o}W|rD#OFLKV=@
z_tWLy7f5D5bMwCPIh4FhUiS9W;m`n!vrW~1rUg4svU6*%Rl;=svuCobowxSaS|)DC
z%s;A6h0}2Pk$3-;zt+;CiMgDlT1UI&?a75_demkeI;jAb;j5y?fEriI=OSSeh#xrM*c~_ggsz#VImS^6-_^POox5qeRXv{N7!9_h|{u~oclfGPKk|9
zPFNYlPZOO3k^J(Wwtmv*B$Q>}kQ0iHj**4u_VEcNH(So*CyC<&1)tbcL7F5>m!78*uz{Uwh0x`@?Wk|fBTD0vySa)mo_IONwTPP>*C5E
zNqwu`br}(OwxOr?Jr>Q2HDqdQhXT*Lk=GH8oGUp1m%@_`r45S;?`~%LZQ9_!RS>Za
zb!h(lGE3ku4=Q>;_q^!VZS_`VG=O(GmD|~~dUj$w!BKgvl`glv`HHnlA~5?_a1>s<
zpC{Fo)s>MwOh3|nk5l~`1({TMlb8lHxnB@4FuEfvk3xrS|Eqzgjs*#bo!##v;d{^P
z>bt1oV()_ZO}@8AT-r}1JL-zQe<-vM!t(xjON?m3JZJL
zhm9r>9w=1VG%_7K_cEEAOzB)ryQeqR1k}?OO*4O9ptyOROGzGiU}3|XuSYn4o-xtU0;S+vqGy;{w#>tl
z9t?jSm=ojjv}28-SYX+&_nFs37Tm&3d;zTbI@yjsQ2?ef*j5M^*$mP1sB#$SLB8kt
zg)1_ws@h1o#zu4y)Lqg$eV<%}9lc;o75DD?`-^=NxxKMrIDs!&J9^&R&xG#aBRres
zTc6}`@w|u>KWCV_RN}xBX7NEs)b}I!k4l|HaPUG6e4!wTY7#)=H!Z>9N<9NTEtLFLVcuT6xNYPLd{T|V;7_$w1l=^J|^s68d-Z6
zTrMxcaB~PQZh5I-S`({m%?jNJeT)t_{ycGd;LPE)_weByZ?#XFg-Ihb*fACjWuW5k
zU7v89~=*zrewrod1ltmX#d!TmfXxO9hlEN#TN29T8dgGHtfGP8WF5RVUk%pI7z
z`w^-cLd~^bV9#qp`h{E~xn1ozN6b0636ji623U?m=hvA4dvb2h_0nk~KsJu3mTK=~JT#?@m+k^~vHR^>}LRvH-gl<`o
zEAbHG%hb$HAXP0^|F9%+p{g2QpX{=>BpXjYL$|yxm(_(ZrmG+-WE;m-KiPWSXDwsg
zup(kq$;}fb7-L5E2cKXIWabkg893
zt9k^~jL?N7T2veqx3>by0`UKjipghqR8;!QcgTL*b83Wh{1y^CaLJxULK`6z!RY;&
z0GU!%WpkpM&1*L57hn~{s9Bhs^N+qd?Et1(S_wfV^$6qu>~5BM&(*@$I8#&0OmR3#D3iU
z+orn6bXg_u>7&1H;lkbAn(BSR@oaImLUaF3o&K^Tg$ui!3Hg|6)!RS9Xl%Y>!0H4^
zzLM;G3I8_&O{XD+hPvftR7QFg7efe(_Q+KqmfMS!=IJ;SwRm=}Mg)a9$}p0h=_6lw
zFnrEi1W0gs#!OJ$L~$l!IKvXzK6aeb4*ukRloMb0z>iZor&J|KQEo1n`8^+TMwaQA
zt-Nsyw$gkX2mv~&+yK#VS8l2kYz!SRS!qK2HO^I+d3Mt@d^pzlk)ovWLWIH_|9x_E
z$^`d`*2XF0O(p9`4{hN}AY+lDIq@)Nz8JC$$O1QeF@zrW7CfeqZ*7@jV-s`Z8mUAq
z!4u*jGyU9Yo6eQKY^7h!t2>0TT)@&B=EhJ2cmUH(2CGO*MsmU>Qw8W&8$Vt_+N3Ra
zJ}W5ymd${G(YFG@K<&_CGyG*1CRAuRaYNRAF{y-viKPI>)N|v!m|%h|r}BK6%!vjD@HXio@MlQE7%R*csn=
z&1#l{Pz`)yc5jbV^;Mo?W`r%X#7bM#75R(6QL449iHc?{O8)SbLdNRU!lJM&GL0Zj
z)P$LZBV*)@kZ7Athpq8=Me$D#y8}w7v@tz-XMi{1;g%
zO>O?I|G`aQ*fI33@5^eLS-qdGC6o&io)b^=O>e%{f~deyX^uX;qKx`Cyn+heubWnQdHo3ZiWv_I70F!K$nLvvcFC>gu&SLu
zJl!SA;`_L-^_6o3)a1(Y9~*BT_cuwWw7U65Vg;=
zOv-S^2#>m|vn|DaDfM<15~Q?yYcUGMV&P?r=oA8V&dAeFAO@%f!E;#Kh>iH7eq2YF
zD&bLXMN=CX=#P@(P#Sb;YbX?EWy(QpLM?ZO((`lTgModAt
zrtwl_PPNv*q5wxqIdt#IbWF$Anz`EG`&+2*EacWA_y-rq*|qaHb)Ctr4DRj6KA<+A
zeJ%u@BIq|QZDb#iDc(Og_&XFs0Mz|_yuULg&V0J-VNYJPSR(;EQ!#fU$5s!yM7bh=
zl~MP?S4~YkOd17BPR^vCKhcq4-@^v=CM#ql|EG}Ooa(kgRm69*}+gPfqSf`K6cc3f8w?VloCA{5ZL6zjOBg=8m#X3
z(gJdR8{e=fj!4VBe~>Sw^rQvGeH={3O_ey11t?G*Hr{|(i~!n#e#hCWhGb6to~CZU
zH6q&@%x5)+4rnR{}LBlCkd}1Og^5mh$Qm1G?pjj
zAsUrwK#Cl#V34&43Hd#dB7TqVsTVQ&{{Xu!DV3CZ1U$?Ck#?*AR$f(zV$d+;;`hr=
zKIUTFApD~YVB<8_8j}MPS0X1RN4;#~q@FD%fC6yB>Fe85SLq5<5StK)Nq!f;1CcK~
zyc{GQGgC7!3_u88wZik>(&d8Zm7lm{+;ANV{R3#V
z*?89zinRgyU!Vpm^75QwB%p6VGM_Y<7^t
z2T*}T@ioNCW)%evB#q@+0Ejp+1zo2AZ~S<$#LN=
zT?D+{i{}E?U@0gq44D*qjGo;L9!`Bhx;>2Ax_@q`WzmNRcmdcPKV1eJl3#|d6B`mLf%FDU;!1mX
zlPYZE++fX4a*w^Qv3Fw%Pyfn?Om)1VNm?$xylm0H>8@*B5AoI1>3NXzm0bYoOnoZU
zDQl?Y({^KskAwW6p908S_~<~<{5CtLkuq+S-h+5Gb4^P}cI}`!b+}_^LMzgO!)nq`Pioeh%$WkCa;t`R4!bCOh}<-(e2(
z=I@L_F5a~FOZJcvUi~-Acx>Htp#|3Jciu4c^jY}A6RCnp@Xh$;7DgKw6i@eU1vgK^
zcy5_VQ-$|JIYT+Xp;90%!|gHpZ69q{psn=}%5o$oCoh)McKY#YIUl(dVKgV*wty_g
zjdQ)b@ld^AX^JSIsd79eGh_wBoLAW`q-5&BIl6l?H7)p^P_P|;(o8+4LhBb^yxyF|hnH
z)VomK{V_k+?zFc87N`0i7`k^T*aKC5kg=h1PNBwm{b$rOu7T!>y^Li;&1dr|nPtUU
zR?w7UvmrkLZ6$mxGwT&!&Xs=M^BQ&-3%%*{UbdQga=oWS>*-y%g>L{PM#;yMOFftL
zomfGli8@QqU&T+oZXEem^cEZhdh(HC|3&x-c+1@D6g`3pU@N{0?=3c!xAP$xsQvM>
zIN{jhp35v`&}hVH%>IitLit_T!m`XfSL^nkVn#adeBJ!&iP74QiT$PVA2KR{1D7=NRf$Tr0C$${ZU!YLw>*{>#+5E
zhH^X9@S9?QkK@H7p1ocG0`h9OnE-P=)wcEd3HjN5;ssw5^KW^?aT^(R&c(g$)c9=I
z3FNulEOJZgKd8@jCtjdhN5HftGud8CJFtUFYmVY=o~DV{E}hMtI$J|a7-%&d_m4QZ
zGb^<4B{B4ktSkZ0=p4U7Q0YNr0aA#Li-bPu?9x%*F?_vB86_yXbV>iYJ1avI(+TR5
z+qpwcMD!n4q{8OzuB@t|23&yxP5tE#>3dNJLba4-P5aPe44W-*e3Nvf(TPl+WWdqNSy@>rGwZhe;$2yV%{ge?r2ll3fz{w2&(F+&TfM2C
z@p{r>JU4NBce~(_tR5!^q8lu-8|4#T_UOnhALw#Zklhimf4hih*Y&$(SS|YE@R8`$
z?dpCRjiLHsY_m>2VnVRO)$$%&=LxIFPt$Y0fM5S4ELlVT)b2is>$YYlFZYJNe$&p<
z%D~qq6G-m0sT__~+ATJAJ=ZudZMVyJzw`BDBmaL+c~R`(&d3j1yJ^(>G>6R3czCPT
zHE)oX-o3-LpPt0;*RL~KABG2}N1#~CyQX5pu6o0clDRRhWC)8i=X%I`+jzp-%Yx}s
zqq!sDE0@ZfaH)ruRKGM^vLRnB)D-`uR=Kdh=4bW!??(U_*i$pl518A%|R-4oFkiClBW>p=0qVEK}nQlC6zPI?V?KA-RG}&K>vv{s`?K2T*Mp(HIdC5|>
z!Bs&c)jsZGbA9sL(b*
zyKw-DGVrhf9e)Nu!RY-NoNoo9|F;KRquC5zE`(=)J=?vG7+h+=x%NLlRRvOQmi_0D
ztjR>z6Z>e$$35=EmT5Zfa*Y6p(Wf7GgYo7;M3kwVU}5O^S$RSs
zAH?hUhU`eLG2UR{nLshv&)NXA)d{etY_Y~L`yosA?!oyU*XjW>D1gfP=&&^GoP)=M
z8f1iBv8)ISj5*xUP;W?ejw%{0YrsTm!EpvxKA(M3%$;uzr)WR4t)XtcIMm3@+ZHi%
z(puCU{B65u)V=yITP0OnhB%Z-Cd)jJec)(rilP#Rz!~bA!`{NKDat$Ab}vF77@Yz{8VJUWS2(3HZs>}-Y@qe#VHpY|drZ8OJwP}Vz)7hYFmm@-;&QUa(9E_(dLhQL44;+@p
zBfIJ~0&1hyI=xdfc^pvHPqDJQMn+PLda6*RvK7oB!(U-x1+V+;qAG_DF$w2-499Ax
zln%3)2@O5-wbm_-xc&nP=tN^9mH$r&c)hx3tAxI&PM#+p5H9>wn}E0$=TyeM4CJ9L
zo~gy`KCj5eTtd65vMuig%t&J<;`#0dG~lTpSMo^Fcl8A8e9$w2H%JPUx7k)Ut1Whl
zS@E_ykdTrmt5V8t_G*rAQNzrH2AkEcU5}GxU1c$DtEVmTI8Y4B&aTfwft_#CZdKlw
zbY_lML17ta%0~cuMS19dVP&n-;^Hs@9{Z{JdGXzyL{Hm`o%dsE`nhBS@2{p=QjeOI)T0q6;?N$QPqqI==eclEcO`Gq~>X1Rc5-wvebdE`9%
zzsCLtXWK7Y`+;Eoi{O%6e9`_dRNS8cybjM6sPITG>5u+gcG19A`Z%m@?7T-d5OnqZ
z!r-47AmmEGOlnxZH$>&cSPR1LDoF|z_bsmXig6>#cE~fTL7G*Q)78QP%m-9BHsaNr
z*B-xmD+5(YeB{Fc&-%X#+t>&jK5jPgjQq#ThGxRwMN`pX70&tzW5@AB;c
zqHYlA$n?3o$2GauA5K=!1&R43zi&7(OBJ;s;|P}t1vrFs*5L+xw-a$Ah2H`Iz+^%(CBY<82fbu|y8R)a^^
zakd)f9ckw(f02uW_ODeYd)XpVSwyi9*=a`2Z;SxtEsIn3Xg_N6t4BoCgzIP-NX3i9
z9q?q~t`r&L+x}m7?CC0{VhnD0@4(+Jg9Rl#JC!K!o^w{K&0000oE>QEAZ`7svt=1`S+lzaVBMVA
z#y#f5;kwpK6kh$%`Z#v{mu-R95rNVGd*6UlzOT{g*K>|T*idy#J3d_)@n4LUOtih{
zt5)7h7%<2i2EopHTC*c;i_V9llADjJ(fB)rn#)z~;ht*Q*&Z|iJ$qE^exCYfxBl$_
zU`F@VDcZ6ZB^C5HI>~MtPM1si2@w4SNw%b
zn1d?B`r~2zYx_=ab1M6D?Jusvl3{7UnZvrAUo|>}R9RUJ>bI;_5KnUa4)p0MuhuH6
zxwoy+;l{wu%SENJmiRS^t}qw92{|02I3
zm7p+wiCMiJ6-tcF+`V`*ugolh1N}nT{6Vk{8iCzqqnl!J$-#7>Y^MA0T~DK7J2FDm
zffZg*8wVDB$nRMmzWW)hrFrPm*^%QX-akFRa233IB@_x%O!Nxo!{1-&I_sV&cAZxU
zgCR@S^b3Jv4M%;4Er-5}4Z?f36y(`ipFFdy
zWPf1()I{eUX#5ZE)De>N3XFIh+X-m6ZqS(jKk7Qms5qi-O(!8}pz+|65D4zB0RjYf
zcXw;tgS)$j;O{CS`XbDV
z{RWNvE9jppIHXa?sN%~xhgmrV4*7#N7_!wBC?0SvAp2}jl{_u6TMmy_v^F1toBi2f3B(n(t#zn54vWT|F!j<;L|a9sV{!&slU
z9?quKCv`5MNkBY)c$R-(-PCF4XK8c)!%k=En~5!z(zDnt1pW7E~FI^(dR5;v8URq4&Q)kAB3Uunp7x$x%cHN~!jWtfhoS0sq
zLvA>lviSDSL)14dULCPSd%htTv|V;kafFa}+2)FHBMsup60c@lh4&O>pOEBCgFpaUAkENxX%PJnO$x
zEh&!$%>VfxRdP}I$J=N0Gb257YmNa{+Abc2oKLtZ-PUd5Us)0b1O^tj$AJE^t@$r@
zWMrJI*rnR=Y!z1uXP*Fn*ewZG7C69
z@IzrB0*`l|FHT#LlFU#G{`F;C>`>j`TD0C?2S4@QN{8|e!&|w5@v1K^DnI{i)0oSn
z4KS?Nf;m*BwUSBof9Oy_S}ihMskOlP*Tpd+lP--<;t*(gzkH{6|D9XFFlaK-#OQuZ
zFhU2IGD6inmh)J~@^|)6NSm%PhCxEOK688K4eI?yGF3oTN^;#VyWJX;Iu=O_kPvc1
zfx*0KS{KrFz|}cN=|5``dlA&yxv|;nc~8+nZg_@O}dQ;LkwzEFRtB
z)HT5ySytnlYJ%rf&~?f6QLMlPS6{e7n|(-)Mm_d_1vFhH|&7-cl$$Jzz407S2g}er0PfIM=D7w
zHi&ZuuQ0${AHt;elQ`oVznZ7@CvkK^Y!uNn)WenwqKwp?)8^o)V+g>Q(~(oS@UMeN
zGwc+-jF>>zI`65Pa9`6lpu>5cJQ$ido2s@>Ng#N2+<9bq<)vPnWjR1c+8kCLplvOR
zjeJ7{5V4m`G>9y(Ur18=G
zPbH-7>tV>UDXwYb4kD{*+-BhIKhqu-eqP_u`AJ-qUdaTe)dZCSQNb3ovd#}0<#c>X!6_NPFT<49iZ4-oHs22k
zra*BQn)aRNoP0iAb#_utyDl92ZHJdrqUyq1S?4$BCqh>i+cFD1n&yuDrOR0xSrsI>
zn%Pw+&K#Ef2Tydh2Tch;E8W`3K9Zn2M;-+D$+;pLF}x8_mRmZn;v)vbG$_d3PaY-3>zKw8LncKZy
z!rOBuXKks}JrmoP!b_u}-hz?Evq7G32p>4yw`ogWqp541nB16?@-r>Ly!!l5RCq+9
zt8RT{PqJ*mEl^qZC!b93w>YH^6IFOi3*NAsyfOPk%Y#ICeG%i76YMDmN?xroXP-x6
zVA@pImVH=Mw{u)Q$3um1n-`~4oqk^Ikr`6b3UC=L(h?1Kx0PnfJRszi%M%F}UBFwy
zTrjS}aZGyZ>uYDAcpNOad=EKfszj0`Tdo#v79|@*!<sC&gqkxlB4>dNMf`m!{~rmYxrUN8^Lyi!)|T{tf_))W(s
zag(rDO&1lHdla!+*7*F;IYBr@xtJzZU?Mt5{aub@C#InV`5ZjpNM$=MNR?S`RXRCH
z99>La{B^X#0BnsnRGm8@u%kCxX^h%ZRmOa^MPok4#jIwy?7K4iWprbLH@PMQOs#N0
ziAXae(b@8zdEP`WTe&Z5DIvz4O+h0=xImgGH)1S_n2KV)QZIaA?!8HVv7X7Fn70M6
z^F6_JR@v_m;w9?%^LooZAo!6Y3sd9;78`pb*(%96y?ZT)AR-F#BSq+9{LBSxMd(J`
zCjGltfpu4=C-8J`?HH}|kqwAUN+AAZf
zQs6f`NMdUhmU$gs(uDJWB!gdf|75QfPt<8Yk~g{CmpVVzQcNFA8X>fglLduvIed{q
z&d{vd*y{*jWd@^}pf!H6#SRb`w&Bo+)6?55;c+!BrYc#;N<+>-u_>{}Gg@LEC_DQW
zLI1nIXeZ3RvDw~2zn44OQoH4%Ap*@7+;VS)r}R`6Hqr)8Tj<2sgd2l9)20})0)}y#
z@Hs1twH%`k@N?oil~AbiEYbn7c1B)phje-l*OAb5f6cnT*InAP?$d6)nW=+m&59
z1{XO$vDOfENAt*9*j_nHaKQeQD=4S$)|n51uY%fs`*hKqk+tbkDy~U(8O1HZ+CC@_
zixsgLTtg~l`+TggVHheK6u5Zocy)U1lt1KG4fuTHAmS=g9e0;?)|1uYR42y>pz17I
zP_AD;e?7h3r|uvP&MI)V$FW3>x11@Mr{kway{g$iyHOfrm%G^sr_g13;aESNn%E`8
ztF){`uFgVJKLaZY`lQ%jJV={JD#a}thg1}s?}F*q*eTM_y{%u
z&^ty`=DuO`9H7J%kfoIlXDZ@xT#UKOw8H9vJ3LN&azw&9@-f!m$)4T$p-m*2z=goi
zPFw%?Mvlfc+66n-ovPj+RU5}<`?)3<+umDjBKM_|SLP3H4Z-4tBo#QD#|j4S7Gd@r
zN`cx$8^wq{l@(N=fITCbBP4W&VD1_>sd_%mi+RPOrHa5^E{9tTnvy8#jgU?mb8zlb
zFu3STxgte;JQA?XgI?sEEGh;t&k9?vwl!j`-a>7aze$;^ee7LnV!#26!$ewG12y>C
zq_!~sEzJnGw8B?xhT{!F?xbRKR4C<{e4?bPwH}7O
z0+&cXqT0TI&KK~UQi37Wp}@9`YKqbvF~Vy)qkLvpn2flzAg7n$-s?*=TYD1Ja|N;R
z_$lv|g$7bka?heft;2%3V2b@~=`S9j<8OA_r$Z>L%O!?Co^sL~%FNV6SIO==+TVW`
z3vhfym(byo{J$
zc-G2W&Sizo`EO6p=%T1n^*0nSmmk)GaHV7UT%?Uo)f60aV*H&7;*RljeXFNB4KafvZpB
z0=^Xb!^6W@W&=k2$UmO^?SB6q^&eoO={(cZlJU73Nuw(Z8c%O^)SCO)pM?e4geXdy
z0nnuLP7voYJuU4U2x+q_5XtYw>+x;#>q+gg4l#CMGVLQHo#&Q%z}u^1zBiN<20#c4
z*todyOYqMM$6){+lzk_Bt$(l1C
z%oB(xLckTE2m($I_}J%pd04@akX0$xso@mo_CW6^yY>5BW}_`qDcqdg;0X@A+Qo=o
zgLf1ZaN)gvgGOC{&fpVfbPMch{h$X%jKeNZiq;lt9jX&^+-{htCVt_Nw&$ldS!7EgtV$
zwrJC$jY7+l78B;WyVCad?8nE)DvG68NZMl;$*0Z1SYtpkQ($?0M9#bq3k`k8&Yq-R
zYjPvd#&p?h*bp%}f`uvTDdcBEKEw3rc7u5@M`C(ObNIBxw^`I#U&t}$7w8HAY|(J>
zjNVsgh!OZ~goveo3jIs_6nmKL4|Vw^naCQi0~@`2qDdZ1L1y-=5A-zqIA^&&t|86y
zZ2|L1hEM0}I#0jpvz{^(;_t$I#(XUSiFH!*9oOR8C$sgP+03`d_g&~VTQRqRh0V6l
z*RyZaHs_OfevRDca7IIj16su!+P812tE+o@dzmcfXnX5s2!aPOAd10pMgbM?NGYP!
z&(3=8giX*5X}9Wid3#B;b8BQj@Ku|P^k9;Z2xv$djGClij~B@ohSdtJ!=EIdo6Kf2
zDxiB9j4nL=8vB&FX~39f7>e2w#S*X1Bsx+(sWo1@C7ZoII!fUB_=(}^_r$38wjL`!
z9xkpP@F&ze7*NM(o+3ptVp8jK+-Xp)$E3-KKgzf<-o??LAvFzCJybpDr!Hw*tyi7G
zgeUcGhgOZgZLs!QpgSFBX7gI--NB4~n;+=JwRJ5-u}e@e&m
z0B`#qcssSDUu}2qA$hMq4snv_^T{|74XI2ZBi$(*44E_n(Ocp+0~_APPlgOyh0<UO!Ty-}P$Awpe)Yq_{xJJTLF9MKk4NNJc{`u*oR>9p7O
z!B5xo;KFF-2}x|#J*cexkv~Y6e;h}QF4(<%)tx-=2U%TZJ48aezD@W}D2Dc_9@Phh
z0dk3~zQ#kW#6i9m-gYyB0l8}F)NS0f@VeYaw!nP2oTwQ0s0`SXUB6SGiX)6zyM+j#
z9(gmTkETc!g#OU?@kw7^v+x6_cz;Q~|kwN|pNnc2Yn+S*C0
z=S|JY{mlhr?cvx3;X0RV$}A_@(p+4{aADM@5Pd3PhsI5&(YHy}RPMg!b8I
zpm$O2)(K$qOWqxC=BBZn8!_r&=klO>w*cndi^&I)0aYt85tIbb58?pMs0
zZo$OCLrB!wOE~vV)7u1)?7fN;cz*~4!oQX;ne4eUo_+1)==dj!m=E8v-Hn&{d1S^9
zE^qm7wlLQ^I=(&+<__QdHjndR%E?TzA|zViabbRW`GA0s@HYwy3hc@WAc84Sjy4-7
zNIu`&5{sRz1|~L^
zsaAe7Ud;Ty_RdGXyYeDr)B4q~c|i5^mi5}gZS9=#fbjD0sovKuTPA4D*-nt*ZhpBq
z4>>sLnhv#!w=_Pg7LNXYi%rL+Y-e5bm7BHmV)u+-Vk^B|ftxN^KCPFM8G6dss488hyFIIKGm8&@mVEZ~p^CYiELx={!TC@x=)%}{WU1++#}yiEo26e66C4qtM#_r9@WBe>0e_NeUO
zkyOHGDz?G0QK5=Hbp+6T#sPFQ@d|1I(6T|9^YYG4K+-s7{T6zJyDFnqX{aBkHk2*j
z&pEYo(<}8z?3xZ+R`W>Um+u-xdG8nD*Sjd^hG6Ucvd}rH)=Zlw=eW|(vnW8WotC%mL$v4LY>5RFx@J}X?;k&3iftU||12n-!P$O<*6fC*Q
zpL9~8yu5`)6dXSYYP8=$m}g7~9K4zwhW*4$C0J9Im&aax!Wy<_FVrn}>+T-l%^v!U
zW)S~Y08eK(r%P@FnmxHB5R!ZYTttRrIwCA?J?Y3`6VunQle03WDoAg9ot0c_Thecp
z#4y8?ilZ!)*QNmE1GZE!(+S#W{~)!x8b2{(kL1{RRUAd}1*94x*Br(n=re=BtVcC$
zZ(l?c7}fH=hU`xjh%VSKb7}>>p?#jc&8qZ$?E>HZOYA(k*{f3zSEZ=zH@XRopQ-zI
zE80ZQ;r15Q$KH#fV<*}q0gWeuttGsExa;^q-%n7IfHX?p8e8$n|TVs!7nD(pRt_tUxC9^8qGu**Z>zy+tHt(Le4
zXkJ|Tpb=C#b}9~LflAuu!!%TG!%_!Tes$prZM9pkYB4Xwnr>*>Z19*l!>t78leD+>
z%em*vt|2}(SuoJuJAHU8iIJ@eI$u*x_A7MqxFnbLK$(q|t_Ha-*oZ5zxZp~
z%I*{pQnbIa@u^W1Jt|Dx$;q$o2h$L3uQ$pP9p!NyydoyPBqr#NJ^q$J2)5o1Yr99-
z#yxsTxCHs;o@3SD+~7a8LQwSzfLV4>?9EkeN#EK;Yqod93}R-wi
z^!{yx%-RwHh!#0=>hftJ?=M+eKxbF$MspM|C(B=uaIj2ZW-u!M5j}nFQtJfqS-IRE
zPQKZSm)$)+hN5P>4`o08kz`=0tz!w)?9;~l
z%g3UOWYE7C4oB8vu*>>Nd)Az$4^u3bVHVSluW$4+j2YY6#Q*^v;7!1n7qqtWm<=Ca
z>v+bd+q8r()|z7C;D}jS(Te8AqW;(sy?z~>k_eC({5T}FWDOac(On0aF6Ai|kqVkr
zCv>PP1^xwaq#s3M7%wKH3Ee$BngN!@n2lm+@=SWdWP?+s(rOc-#q>RqpKjsOG!uM2
zcK|}-yL)qdJ+T4X+Sc@
zPbDEvcdFG7Lh7yns|E;>DA`9GXAb+foYRXEC#n~jFJ7P{JU=5qWDH~M(9>6X{6}}+
zIHmkwHuY1F*4vB;^^89=W4j~z-3|NpeaTEmRLsAhVw_6tCvtfp6L?bon8`Z=R^~e7
zMqikeVqe89NOCyxbep4NZyJ
z4Z0b9v)ud7PT*HB|1iR6lX~_;`AkB!g(rh&T25$163OsAaCejsatF(FsimGZrrVMI
zPpm4;yr9pYxn+VRH;blk1=?2}xF=2c4^%Pe|G%Irh%qP*jX}?QI+l)%G40uT;3}Fw
zce}Ycy@5-lV=O@^@p$bJSx6ygLnj~`3DItA3U{hmDhWzv5#lGSFK*0HvnO?I%FwFk
z`+?HS-JE0n-RA-|zS2AW)b1!Y3v=T^7WWPFJ31)`WGgKvo`V(v(mTE16_sgPM`ZxR
zdW|~E4xj2IVl_>q$}rs)0R&R=bUwOrHF;v!w0517Sm&e@n|uny?U&6BVTVa5dBtv3
z^@&hNtmO2`f51;@E6ikBl-o>>B7(Rj=Oso%KE{n?UAdv7E!nxpO-*Si
z3sElT07#oM-+D6_n*u*sgE`%(i&AVedG84d-GD&tex;sf_`Y%Za3o7*7?#hE%bWd5
z!!I6x5U-RzMxfvUKn*w305?~_ymdH-Uv6r^8Cl?%xA@2264eS;m0RI|gE<7(Fv;;8
zx#70*Sa&h)jzD9Dm$13Fm?~;ZQHz
zr>9_C)rSZtE@Sp{|K55tz0_Q?B=ApqPTv2gO8MUmFvR)tlN(R@HT>IH6xV+kurK0A
zUG|HlJ(>Ew2UeJAesOv43q~DvJ|GL67iw&)8@r`
z{Y6Y;h?sz<4;UNf6ChpGsc3)SrP}0kA!3P4?ncke03(~*Cm})Y+fr8y#h(2wq=}sh
zpF2K!Y>`J1(K;|$s2jfUw)0R#lL)(51gk}>3CHrWewO20-z4?RO#qc|yR?{LQ<)->
zG_8gS?0ZUL0rP}Eqd~n*y#jxf$xO)gm+YXw$yE;9x=KDCXMOIS$kUwM=>3=Jk1Prm
z+YO4!Ck6bffQ+uQgCHg6(rn*|j-3|T?NI}xpm@LE>tH9g_4%C|j;a4JTU6*AfM`a;a
zW>cx>0o9~r@cJ6|&xfQ$WT-+C&uUPmnD+Ba!DtR4_rBR!<11JzXY6>(VYzV}SSTR?
zR~J#nczYvWI!n0V6tSNp&n-9yc-6{ks(hXnH15$Kb&>z;8X(d*MlkL$(ysl@*TozM
zocm_ZQIJpUql>s7RH<6uP!l<};8TgenyKL;z%L$rHYl7207c5L)(y@5Q7&eoh&7GP
zwY4-v^>b;+u%$*_*f^4P2=V>Gy{QYELVQKWnkvp9Ek#67rwdfTldQa|iMr({r%Qnx
zrbyurZ#fkk$FkPP!z_1_DS!`YwK#@G^WTPOz8%>#Iq(Fy)!xa;&iVGR=lS4AM;Dii
zU|GIxS)cp-=K=1-XOFf&i9o)tkPwI!`%dC-QBe
zW=4g6&Sy2n=g*D?>dxESTYyvL0Ns$s$2P}c?g#r-k24XQmOTn!0W@hXEkXb{;6{q_
z|IXSRS-coYWeM)-`Mj~Q!I(aZt0Vxze+JjhZ^PC_^UA}d(!-;a?sn}13D9U@58{dk
zT4f;4Sz|zeuQ-}0FT&^xTMQ3AVw3xBp$Y_@<_ZdO)>0|;=%3qt&6r8ql!Y5r$DU?3
zx3f4=+-a&Xb({3g0eRD?FfiTnveHaPgM&&<3B12cLA-2uWyOjcINV>2>m^cTO!CBA
z#L2v1M(HF7Y_eMvMrfghr=t1#zg_3wSdgGsFp0y?)L}_EQJJvzeG@a+#BTOTjFw8%
z)L2Z?7;{)kj&{1!Q~Y&*HG$Yf&mnVZmyV?j;x;xGbdaPOZLM`%7I2&WEFu==
z4v83}1H2P!)VDl~5Y
zxN$#?W0B;5Bgsm@onF6(5lO(^9||GvC)0DcZPrXPRe_5}_#of^Fyo;TIB65b%ofW(COGuY
zS{>c8p~+1uQ}*khu$!ZqZZ#8}d(M%7;qPA;6q3(W^wVor5eLn}>V>4K$jIuH8E(Ap?|%H(t(Gn^35
zyUvNcQS9U+UvKcke63%GD+hf|`{|Y8or-`39t4l0q8)uMOjfqV83Cr8?z?2l+?E|xT#N0_r2aq2lTwOA~^pW+5L_#
zZ5xHNieL)WE{-bzQW=4<0-9Wnm|<7^=dT9@Q_#(bCXJZ&+0%jVe@9PmqehrJxqH%N
z;D!-!mg9pytl5
z^VS4e!?a$F_EFxSef-zO&AnyyL#7?+O9v@Ow{eyZHxjh;PeKOoLto@w{2^#{CH(cr
z`O$OU`uUQi@qamJxzAJ`;PZ1vq&|Ek;
zIKbc_y~SkekKzxbeEeDXCmeNLPk{NgJ>m#tkHQ8iG66T7$|OnPu=__kRoP=Aep49E
zs@Aynek}i?tVD?#c=zrv>Sg$_lC69;UGEYofe~OH?EGZTV7eqLP=h-h^6Y%(1W+R!
z`A9RF4Ruz2s2J(8A||8~lYpF3Au(jGuS0S3`};-=R6Kdla^wM)sbMf%^@ea)qmuw$
zN00t=wVl4O$(#J{ao@)EI{RjW0Y)EZ^_C*KPR-R_h4<{JQ{RtqWs>-hdu_#_(fO0n
zm|zMx0ntQP&XhHMR1o?B;pTCDh*pXzHo@Pw{btIVvqkn|f`=(%W<-{$HbfS9m;&o<
z8EyoW6DWkfkot;A*j&Ruh&#XQ6R!R8Wq13dz#nv7ulwYm6(%vK#yAA1szRQx5C@-N
z?kc(eaK7_h7QVm`Yr7v
z@<>XAD5GZ8hw|?x!{PUP50YPn8t(TA?$4AP!$_q-xALEx+6@JPabDl$$t$3IZ@_FI
zhuwb>47bq8kJxRw^UfAM+WQYb*In=~vNA24(*j{y^5j=R0)<9p`?dC!!K@^eZI6%!
zYG9o=rQpSr3H!N#Jw=T!miuEI(Ku-eDT@adiv_b9UoOGl
zP8zR19v_)@3}Yr8!#r;!GZ`WOx*tj6E^Bf8{LAeQB_|rvLc@aHH5uwAK4LBIyw3(X;U3
z0l!Ti+3(wPkH-wNKp+S8N7X!_p3+iP{PkG{&%;854Z)8XFn&;ipY6x{V){V9gYNlH
zSHge#4W6sm!WQH%WWjcg;>N~g8r6!4>1mePUX0i4_UU`dYhu(ujVHwIR?)>}}Erz)SaIWC?|?KEJ{H
zVXINA-mrrakQ%gT1vIJ9Om#7a;LFZG88ZS
zxo>PYF&+mvdloOy94>g@-e<+e3p~LRlR8`xLPwaurToXz)juzSQ3a1s7oK$Jecbxx
zAy2pbzxX$7)4F{)Jkx7wGK@xbJGx{?VK-?_##6fqSIpM_W|W7pE+ghpfLX(NiA~vX
zS|1B4B7X&jxho|E!m0vm$S!1Hu)&$XGE}%3bsFbD7TqX3wSs!8cc#<8mniuD^p|1c
z*5j-waoYj81S+9%cO%LAna@3~%a4rlH`u7Bc#r-m>Y>l4-}BJUdodtzx>QN5ze%=t
zsHHwMEbAGW=He}_CG@^=>>*~VGEZ&>l&#a8mF&VdYKmd_a9vhFT9;jb`#v=hnZG$a
z(EeK_=(oU88>!R>90r}XecrwjLU(#ygX1<>RXP{$994{*cDsQAL0p{MD7f!f0haxr
rQxf}l!E(|J^JMPEj8l!EClYqZL(dsO#|iK##TVitGM_7i^!)x8@r=h+

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png
new file mode 100644
index 0000000000000000000000000000000000000000..3227f3eb0c7d9dd4c249dbd8bbf62fb4a6c24f98
GIT binary patch
literal 16894
zcmdVC1yCH(`z<&Gg1bAxA-KDf0Kp-+LvVK=+%*Jum*6hJ-66r<-Q8iE-}~=Yy?U=|
z_ifc~?NZImFg@Me`EK9)o$s7;J4``N0tp@;9s~j*NlA(;fj}RqKp+TwSZLrK%FJ{m
z;0ex7Qo|7hLhgP4g-D=7CIH@qagvh#0<#T+i%pC-j)WTq0(}BWiHm%9OFvohbkjEV
zranK@Hcq3VMAYHH^`~s53_2}i42rc#Uzc=2Galo&BKSaOY(XG~pctq_vxF4>Rk6tm
zLFqf%EyMsP2Arg*G&DnBiFF?ZF$a_?&aOG>f-~jTG@L(T5>4-=B%A3QcjMjiE?G=I
z`OcF&e+);XwUb)@t^zm}uG4!v4?Wo>`#ouHpc!cJzU0h*T^XWh?n_W0@clQ~BEpvVwS
z?tSMU-5A+IS8Nm++<2fliVMg7zq&=>KyDOLafC%BP?VM7-cWyZxAby?G0@Qd_7^~t
zGt7svq%)$%gFZt3$|Ai9@;uM*(fe$)+Y$42yP$Qk>#!sPw3%R@>AZ~zjJ($M$L_qx
zC$tp4H4g7R44NW4#xn48$yTr4t#^40_g^-3(=$uGl*2+p&B!q{dyO=!gfxR7|)7^WG2QbotMEIKW|Knxy}Ik1+q=
z?aKcr4~#;>OwMPSocAs4hh}%C`l)fWTjqPc-mlX>YF5;0HC%4#bdscCt1R@7j`IW>
zQAW*eQ+ykq(r2RR>E>lkzu=D3#ajY;NY2@3DQsK2&(vMxGj1}bmV#>~Y|6iWc-QB}
zkX*BMiVAXN7=fhTpMjS(7rM(Ge!R7#X4EbN%HvE5?R9;;cJ=~VkOW&T_54Cf;zQ%AL7=;37T3U+9Gt-oCD@U{3PJ$QeZR-C%sUpW+y
zV`zQ2?$&1?u`HH;V?g@Cw#3LA7&^cQc#4AJi6+}O;tDa_tHqx9oG&BoVK`i&i-Mdj
z-CvvW%*yBMAxQ)6E%|f#|M|Uq^VB`vMkWpZS#LA=JC0BF&pHp5ZM{pdqm&=l4HV@5}a1CfH2F#+zsShHCQiA%59;<}7SUfZD3
zbw5PBgaz05+6f(6L>X0OM<@riB+)gWoE#+ig{r`NI*5l7%9j>|=)6TG;&yKT}yk!0yj#vCy-q2FG_2}^Jcu}j&h
zo_3;It5AzG1F{l12Qb$lF&&8k!$-?AbpOy%Gt&*penu`M
z21$7I_9;Yg5=SRbeJ`r`klhXhi6iV;E24>%0yI#4!3`-%LE=Z{XX;O#z5ESSt4y(m
z>?kqZMd`=?viivp-8H*mz^yocPAm{ct?3$X^$CS*FI_j|58BKlOZ3*&Vaj^HmyLP#
z<-jUyD$97fM44RgFcU__|DAs7&121NE67%xSvDLZE8wN{!9XtfG~;E&l5kW3Sv
z1eo$Ah4!ys8Y@+3|G6eF>dgwe29Bo5GfGLF$
zanupdp0%ZzjecIf+++;vyfo9H%>9zz;(e3Ngnl&13+p}L0a1HcGoUFw5lvw@yCc&Z
znN@lKKC9k3LSh+FH`5`f(g5yViq{OSs@Y{GgE8!OcK3RKD
z(ffAcH525lt?#Wf7a-GHKe>_i-p_&incZ3N93v(~=-;QO4bmPPW6PCm9TI)V%c#Q5
zy5_V^8Whn=R(>~>T^qYlc%Ah+lky{rPkKkJcttMhjx$HB+3Nq$d-!rNa)6?Ap*ph1
z4U9i%C}Xb)gwG`;%k#@v$-*)R3tvVHQ4(W^>742eWO$CIRHm{VQl*o#ICUt4gjOog
zS`Fc*oRs$e{JFlEZ8_4c%lNZu4=V;&t!gD8q_sIMW6hRtCZFT^=Vqs*x2j}{t?>Je
zv-3A0eCghJrW|#YP3Fo2FzF_?uA{b);dfV>OF0dhj^C9eqSs@Jh^fIa(+x=2#dplp
zDa8^#n$*}`<64HAs$cjVGSa$ub_5=yo7pYWdR-1Bdd(4G`EadQ;E%eqBb}+C;T9cI
z56$dc`fI#SxPle`xzrgAO49OK71957XlDyE80iW+xec`6m(?vqjB_o`GHO$mT4G!@
zRgdqMG)$?74>n-n7=ivl*zre8aq0McnicOhXa{PVZ0a>npCO@#m9InhZ5huWcjH17
zVrEuzLo3%Sv2P-Pv`6!6L$SJ#et}PBFZk=4Ptt<`lSnn#?#nd2ZPp)jAg1hh>vGl~
zL(Ro*%xDAHsDng@F3Oy3AMb
zXM-xroT|2W~?UTm5Hq=}((azuBdSwn)cYI8*<-|0=
z_MVGgdUe*HFry_l?Zp$u87T;1=aB_qVYn#IyksQ?f~_fOG8NU^uk{01LQg)McI3G1
z8-6W?9DtuuN@yB|mdoPniPa}cNB$@}H?2uhCiJ7Y{3mV73VQHt(hNy2vRM|jm{1=0
zZ1_17N2QKr`5p+QRVCXoW;uxrDW!FEUElW-zZ>@E%@VC5cX&Os9;acvH7q`_0%gDUrg@X`jxRTLvMFWzaqiUf+`Xo|0*?XKY8Dh8P
z!;uR;Mc{rcZC>Hz)W*p3_%TH?#{HI{$K~&G!4Z<#!-8h^=K)-v%REKB!l#c0z7w!q7m+6+%vDm&Q04PM3eZ1
z;mlLlKlf#Qu}b^a@S~+XfE{oL-r!3|-OTLG5t}Zizi!ajZCBSB;F=apywbQ9i{`l;
z>TsIsMcx^@rUZ4;xw7MRBUeY8ekWO-tWgy0bUyXcM1c*5!net(;4|_qfaWAJTgWq2
z9?zIC^Go6$_jy?QD=1t|cTAts^N16pG?6huFVtgfkR;+@SYiDuq!ZqGvVUC*aW>JM
zF|6XN(ck^caa`r#v$~vM%*Vy_N&%H|)+BNMby_3K$o$B6!b
z!EzFzx5^ydY&}vsjFV?Sf>xkDNPUcZJ!KYEgdZ(S5FtO71>r5BEEl36XrD5kL0DV(
zE65;rdZ=f%)A-|}fo|h$ZD3;cX&~rs*$B>^C-taGC0X_G#|NWt>&D2?8I49^2*q_;
zgqOcm?)i-7b>WtM{-ti9&(&W{D{rXI+J*eAZx|E&gc=f!xTL)-#Bc->FUwI(ykJd)
z0V!bgWpp$9HJ=s%X=}XBmKD){UXQm+`;!(kh$B7YyYQDs$kNO9y`9=W@qQS4_(dZ{
z84mQzs=sgZbN#~Z3kVlXBRl)1dLpqFKU^%kUDWYehxRmG%?eHSGnEg!kmD5|b=pC&
zZ=v1mI_9i7z157fvS8ao?4WEVFC~iVr5)4_b)hR=1+#cnH+`euS8_!(N5uX2(oYJ}
z*`!S_5jYqA#bpOMrFg1#x|tg_k(R@TONP9x@#4GRW5fsrF<$u5tb$!JozKbvgsTmRV$Yc0BAH*UWM@h*>Eh4&
z;CFiM{rK-HC7{ei)XkyBKNK7!_90rWIbjaQJ_~U#h
zU5uYymi?nep}EeobDWXe)!x%M8w@DZ=L0EXj5#anMheH&zouoQE9D7j1TeSZULLN*I$!3IV93YZJv>1;rW3KzAT8tpt)Ib7B|BEf4fWJg-v7ZR{mA~PY%jR83s}#hbY4e
zr+2MTeUBnNcRA~>HC`i2d#b8^5qe^t!G!X^EQB<-haIZ}Da&VV+KXc!Hu*r?PSs;7
zZx*?@>{yamEwPGCBfF81phLHolcz*)cee|gnFH-tr9tc3wnLK=4vd=+!irRytS;qi
zNIW*(P}*f~{e
z?~-OTfYVC`V}09WYRd&`cm!065Ft`$lN?z}92yLAZnR8%6rvqE_C6;3Ljgi#_8QrT
ze)|;dz~GprB}FV1m(O9{<kAB940F?D6ySi(^m;pu+RpC>FM2F^)}Gu1eSV6?{#wix&re5Ddq5A
zb?Uma%%F4T{VIm<03_%fbne!A?#BPVd9(pr_ZsmD&k1x4GslCKn^fGjmSE*ud7J3&
z&Eq<-U4?N~a_Siy`d+@avX-}U%kC7`3oBuZZ=k)Qr~MW@yik8le7o!1^0R+HjQBmF
zrY8t@DI}Flb!|?2B%`AB1Z^1*8mg-Jg^lW<3!0sSGkfTAYM-FfsiV~@3dsz;Lbqvl
zq;>X64=oN#(p^%C*j-9gcbGg2$Cl^hO?%u)tHyoQYh>?6i!sDYE+Z3Pf4lx|Cyj7)
z`^ufCn5CXPY3hy1WrSeSz>D8DHQGHjai?DEHO}U+WyF%pc?BJi0qtZexbxr+jVKH&5Q=-=2FPw
zi4N+Tn*VGfq$AY-*+@4uF8_-oRT$cH5bex^q2825l5_}epf|Us-xr+wB{zlh*r**fFNU$J74+w{mKD6>m{IBU_2h_
za@f(?3Vp?ta_+cL;zl^s?68_HQo|OECX66Coh?30P)n(4B917Dy|c9WFZZ&;OG{I;
zdo!0uSkWJp7QH|isczFuc*$c#Wi*6|i)Ry2_%_DH0-|MUQm^xrQUBU=`TMB1^?6ek
zHgbB6z1dR3j}q4e{4CH+XMX>S`mJa0S}4
zG`VbBLJ(Ojg}bCkT;vUjuae$|;&1vu4|FkxUJlDf(E~?8
z14n*yn)iJt;~n3m2qJCnpfx|ZI}4D=F}H@B7JvW<%A
z1v?~ZuqBDBX)!5n8UZtLj??UBOSR|f=?gH)Gk7;B4-DhUk}_l2F!#mP)avzQ`g
ze@r={6p^}p*I%KbyuSsG;6TJu;lp4?-HWI4z9j~q+D)}w$VQOC
zaXpkEkc#GGc3vf2J*psNceBOWlX`V_vjGwfzx9LBGca18HnPMKWut;-1Kit?j4Ed{
z5#usuvwL&fRfy3QcpGzf$JgsvCvFLPK$n^jWzB=%iNWf?yKj-#)A^2%4i7638ZQ1u~>?hqSK4W&b$j>rdn$>e$*z(+$GF?wq|Q+>tskv
zu5ksUkg$jBTmVz>p=ZKfCuqf9+fH5(YJ
zy7F0XfWrTDOF20?y}LU3b$`&Puf^xZ8{?O9GWTjg=;JE6T!tG=G;O62nwnk)K-?f-
zS)6u-NjWYB+yCG(I+=PA-79Z2GQ7lWX+)@upu9Fl-z&wgd7skFI?^dqlhZ#Z8xI3R
z^$I7^Qncg^v~7UBM5(+)QD($*1!2(CH+{P$FmIAPs5;F_=lHq6(bMKD+&Wot+v2V}
z+~op`W|Wj}@tMLA6?VcRykp28vywB^iPfRB!*APccEI53SAb1pn{F)r(qN&V4}%in
zaGtXoDBPpHXW)wc(>o))8Z3?wj_4PRUNyfGm~CROm=dg7nv1i=$gs0ru13IO<4TsR
zQrF@qb?losi?T-M=8GA9~pP4`x;h?^+y{j1zo|-1HbXoc}h$SBS$Fb
zd}w@@TzJu()^h8l=*zyq*G{D9ey$iur9sC3P=I50loTO`Q#a?Xxl=J`SGAzNtXos?~zn|S=0tSp^=^8tB?8Liu+m3
zKuaI!Xx&~d&EP(dUu@(WFArZR`N*IxH7}0hT5l>!oL5f)hSy4ksS3MfrKOc?amE5O
z^Vh+k7LPxPt6OukSXoIAXLjU67^A*wT8yj&T~+B!lULAgB^2V8@9Y6?CeyO6d#H&z
z-X(tj>Q^36Z7D`vOpCNu0FFt*9LJmioi9$SF6Ad*2gO=`iXq4t3Xw}UeMan`kg%N!
zpO5_N9aO!Czpv+D|2v!r!y!^;Qh?@>940`}n^E?@5tcBI$e$S5`k5r6i(T!jlH5>5
zAN+QL-T90^6|~Yzrf#p|-m2?P^vyRP6Aco5eTcx)qM}0VKr03q$;&=ck2L{tHwMQ3
zaSq&wX_%P(T|>$qvtNFOH{vt$x;FQgRt&2d-W;mw-MH0v%Py6+FD|!kYS0i@x?FkO
z&<%OC>AHCfHsem0b`WdAF#ggP>NRq;sJ=KR7FcIlp59b0y0tuGXZc7y39mPUFqKj<
zVA#G{j-AadZYwTs*?Z$BwL8R8{wiF_R_zk~wGgvTLA!)Ffndz=E8%RiU;$3IO(orl
zlUkIno(+Ql~aQvk;E{`93bals5DdcD6kE9Q6mhe
zQ11IQVO~c~J1Bw0w8ZL2Oi~^HcfYgs&6T9(C!7Z;0OeRduF+G~w
zvB>_Q&6!!UBGIMfQ!d@VDtu4e$kh}_m{Dg&H*O=ajV4+Z9
zq0tb5M<_HzXjH_{J}@6(q5T(+{JXMmJ04wy-Bv5*_)vvA&*p44&$jPnG%&XmVlyXV
z**TG7@dv|K3cEX3=GL>UvfVZJUWE;CZ;&*)
zkuu_S{@QQk;0*#k-(KczxpoNef_8g=xh3$FMRC#Zm|CC@!%ZC(qZ?^WwJ>`xMP{aK
zZZr{{Q>o)OSEieKyvC;fRD49s-yRorZ_}Pr?0&W`TJtl~F%F>w#T%qG-CRiWQ$g{H
zek~4+{MGK|P*}=|su2CWLpI&Yg<=cjEBRLe0$L_y`A`n5;NNH`sYIU{iqGA)WrE_W
z75Hq*A@6=`;N#X{xq}{BakGWr){gunE@^PS|6=2~tc#Cc1CFHaktBXGwBL+5!DEbv
zHfZ`f7~UCA#G?0g4akmZ6C*-O#bvn8u%qXYLErwg3TAN{CV*vLS{b=Yzlzs+RZJvj
zzs7DjX}C)k%`3=3tw;pbfLTq(fh5$
z=r{P|$+Zt(YW7HgRJtFuH9Q5Lc6zK~##B}6m*O6=*sf;x0tAi{uwjtH%Y#lFhqgaG>n<1ZriRdihRe*NkJX#vJ@wpY7xbH+k#8Zjun?;K{@
zDlCo?4*HrCb|hDbvGuE$?&vdAfCuN$nS^jgh(|4);PhzJ#9k7~6~Y2x7793vq~D<5
z_{U6WDB~{)R$V1WA~wB;`uUx@2<`fWL|M9HtV%T!o
z9m@+55COVed2>mFy>u(7j0`B2{o)RT@x>j4^rrEb-71bZJMjTn^$ZRQn>RxuYUIQ!
zjH7D9u7I9)sVx*Qb`Vc=yz6Tsmrt`DjCXI=d?&Ey;?>ig3NSB
z0%EAz^OEIfL6yP|sOEsX&prHtl_)&6x(H_5`jT)m@pH)malUJnP*9?%`Ou0%{^%Tx
zESP_Gk>=DD1JJXWLcCUsoV+D6yxm&|qFhh23xSFgpW0F5-XJ~Tes)A{*&ZW>P
zHe8LT+03V>k~V(&wx*{j9I1GL+x9v1X}-@uV)Qu6%J?O2Xi_!I(X(V?ZQtz1PI&$t
z*;ya+j2+Qpqavm>%7vx^@03wzDH*YT0F4PW{p$EBCT)AN|U_bC?Nq
zR8P-yf_}NUvsTvzz}C$L-$U3tRE)n*RlP{D0I`
zg~+T*{&z3H|3!`ce>}KWnQ$G2gw
z$mPDRzmOPLZ$JzaHh&WS`xHlE?k6dj6|xueYNkT)^_1deN~r7ThL!uBE->JW&x59X
z@FE7bW^LrI85_Ljf18_R&tRbdK#12w`xv1&ll{Zq-oAcOjIpt)DYT$~5-6Z&2?2Gz
zkHkCkiQ6LfWfh_ZJLEq#N7Hxd=!
zvfOWW{B#m=6k_^h9veY8b)A6+&rxFZ4yv}gl`JIc(ieGg@$a;Wx?hgt
zFCX|56BA>{Opq#vOlpCmT9h$KOfXBYzW?7aMx!@llH>C2p#pMrp@#07E~t_#b>`LLMmpfG(TY6xL>dVT*-IZkCo4#p{a9$509mB<^BE*ucD%oI3;23jUHl$jg4*9
zNDGM$1WF1Bl*;ZnEiPg%@R>9&+x|k?wDr5EjjIRTG+d@$?B=dzj*VuEh;(x
z)$x1zqZ^>6T82hPEims(USGuAL|r#4OG_5z*N3u%N;u#H{wU~hLbcwvcaiaw)gSYARBC^b
zwR=8Ap;Tqxzr!3I^hF`VAlj@=JbK4Z$WTlEkbxT~99QR!bc>wUQAXunEe*L>xS
zO00Z_5@KLI7&RmGUcyMm4HqR8hjXPB8PZ1A5vBSvM)>0^-(U9RuO15C6&OQ2_QU3g
z0ORWI#jLYQ+J!pJaGVi;h`Kc7D89Cr=nNdmU+-`g>&d`bthz!cw8eHoL<@%x*w8%EGZaG{v-WS9V
zW^$tRUF+t1qmQhP31PW4tsFSROt*tJl`EVC=Q-+9Tx}z|5NCDwZevnKyXgPOTD>4c
z>zR+bbfn%CUR#kGB=yw|VPWA33fmHJP~cdJS)talGgJaU;~G*T;uWw=a#Gbn%rB*g
z7gB}uZ3(YInuG8tVi5CQ_DKU15GN0GinizEsj6xxovad#H{DRiPmaVL7$XCI6-}-n
z){$h?K-u~ddL0Wa-0~)cNP*GBDiRy$tgGjr4r$
z6;jg{if#y>;H6flye{a{@!o_tG_B$WV$fit0Oz6f>hix
zp6{mI3@0m+vQ9H%(wQL?C~ZH0WU{(L&j~GZLucu_dcbXtC~Nb6)5k&nLA|&!C;%njmT6yma@FG$>)h$n%4h(l_F8o9c@3?*9+`A>Q@pAp?i{xS1wwdotDjd
zw>Oe!^tFdYLaMb}-e+S}5Tl{Rv&QpPrQ)Ur5ACQROm_c)JI@nK?#h{P#L9@pVHFY^
z$anNXL)@ZqQO^2@UH~%#Xv}#Kv-F2l?_@kGNockUGVEL+>WW@Op?7DslrjFq*r)oo
znYaZScA`ItHsw*6Hopq7or9fmL|1Mx`!gY3lJzu|L#*!`(Tk*kInX_UPp7F6S+DJe
z`hGs??c<$p8=gsL
z?Qxl*inmi5_u*nz5-kQmVWy(A|zVd0I@$n1-zLfIsVQ@(g2&hsVrizn3}
znwrLn%=5a29L(>0VH_>2I_Zz?sm;|G9fdHkPGL>vArLuX0FC3g5dd=}e(~f%cX(;z
zhGUi+Tl?dH+6Ib`E5fVYfaN(#*1fmasdc61Ed`(?XA7X!V&)dYJpIfBRC*S2X7AzT
z6T8%1;2NMXe57q~l%gmSo3EBG6Qiy6o~s94G?i4TQsJBucXm}k0tHc`p7L7wEns;n
zn5oGBNjQd?jtmm^76QrK8QJDSGJKJTL(Zd2WM!Ok`rvKWg*RQP!V3LBuWOJe%albbFuT?Q=cNz(%)EdNf=#jz{{a$H1*B@6&J
ze0QM<0bF+btpA0%)cx==e%Aq-i%gj_Ij}<&g6+R^K_+4)7gJv*%kAelkG9G-TLW;B
zLEEKYJdWbz>(MXwrLZozMmiuB7RH6^jb$hcW=Sw6P1)#Hs(Gf*QackcF)-jYFf;=C
zNqM1hM#9x@01Vv_QY3LS55g&s>CrcK$Rodfg)Hb
zkNmCmIG^(aEmKxlZM>GK4Q+_FE~9Vx@86;-DpMi}4tyuI^oRo!z~|9suPp#zrl=rzk%j
zr_VC62qsX#31&@HMR8d#<{Qg?@B=|A{Rc2w%6JKq0Du1e{Tukd0FeCP=c^j>$>rN|
zHYc>BZ!UCRmp&@6rEyyS18~;kyLmOikRUm>a5u(nSO@95vK?Q~x4T*1mUTm0|P3ey{YU3JW|?rvW?Z29q3r!HiJb8w#?
zEUwV@X6Ah>{^D&7qh_)ps>$5tm6YSqf^g6JPWu7VYs8iR2`^?XorUMk9oA6$yfw-O
zi#x&ol+s+AecQfut&ZL%bFe|%k2>=+*}*fC1yhfVDmfw{800C}@pjmw!fFyz`U!-k
z@0MctkWmh?Ncod
z=BD0LHlvkWkHXM_nmtK;uH7J~t?khg^kaMiAIAY8@L;5m6Rl=R0rTF{bcLhD<~Qok
zLOw}4FM(6HZj1mBLj!dV{-j`?f^*lbhJwBew3>}5yMM&*(FwjmXL6U!ubc3*e*`>-
zd{5W$JKyz_fX@K(lSa<0L=mJHEXHpsbTwJ$FVdx4x$bA}z<U@r=aVb4x;h{@oZiM6`q*r{odbn0hpiBw*gVvczsW2yIhN=)!zUducaEw(e1byh`
zS6)Bs+OSsa#KGY_PsMM8d&+Do^erDLiZl|t;1^B+lk;khrA36?2-p*Vd}}!?5xqwJ
z(Y4JV`7HGFIv>$jjT+m-=`MLD3p=pt$G%Xhlre;5D
zK*Opr#KUmjvy@vnl6V>}myRM1W-;L-W+L>H%ZiIJo6$GyE5QSi^64*;YGv?M&I-dG
zfNw%|;8yGCWmD?R$)i{(Ar(AtYN(8B1-e13lEk#k$A-g``&P4ar89T?B7p_-^%Pjo
zgqW5Qi9-rDiS)?XmE;^xxh59hvW+#TBh{ErT_5nI-pkOPV25|zn{ez-AolD1SIU
BcV9daMn3)B0K?_$86%QqAzlrE;o^%<|UM#
zmCV8FNG&Y?=y}Nd{gBiU<{NS{;Sw#Tt;yFdO`Rb)X9E6MPMayt4FMWs?}LdG6@OZe
zt^9xCdQlAJ%X^(Bf5M$va*i}3QxKO#HS6zh{NsKqFB$)qr4^n?EjiNw>r08({VjV}
z#-(}4WO|u>#iH^20aQ~?-2L374hb4`hTUC^7)BuF&7Vb#FL{m489R~aBR3a-g(TY-
zv?vq$%Lj(x0PLl62J|^Uc!q6@PHyk#zy*`+{-;{quqQm();$$}5xaGi6Rnm0Jpu|O
zivd9+$xN;M;$(2Zus5=3C|D^usYJFo%<#NPSu3(fYu80$Gi=9OS6>?k064DimXdlK
zC~N)01);?oYanx`Uo<)ZPyfeC6TAN)Gwp!?EW`MJEfHFKEoktk;`ZOy4!dv}
zcl#5L0smVM49oKk$$B^ZSWM`*y~_Fc%ytx#$4T#E!E+w36Sg-zHQi^H{{Domn9-Pv
z!E63irC}%CRFTJP`UdCkWya#y4o0hc-y5^}W^#qHAbmBp|Fq%HfPNdT^i6)
zGCsg;>_u=lauW=*s(=5A8MV9x+q8
zdSC$&^nr+TM^5sogt8HJoFm8qhgonwY~?3lqgnM8dPu|EJ-OxS22%h$&B_I)ufegk
zmGGQdKX1(F-Fx`RQEtRtHhcsHQAP`xvju0}AaB7Yh&T@4JmE)CK+IYFVk<1x9-czK
zdXJ@t%K$!OdOl`*Xu|MJ7RfBU6~&u6DdP{R=G|xPcUA6*Y)N;rhD=9D+7fg``uQO-8D|&BdZV0|<
zXYPb+-q)Og2xII?{cR-A^qEm!5Y$TYn@d>>5ZYza=x9Hej9)Kmn_dWJxUX-hFT_9l
zp-gLw&bnmfA&|Hc>OGYOXmp7H1P=RXiAFdMg^u&)uj3yjmmfPkD{-DV3S?MOF4NS!>NAL+g3%0%qaOv9`rd%PkW5INI!D`9-AbPG+
z<*SD68yg&X3PyFjY~h^u-4fV&Yf*m%J3W{OFVx0-@Hx+_wvIRmdnh^|e0wChzq-8x
zMn$+me(!;?NtP(Kt;osI^}uhRry0=hMYr^$k&57j&f387MBY2NE9Ykj%bxkIo35?k2S_le>I(4HK$34q%E>-(oux-r)(Gd5YQK_SRG{UB>_~!r3R+!Gxud>XbVj>o0(8RZZ0BKp0cfK`~pm;L{JeVpqo$co>
zYW>qY8MtTD_)!fvQ;GQjZ%VL;(4lQP0QcSrU4CMW-0_r~m{%ZR?+r<~3O>ya4u|*+
zxxbGKD|IbR^W4u`-e5fw=Hhz!{p)N*yd7~{ptNGxZpcLp<{APto@+&Kt=?H*R@)PF
z>&r^xMov~6){5SPU#*^+4^rZ8C69ds1
zzVp=%Sfkskvz{f_wTL>VNEELM$hkt#3+l6$k9RP6_jUo7iwvaNysKfZZ700iZ|&e8
zMq>ALj-&)=o>R7O8cnWy@VN)xlSC1hx2CZHf%fo1vHM{ZoOD@t?T$)5RK}o#JJwI
z;^g=o_nx|Xqe?L8AlNsm*n!(EtKZI(&LP$U?iH4h+@791F07W4&I?e2-I>4q=pmPi
ztDB8_Um^OzP0HiF07d(st^)mEFF>_PlJj8*Ca2$XY2Ar8nTPveq)W@LXBOUx_?(%B
z5K@yz;ZxMpNX?uEP|P6VCRcb(g?>})>ZAZDd+>LsMiyY1pEyjkteinEomE>${D5_^mZ`I8x04glibJ4>~#!X^HIDSOj&_(nU6
zMZ}S)0lP(BoIsl14}j$lE_K-6*8IuysJn684h=BWiH-^yv;g)YF8{Iy`7GYN5dQJq
z_30E<`1AOCj2HZ|HgGNr_BNXq5?LSzlq=&=Fg0u5R91FKnwt6@WbK
zH87D~mie7b^6dpFD+ye@`lm?O!m3HuAF3UDn&IbvJuf5^;OE?qQZvQOPSq$Jqw$&Wk8P*r0KtpzWeOKa+r0TB{GU*IJRF
z?LBy{;zVrwti1t+^KknSmop?*5>roSSRpn{4)LO_2j{Jh3c4m=ON{+
zbjsc)?Y^-pa@f+xErvU4f?z4<1mUF6U=8_*-S!v$*pb4rskF-!eY@PwtJt#Io5CR%
zL&vkG;}e)hfS%vxITH7Y+S`4|TGfe$8a;+wll+aSy&96657IG{jLid=yc%-xNa3A9
z#oHrCm&Lyu@H^F-uG5F*bNOO->II!F81z$Jl!UxIjI8CuR)Kh34QrnLbq-Lt$jDEV
zptrB_Rn=;EvHG9Ne@!62V%9W_y+inz<+z%qeyjNIx{tv$bB4J+gQGoRs_~i1{IzG=
zo|W3BP-UGgmyIIOq_WfzWPffJVqGfgiHx_Ts1L_Je0{c@x5I?TB~A4;#ovc?`6#8fkh4`8Kn0Tbte2zp
zP|!NY|B}jUMIaP}P^A$Jyy}T`#&=}nHuWf8c231R={BuH&ZCkJRdZBx4
zbIid%{YnUOjFqma_3)E|_<2u@cv}5nhD8K<+*v&&mI$I^gWr+NtE;3#YnG%}+?GM-
zp-EX03JN2=0k?i&WAyfMFyQ<+oye(D1hj16=+?UDnwAoSXjU_cN67N(6&PM9dAIkN
zR2I`uMc>lu%^#D~x|$v2MXTV{hc${){>mL^3IO#u>B*~(+=(*Q3*k?#@&^qbpq%n`
z^TG>~G^pzhuAbYSu6^$SfQ>(}1=x6ZIl;fs_7JsOfO=EDoB;?fTOZdH{0*Nla?~9d
z!^q)AMywco-c&W0wsUfHmn%=!{x#_hel`QFS#r4Fx~^$S9hH1p2@!QXfSU;fz26t$
z1+Z{wNuyZ~UFXCD7W$xt_*jFX_0getv8R8M(I)X9=90JS)&HY7;1f5s%%s9lEgooD
z->R$y1^$uCd9oVy7z;?HfsVObUl!cCXkb~lc({0B$xINdYY(yq#>cWifc044nu^o!
zpj+zT2Z$$x*<@Hoqc>HhCDeWqd%Za~cm@{^s`u+Pt55glB}Sx}1&*|(LyVhlfZ3EV
zT}EH4RVD52r)CJE>jtH;G=0#*-t}#Ktz3_eA;D(yN=5tZayza`CEP+8j{U+vTxnQ8
zhUREMPd6_o5CPl(%Rr^z3h9dc#k!UOm_H*|npkmM*nm1<%BY-h*S@-b0=T2V-+ncW
zzSonsdFv#W)YE}gaTrZiUYh@SV#@4-F`Cid>G!&p_Zjyn$SxYGB?jf72xV#n|G(~0
lfV}gcyAu4b=c8Aly$>BE^P+jpz`YwlQeWi6D@67E|2HrOSjzwa

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png
new file mode 100644
index 0000000000000000000000000000000000000000..31e2ed052f1f255195283b75a1611f115981af4a
GIT binary patch
literal 12719
zcmd73Ra9F~*f)w6x8hE5m*Nnt#oda#Q`}vP6$?^*C;_e|!QHP8HHzG|u~;9ycn!<
zATRa+Z*t69YN;hzj3pH@GhK`&nf!xG7zSJG^Xw%bVG5R~C
zeS`Lxx~Fw%!x9TBP9`e6@N_*thx@zf$`Pf9zbDg@OcakWg$f;)G&afNjwy1>#ckxK
zG7cqkZ)aZo?A*;Q(B#j3IU!!_8R|eexlq_z1ajYd*LJ>D-T_`u8fJK-RCT1N#ED%&
ze|@3rTphlrb7x$cORf_x8y$Z2G{^a&0JO8kF7y)xq9-2%`6-~hi1Y37LoU>h9C_|^no%p%9adT5syFb
z-1pXHz9a{UjPJwLU%Gb3v-DwmlN_PJC}dyIu@q0Xs`Qq1Nr>iaBoN|OxrPjTGs<}d^700K0levOYE-THc
zc8g{Vc#`MRAMOo1d}}-J`myHPKXEvQn(_ziY{lC4MWQalOrPs*C=r(-dEiX0+-s(@
zwFZW>0d+NS=_8-fmM9|T#!wQaEj%bkia^weaFnS++s*X+tqBGalGNVRa?xXH&Pb1V
zi)Z%>O}_I(kU(duS-VeIqBu>%oYRre&87I#9uTWO=w09YFOP#toTlx%`SbM|NT^uK
z4OW8!pE-=0E96}yBgL0BUG-{>N|Wk3pzSJ>FLw;Jbc4kI>ZIv_p5`8sHa_?uuKKo0D~}Ethsyas0DK5b+kNG
zdi*#!IxJ=Kd+IAzbOzq%szAD@8Xgd7EdVTVIfwD*Sk@
zQ=a>2JPf{?!j7uzM?NgJ^O$wEJzW69(#i`1^rl2_P4w$-$9oZxcgD4fy|)$Y++S39
zx+^~Tt~l=Q_MyG910`PCbnCR`ph;)WD9qJQ69s}Q1+T+WHZ6p6${FnA3_t*V*yHL)
z?#X!*vBw>--@1nu1X!+nFNi3byvbP}`dI5L;k^2r%l&3J$|Oy^gq~=m7k5m?-i+*^
z2&Uo|m$(58u)NShBauaaN8m9e)=xkTjGM7A^G3qDA>?|qH^|64hsCKD9%uJHGI+8;
z!njPMklRVG-Z$Xo8n=zVJ1Wk^W02VMX4(E2dV-Mb)8ODtgxyFlS`$AiCm+fDq+$I&rIFv%^$@yYRO?HzdD*N2p6`Jq3
zj0suP-IEG+C75Y;{9x&$jaGx0&+1hH345N_tH0+OZ8<%Ow@3!8_w$j*pIGHD^
z)9n+T42fVu%>ZbR^gC~Ko8~hTCtQVk-j8x#Eyx^9*Dh-@S)sA?$uPYviTDh{VA#_FW--WdB}@;wnUHNyb(9qe(a4jIV)GgUE_^voNS%
z0s$;W{U^n_G3Y$l$-ymz%TTslZl3f*S`!dG3}*xHe9ao_2pPhGf&W$po?SW4+lVI>
zFff|02d^Bt!pF%Z0cpcvQY+6sRMMj~0AYUgxQ055hRyflpKf`GJQbg+
zGo9p`Q{EMZR@Gv%vuwGXuC(m-^}H13g+3exQqhrw1oo6oeUUW4^lDmW9;newbo2Y5VmX8``~3BMR+o4>aisb#t)2x{HwWe<|cq)LCTzX+clr*14{a
zw(Jfl(Jzu!sx)e;TDu&U8Ut}t*&CCE>d1&n3Da+L;(rs6xfqVd!EN`7WVP+-7?!qZ
z)5nyge@m@mIg{_xniPU&ZS-RFY-+?AvXWXGn<@_b)IM!|R$@^Z;QLrnbCG>D$#}mn
zRS0~-%)1tMdsSG>6?S_U7ItUpLjmXr>$%Q+db*rGLh;ZpF>LpCtlTcJz7=mD2c12a
z?_Roh-#<8=zQ!!n?cUFP4AWQW=O5~mT!vtDy<{X&9E$fX(`i0GTzf4(E1^d0|5=jF
zVE?qUuo_xlYgMNd`p`A2QKtT^he^U&VakP$ko>Zpz>~^S7&s?L?|Z;VKqYA#?d2|J
zpXX6_Q8~?=-`9OZ}khN8S-I5r<7_;w1PkqoU2-C6C;c^>n2*
z3!ZYSo8IJIGT^Ga-iN^BN~LGN-Pd%s25MT{sZss@9(EJ<
z@@=cBO!CbAdI%DY!iskfLv0#ElEI4NF*A~_1)y1km5yZ;4|_~Uo4i;aFK|6LPt|C?
za}^V?>(sn(_SY+Dv>lhX2h|$)sBfsS>6dLc{QG)p=STfRHIvg&d2wrke>ySqf|x_U
zYUw;!163WwT@z5J&HpX(JHD>885Qb5u3LBN?Rt=K)r+n_J3}q+jTa|R=ogM=S<(xX
zsQw;{zF@inxBT#gb(RVT_Es3kiUs%=;T^R0H~&O{Bu7Bv2uYeYzH>
z{hnp~mH2O+{cOk^L#QCCS+l2Sc_TkSD|NliSe$QvR+PT&l5HPZ^L~$1o-iE>0TE;9RE@y*o5P}B%~VLxIfdMG
zl`{@bUdw|I;5I(@rJZH*!1HUwY>$zS@i@~n>N~&5!i~}6v832rH5)vEvO5xX27#h=
za@o1RGCX9P44gmAJlx7L%k#n!YJc*?08<(uLryAbdhaqeAEDjzGX{%2ujTgx8=ODUtHD|6&8y(g3r4YW>BSfF;N)TGKk64RVIn=4%(Z}`DU#J
zJ(YMw*zpNw&p#CP5ReS%8w7gwKxTith~GaYY{Ec1e8NeBr0T6T@lb+
z>9~U*N&vZ_XNf#rN!U17&$lfG`Og8?=NT~hR*VhjbCZ6$-|2+iU7u$gOY@*c_aeOX
zcAQG!g-fS@Qh@H!GD)UFX)d%C!ehQdsMzt&S%d=1=
zkn(6NBoo@kZ-D*4mHdVWJuE9Q%|?2Lz{rK?F_R1~HiUD_n=J}0YKPNKj`;O?xNyCd1jAaz{R
zbVWmOrdMn1s8SI8atEPu`DBk0vKNOuodAgw5Oo8$w|v$tmiOVJMJE7fuOXX8ns;PM
zH2pa{35~sa-9!#4%p33ZtZ}%Y$r0?BlH-|fW8G!DpL7eYP6hf^pidmv-)2~ox0}o(CVtbt#NBnJ-Gw*j{O=(!gt-^{2U7y+abR{MH~o(ZQjh-O%c7tZ^fzQ^
zqpJRdTd;AS#R%I1)c%{m4M|vf!csQQr|#exQ+ewoz#Z(fjYeZq_$C5if~cP@s&Dob
z6NiF?l}xwIph{0dg(EUnSr#ifGFyn_@JEeVi&4GIyE@IEk$NH;N-XLZnA}*TZ;#=l*Y#001YsYu7>OQUCTWQ=y)#uvC^C9twUbYTS6
z)C^;qUblaqcSb4sTI;Nt2qG?0T+fH`=DUShUd43AzsJivFzdSq2VzY@$o{aHBiOUp`(PTV1K;&Tt#e#CNtuk5`~&aZm5-FYsXyzrsF49`9B}*ihs_
z?o^^t%hYTg=MT4n2JWFEe1DYqI<>IrfP7x$0Ed;UoHl5kNAZx6UcY;fh*Kub!fJ~X
zk3=A#vMD<|rBBGN{`%}W2b=o6?4U41e`KFR@s|Ch*f-|htgj~s>d!Hht~0J??YV`4
z59Dk{HQDNs;hwhRhjhO3bcx;eh-i}vK{OO3-K#jUYVG8Gq3z5O_NrNp3M@8lo~Q!s
z&%MEbcv2qb!FW__hjh}R4-$!!_qX~}Uzup53fLL-ynx6PVldRmth<$-z{)sHM6wc_
z@RbDR!T5~kw81YgM>wf6t_B^xNxr0rTLE9U2mc|avr~IVTv+Y%WYhXcKG|uC|Nf*J
zVG+o5U#YpJdTPF3%wROn#wH`l&rmVqI84N4#JHj+ZF}H*IVomF=;U3$Rf3C*wu7zk
z#Y1EL=l0s%9|lflby*Q+tB4fYJP;<*ah#J;`&P5h4Usihst1WwF6QMhjrxj&lhK*c
zgK!i5K5Bpn%!({@3Z3UmtF(Xu(f;k_OJ+wV2>8Zb9Y+q)`qQ0`9gHc1p9%GL7B3)anUk%cX2ql5|Ty
zXB;%yD}NTTvZU{WjW{zE$lP-d>8O)*3Nw@5iA}X~hiVVpoUZQt(>F^EI_p*`Q!S{0
zW;Uu`^@n(!)fhH4<2Fs5a7q<7G&^`jfLAzF>CmYhg!h!H%1K`*^6r*h0
z6XzumMW;GoSg>kQ^A&OD;$oO)9)nkvnkBzT?)xc;D((-?_XFPq&RL|M@4gASSLFJ9
zUYxBv*NJv!pqrR*m@9Go3kO-KrPi@Gb3a~e=Njd_$c0Y$L&!y_$`oSkJ)@R){_I@~
zo9UzVssuM}fJ0+3IFS1&FUXyMEq(c7LRq_My1
zk}*X-BebmvXk2P}2z2pJAzWqH+t~2lbA75p(SkD&_ptFC+~aD!I$eUtgJR(OlkQD`
z>adjipE~#V&^!-3c2Zmn20YGB0Q%vIhJu~w7}vVa2a~0Oo!@95{&dHo?_$j*5;MKV
zlJgaoL6xz}h#$FIEW+HA$BjcdVQ4hp_;C+KTP^-z%vag`^52aoUKuN)7jj!SnTI@|
zqw>#t1jI~u2EKOrT~n=leTm6Z*pQPyr>bv*DHFfVBiQ(O-rW`o8Pa!ri8wa(){=Oh
z^ay#p%DAXoL)qZ2S-@Lc4}Fvpt3FV)=zVDkdsgYF^X44r(y2r2ggl)|hIGZDZD{kV
z5wm7}jK%%e2y)*-dd~F_QJ-=f~F$+QxeIo^Ajxc)Wx=Rxi|E
zgON7|uxS8_QhPzW83lp3)4T8YDanqD%#z6^jC!!PC=2kUsA_hRR{ie%mi_ShFo*83py042{I_~M}XcPwI+JrvS73{j8hjRG0r>5J)bF{R*
zdx7|%N9ro2*?GCYg_GuAziep#3`P4<)h03<<~jr@#awIL;;sHNFz~Q0(HzX}wYWuf
z7CV+m_Ff__^N_1`tq8f5*XKwV^nA0SlCZa^bi7bo@<<()0xb)z-XHw1&I_kVA?lvn
zThszYsmxRjDx7MHodJF5iPlOVse?xjbjpmGCnHZ~RvZrrOC3W0D#Bqc(9e;Ph15NR
z%P`F}I^lE=<72e*%n!@ve=&q@TQSEzm_o!^{OA<$
zAo!E2Yf^+w^`7@S*P|W_EWZ6nk2g)V1uN>0EyV-4_hc4kav2?L=u&J^Ff}BlByNhF
z9sBik$QiZ4WIzvD3B4exF%m7-X)Xo_TbPkw|spO>lU+idnm9PJ#7qCMUb0?Ts)emgC?UL#6FunH0O^StUz!ah=l2u(CY
zpypcpm9KxjPUW4~3^qu4L#QH()cGU_#lSr{dEvYa$$q0mXB(iv0I$|MF=Jfw-jX~l
z9&EdfLy)+RV13Q}42&J^FwqClD8k~PFb$2=TCo-H%|n~{>;yh-uW_D
zLC_BUj;#gkf=v+}tiHO(?hR`&Bhu%;
z`zZOZb5`W@GJAHz8`<%J9ylWBu$DS0?xw;>S7RoeD3DMIo0ql<6b!i1G!b@LFM*~7
zZ9UIZU&q4v6t}RT1YfP#aR&9^^``(Mg%0o&U^;Y%-R2SHJ^c{am(;M)+x{J
zdNr;31GnrPhe=xsoSQMp8b%hguJ_Fs3j{3gKQGi6s$90LOGp(^^RJwB+)C;v*Ck={
zEHcr{nVe(XVXYG%o?!KMpeIdk{kP8Y9IYS{}I6Y4k
znUZ5%%XwJ{R)B@iGvTRD+KzH^+%RaHP!22YT7H)b`&CjsvCmg6g;k{cxQ9@ZS2V1D!C}@8;1P&~Ps{=WTU~^u3h019)?kah1TCCSEg|HYh6DFMQmn)rbRlrfUZ
z{PTQH?CN!gv&ZAAAv&`^>D~u3um$!G5{-0N8UfT%t?R(IE*#t$++7iqH35Dq=}FJ7X!(
zT_lFgdNF{NqK;Js8K30ix-N`c$K
z4)_p9Bk)o0ek~=03;*fGQZQhBx{$=|d-4rarDOEwL!~eJpiMVPc7C(^uX9N@w3<#f
z>Sqe!*MVpTHD2C2$RuxK-Z0y2^k6vg>jcZW7XB+U!qmC$;BDW-8GB}^gsK5&=l$sm
zm7C11{!A$`+3I}zA0!isvsY(~!g5oGsbGDwV`seNiQPZgsVWIEWWg++mF1EH~lhlVqO1E
z`!xU&U4b|>cp#T{;_60Y<_{yX~#Pp+E4>N;1<8Sw`gt%kO<{c^t{87yQCH=?9+3ynou9MnZ|1TG}|9?^2Q=Ntq$zwnNt>6aHQ^KtP
z*bv1L!FdctxS~Zbh4Wu|WJECN=H%mkzMt7n`Tv*%$c5hgzu5w)viMTq8^2OxilGZS
z{W^=YALbM>9#*1dNRbx)-?Gf!Dk*(E;Y)->aoB@kJ6Z&M@Awi4$N7j;;9`B%=|+z^
z?CE|w&1tKDgl0fQ@`O@MHx0I*1y}6}2?j*^sQ3}z9Z3V=5P~J>_AFxujV7f;F2P2>
zR5{J4H2#w_B#dQ_DJN)}hE38ozRrzSKoLgD&KPjHmlO{-FR;W|v(usBQl)@9{Knzx
zZt2p-D|bK^cgDXYiqUwddbLHdW@T3@uI>n=``^x~?L3`7j-A#+jWJ0%m{Bo_QUC!k
z#j`abolvZ4jZ)ul9j=fyu2DD
zD=_xZ>}E%OoTRpn&Tj9~KW%7+zV}9OE2majBBml-Wmc2MhM;(=qDC!jB~y#fVT|Mq
zCE4oa3Td~wTM`o#;Zq{>C6l!OI%qG7X!IMzth{`>Y!5M;E?}pVOCS+MgokRvgEZw@
zEobBgm%2IHfc3pGb2Yln^vlOaXzx2E&se7Y(Nh$b#(}#}+rtaKrz=dWzg@olEmbKk
z<1mNQD0G7=8QO^N`v2!u!|+$(ESfNgi~FWq4aVED(NSvSjYtjGXYuTvrgRY?ioQ16
z9D1l3R+@?RV2sui@z8mjyTJ8()Dj~gP5U$oJPtI&A-qV1K#M!a&Wn>2@y|Co5_1h<
z@ii(Etgnt?WvZa+Dr^uaP1mP?*5#c2{%ZepTR=`{t?}_k&9VpG=Z@QsT93KOvltzd
z2CHaHx6bEfu=`21e!ZmSeL2>xV6i4|RnP3r#5%h*$yvIDy4-_0n6WjqS=;sNQtP-51Dh>eO!O+TpU&DXB{kQ4
z)UP*dgwM#4bwaGg=bj!(Ru$6(F_vGS|0$CTelD4cK`NTGHz@(xjJ|z#Asebs_{L4=
z{RyX_Nv*C{&%jlrJg)Ns%={h1p1t4W05JpIUJ7bg%1VN|^#~3H1B#QA);yGy0-8<_
zVS0bKeImaRdpBG|H_RpP?-(3cf7h=41tl0A&Xu;9gGX|ru}H>Bl)edgA~DPVr|yXU
z$4|CelJ#(_w}+ps1!?NJtd=9C<*{TDX{e`l#MY&0gsm{+B^hzZ!S*wYrs~A1Q)-q&
zrAfrJ*bI4bI<4Jw+9R#MCi|x;W3f9`Mji&XFzbX68P*J6^0FHeCR2oXH=*u^rEpE5@)B
zDJ|h#Z2lUz)Z;K)>_DeH{2ou1O$j|Y;X(((A=cHiIjjpu8}L`qU_fV&l|BN
z;?T~^ub#VOa-qz)>If{+^MjQ{-$k@wA_@)TE$X-b>S}d3?`Jq}pu{fV5KU%or3^j6
z1Vt?tn*H=iXc2a*6rM4Iz8)JR(8N?8a|dTgQ!=ONQ%B1bcZP=9_hv1#r@-RiD~M2~
zE}&l5S4&xbMq}gnpZ+e~o}o1xhc@MMzA1B5A}n4m6gc6q+#M2|7jm=Aj?fj@Rh8@k
zT@RVUC>voZ3@*AgX*n{?X%&@vqJtYL(z}9g#^Cy#EnEp@*99cty*!#5wghH4gB#_B
zfRy`G&z~!`ip$O@MXjO)T!S;@KQwIij_Pc#>DV01ywip&oG$mbr>hEjbw*68;TE5d
z`8A}N1`|lL#xgjnr8^(b!~@rv{iLeF*HeI|$UVQA-U#+ck&9989D_62V!KJBM*j=?
zfW7bbHsgDfIqPCsuLKM+)ruF`2d=pShm^#{Z<&-8`#zvDiGsqPAfWw{`3b^~C{g@GC(RV;(M#%tQo`#j`T_&1~oOQ
z(AiS~Z9FlK(;^^13AA&gC`{t36g|=L%l&Q?HLVoB3Z-(zerbbC(q>{lM~rZ+|EyuGE1E=hcd|KEkaJyW4@JDsrT?;F+?dzjdbjy!H}PUm23(
zHr7283c_;7t-AuR|Fe^55yZfgqEgF|;LZ@`s&ZDHDY%Ph769L^U5XqcX|tNUjzUo^
zhpND7?a&`rkD*Pz_BdzSGNJnQQ2;^Tu9}Si=}@y)<8tp$)?)SI^#-18MzH#~$QAP4zEBXEOoFuTo-s9NNtl|9NGKBj8I+
zh2k~zHDV%1RL8aJT8Nmls04>nSh3cqr3iOj!$oc)j*6r$Qz~GKA^_ZNzBl#n+18XX
z5Kg|!y{=(TV{h#m+Mt3BWr_670!sIg+gt}?vW_Jfs5Hk)4S#+>4N>m|vVUUlxY9o~
z=i`NM96jbxOTxWgxIU9)E;75N59Z#CK4)d6^#~TNvS)c$8mk7jvO$x@7~NFCoTkSl
zS&izvWQtIJ+i%{~%^$d`4GrKKHFbA9v-}tcj6TaUtM8`&7=t~_o&AYJe{4OZj|}}B
zN2M>)F%{QJ2QYW~K5QM3?(+zy`F!b62HzxbNJiVp!$4cob)Dmacx^Jp``yiu|SWd0FQC&*qLdEAU%Tw
z%CAqy3!bj0Uf0?5+!S#Vc$Ommykt_N*mD}-jH3drpA~UP(`-P(d5NG%`@@d+h!Grm
zHU8}ooPiP1Ja5E4KLOF|U-H!8JhBpJFw4D(EK&ft(S4l}^qSD3T_f#!7%0PM*_kJE
zDYQ?Np-|6VJk+LSr(3ND7H#WlbT%BCw`Eb!{xQ`JSMcT@9*#?u=F7Be92!Q}Cw{Kl
zKmILkwP)3Qw0RS}}n%
zt7%zcJdjr47M~!4`;*bb_
zJy7G+2j2#iPC1T#9>lVFAq{oR=MR6Gjiq(Ok~rBsDELVkpBdVRgnAA2*$VE-75kLQ
zV@@N=?lmR#inK4%I-W?*uPduat1toUygVAqo-HoMEqHcX6SN*=CV7(qx2<@87jSG8
z^R%Gqn>NY;1T-c-c&4vCtjKQ-+V7ym;Jr>*?h&tP1D&fa_O6BZQsC6h9E0jZvX?f)*sN>N*=Ua?pq<8VsR*l
zlf@noX%RVW`UP;VI{x#+rkb6yvp1*DZTe<(y3!{(&tvaA7UrPG-3^yY!=|$2SU53c%&uQm1NH|L
zM`MvHE!LTuN>2TKO6N4xF2}=z)678|^yP)2?W*2TQ0Vgm1)s;-ilEbO*X?@71!VY8
zuq})k4?lv}m)~XOcCJFJ*g>|R$hQ5OyXOgZu%rTDH5bAf=WQe%es;5T>D;4G>N;dT
zZIzmnD)aB`#UOCGBazr7BOrnON#wX`Nb2;I5)ljKN6(WA^Av!t@mLd~f<2rQ)F@;3
zrfn%7MczDl(c#n?&WQFV=CRO2&|n~3u7D})pgX`E8a-8;3?V%ER
zN=`W0kkTgnQDQ2@Eo+``=RJrJJ0N3)@=FVxtC-y!hEE6qZQgFStw(}x;Vq5Yb5raj
zB0~HD5f3=Tz2K7VCfS<~o=F-c9er_fkR3>f#eg^EkN7h+@`AEqvsjiM51VhR_|LgQ
z65OwEo?IEO3HmA$2f)XBaYjYz_dV~2oA#-2%%q>*;$yv;Bp~?n<&2}~?f=sNVpRXD
zjNEgvpR1DYws8_O)lfsYXOsaQJvy4oF^ym%;WQsHzAVy5*-m%=3*JO)46BGZ|BoV^
z54`__)$z~i-wO4Bd0+H{qx#-2z$4YLlLJrlKfR_USYVe+gaFqCvi3kcGw64Ibj!T?e;lr%$kcM5`nN{7TqOLr*X4-k+Bi4o~W
zVu*pW`JYekr}x{r&YA0(0cLn+p1t?I?|ZFvuZh#qQX?g1B*wzRBGph=eu;&JLl1r*
zAtC^ejclcr;KvCgq|9jDujOt>1o+nh#E_1v9Q>%G?W$e
zeY18K`~s<=9g+tn>3dETJ=}OW?8@nsI&7g2IhuZ3@WgIN|11^e^tGitBZVn+(YU@_
z{`~}}5Q6(N_AV+OCt`<~I8p^)A(DcPOC5(jWz=!`m0lP;Ip7YV
zS5{WGenbEPFV!;R5>Qf7zIuZl0bYC9AF2ReOSk%e=(HbTtfhNRt|%ORsDv4{iU>v@
zI@wr_RHVQM)1gbvPQ;-+=JS?I<7UApH}8fTk9`Xx;v(c5l9&OX^X_q$@?|ZU%|-5r
zQR>+MYu5aXLa#2zDK1?9?Jf==~rw
z&hIK1HQu5j);^%iu&<-lTG9K`ey|Y+$rU3n~&wp&Rt=_Ig~(4*c77
zs8w$4ow{{Mv6ZM*O8M9{*7ojL4IJDn#K+XUEk!yIi})|!A)}AZv-r(=W6VaxfrVW_
z#2Zhfpu^`ZVUfbdK@9I=8}w~AFGb?0=$^n)C;rPP(c}!qT`9_xsSlOXZS)eNM67v<
z+2Zrf82Uoh5IFN(%
z!ULk_RchpP@daHghiKerI+kQZa)!Aun9vrr%78^r%>G>>4wSKAc!Ww3$M|yi__C#T
z*OD9u5d{rCl2?%iN>qRYrDUg%myJ+TZOZNLq@tXZg3udw|M#9>*y_R)b1`bsd(cCo
zN6Ew#Ky$Wr1v@OlL5vhOB4$6IKYnD%{!&suWd|
zpj>qadk7m>I2lffAFKEso6~fe=sLSn4hlV-G@L)2%0!@MYD^)F;zY@^*LbOEX;r6{
zl#?3ulJKFy|9T2k_BW^bAFDrMCL79ngzIQfHHBc355{51k!dzQt?w8mo9mk+fpxj|
zuAFx59zH$vKM}To(1*E(rJ%|>IG&@o*%ccZOpO@#&X)iDT-Lqc;Y>oYEOa!X7|n(b
zks^p2ef-vSfg3_EF<7Qoa?qFcXkd64AFCYJ$r6{ui27)o6E*z0^}hhyq?P{UmG>F2
zzMt7oQnIoV{SY@a_V)HPa%&T1dPXNdcxI|CWXV|NAXpot`MA;KtYKpxKdL`_)>0nS
z;<ob-97DE@$TLAzU+y)VXKNFsZeDfy~hzX6oneZ!og!t5$0p6DTsk6S(MZeC_$-%
zisBHv*P#^Lrf6fW9>N6I3I=HQ*N93P1q!x7uYa8Tf4(Oeopuu%Rl~7O1#R_{5B=MX
zYW`RaeU#<-D-uJ_+V{H|VKG}vF8uFv#%Q71NNzpMum24ys!RxeufIYY@ySzOlxTSP{1-=H;Co@Jy|HMfW_vw;AQq(8
z_8s&Qkp?nbr#|gX3ocEjg5Z$O){@R9lV&En+1HY0){@TZNEqKd7FdVLU41W;H!#WQ
zMIBd+=bKG8P@*?IAEU%8=QrcGV0&Ab;ZnJ|78{bIqod<(PSwP3Gc{I}R8$cJq>RfQ
zmwRd>Ibkku1xy;2NAs0*t8UPTD@L8y9vFWI2R@dI{To%wLe=Wd$5J1j-bnra@655oespr#KL<&Yc5XCNoYAZIeY7dK8o2^
zyRQ-lcDQ7lYb>^SIYL+hNrJsbs`vsc8Lc#{t)vo!?0iw)twB*mER7a+PI>q7kba5+7%Ar|ZTj_EBAJrq$HXwYxEk|bS5Zk3
zVX-oAn2q2%q8NG;a=w~@M#Zo$yFapM?9Y3iA=rdDoj-(iUfusB>1@0yX9vRBJOm>V
zn3Y|zL~HLkwVoUD#x^JT8Q2Ra(sk6SAU(J8yV(OQl*i{}
zx5wGidivHa6*hyT`7IU3jiP2FgHH%D25l~e?(~DL7n3*j#<6M_e$jXrkKNjH@NJ>m
zva2-TZgko1c9k~0FozDcklf{t-op>_OZqZUQ`5wqomKSJKQG^)DW~Jj@&03JD740F
zo3>5dgBt|K$-J2$PsdCP4a|Az&AWH;W~
z<~ZA&AhN^5!;C{2nsT$R1Ycjbv%KU=&&^H#{5)g1mt6i^nzn45h}B-HtHFQE1;Yon
zN;DV?g|celmr%+L1Kl=%qOsFgP#Rwub6**kabB9nc{<_WEH|+5=zDz^c~Rj=1d1er4Kk`zIxXIToWA^|aH!wEQ|N>^lnA
z>jGJo?KaRs#9<_>rW0gaJzgZY+b=&2k}iB-^`L_Oa5cmH*EW9E^}4CPex&_)@t-fd
z^GYlk;Oas0t8<<=Ag3R@xW3#!1QmJatF6zslSUE|ykTv;CF)?ijq3^?)yYe6w5}
zE`5)TnwIvHi{rgDF`@gPlQ#Vo6tGRTY(Eoj%ynE}M4E9?GE2K+A%;Fu)rhv%)lqxA
z9{H7UB;M+?-&a?rr-|wrSUFq@AXqL>kp^QMIA})DiQKg0+0z
ze*L%sF>ipn!1-r@H)3Vcq5cx?>#*!IMxltaj(3==g?QF3Xy$xHc^pv)=w|`(B=*DPJ
zaly4UtzPmoTQg{|xw&~j)_CS8+ELmHb<6FIitAE2h>6RqW`C9vo-WZ~iTBg-?gw`9CbC|7+MZ|<0blxbi71F{9$pkl
zysVYjp>6*;yw
zJyD#*$BvB{&i>MADCxWyE_Hpx{R!rwsXxMW&>nJg+Ii#1
z7rgVUo}U(DC2~7|Z?apf5B5W*&sYzW2pVWgihu?C~_%>&+LXD0zP1r@kd@}k34#jAa|GHaXL
ztBFgvwbX!UKQXvE?YMj~cuy{nK10w92a8$O9}gCUc^?b|8};ybT)Qyn@{~e_5@f5U
z?aEfy=>;Fdrrn|sror9wIN$u!kT9Su^kB(r$3hy5bj@=4IoyA
z8t8CsS=UGsmN~C+3IoJI>ASA;mpEa)D`ZO?e~4W+4}8X(PF6A4eY++xP*9E}os19{
zk|E&Qta|o?V*pmc!n(^O(Gx+g^=;Y2Wh~liw(t9+8~uGL|4CS@7lQ
zp2V(Fu3XTu%i}LFz0j)5)fF248h%@;hTy~d1Y~WGc1oFa-yK)xMUygF9xQj?qKyLo
z#i!`A{dW)aMk`FDFcR~HYT7c_XsY6n+zOLMWv3dvK-BtMH5L_zR&NSC>Teb|K^L6-GmOz#pbju3;F92|9hCr6P26bAdvur@BgeQR0MQ4rqiDjHYF7(M%x3($DKiS1W8cY)Rg%R^P_NpYcL%wvi=+r_1X4*8mXfo{Ls^v
z`-UyatE;PMkb-Lv`{sXF@AZxqs<|Eg)zBmPG5gilZLE6O?h!K?^CSOnp7Zb4bH0On
zQk%Su4eukvyMCXq&xMW|L@Y`TDT3&9X)p=I77@{<^{$bTkbf!Du1ZEUybCUnqJ@@+vvW)xBZR4b_7`-W2#M-EB~y
zFy5d*@6_6Q_>)Ahna`3l-}SMt4BB$rAh5=ZAHdufS<;l99cPQx``xbL+hxWL
zb_}PX4vq5`U-82~Rk854gv@^`0=Wa-|0jgwNx-A@kYh?vh;HHUHRf{V3~bE@Aqthn
zV76o9;+icl0UFnvsah^a0ybT*Td~VwpE)<>DSNgt7OSGa{_NQc3=(U!PUCxTkMfVe
z(D5vJSh$$&PklE;A)VWqB=vu`c*)nX;xE4&={V$M_QG!RF?7r_;aVxLXYK}8
zFxB4#a)qW6S*`TY&fEzPeaoqay2ZZ$
zSW>um4z7NK-CRhT2b|CVItr`7eA%tjD6Ew?M}0xf)-ecm9`VgJB9f_iv_7Qo&efaf
zSFO*?7!}otG*ZMceRe-8^1~!$iiZir(>B}!o1&=(cu`SZ*u%k##teX$E#@1X2Zn|q
z=WDGV>slB{d}tL-L2bUx+h}GQ8k)=tZYoBu4c5>*(d5=x(lCD(m&PZ5ai!5w_MTU0
zxAKd>RG5ocO3p(7H8(Zq4K#mSH_nche|%&;oShk!336W>4U@5O;`-@m4?Z5+1UGSk
zb1l?@?{uOV-w^vLHrrF(p)@ZBp^kI$M7?wpoqQae;|nr9L0$Y<|D+hAr(>+^0dm4x
zpTb=8RatAd$o2b-src`6aos`(`L5hY9t7(nG5hAcLSn4?X^axcmlSqO9kMN6+tF2>
zN0VI4k9{dX9Vvc`fA5L6atv8m#3fCDrV3j;2LXgWG#GQiezu`|tMu?2ly_~8hp|UH
zPL+43@iPT
zf!o`=;{88Ry)h>SN?m8oPFF7oLR}VGR8ANxZmEC+f<$$`VPmGIaI>Kq(H{4n-*9Wm
z=)b|i8u!&_LqXe`*b?G
zrj;w_+_DRloS9mi=ihd7WCNxqFu$7Iti}mVb#*B_$n~Hw%8KXRyxfwsfMSa;oK8-|
zUOm>=k{`J2jat0VL1-*wJ-bFu>u!fC$ye>Ae;m%UBkKH|$e~{NrzSgb7$bS_2CXiP
z`;$j(B!YcRN&my(2<09k9qhTf)7_J8mSn>DMrZQ#OtUs$%2xNGuY%q?6AzI2-k)yk
z+p=aDJS8(T0c_eoUDuck=LkgecTb(lH`Dsk1-u-XIY*Jr{Fnoj8Y?QJleu7N{m|ES
zZAe?UqQt61tGH(nB)p(-fkIZYd!my9MMXu+j3H9GW_i5CQ$ZbC`y9BTVYmoMFK8Ju
z-fR0h0@WLhO7D)S-e^Bt_9STWKx`~7Tp^krGwh`iy1H-eUyp*kwbHVUBY^-3;jf+}
zuIks;qrjhQa|0s`NM7{)~oim?YaW^r*5jG-UJiZffZtY7t|uq*LpXCd3lA&52+
zLiy{B=aqCq=HJ54{~eyUcwLAd-nr9s(lCEaz6aF6%=l)IlY|3KA2Q1ao5K2gqDWqR
z_jy0tXk^X*iwJGd^4cK%dB
zO->AJLpe!6s=_Ru(-nPlkhLNxPDP_WiNR+m_k}XW873d>vW+a>78Lm*RG}1
zsx2Co`gA(pZ$UDXRC1PJmYZn`A?7T!$A%pYLetCnn^Rwm-AF+sd1Zr;R|}9BV`@m7eyN8tyL^
zr+3_gg;e;E_wjJuCbHtG9{$5m@mxYeJvmC?5Ga*AaYFR&NIKFWmDrcgMvRzuvFPp#j~(0+-qa(33zz
z@s*y5iHVKXI~rpAx2GyZ{5`qB2mC^e$Nwyt1iP&0^XJWBgrA>Z)7c_y`)sf_ab{+Q
zxb+#MluKe=-Dxp*TNDW$9N-fyoN=wQtx1xPAFZkb&(*L3mrm0KF0lsFgD7f${{3tH
z+ke}cX0KJmwA8qXLWTD_1^Z@$xWb^9o~$my>p&_5^P(gkN8zw%o2HJc?jqrd4R8D(
z`DK0`D8pRcig{IfE>sD9C(-h-Lf-Y6-!2;m5l&mURCN{>5z_n>jxGh;kC*DMM+>wY
zYj2fBw!W6BUP^6ytRyx4`{{;WjtId$m}G1N!}mRzH0-IA5)q+Hmb;(_m73x7I=;?j
zfpMY5ESZ#P3irTE%I@NLFNtj0oau-jVA{95@!{Zw%y^34&533)kYJ5bqMralhWA9?
zL7!$Kjx9<6(HhbmX;hjK`ze*9u|K7{F%Mp
zPM-O3B)d{zh1#vk9!A)=a+@sZ+JL-So*Op7D%4~8MO>Wj>of0~w)
z^TutZPo=FB`o*B>CXBF0tMC4xC`-VO8<62jdxDaallyPs$)^;4=GKKbYODc}&hueJ
z;is!FqTMR*Qac@$rvz&uv#%pG(|a43@ftZknDF2bBCOcPjK!QJD^!#nHAjspox-N@
zdhd^J!IMV|D9fNqq6?MseVy4KK6HI&p~7vIZ9!fluZCItj&)z47xwuunfG~kR=}84
z5WP}0$XIX@nz#t!0N7Fo=7maLALi?kgx8~AWqxL^2+NJ!KhaJzOH;s=3jh?+7%C^@}&C}_&7q7hehFzk}tEfnl_Z?DPfq4|dk
z9GBMJ(^yu2e0+TL-?W?Ysz%3*=xOs1(%oObbc}RDzuJ!UxFjp=%LN?(B=BdtlT7|<
z`1Mzd<*v*zO!S^~z}~~)i%m$IxzJ~LexZ8p=vVO$BRa=lpFI^LW1wi
zpX!b==-m{!`DG4A13q*+mZ$|5s?#L|I+hYWo_n1LS`von$8OE0Yd9w8&aUn6$>AZ?
z8m{U@j0%>e&BD{Fc&ev(s%hwrLMccxNySMueiUU0T)6JBU15x}!tuz0g;8$jdqqjl
z7&Ojvh^6JuwT_h-=AF%>9pORO0!-$Q+Qh~7OE@|frT)Sx^5{tP-Me>Bb*Z_yxeIJZ
zATP4S?||`AgH;gPZePe#z;#+`AYCW@>I~S3I()>1Od$O)8
zNm9{Hy)KP~3W~U;I)J_uYkN-v+4y*Snzi!=6XCma*sr-y0;s%ziDc&DlL!KGvIpjE
zYo8p2AB#~MXnFSh`N>J6<22c=1pjV5w|`^oqlG+fxcu|V=3;zMtzTbQ>b-m!
zKA9U-tPP*4wornw%Jq2GHX)J!J;qmfs;G#gtQ$GF`s+q+ZhO6^pS9mAS^f=(wa6fh
zxcx6Y055JeAVQ71BKE(O=p`K9ZT^E&;Cb%MQ1-@pP0SU>
z9+9~;9k4YtGm<|i%9KJF5Rx$)IpRh`IkK^98cr(AH9?&f&$3*Q*DIF1lYUov^8@YU
zh933$S#r0I=s^0%OzTa~ZsDPZx5If{TKwDY(usClL-?d`Ga902@)5UOChH
z8{r%xfu`?0GD}fai#@)l(A~p}@_eE?arM+9?FO4g7RB%cxhJLUaCLJA^QwMUUp``b
z2a^7&T1x^(x_5&
z16fdmj&9_}Ne{n9iuEf*JJB8b>rgne9r7aM-^GX{{EW{tbJmaj;RrZq6HzYz)UU79LWv?43*j7jJlb@w=f_
zQFm7M`$8#y6H~g(?YVA~NvSmMABKmNB8gPSUawAQ$rTGR+!YLcN)lbbn{s7q{hsT=
zC}Y87a_L$qiiwuV?z=E;nfV@>Db1YrhU;L{kX|o3Zm2{$m>vSqU*Q@E?H~4G#C3`_s_yS
zj+`7w1ikQ;sHkYl*MO19#Ux_^X?lHX!NlY{WnYMla}QfYsL_=q{?&)|=8+_H7mUYC
ziI>IrL=_3&x5?@H1nI0?iG4o#Vep(&i*nPrUOGZ3b%VMp;w=RBB2dC7fVEOc*-S>Qe|qSQa9v8#+G(i0yDtXZ(IkJFdSh*
zLXUw1sD7kLrD*qpREIIy7^|q__M@ThKAElizFd%7g9t8xnS$XKmLr5ZgUTV1(=3oj
zL5w_#RPZHfB~2VPAH85~EWL0kZR_udCXrHLnOM35gSHDQZ8OG+w@sk~irxwcA8C7
z9vT6kM}r`wfcUEnf6B&D%c!0H^#3()%m3ZJoiyxaN5r`~Q#iC@WAxsuIb}_?%imfuizMkb+XB!WcK27SJ@V0v+S(*yFU=Qf_2J
zC{T=8xPbpg*g7_tRh~PJuLMVDx-yEFz+aLB_x^kM_w(V(cZuK1)Ch(Rtx892SXFpWxB|4P{4s;Izol4f)9Hh&8F4!yTHVdV)LkIH5m-6w1KmEDx6Xf4m#q#GC3*adIc8)
z^nDTA?}1$W+oh33&L{>94O;((V@ysuLY~^@RrK)dhy|Az@W`b>q4IWVsB}?y3iQ`l
zz#*OeGex+vJ%s)tc<(Q#aSe4T7S>;9f!G%V#`W#nw++l7*j~AI`{Wse_>J?M-zC2gaDh~{^$4a?2?kSwGWk2xddn|9ijb-cuv
zCE?FqVAIcWTVwH_s1@k!-j$iJ;L<2&coG-ukoM)SaCk(7q&W2Q>7?L$d`OI%%Bjz1
z-@|{o2P?BrMY6bvo64MJ%o+SiFB;+qnG{PUN29YGszS(SxeMmXRqNn(R8CQ?$}e5J
zBQ7(tzcsWyZ|bzYySV>8vOz-%*muh|8;#7{UOlz8#bR1!9FzVlr^7;~IQ?
z3nQg461f~sXqCYnGgxT3|JT#g?zNnkaRPxTLCJl%o(n_pWw*u*7xvef`cTcgu7BE?
zZvIWaGIh_qtY+O=pf@x5roTR3O6l(5ad?n>6S*n&8uZ9l9QL*9`5!#!=1k)$G^{fB
z^*#FgrTq!0TdEZ#^hn~Nc>_p{$#)*|I+bUfCNrye*iD~6AwL;IC~II(Nvx|9M|aFP#YD@>QFM8b3rmslP}r
z>G0>9uLEtB?7?oDkd6zhfaj-xLlCBM%f*5gIh*Yn%XkpKVP&;7lXdorU%!&e^JmX`
zidX-lA_~OgY*M?nZ@wdB>iY-ZbxDRE6O;l;5^fQ`{$1zcV?HC
zZQ^3L(u_e@+&s^|Es_3_jzx$jE<@UdxayDlLZAAc`<7}`$(qt<`=DQ|c>3$NwH-oK
zh2$z>r!$kHI4j{#;SUQjr-!J;eSq89{=^LdTV?{IQR+=a!(QhbD4jWwGhAu
ziTPJsE9|^Q0=lf;-_{-LHrjoHMg)4~Kz@~~7lhYoy>n~(7A0z!r|z+UO89Vm_~7@f
z1m$k#jO$3J)^c_J6J=d&73kZ=Z-#|$;dF)x2FXKDyKw|U>F
zt*lQs(Gohwf1hlL_OaWaHU#mi(3|%wi{ya|9Q$t^lRkGoQvf+&&(t5M|L1x7Bd}Mh
zh&`QN4+~F#&HVNk_iC*w2k5?YeAaxXj`KwMy%l%w
z-JXv2fWzeos+0a#?fc+Ni|NUbE-Y#~Iu!84=*nxaoW_tb6~}OJI-ATbDN
z+H?lZ^}y>aSn5@%E^6Fg;1?eGz4iIQk&wyq#b2W<8|CM}Co3o|ZLn)dt=pbdN;I$v
zsckDW*a+f#G*IUoZcEo4YJdBT>}q~)-t@l9lwPAIwQT;gD35m5L}$I)bAE^fqkM4q
zrhn7&uObbq@ow+=44A=8IOu@s__k00M`+)t$uGTvVy8cAbobAiJ=S$VR5Og1SoIxm
zvY!zWhF$J;vL?UCNd%GJ2dqFZDzFUp15~zuDSmXjd_UH(RI4&r9WoEJ_Covd*V2AR
zk!6!yz!PHM3_2-wPGfhYN=OP9C4oKpc2&VNKM=t$jQ$z0>2
zKS*s7cTb6s_ZQWjDCe
z7Yi(J?b2RJIL|@0rJR&szP!s!M)>+?mTr`-3#}%}f9ON1huJb)>qFa=fy?+v#8O&X
z+88jZ4H^TChmonTOu)nHGo7YLCbNqVxc0*N+DM!KyCU+Tp8neRqGWBUTr;`EBpuh-(9+jXpXgbJskq{N^2FVrFpug&*TVt_F_
z(NK~$f0AE*c`+pSTj3Yt!wsZjqS3n;gDRGuXigjS->?Syv9kQl!*DF|xQx+)uyPpk
zmuxDC!nicuhg?4l$0MQ{|m*&D!_UHz(KRNPgl8xfa^s8p<{4Utc1L2Bo{GyTK0kTu`(g#
z+4Ck2TfN~S<_NG=EPrQP^^%!nf&2>!6^7|>uHNxj803O*x)RMVN9trrw63pTV-^(HBWfvef5_BcpJ)K8S)c)w(6vEET?=!Esyb|i;JR6bVZ
z;ZVS3mHPANUp<#vy?3Jlkb=)ml%e-p5hwHM4};{n@T{$^H}Z8%42#lZV|cVx=O-G9
zcX@!;S-3h22jOxktcUyRC!=knb
zR~+Thipu&-ld-gr73q+I3-tpS7TaP-*>%}UY;1WiH%@_ZqyVF`zKOm`7hD$qtrt3&
zqu^7eajSY_R3>aB>kfeZ;CPj8aoYi(J+|*r(fu34JIQZ690iCAIL0?`<+y!qb@ivX
zy#cZNYqrb39*1uD5bDx37E>MO&w$D<0({V0v4TxVig08!S51ZpmPS;9UVz&@lkn6Oc6^
z$^y=!$4}4&S2!^_P^YZG=j7%l02Q~`01~=S$ASEatN>|@OCx;vHSRJAb2qlqC47~T
zd(y{vH>$=(W83(h%|`)xW&IVX(ooS-u2h7F|1TX?RZ;)|

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png
new file mode 100644
index 0000000000000000000000000000000000000000..64f731a46505ff363b85801c800f9140838425ed
GIT binary patch
literal 11884
zcmc(F^;g_6)9>OGcXvv0rxbU0ch{x3J4dE7EO@xOVlSsp1Qx^_6&$V#&`c}02pE;tHiD<)}~NO6sg=wUJ+N+c|J#YCT5
z#R#p!PrM|PG5VX~v2djzKiK9=y#{_1d}W2QXZbbNSSQvI^)$x!#oD(>jNdE&C#IseL!V{ptT%L;Zj~GX
zu|vN|s{SEiDM(t6AkVJFWIXNY5#IqD?Ya19O(qlTX0gPbXy5=6wa-M|$4CJ$=;s@j
zJSR@^_#0tK>U1+kU)pP?YY^mDimBDBF)mNAtAPS9&_@@_2q`Jf{%$42v9tegq3eEgrK;S$}?xjRn3$$ZJP
z5FD#5+T(u^J%R*Z(z;2IZk4=A7v1XCaC2$KMM{4h1((t)>==)uDtm8sFr`RKdln7y
z2-}tAXG;KeN$zpUOl}v9Pci2Y4m6PGvump9gw1fpPMKyT@%a_vrSLpE2ayb
z9hiz^WtjEC(|!hz*$@ll45goYqnnyxzk|>U;Tz)oy-Ojj1rg^X`2yrU!#$-Y|2BiH
z2m?@;;wiUA(^S7?F~&Gbj4T#c5_D-JImlc43xat;@QK~Fh^tNv;oe~w#Qi{~Gna0tPvAAJt^)^j{50aSQ6yUzFNnZidooOvmo
z+(ay$_=2Egi~3V%{Jz1$mg&Du?xhE;+xXD(EYZ{qq(Tj~@UY5!#}yKb45
z4Ci0O+Phw|KGna{@_dZJaE^~1;c(?Vy5+6u|Lt@w1S<9ztzOJ3N9|)}+Y11&^VhUh
zKV88byS3Rsm$_=CBXN3e@$)jp*=oD#v#RUCPhshHF2sJ5NFO5WHEwiGa>H@k+flm5
zh+j*YD9B)8t&6av93&8+C_&|l+k(cDg~Nrocdv5lYP*B)c^l#9c>q=hk_PkVJ5G`q
z{YO)@RPJ5Jo~|C4<7H}r->VIK07f~s>taZN{ZC9xe7;q{qv7=XH9v1MtQ~mX4bG8&
zI92b+db-3|(^uivpZt;e1v019r}=F%=KmaSeDi+Tvgn|c`CdbI6^@fkpY?m|$%94v
zC_*Rqq}ld>e4FH2g{`;2`WEJnNO=;KbJM>Ulk(d>mhWq4>!13qDAk?m3fE5AcHr5E8
z<9{vfj#1`^a~)*E&CVHRF0ltA>BG7AfB>NM{?pFD^V1at#|ob}wZA~{Rp_>7hYX;e
zPzb}c#QXv}nNnUzto3j2ndMdtX41bcS$m9YKam8H2*;129y#qPuml(dJQ-Ilj8I&`
zhiCbpdi_bA;peb2Ave$+bq_~0cU@N8id?$<{RbF7Gk*eGBP@>lk_nE1IRLKL8l9mN
zr$@(OXj$>67(Qt`jqqyHp#E*q
z!PBr0=+@Bn?}rb2Ym(*N1BZ9YILBmwG22xT#u?_qL5`7xvuIe)!OPVC@ptn>i1hbA
z_E8DPFDBj>)PXm5c%2z5TnqzkGG&8s94lCB1I-9rMfkQI&*yDX=-l~I)Oc8+>LaZ0
ztCD7e6airk5lwav5KRWTwl2<7B!KH#wPcinVr|
z>5hVHEy*vFBAfi(Hw5wEMGkt0D62yW#oz%?Fk_u5+A;GltczFT@TK0&Ap=y-OE&8}
zyi)03W8hyk8734?s%B-#lBwmj9p1C^jJJq~`;tmgtwN;LjB2+WjS&xj6}GKjxvqQw
zaJ0cI?jh7&Z4U$ey2z9PVTxOJ{Y)D^N1g|Dfn7N3R!4=-_g>p0FxQzf`ihE4!uPcO
zI2;3{-s4TtO=6jlo)eP5&iSYdhTd%Q*{Od4fX;YO=oDsY)<`
zJGs(W>=zQNANh|ZK~@E5t;ese$m8)KIx@X^~qh*ejbZ
zEcWr+Y#YzZ*BXg6)3IF>0bw
zbG@%v^trm835%f!;sEMb&l4-L^)~ZeU|DqRs{zn9Nniqk4!m{SP!k1rv_dr)SCR9p!&izBf=j
zTwU(~5#p~O`)n+WV9k!TQ|Zda3w5j_?pE>G&Ujn9G+}XwxR(Wksu`w3i9tjI;iLeO
z1}Pc4cBKSk7>CXlGXD8_6D4K6)QR4bxha%QjT&}
z1>M~=i8n;s|CDxq@d!JVMwX9S^E{pE)=jDv<+=5Jc40yX?O}ADU%RuB{yu0zu>aSu
z>)H7_Lc*>3n*7nPDB0=Mv`$jg_B6Ft)ce~S(~hUTG3&6`)5pl`pyyrN#oj{86u#b&
zuF~Aq-1l-JsU!DK7IQe%Rt}uhAoA4}K{)!((mSsT^lnxeIEIQB{#^<}@jUwm0Lzb|
zp%@%3-WCg7z}+4kJ7JGEA|R&jLJux%iw@IX5Vo9|jr8Qa
zZd$mNY>EExxK}SE>aZlv!LTQd0KxgZD+u)*n2k43p1x`Xo?U@-!0#I|z$Wtuylw6%
zOTW+1Fx
zZ`Y??f472xP_)~2{p*TyAjiWtfe|?U_LbZa(F@-88xW>;Eu8wV
z7>eV^E3XiCq}i5uDC{nTYTUHhR^hC8Lae@=*+s<^e-r&Ju{Lhp{6F?rXc#c~)&`4;
z%5G*lEU->EJq3mhllYk=}^^rL=NO$W77SJ4dt(g3
zO6ye);!g;6M-dtYQ)nje_4NKG3~3__b?ThihPO@{H=S1t1m7IuxMFUafHG{O;(Q$l
z6z=oRP>btD93JyW&jMOk@A8+sYUA$;@bMKou*9dDou&w-N&~tM4gb#KE9N{eZC|Bf
zBRZH##`m0w
z2p(L+MPPIN1LK44Drmv(kuNLBK}WSUNA0V%lqL<5qTdT$MHlmElJPb+PWU0QY8n;waw4(y?9#s`
zz`K@Wp@3PfYkAcBV&&*F#pA7Zpv<`Kut0lfr%OP$@>e&9$ufIVX^owgBb|<;o4`}i
z`VY+~3zG*;&Aj@naF5S*qO_qa-+dh8f>dg?XSS~44zFzUF{8)IkwPO>Nk7-uK_L{5
zgYax9YM`&4`rlAoV*u7rwCZjNpW@PwTJ-OA#LSoEb`ka0_yovlf86%Khyzj_VHz@W=sUDkQA*VWg-3s>TQst`46)4Nnu
z^V)^A=n5RY#lNQ;;a~m0l1!N^_M0qHa$(72JEKr($-zL?=noo|32EA)HkIT?po@r_
zF&E32`gSO;Sd-|`#{wl%ZlGwP5XjekRI_%U&pgb6$KqXqNN_IyQE)zA*D})H)@Bh$
zu#VZafKPI;D(J@M=U=tYv2awD(Lz-x`vXr8uydZC7UAtbDhW{i^CiklU}(;dBye_6
z3LNcpSp&jf%!go;auS8cyKm7OukqoA-8s9dFNA3)@E22;W7HybGY2r+_O`e`hFGN)
zca>-%_h|3P4_^*i>p7wkW0Y7-L-DTJ4*e#&rGXPR$!+UhYkdsoZK}>(9^$TG_xcd&
zagg?f&4k!*V%h9ayEbW{5bK&BEl}_@jtpyig0W?uF#w2~B!~`hnf7sq?OQahJ_YsE
z^#Jx!EmRAInpfYmC9nM}9BCce|152p8*ou88vNvme8M_BxHe_!=Z+=wm&wdj7NA#p
zw*XhY>-Oy)o##O@;uv_jyS+JA1W@^Vl=A8Ap3fD_X_R1?gzV&dZLhGJDAQ2pMn%)X
zBHES6p-8!Gq|$7w;M<1=7F;n2f+q{IujTZlVVkFEqnkN*FOUw91T)ZUihNrjdcSOrDoWSO%L2YBBRRe*C;Tghj(EKgjru0c%X^
zH$#@_2kILwurfVq(W1d>BEdhdTwT>+0$u)^XS176(58uLs;a<%Es$q6UJ
zkFKGv$8DORB$Z*f3*%4Y5KVj~O4ZO`${vwBS8zMN@41D+HL0E+r3{c5AnH$x+>t
z`LH3_=j6vYl2{|YesG<^J-F^1o|nSDC$0!1T{}j39_lOg%+gZTNK3ww)lwENv)DmH
zJ=fDU1N&Iwb;Tri$sdose5?^TN~o1Th)4`E2a0P^WPf=Wecvq)t#+X~6a%QN#yLN8
zl9YsOO|&~W(=T8cT471ZBqE34(=GbR=wUN*Art$@S;it#LvKm0iE>P5I%s928a4dC
z62$*yDbuH!WO~+}{>$&}^4(T5!0X|?G;%=193m1oBj
z9sjB$xuOC|#CT8K+p7wtkmg
zMr;_z(_jXjbC}!=6AyrBvv+?JeJn)TiYOgj8w*h9{V-K%Cs1gwv*+ls-Cl+|_T_ka
z;;+Y1ZRKKJ6+yk8F+{ny@Ib&rdBToN^RMY_(Gdxc^7My%hW#%zP}{A@8)DiSusMt^
zv@>yiGaPgS6M;(9rK}CKmgp;@(#kKUOQx>N+X`yZiv(X}PL}_P-%OXNm$FSSo{XC6
zQ|1^lfY-`Ny*`>J4@?yOmzyjow;Uz4mD<*
zT$HnHmWLSB1x4MAF9d~qw+G1%k=S|V^>{>P<~i|v#zodJ+i$Pg)@317c!IM+3p4k{
zvg->h9`rFj9@ajxFqcvXrUy!DRujcA_MalCA2C>PNdvo0=32)+&;Xuq#ZYV>vE68N)n&E@aGG6zMSaguGAW&#&MyF0=Z6q
zH4#*qw&U^-1(Mw=>Bs3Vr;Ze~AUZB{>*O>hW9M|^fBm6H?GcGjOCs%I27sGpKrDuf
z!jKxI7YHtQLP*M9fNyz@pX})gzV{YOw@a^1|45Z!U8X;b@0mnd%F-|nv&A>$HfJI`
z|5*}o!vJ;R%t>5P`{|PofX%rSyHP8UGIF)H*E`n660(tZ=QN>D<|mVm4IXXm#Fnd!
zlmnds)0);!lR+SoZl7fCEfzN8CXF&szdf7j>p8iSDVQiVWu)b9I?KlI=AXU=^%F*&
z1?LACfQ`jH;`(1qyLqAprL6EsO1E!62w1N=$ix-rRT_y1lso9Yp|HwU-}Ke%4B6q%
zU3zzK8L&2u8=JQp{^}D1zW`&WyP_U47qa159MY}7qad+o{aB>C^=!j{Ly6c?G1
zIu?&{s8qgJ*4*Mh7Oz&j!Pg;Z+lLVnXawSA?|z9aB8k4(6%?B#ZdArLZ4TWS^wDWj
zFtYD`@Va(vLScn8TVC80Y--F)v#hZRr0n3bZLWW6-dYk$Mmmztk{I{cnzt=0E(@rL{oB+TG~OSa!geCDSg$6>G)~a?etBtlo4G
z;-m?5Mx_m|cDKZh!nn}g5T8u1V(8^bpWjsnBm0NY5{Cx(!yrUaI)SOxB=Y3u=ID>-49}1
zSVQdHLM-c*C^{A%z7>`PJydQg?N0;Y)=gNwMcLrQ?5u&EX!?mrkj=DPu9rjC%Z4D|
zTLY1bN*n_C)+LjtbbF8M%`Z6XBKcK-wKJ~qK0&NpCE}k=FijU
zeRMb?QQmuO!<*kO<=erP`?i^@jpW>4IL|6S09*)aS<=?#ckbjnd|dan-8|0n2OxhYq73EqvAY@fp&8zw%*QIK;YjUqiNXy!8Y-Sf4cA
z@&iEWSMR?_UNc_`fX_vB8^4cpQeek2ro~bWcf`&_tn)-(xMCFDjew7_TQA?*j@~p|
z3#$EUZza*UzhwL}V!-l!FlB=%q>z+Ga#rcU++%rRQJol-8cx+REMm5pS~iVntgKM&
zI+%@>&O*8+p4S!4SsX74MKQt=xwfj7+vojin#(&9;fGJvd@k#RcYh$KJu#P}{ki;W
z3guN=L`UHF4ZJ*tLHA*L2?dR{y-FVs3>35Nr8Rc{=>LqBJujZ#SN2=SUY~Dhec8A8
z*K9h_pXi@DhD7x84BZ!9e}A5(b|qU19$$mnGuzy07>fshtuD_%{2SFzEQC-W_foBu
znA*kL+a#>OQMlr`b_&1AG2=}xQ_x8KXiPtsLYYXAQ}#nV4eTp4weGqbIV1jIT3z6l
zdrYH+*}g`)V;{+1Wa8qJF9z8if=Rgn+-uBh$TLzT>$HLuC%(PyJYReAAhgF52-$@eFR;{CPM-1Rd
zaJ-g{K2nBp_}{=05k*<-nCfhfv3C!gw5;X(efh-fYwuzuiQi?&vn=Q0%MISZzaW)X
zR5PO0*ft#4ye6#+I&i?N+z~oQW@F8Z-=q(UX|~hIDO7UzKIJ>Z?LD
zlA1K#UkbXqvl7zt&%+dr(N1QD))mnLA*K)orcnO!`i0zB9F}xyXDVW+PW_9@>2F4O^e
zsy!uvRJ=f3wY?TKsfZ@=b(~ae&m2+7S%>1mMj^4^!{!9Qv`SOb>v69%NPThIM
zr0%+z^)nqNtA055i@{HqQ5Rq
zYF-aZHqRnNWoNv&Ia8x!#03Szzf-Ho9GQuci)XUVf+v^7Kr4j3`w0gLM;y1pKVs*#2gJoaGI*(b|pGWhRz2Pn>We|IIY!
zjZae1!vX(=MKgLnDV^wm2|Sq48biqZp??d!P&(D>zBxc$YfDpu>v?}EnkNZ*?KYb(
z8RM{N!n$LdUb>i)%fC=MZ3D5+&`fuSk%&AnJZ+@$xBZK>aqg
zb5X#&M5z+_T)M+Mw&o
zyXUonnAO!vpVv;yyW@tnVyoU;4T85M^@v;&_+7{LcuxIQI*rtT+DLR;uJcU=0;cHQ?+nvnhvc6*y*|@cgnQTp
zeM|8A_7)&<{EaTTHHZ~)Dv1ykj
zW#@umL8xW29oaWPuL10CZf6uHpWoEB3zx9`%J3RHeDVCfV7STt84w&v8H7A+fRW%<
z4c%@@|0JMe2;D3etVdgeV(4{+BiXyKE{K1{vE6URx;~86K=pTG!pSH8Y864*)rf8y
za6#AHt&=ww^!hZZd!9EqhJETsPka5w8)jfwNlL~|9sT8>^5wVKBYs!8+&p&=N@6~6
zX)!~Uc`poA7)GbYD1p+!hq(LYn*QC{mFNwR#r)_FaTWgClmZxdh5+|#xzVgSraho%
zXYIGe#mE9pc73{#<$lG&6#h3%t0wr?nJ2Umr0R6Amovvd+
z?JK5kp|hEfYGGArjrlA$&7-ez4om^7^2y2v@Y0L=E;G%SwNq
z&q2j-L;Q#8`+imaBPeck8xJV(j}fLS&?tFVAFLLyEFer>R}Wxn&e|uRt`7P5)SmSI
z02*k1i-N-5F@;3&@#aj*72mgimd=L?4%6tx5=LnY{9`gjSS!PaJIl>)H6??Qly|cjAcBej$_N
za@_eq8W9X#6dp~0{?4DH;{lt%DWx3w@p2p=9xA3PV)gwg9`fuO#&mM@><^);2MWX@
z=EtHUl+NBfJ*ZSOM(D>UQVgK~vf1@9dX8H?`oji*$9yp~Oa4G-0&ZiE5-u1YE~|pZ
zcc5Ih5WXnE6Ckyx4VjN_x;LLY$@D&tx2b^5OTm3AZ;F)`
z`Wg61XTCR{PKg;wYJF
zk2bQVW@&Baa69s7Cf^cQk@iK=&pTFP#Lb?*4zg{2JiH_GyS#4ge!%&<{kOP&
zl$rGZkXU%;C!kOR0xBx1+HI@>OO=!C7L&fr0MqP^3{^D+O=opm-=Er`?X`j-c9Zee
z7II?0|$Wb6q>0MWRquIigA+$HLm}5U2iN
zrr>gNnL*?DncG`F0v@SYS7qfr5f^F~*gJK43G%!}
z?=ym9?{-dT*Fwf2YLO!i?cYgyMWD$sScaTVVrOp;i<5%t{^faThUMjGHAzM`h;EK`
zM8ZT*{sYH1zFrgBPD}Eb3?98l?cFx51gn^zqdMECoFsj-bb9s%#WX;{{Mh^ZUpo!R
zmY^oN#HX_1=0SgNr=j1G-@eoUnk^8^e%R@kmVfGcEb8o`Xy_LT)-30paR*-~9gi=A
zn}&hx364X9!kasEWVOmZzNl_iIUGnpkLpbA-9JB^PLh)=A7FRAJ!m`}L{wOrdZPLB
zkUbkMw&M04-js@iyRul(QRi5A&S#XX=M+_)@P
zwb3W~KdEMw9slIt;oDdwyI+U@182C7s%K~I4jA|digcx!N*EG@X&(Kyl!Fb;)M_rq
zDSK4M!9bsuXvIc|D*nvU=G8^bkkbWxC%9A3))JA2o(*UWR}bzo_&*GEDxo@d+q;SE
zQ6LQAus(&>$TT?Z^6`uvh67!UUq_M9An4tw%GiqZV(a+6M*}o&zsmbYKQju^2#pSb
zX~ZqUuxeT-vJ?O-XaN6sLN6H;V1ma!BE3xY7@2(sO=h+H;tIc-1AyN~D5{M2yP7Ny7G)ZKZF)
zFT$v89gfrxR(bdX54mCJ4R&h@?Ek)Hr6afINfgL+V@QAc>~oB_buo=cUNjhk!b~#v
zAeIWJR=Uek53Hj@b2WN2Ek)y#j&Nlu3E&pCS(8doe81Y^K5arSM*|y3;$};!rc{Lp
zJ+-KW5Hw=ndK;>}@pp~HWh)~{^ix4+Xg-f2i*RFoX)YpR>bG2Vzm}4f^31b;hbtmv
zKALfbq{Z=O`2U$`&4o5!-_()|_Hhh(zL(IoCxb*w|A#iJjIl~=*=3Q4FJCM+D4hyy
zn|GNCn_e96sf0&ib8d=AO*Jl>WNZUFH#mf1Bdpo5DoK<+h1z($Sm=*`EV85E{FP?j
zl$07JU@bpBx1Cgj87ZbNlk1b){jpd_-E)}FNI+#`>&X~r**ODx=}}xjwy-JhN$H!{
zK5|MUftKIXT|zca4pCTGSU7NuR+Sv0?&9e8=s#|=MbGXnnNhmfSlFk;zP$VkoBk8A
z?-;LT;zb_oWkv}@sm5m0yM(7=?CW1+z7}`9(c-SW{{MUeP$EfBHpDsIFso
zI^#Vv+=%*bNWe|4*&Ol0u-w1rD@5nClqzsSJ6NTaq=
zerYRDRmk|ezPURz`v{GukvoZg9G-}&q$3JNpG=DZn;X*LKI_Nn^mN5(3?56%uLPFg2~vG)JJHl5b+C9
zs*bPF%{1Mv&KJir^(|BFubD?S$EC4EQN*VkxknOZbRT%;tTpF=5>`NrBJ%=1C44-R
zK?EoOb(JLvi?G4KQ@1_(=c5%(4T@5VlqLQ{5_-tX`I@ci_h-g|R*~mBo#eZbxs@Qr
zL1Luh+;~YK-&lsVy-KoqIm*2Drj0RFDTyK6ejE}Fp%H7qCE)-7il!upfX(;ZxsoQ1
z1nBPkye5*$-iQVj3uxLvGc4waoV}5UcYbu`bJA7=h@A#7g-#)Z3@LBm>l4~?vAF^F
zxTnAB;e}73J&oF&hP*cL!o?htehm9rixOF0(Qhd&EaEF_&0bL;G20K7mC6o
z^t7spE6&x7>9Q|Ai5C@-NezX!BKRm26`kUoIlNJq3kieoR1m&uDMzW|~iwz%Zo4WMI=apUAB^CNoLKA~mu7
zNGBDH8F1{#j!bojk|yF>G{gTO_^<(5OVJ7$=vY`1MNr5amK2xl!m+6*=aVYK@tOSQrDDD#6U5dNA7cK5CrMSCGp;*x3QV8x8cSw-Uz2D>c
zzUO}T|NSF!Opat-Yt5{=&Y3ySL@FyvW1y0t!ok5|fMg_8;oy*H;o#nuAS1q7&{u$)
zuP-Q0GCHnsa0GP!Jl=p*Y0qDcNNyknNu(V_bOJ2oKXi|=aBx&`APG@*ubktb{y7F3
z{%0>bwt2kyhZrSN*P{`%Q9bV%v5WGj;F{ko)B2bXBz;9F5R>Rn{=uT8Dw6W8x1|4THQTpxj~{VJKf5)LaXteR
z6kvX=zrUW>qG&d|IfO(8E8@d*IEJnh+(w<+h+FXM*{8tUH$*OLnp=iuQU1|TY_W$P*0Kbcmv
z0GAdNtXmzfD~-{tEB)NAITpxfsLRAqoS(vID0(VRKgOxG*2VmM|LB_W-R1$IPNU((
z_|;?9S=0(@T-gd-*^oMWy$hS2vs=&Y(ZVQ?VMsw?A$+qg5+5I5)TFmBL-CJhoQGHc
zHV%Ja5h@jW;=0)#jbZRJqzvm4v=3Rno!1q$#i&mHL1_cJH~7%OknZ763z=_G$SPr%
zY5{30E+K&uEuN!>g2ESE$na_lFk0iQR>}*Gi?0V&tfy;!Tg=|r7fw6nUHN>vy3j1z
z1bbJTyPC_O6%f1!^q?|H!lU&tIWA^GOn>M0x)Fi6V-_fiXsBNPAoTbUc=_`m)}5NM2gnu-j*~d*8fyKT;6Wyys8L
z?V{uQi%$3t!3Hb#;efP7e%R>I3Nuuw)^)A+p}VDLryUKBK6!CmfCWNu>L}s7MmyNd
z(eqwn@$K|>x19$W^m(bpKKrcF9+HrSNB>DCwhd8qckxs1jyL@vFJwCC{R7Xa0sK|N
zut(a{_jDRE$CedcAj35Gsd;O(?G^v}!$cH^kjuY<@sd8jwia{$yDK-h{cPuuesQJqL8Y#{O>O{2K;~4V>uoIBv-2ioch2Z
z#O=7|A(;o0up&ozd}Ppi2`ad(z#cv3f|J1=#wa3sZT%Xxu=x^um;gbNVj2nTvOrzZ
zAR(RoSQz+Fw8DVa<BM|4;sh2
zQHN7c)xUK|gMssE8v?*YMAgx*(oti|^lyeK8?Y{cr@m@8dg?}cTAnow(~Fs9{4UO=
zK>|-QJELx~BT+|1f{W4Hg+A$FW_!1(i#F>*!w{{U*-h;h>X|mzWy8BMQ}Ju%y)l+M
zXH$jmkimxxbCD#8#o(xJ4jpX@Px4fID^5>A4{-%^WvO0z
z_7u0iC7-zZIxKa<<(Uq){H32KFp&P0jgH^N3(UmU8oJ}deSyXhw>@6=3>x~L;2*n=
z{pQ(*talT_ogXR%BJO|pT#HC|Rq7?$9sq%eez=Dg#riZ1?IgNwjuin_0VXjjGHQ4{
zd5vN+dkw#&`UfxRx|hgR3D{Kc|4eEmdQ=N&F(XzwPL&#S{fHQ@hcOoC#2`ERm4^M`
z@}@23n9}VfB3~Jpy!+jky$jyK)|bSy&@3{h3yrZ!Rh_ww)g(d8XNZ~B373F%PcKLF
z*J|2@nvvDh4i-5-ZHI|_T?vht6={&M@V^5r+1RB(`J(VNP)GN)jvaSv{Se+#Cv(c7
z&NUG&BFYxC*1o!z4yB1B=-77t)SQ@jp(i%#T4A$DZK1@P8ek0>AX=p7WaL)T)2HO5
z1X!+{mTyxdp45wh5wK&1DfN+|+5k2ryaXTvF*fjsbwcUGp_~|J&t8T)g6d4v$aqHA
z*#CLF*i>n!6+?rYh_{up8O%?4cLH2Uk6^4k*?gH
z5}U=gwb_THkcfY?pYZn#JW=tHGr-XNxFqIBtM!tAx^oR3NVO^a35G3Y0KKBawcdM5
zFHtDk(oH5<9J~y9L+!J26XfO8&rmie&7Q>-7Fi>BA&$b$w>mKW>wG_%qeNzwYK$u;
zF);~o*($Jp?f1WKZ?U&6_K@&TwhLbdqe|;{V|koTz4y~;kK%C9KtRk2Gi7F4SKN{W
z^Y;6sKiS>Ze`)$Jv!{t0n1dF;a%GQS0jMKR%V5T$VU#dw4Lse9v@Vnr+MrI5V{n8B
zPp&b5F4u~Ac~H_iGJ8h~cILg*)Cr)J{xX>8c^cl9z^*D{4ZOAswM}c~;6m+Ha}dtX
zTOg6LwJJpA*nkbK{$RUI4qlMeWuiGrsph8UI2)3XK*N6^hG!|M#t1V*0|E<^wgPI8
z_a7S-))^2CB=%)5uu(Cl3GoxlxebcdRTdd4*g-!&=5@!stx2oe?Lf?9iaSqCpvD;o
zfl`#>WG-bzZJQjE<(p#VT&L1w6vuXBSxnFCLP(t=pnU0WQkKeKL{M5G)C5Q@jZu2K
z8BQ(6`ALOK|Ne4c*6X`PFE4?#xLnYIIewS0c$sSdH-U!nyi(-~yw!c-A?$WzGYe3f
ztSE`XDoIS(7xo8aPz0CS9b9)2Zu7Ejw?)dRyce!h#uwn=lr!?yHktxk*nGctq
zG5^iA!7xY1;h0c`t=2%ai-5ZsdDOfqyE+81Xh1qWNg0A&=J*wt-kB<(Dl9QZ##YDCp&9M(S+gjOvLRofnAv2}030f46&i$>ZnRdx(0
zpz0s7;VRyp+2bOXe1Vx=WU|8_nc($FmX&P(Zl$7L;3JPjxr}ftCE;0f2o~UZbVN|7
zin@Z?sxl=d%J3Q
z#@ci=rhsw{)?vDKi4^Q*>L|>DZs%*0zmwnEZc#)XRvK+c;Zj^g3fOxYD?3zV9$l5TZ(!ir)lm<@1e
z&qAiAY+(EueYx
zuL8z{bW#Xb6)o|&frJTGSieW~@$osY4(x&_<+l43ghUa+HqK8fP2pXX;la{lyfix-
z(s|a6HYt2Zwszany7@8hf%(~LG-cFphHJ2KQYgAuE^Q->@cR(-=18S--f2n{X>&(S
zC~P~9|2-&aqj}M=|6xD(TOh2JaJ618ow;|0P7V(4#cki<^Ko5299-?~o$2(Jq}P4^
zx2g5@c;{{Krqatb&Hc5dQ0&CST~n1S8Nj+hS>O+J_Y9eah6Qz4o;5Y$jm$<-Nh%I^
zFmqmshN#q+)KD`CEL{46gsPZCo>haymEXr+u^pFl8A651IqC|62M#TS)HPfhU*@>E
zp~_O^hceuZJF^jDQaLER)>p%WMihxUaS7woqdRIzy1g0JW{e>-4^UUeD{MzaMA-+T
zyGT5%mayD}n1at}qQKn{`!lY2#m{Xrcj&x)s!<|5d#Dc*9QhPTx8L7K$M`ui0NQ`gu@oT@Vt`@sU~eX79XOY6|s*eC?`60GqTojKaH#Dslm
z+Hy1K=9zbjX;Or%Qd4sbpL}$BOv}{`>Y&l#8w^0`lP@juM~u#M6DpcYur4BDE>YCy
zK$be}oZB}E=c2J~CqEC8O~^&+Gz+`dmXJPOBHLo*n#th*n4#`77#40yr71C>Q{NG~XziO{n==_xx3rW|MpBQ{B-ydZCms6eewsT8UgO^@>2(y)|4a@sPL~*(@g>
zaCO}X4GmLC<2%M;GaadL6Y#2+rz&eyLMWDi>{`V7djJs9Z>G{zM92}8fpr2XRQ$<~
zJQx=>U}Dad74ZmC_)EiSPKvK$Puw5?t@64%sm#F}RtLN{=duhFNIs#b>28ogAO6H8
zm+15wT~?#&0BU$(qzwla+Q?^2$dD`m2ff{GD(owlHL6-=ubB=7F+)5OH8I|8$cb;K
z0x?3NJe6ki3=2eEHa_VqKEy0{B?NA`pk9ZC#uNxNFUqCYk+LIB{*{r18&T7`s_MxY
zk>G}%paZDlT;F%5EoPG&3_&lztln_%V?=emHk~{*kf2-UPFQ5&$G0Rv8$rLg9y?uz
zPYJa-OwAmHJ|v||*4Gxk{9gFA$2NJU+*Zt9ju>S%-GB!nh^W_>@zG(_)!8vfOAH|N
zjvdo~XG3)(&syi2S!(Ro{oXE(*09?me=a4ll>TZd1?r!!$Va&mI7!{T(OUHrgk%RGMqxioN7d1`^F+!3=ZfW(>sK)Zd*
zDoyDF+<2#-MLkVI50bToqX$u6T2H^I>}V5ImumrC^&Y=V7mYGh{N=LqHX+818H%zJ
z1VYVtw+?CS-OQ*w&DHBw4LLJqhBNEz-vX`gTzBK4@)CPGZw}22(hzR$?vZe#=uwuz
zQS7ai!SP%z=FAcmEHo)%nsX{b`pU%R2NY5at*%u1)gtd}GV>*PmPN#20^8gz!3xEv
z9p&0q&?(9FWJ&EYFCN+$q-6Y3`6MLgEmv$toW3N^W1DR)e%Rx!}ZkCTHSLij4
z`6+hGhjG!)`RV|==w^NUcZ~vsEB$n0=V=A$jV_cU2Qrn$3LMpKf`lu)`2|NaRAQF@qaht%rJi}*=?mL`J-Cq-gw85d_q+celqpDsi-`M
z9@U!u&iZt4bkzS(oaI$%2dzJydctjlZuBBi#%LLOBk-(x!3Ug&P^QeR!R#IT3HN@x
zuJgR?2a4IoqTteRELr9ahGUSP&&aWD3Z7XD&R6VO3d4wfd^F+VgrN2Dn;RjR;i{-e
zejD(w;Y?F++>iM9_*x#6C}f{M-}Usk`C+YUuUNHAf99xficn=du`R`&&jeark0qF+
zdiZ~41DmB3DG5ienvQ=l~Uo*
zY)7cJf^^FwQ==X?`O}TElCX~>C$6Er1I;ZvH`!t-(*0$lPAp1jIx(RuQ~e5DAe@)w
z-z-YGRIw?x>Sgd7Bjm*raE1(u&9wMha5c~d5m9+RTa!?HbIKXQs}IP(9uqqxY%PqL
zK?h4&NXi5l4!A6Mrc&-JLM`S^l%rIE(q_Ig#MXg4%PC=|7nh463ofg&ZDrzp_6y9B
z!@Cs$wKm_-zm7KetqvBzT=TR6F4aMo>0BIHg-7a%HTJctPX%rATCr3=yX3p8y5qcI
zyRi0_CQMg}$U!kBSs}H@Q|jwbJhT$b-^Xqv_@;l5WT4J~z%;q}q^nwv_U;t9me3UXV
z;Cso|nbO`s$xMYn$uYF-U(FIMxX%YaLY$z7uIIizcfN36Y2qJoA4lfO9iG4n*@k^-
zEPCgaMlYk}ANObTJk$zLUr|)X>-&Sl!`{l;Zjz#0b7CJOuQ#s^HnGQ@4@}cmb}YL+
z*0XZrjQea0RnB>iJty2N0TBCQf5U)>!0lIvRViS2^e&V0tIF_~KGJjgkf3sb_g^zS
z6vI?lf^f&oqX~6H(!5cM-D}WXR3Zf$Fr94umr{bQXhM0uy>1|m%}9Oo9|--}KztEg
zC+b1d2B#u^73@8)DLawF+fANVOnuF7(IfjO@0mnWY{{(9Tlvf_aJMjbhLCy@cFHH5
z0G%l;75|UroKFg#?TUJ-Ij``LE-ALV>5xE;UThb%KbVxXj4DJ*vYTS|z4ajdhf>%(
z21!O6IBLGp>h1DRO$pJA2XZf$ob?GGl^@yxbmi4WOi7f!vOu$%7rdrv_Tj}m^x`}h
zib>!G>cdv)9Nx4Yexfh2*aO>GTDjP{HCs35ub)(xcW)^Svox-QZ2PI$-kJ77?E{6%
zs5x1UCTAtbBA=5n$?l<<1#!bLER)A2fv7V6-G#HO{U8CyG2~bv#asleT;1DiIxSrT
ze_srs9=$H^T@#FFmZz7G6!A%q1_&(0ZdPjnYfcC{B|V(cEoF_=YZhS-8^HbqyWF&1
zgv#mwNaJ|$o9cT!EE`xF3b_DlXoBm!;XoNptTpxpA2QP_Q`1s2)kH47Q0Ru
z9xhKvG1jF6054esM=`4Tvx1(YXCZ%5qNtk|0I@hl{q!!%+E#@jO~fXA=<`J-ev{sg
z(r2O%9|zS#J^ZD-9KO-3yu?SgWezWCO-ORtR{LD~AG*k>gaw2T3+8)><+Y
z_B}!)T7>nz3tH-1rX3o^=HlEXPX3x(Pe&rdbQYE(wcuoJe^{vVSAxtSg2pkc-!i4J*JDybN4;+MrzDNbwN%R
zL>#Nt{5_weJcD%!%|qw5V$!fKQeanmVuSi=%L8@SwC#7h(1l%)|Hx6hD(dJTB<#y(
z^{XB<6`fsgf>Z+`<&7Gab1m$Ow@L`-
zG`Z@D$@p5u{xk%@jq}6o{B9d9(Ont^iwX13U0i30J`^R)83(3Ro;Vg17IYVv
z;P7l4?C1gv-Aep-lI(4EAyujZ{6JvqP@;yROj<$8JHykzqe99ZV(*7+wF#(yORbE!
z6Da&{`-G~NEJmzRWyH9nkI$XAaHkD1`IX>kEltfid
zH^nz8j6E}~yR0m`hqF)wY+5)KWPwgvq|knvOM2HF_kNDg=5(czjknvao}gf%W!+un
zZ;=%|MslX#@+KAaM6qg;ML-vUUbN?WI7zdv%J%}tm5jM%BhzS$uc#2CTlfZaS=g0?
zq3zh2bN$a0?t(KrFtaQ{x{rt$uPQ_!FH
zCTsy$+3R1n1|s3U-krV}-a+~?1w%3a2QvwaN=qXlB3?#}q2R843wh61#wiG-ZDbbD
zBB2GLCX=*M7n5pXrBtxX`%etOJkU@l*
zAI!?j8lq2~d9L(OKo_4f3a0RO=Zvot1dD9^hU=#kWtTa&n#$$*D_j%hXbHk{+@7cg
zjHuQgN%C}oW+uOgbLD)9BhlbS8H&m;W^=`4XUgoTNm^t@=t0d1ZbO9AIp7Ta&=PMx
zFwud0|G}gFRLN%^yTD=Rqsu$fsaSC)Q=4Wn_DD{Af3uWP8YLR|xoq^2IN-vbpHV|Tl^LQaEAxUCsZhyM
zaorn;Yu(nv;;{k@BzM{u`yDUJPj3%1%M=YpAI32Qd0~te@+&xzBZrw?C`WkJGG3j2
z{qGTZLhhG5|J&ZYmj|OSuQ3bvmGZUCb>E8_pxk~YEez%8y8C%n{aF19@u5dG{WpsS
zTF{eo;b+rh;Q)ao+TOXsIPhKfo#5*p+I9YT_4#5zsqN`@*_Lh2=F_XK)qXsK
z18ypfjAu&}+BTw%n8{z1Jl8ZbS>fi6ZjutlOP_IPMY0;~-eRrnu&ygR;3leJvkoc@Z1nmeE1$6*j(>=kwwrP#628azXo
zXj9`=8&oBu??hyDd(~1ta)7H>Gw@G})LChoTM{dcA0#T@sI-rA&ZG^F4JR=)&NgMe
zjxWl%u;vx@A(LSB7*eLjpVxABMS8!bBfNphZMSI4ycOaFpBhYz!VdhBkfg%LTBNDp
zm3xSBvgJ{dK6fFR0IU;;Le!5Q4P>-t(pp7h$bmOn_cw|M`ecPyc#sAhcf<%U87VuvVv
zt9An@ABLsbVLQno)-YNmvhz2`t?L0^f6I4!Z=degDf6C=i5(ah#ozP3n=Msh+ikvE
z^WApM<45}k=G!edjo1f5AZy{KaSv)$I*s&y0>R^%ufPtk`)(toxZ(J2?QSbU{QcnN
z?wD+kyNAbC%*Xw$4%^z^qv`89apSo%l`W|zLQ3wplWPJk*iItNPA>J#i~+Ty8pAT3
zj()S+u;K4SJr;(013BqZItk@tg_1hQzwhsT(*P+95e`<;JeidRv~MD02DPQa)XX}N
zL3+s9--d^xQn?gzQ=C<_sNVwde3!>$m}En#oNqj{ch5u%y-;w`>a6@C5Sc*Mi=?7G
zWj|sJWe^2-Y1#|;Al>e&oKf#n-|8^!78W$!P8(`g;6L!aIT$U?5wPJ_yYnS$f5pW%
z$50x)yn3t~Z1wziT;N|t<)3*J7%1U+^~uY1DMCP0M<%>FxF?CdbiqYp$V}B&uI!*b
z?g*GNvMR$nl}Zp!tF$T!{4QTsokEOgR@Md)F$#%H6E&Y=iC)^nsHC9Y+OMn58!J69
zt*+jvPL*gO?-3EIZkq<@M(f&gCBFk@QB@P)c}kX0@?_Zw5o`Q?#$Sw|33-pdNOqSH
zZQr^j(6s$a8slh7muj+~+C}}t6yNW7kQyy$t7h=j2c50ooKgpySjes(mjAET!v|tP
zA1+qd=<^3-trx(wj=+eAr4k!$!QXAj*4HL$$_<8dkncsOY
z%Mmdu2s<`aays#AJQ?0FL&-*XJuG3JD9#}DrJa$Jvn$Au0M{IF=vXw=IsgcjLT>anpba?OE2G9zMxN94NoTV`ee%15{87U3NXuXjAZQp-B<
zG!^CF^)2avfb<4#MHi}4vLkiVqhhKIBkUv<<~`92H8Rg5-D%iK5zt~;q7R_Y?&URD
zNtql$@>6`0S@aJnV0;|0I7%H!$g}Ea@DbPO$%R*Zu^t(*4o;#9KWM~}?gt)+s*JAp
z{xZC#4M85-Va8IN8h6E98wd9Lpa!q{eN!shW+T&iB}ZW4jNgtS7Cs||OdY1`un)vX
z_O*08N=*z>U0J@GYxZ2(QxVph*D}O?YGY_l(5q$7ct4+3kJZ;wv+30|%M%R@yUN)Z
z5bCp4)~DBE^>l!7-}>*?8n|Gr=&Eb#-Bm@9E$E8#oHVmaX6<3BsT;E8$fpnjf0#%#
zdz}|UMKd-4NHAZ&-vrx}Qqr;jYnZ~3pX>$~=*KKqLgJ)4a>rB0VV1?$n_#P?*`6x8q*5g|yhe_UWy-NKRqX(v*TGH>B^s``_yLIhM1wwjdjA!&<;gNbC6;{L&`o4f}%$5jzlf3_>aVe(2dGttH_RZ_$l`xp`0GSd%
zY`|8eAH6IXS73t=Ad(i=Yz|~_WL#z`Nlh46=4+v)e?w`{C>feV@sS`&N3$vLV+TRj
z7xc8{TJ_1UXH6MdY-$?%-A>wW*0JH;d%id;->C&nGZ2t*Vam1Eq*G9M`@(9dz>biq
zTry1Wwh(8gi+SynnOP-jxSfvdvTJWGkaU4R!5?&w^>xO>XRRvZnfDCBm88H;8R5MC
z*M}(n5DPmo=j=_G70H4w>*Gp4#w!P4?6uugegyx@OStZBNgNZKF~Zc39Oy?bMnabm
z?0T1KuY(4eMFq94m5bVp>BZzyReT=XD%Fxb*@X$&ZBy|z$jVBIsV>lzskyP*aJakt
z3CxU^P>7D$dCRu-=#U5efT{U$JWeJJ5VN4glolFQV@@3Q6QSHanC(URnT|`nB|*$<064`#~{yH@kS%B*RyKuY~cE=r+}d
zHQT?J32GjpgBcihUn}S-agc;2@`xtqOn^)L8#5E%@|fmnJtuSgYR^#WY+8
z<~{m)*`w4fsm!?uJU1|p(FiyC{Z=)_Axwn))x|Ol^wVLiweLjv*O+2BLIo$O+6-wc
zd(N2FME>{<6kyK?i7-inEm2>CbzWVjZGk6UuWR7!lE|p_bp{TI=qtxbQf+C9
zimAd&5;aqPY^UaABml9P6$#K=Spt8(o!z+4#|B++6eYP>D*4>h~_1FRM%i6oC`Vk)(ch0r7<8ghM8RZqXX5}T3!X1#0P
z@!ROsF)Rh7X4Y&&tohXL#r95z>=TL15`lkSvsHRUKv`04!*B8S@_hBbe@UulNzjHH
z{K=b6Q*m&eY`=q#EIaC{pv!TC8(GSLhprS-{cEje+e%xbl{DvU#3xnfwG670F9S`?
z>3&~mYqFngYAG*ny|Qg_JFB-InR34sD40pq^iZTjs#ZL_b^e900FFAZv`@GnZfb!}
z#3<;D53(tR7jKEJ*9)@`Q-Omx4b%-E&=E-x0l-mGzx1<$fZN}Tl{e}Eno+|CO}%Dj
zDH_VBZ5X7l#QBeaMjD*vNFq)Cj+2_Ql)$s=8@}4D0_Sg8mzzMtnjo?
zri}4nwS#Tcr6M%}ee}SFL{eBvtYKInf-KcO84Z+Y!USX-tnyEHPsUCPs*}SZa(>pB
z|73?bZB!hb=T)%PPB{0K^beU7IfRB@Wip2+ZZBYIh7>+C!uEEN&sOTuLz?a}J!7s_sVOm#
zZuQ!&W%m1iK=oML2a*59;&{DOx}!t)h_*Vir^B%t0NI^A8S3Wf17K>sM(Eu8)khXN
zH6saUQ;IDM5A^^bxFUXXY@XF;WOVov!%1(bS8{8Er{^0z&FWe)H^Gn=h%_69MIF4w
zO;ojBIZDy$%LD`mB+mtl;A9Ev{u*PD
zx3>HHckY#CT9Vk1G;7a)5nF~Gw(9!d_csdrI(QPAN|ev{=_Q4%e|0R+)ou7WL;t+O
zU0_*eVl_qD%emS+rtK~cc@mQ8b|%-GpY2YPh(3G1%V%%<0}%>mWDi#j@4a1JYG~yX
z!Ww-DZ}A>fYdW=pw09vLzIbf^WIX#DU={fNJ-xJE?4XUxn(mjuylwxAg1L$~QoEJr
zqvRik$S}d0>==0p=GFYURt@rsIQtI+#}^tn%qfYi^HJB8fs{7
zYzQzaexxCd;(5mS3chBjLpjcR$b5Ol?>kx`=zlpriS`YDlq)UZ=I
zIMLXi+B$q<<2C#DS;_eJ2O>YTL@ispiwmZ`e=Ya)ihpjavK)`)Cc1KnpTP2Wh^6H;
zcGc#;X?Ul?j1P9p##>|ED647_`IW}ZZ3sW{aA6ZjIgr0GguFq+Y+Yo-~kRtc_XlF-3_c#J)c+oZ8AM7U0O&QAw~=NyY);I
zd_;daLImHbX_Vy0C2Hb$DFunSU>01AIjp$d#A-io!GXyHNR7H4#oWl1*H;Ir&Hfw)
zUh6+Tq%u8)muqc&YjrbTK~4|Zr}_`Cp7W6w)R4>RQl>8Hf)OzH9s~qPN=0egAoM)s
zwlGy!*jGDjoylT^mMQjkOATyCXQ;;h?d|uo*DD9F^PQYLo}US7
zPEu`Vma|sF=h^ZtKdxBQe(mplt~a}}QdCUSF$Lg3m(oX5An3H1sovp4_xh(rAW;Yk
zlDkPCrN`zU-1z?MNSbOIj}Nx>8_`k%T#drC?V6~*hyP!Fn!C9Gd*7+
zz<&u-9#h7z)+7en^k8yezWAQo4-XC6dA_6R%b0F+2pMVA+`p?yO1jw3FyNr@lpMHL
z9_{3({PAbanJWcoWT4LOakidoFfxof;s*Bh||zMkHat
zPJo!r9S3S5QH12ML+F1kTJ;z@jNuJg-{WvgY!=)_Ss)_?c$oWQ(0_a7hIO)xg6|G*
zuXo??a+QtSupxNtaz$!vnQKM;Fvtae+3#0|wAf_hac)UdjjbFI$&w>Qe_5pnCqvP?
z;EhX&f%$Y6&=j6P`fm--cJ>YM0laff9wk-3h9kOi1t-H@6xMJH$vs1{@scpE*Z7d~
zGS_)rbe_{q-da4Z;{PF%C-nAlH(S_?)xN70)V|%pVGcZ7x?fuvp)t@Fdp=6!u5(_s
zxfXbOmnQTeH12yKA8I+_krVQNG#pFD;b&l*)IUTeIcu~$-zxt!{-sCgcVG@@>OTbz
ze4qbd9$x83*K1a4lR8TnudL&NpeWyhCC^XeC>@pP_1Q$L;Y0kl{7Z|n5c8eT9Y;#A
zLQ0~2IptJX^q%Kt0XOV=?PBPDJQt(Kcw(vFkX7t?>}t#Yv&)3Rx#fg)YA41n*?;sT
zmkU4U=N!QqRwuQOog6wBr-AYDlz*4~PD%=sy@^a$DwphDwH9{{Mjl4lHDcZ2rmB^@
zXM>fRm4NAGf2~)F>&fDAg?6Xh0uw_vgVyMQSS5vqE!nQ~v6JA0Zn;_^@E`q*Bb}7I%x(2wDaX3vxDi*!-bF>hce$of
z-Z-;}h=xlM-TRs*)2@Y56;?0JR$Ped->`6!91teS{!@(b%Q0jBjNqE?#82IHe!iEN
zX+%%Vv+Z2dq%SgLeysYM!r4Gei~l1gSXS-B?-W&;*|`xRDx>}B)MBw3jS(3(xoFN}
zLy6G_nWYb7Uzy>f{H~g=uA4O#nPq{zcmN&wB<<7jGW%B)hN@e5poM>8Dttz);`i#!
z;qSu{C?i4Xi&Aa9&MY2-=SM?*~t1AhQ_;x}DU@57=
z570?V6iH3EhJgUqG}vkYfO%+9Owl_ymO`@Bw=+%V293-ii8ys(w5ehfaysh-mvj(?
zh57CV69tZB^Ql25B_(kn?r~)l-*EHNRtsvN_0JYa`GGaZTI&F~vSRJ7w+vyzv3E-5hhcM
zKkGXzo%l7taq@mGVy$>pyUC5t$7iu1&{d_&Q=#wMvlacG{~?z=1sdGXw!?ncI%P7S
zzk-vS!Qy5nPX|JGpY?x^I%fLp#yedN4K=?!6^cv>E^a|#>G@~P92q=;2os-)4xaY%
z@5lWTA9EhOZXZWd&7H^dLi&$6)M|hE4++G~)~42%B|A-v-Gj
zDUR#i6HRiBTh
z?;p?FUttMlhl48|GTx%3{8p2^XR?5OGSvGEnyT#*$kXAgX}SsxGC3lW|9s#ipX&TU?|%0O*LhwS5SDC;=iGlM*lUgFXf&sNngW1E{3*3Cvzh|#^;4{fHD*+
zpHBn3N$*(NFyjU0sbhnLs(cO|l5I(|%DUy(^CCJz9cKv(yx;qwW>H+9dey7z
z6Vy?M&5CGdKBr9OhhfFg&{SJRL*A5S$#PfXC0*b(dsL_us)HnK$Q6S~yR%@rnP^FP7UzctI){slGH
z_B!OO(&eFC7YuaK$&$_L5uYS4-RR<9MBLUZaXtf)Ud*ep4PGu5@Ci1KL@RK0g!7+d
z?z@>3h(X!DvrYzn-FF;F45B4yC){_K+-^1bn~J%)7mvA?$1nL}v*Q1d?(93C;a81$
z^!;!DjS@@W&35PcjiX`EAq*pJ7-y=aJSBMATiv|Cz1xT-hy!J2t~SzY(Y0x|c{yT0^JJ@}{F9DKiOaikyrzcl
ziuXW-;%050hS(Uq>BJiOZl{)cvuFZ$rMkE-niJpA5nCm=J_1x%I5^UpLo{i?E{@ce2;Qw6ks^nizb`xgaudm52ETD
zVCl(0Bg1x=yIPu74{QgYFA03d=%(?5Rmn%%&tGe;&!Q-<^X7<=W4mALYDK?10ZT-B
zO-W;nAa~5wuY*T=kN2uP6a2f3RTT-pl7c?e_LqV^whrauE;(&o*&MPy4nlrEWfD%&g3a2u2;NRHJdBnR~E^RcnP
zjfvsdQ*)`AE+%q0*vvH~%uRuR;k}A%5J5>|M`AL|RwC6QHzdW>y$t9SKcITPZ>H$2?xbOh8Cfsja(F|MvE3%@X=HJ
z_YT;}&b^bDE^GWBpw<(QU5~=P?iSAsdDubOx(|Yh
zJ2r23w)wpxykM)8smrxljx)^kl<#s@+5x3hdaVmb%Lo!1C71Q5G-x8((b@lU8=@2q
zR)k-je7I_UG0H>Uz3eXC-2334{pdC#-uCcF+#kR~^FP~K0uPObEeaS?{Mg9Zuw+*-
zZPm88P_0*QK1N`-+JT_ga=%FGI6Ue2Wh{-S?o|MHIeFP^j<&{d>%ASj)n?N9q)^i7
zezfp7|3^2)nDigDoW;k$);xQi)=$|EzNUKckd`p>^<}FswuM39g=z=A{@v;GhrwDF
zz4~G=%s6|y!G&s}_*dO}xfZW0-zq{AZTfU4fut@SoP3kcTIo2OKpj;+A
zKyF7MHNb^E^u+^a$pR^rs((&mgqRnA0tcJ;wJz);%qr}xD))xteBA#25yjQ%F6+yT
zY?Xc&oZ-Hk$=YI#$fBqum$|C+K8L00nw#@*vaskR930ow)o^Y;R;CX^x99#+244W#
z-`kR>14SDRxQzdB0px`aQFDCG6&IY58t
z`W?xOtBa4$$BGIkpWhg05hVS!oZKvpA0G)D?fB*#uN{arWE7d*dMviBrpv<2@c%HSO0r#rg15kp;=|3*o=)4EIKo&wJG~k3(8}XfHyc#YxDFl1$
zD~rGSPl6XGc?FEv*oi|TKl~o7@`BElr*A|hM}I;{cFuslVl{%}IuidEX}{G>p|Y)e
zrVIDQ32_qxhIKh%Gt
zrp40NaAQBSdS~bNBq!Z2MC>}i+jg)cBU$^E3vL--m=V!RJh*S-MGbq2#AWwatA8ax|F
zR=!zd9w|hYvkp623Wywr&is>+)|`q0O~=N_I~%{&esC;mN=6D%mD4BQyf``OH5{Xp
zf9b8l7OHPy3(5xsyUqTuLWIEPw8YG8Ms6Yz8X=3<|3XL*OvKJ^nCGy->F9P5?$~=p
z-$DG&un?wcN+rRzcEZ-cQz?09eyqe%KbqX`ds1gu`M0gx7UG-D)Brfsg@XNQC%yrl
z50eu6r%@Cnf!y5z-syQ1?rtBz&3cWF-wp<1)Zzwj*jQcl(rUG1gARvG(7!(KYeq5r
z=CkmpUhgiH|GZD4|9k-w8hirhzyA@qik460bE)dLGa?5mX};Linu24W>g0@}6+GZ_
zQy`YmE$)c`gUA~#)FsyGaM{hlv>TFaYYT#n1WzB7M7(!Z;4;F2NMU+>AIRQ+DPCva
z{eRed%c!=xuV1uITMD!V3PmeWinmbQ3KVyDDDF<6comAfLvRg&;!fIP#U+FkhoVU!
zXb1#5n@8UNd(Ij6!yWg2y7%nC7_dUNthuKC=3H~@E8i->Qg2MVqz|!0ONeIj3!pkb
zOJBa3E4VUT^x2wjI?Q`=Lzz*#?qIw$RL-)HJVE@FmNGr#mQGKirTAsh
z#uDeIOF5(Sp><-As%qD#{O!L#wVxl0>_ahR#Z4wPRTi5gCf}#1?%t^!t$DfhHC&e_
zSkQ*<+J3VHec
zXRKdm{RcLSrI%BkpX3tO?E58~ui-Q-quUsr7uims6(O6bCre@dOQI2XZ|}M2y&neU
zN)Oe@Bkpt=#&+%JE3U!or*JgzfQ+mnoql_*56SR48cSdcFY8M6Z4IPHplpWRPSY!9
z$SGIfebu(9yshy1I7hSk3<4jRVWR$%i5@)J$Wi2r<3}b|WcK|Fv(L)AD>b%T(Yr2u
z{=h2>9s~C0>N1C9CL1jJ~vuc6v>AB2(-aJU~gz85`RbGB~gw&_KIh_Au=lu_s
zuXJ3`hJ?LCkq$Eq-O3qX4DwUVtDwhY*6U5n`pUHMm~2tjH$Cf6HGVeM#cLde0-qeQ|9SQseVe$?muRxVy)^9eFgNZ_bO>*}T?|4Ml%{6F>*w
zbuRnrFr$IiQtgld!eEHrO_G)-MhHVIDTLwLivzcTmQ|We_s)uS$$!ufUq>xw=E77j
zjrb?K>Z&npNRRUSx>d0pP|(-sQgEtn1%;byUtgbC4@I!16R0(qN|<}#MXwWA9q;VeTBfBJ*4T#a4r!N8GjQFbuSJH4hI=it5gS6S
zmiu#06EsfUyarL7e?*)jxFprKl2Q*sAytZRWE^79`ETblzrpYQx!HJy2d
z=YV-Htt$Xa>@*^)X&65;tkJ;8Ug74_R@E=@kU|fxMO~-U6W0<-3@BU@zhzKZP!e
zGRjs4#^Zjoe8z-n3~Ef!AS&gIjP00!8?5|Hdl1;8s$$eqT+JK!jh&jWh&(ptVe5&=
zolAxF*mD&O_4*m(EXtbcy}j8Hi?O&#!Cm4ebBlpSd8}B&Jw%LhYjpQHNrPAPbXPw6
z!%$WLuOpKXdEXAU*55ts&_8)s`IX1@En=SY_3(Z~mDc5ve-VI7iG@}+ca+nA7O;-l
zz}sdhD!#-j!zqfs#=iQbf+_v%L>|H!J;rfQS&~L>;V4XZ?|G+`g3Wu4ZZ)%X>lccW
zGCVxsG3`F>gfDR)bQN{$&75xJ`%Me?(A1&xIbt${_)@hdg36sL!e
zvCVC9rdyq#-;%)U^mhmDvbaMTzlLe8gxq)#+(Jw1^Y(UE%9+nAlV!&?eMHSEYC|*K
z$nd;=UU@*=G$1&D`GNQvGO2T1ZQ=K62-IqQW=nc8q(?8$_Uo=4F!$V7Mj%G4f6(1y
zqfw+%3O+f@eJT{p?D$DV>wNqBy#%kPy+ivyD&EeYJ`1Hy=K4{F%*z@R=Qv)Q(CY7o
zw_}gzrJDq{XZq;Fqi344knahX696qgsPwJeLAk;#irH~F#60tv@WW5H3;S=W@UwYX>9oFH6!d*QbA&)S_
zxmAqO&RAE!Y8zWo4#@#40uiC|rCK?1S|(`i)rGtHYauc-_S&U8IryEwqNK&Aa&+Mx
z;+e4M6L`!bZ$m|7rv|-A=+t`KtyDj$=lp)>E~MhYYe4r68_&H<{1pZtzoc-vX?*xD
zNO!#R@Pm^>dE@P15Y}Y<2r5wzm_waC?yjFyo5`wl@09fkE9YLcx^3EYdsBuS?YoNi
zoCSH7@7aC~rOG*OfF3Y>vd>Q4#Izrodr4q}vkpcrLqSqAghcyPK0~M9tvAiYm)N{2
zQF0x9Ikg`?q#Tdztw%N5+r#GZ3u%I$t;$d`;^DMU5Jr=Tvk(dIrM=lkREAP4qYx>t
z8kl|`*L}3MP)*eJvJxtTN0|M@affHg4tH-X%^7Q5HS#Va^S*3ZL>FcMBiXtU{d0Q6
zayY+Rw!HZ`;B$X_efjC-OWXeba-%g7-xlJcIK5qdwAff2C;)!o
zPh##ai_zq(j?M14FUT+qnYx5MzYRA2>qh2TA#$<$Na-84;i@F#0a>Sq*PR0fdPbFh
z@MtTb(xI9-k8ZDyCM$D4d901c%J*|YLY%31vQ_?$AwjXEiFv5z2HL4Z^y`3C&@qpU#ib%*wMW2ALdk_bJoVd
zwppI{V3DDpJzFKhgjX~EQRn=thun+djL=SNHNwrF54J8HYif;9ujNww@2frL=zYr%
zlv3X1W}o-O>*bU0<3?XwUVA$9jLwS!t-rjoxti2S_$=+tcS*VJibQK6du$|*)kM&9
zUZ(Ms`I6mXbu>8203PBSKSo$g_366fWmemn)KFDHtCu~Ml_CJZRGud(R`*p~&`uo3
zKb`e$`&)fEn=3`H&+2s(nSOvfCu;#gfyCLhGlIr6@~VE&CaZpsGek=DdufB|*HTwq
z_nN=dtjJYcuqR9MJo;%m?eP4U;oyym$1E=wa~@twK3vi>{sI&I!v^bE7e?FFW{dg$
zv{I%g;qYE_xC&`Mcu9A_cS-Pe3U||WlTV5r!bL%gG+tsy)?U-khmpyP1g(@sf^KM}
z1j)Q`FqK-|^zW~Q^TwYG=bd0irv+((=s`iUm;cKBt&$g!s){8O;%s+VYc(}U_^XOd
zPVU`|sk)+U^bmDDlgi2WF(mIO@z9Aqcey$IQ?im|hvMiiMTzdJNyuJ_Q3W8vB(+Bz`MCIv9`FL?{=h;
z^0x2omlDQkt#ccyuRp4K{_GOD{wO6UQY#Jmm3G)8!ri$%JA$>0hEdPYBAz7v)96f|
z+MsxsRXyR!?zfA2c!WA;{WUcIDzIs|1T?~*G?PXD&$1(TqBWZL9Vij_s5KAIq2m1EP4fdV5LIpbWvf9{0%^T!^itpsHxEG%Q
z+vYypiA>Vp9aejLgoA1(BkT>l8*^3Nmv;ViPYK-i{(^Zn}y$`YNl_1
zfhH+cR*%_-Ee3aCT~3qFSUKH%TNOs9(w@ld&kDhU*WuCU*KCwI)iMkv-twQF^)8JZ
zA71@CEp^)18zXibZc9(EDrU5ggBS1r36o>^K1K=I`PqCX`q2fLL1utpbb1hvYO46d
zEZ2LM7ZM3)%1RA7y{&xId1dC^e1|?x8H`We3AIGuDqb8QkNG*LmKD)5P3PKkvPs4v
zz12_h7P!t?jZmu3kbUY$>|>RznWG(}?cX9DJR5hHqJLf|4*qDsE&f3+52Jo+lCYgC
zA$%JyG5IBp$R`iHVfPIBa8Itrebg-K$L`vMh4XlfR?$G`_(R@N(60>7+ZO-$tCRGJ
z6I_wSmq1$i6Y7wM5=oB9zP@P=1<$@Hka!i%?n7iqCEtJt1dLl=lEdr;X6@pcT*qItu>ZYU-uThW}kr
z^r$AE5BHy(rgt<@1DdH#zO_RL1G0L^1Ahj#&Uu>uqCp=G3I23FKZYTBx5v8H
zI>Flh70vH@=m**S53(IW^C31GLpC)iw0Vq=y^VpOOxf6n*vS6HZ^zAbPdp#9K0VBg
z9iLLkpm`=nVg76-%Pu=Uc0Zw|kB@OhyGrC4)871P>W50=yT2xMrN-9o-tK)T>bL9{
zTV`hqG<2h4Hf)_<*Er7DNGU^^00t+v;fZ3Ym=B3UHH7;6ZYb4t3`Rx7`q^LkqQ8m%
z>n^L@fIUl&$4k8pqGgzYhCbx6GykZvR;rYu@a1VK`5X6w40KtU>iUooUh(CzaSBXK
zbrW14UzBO|H;2S?N#D(}L%yqB3D-=-a8LOO^@dLH@aS*dLr7^RPb=wG%@yj`Xg1|T
z#`YfGh$|C+OQ~DEiW{v^1C6e6X;#Pn@ODyveL;F?ZfpQ=0_oe?Pbq)OSi0(WZ2#2S
zi&T@c{G-DGFUp8a1XPw7uMmGzBQ>L3>WA-R1IS~0;92i8eTl7&i`S9TB*NTX)xNFp
zz0z8LS&JMV_N*>FpflC}-;v_Wi5oE|!NP-c{Jo9Ui*&)_ld4+zmZH
z)V193t2yj%_wqtLii9UA>dHSXR8IP!5Ot$4H{#XWZTF&
z#GV{4GsQE;8zk2RtNW^0cP}2A_mq|SVwnLxXt+Z@0y^bvT(~=Rk$(C6kz(n8^c9!Y
z@lc*5LI)p6@i_Cde=aa1(qN}AurJIuY0*fQRHen_F&W+L-KB|t62tbGHJ@V1PJYLv
z&(JI-SF!0gb#k#+5>Vauc!2%Hj>
z0TDpQ_5m?Kq^D{}qR%Gw=RYRn!uf9Mgco*CZ}>n#-(qIDx^%Q|LSCr=8!dC|NGIYF
zdnWC5?FVNp;nuZ}x?k
z2Z-~W@@o}#=e=}6>SkM;>Iw>91U$tK%)sn#gi7tI^jH~h*Q~kyz;fOA4<7})ZxG^i
zrrFI5rL7-oCrjEsjC{$7cTUkICQ8|gQIGAC(rPDr03=uWlR(b6CY_cy^sUrqLkJD%#$CUpPYQY$G?)LMYBR$YYBT;?h89vFU-BOw`RA`{
z%l}H({kvTMKW?P@|D@aN?s<*R+Kz?}{=8@YUZUhp9?~MKNo;21f
zC|G%Qbtqlo*WF}fO;%`HOQ!!&lP#AI)^?_<~2SPTLZrI5Tlsh<8A+AVIE`2#Bo65ysRj}+tCe-A$SdoAu(q+f|&
zJ=Z0A!X9<5tE)@%L(cQ=*q(6ENn>AsKWO9k%ca2cvr{$0BjEe${u&w@cP1~oMgM&~
z^0+B~<=?@juc-+tkUqFVSBUc%NW(
zzUW~h;?vMB?p8Z->>cKu7aXIap0O$lmbMa2G${yn5~MyjfXJGZOQ!J0yp6sTJmirw
zciODXT`o~VGJjg09j%8x@f_CJI#9v6W$QLKDb;dB<^`IyYDcbmFGUd@Q7-
zZCCEp8yQV(A)7!>5t;e$SkE?aE82H*E=ULe?DKCIyymPA#AHc4qeR^6_65aNeKEEm
z#3x3OR)9135~VZZyRS_8JCy}Q7h_w_L+mF+@AFt
z>OE0FkE2CT%@IMTmcL}sDGT&YPGf?Kz`lYqW|&KHT}$v-iNFD>DPze?DP=w67teb?
zsnDuqKhxf`J{^H$=tq*hvr3?O
zk}dQqqVj&^g;G?d4a9ZkSvNPB9Qsqh__evO8!wF$id}W5mK?|TE9CgxkM2yClTJ$b
zsj04ot?Z6;PZE}vD?uF+YwN3xI2LFx{UVC89s2kiPXvGssN??`ufs{*wiAcwFMfm_%`2>NfuQ>CcKH*p3<2
z`1JD_!+hC?2yYa^yojg-S(xR%+#`Fcqw7z_
z+E{oA^#_JvuQ-_{Ekkz4S;;m*Cex_lQeV~H=qzFTUWk%)ogs#M2~-QL!$Ckxk6i?R
zhDyW(PL~Da>s0IM%8%~jKD@VT%v7b!r0w?Z()=xPJ5tOnnZA(V-ca!Q(e%b#If;y1
z+1xv_HN#!pjm_s!@Xb7fR@>i*GIRZW%ViEu9hoI+P;2d6%j=pjk>`6R3!u?
z!u^r60ZdKq3SAEp{L@&+wv^2o_DU4hb7M|zkYc_#G(E6QQY5MH}JSdhpN}&y|87
z`4MGd5#V>^R}6ja>>yXczv0cDvgHf4o;^(Fe3v2JMof{&M12cjjLdEeDYgh!C|4x*uKrFEuf6hnbnerZZgE<4H0GBr{c}&wY1F!MurkEt<
z9ok?Q47bGFKn6YfG6Ld%NOyHvSy{DYYWO9umYd?Vksg2Zv^5_ZuW1m2g%?$lr4m2s
z`A}vFijGrkaP06?YcpeWTzX1qADRvwYG}zh-nS%HGjb@pZP_M5ZSWwlRHK48CaI4?
zJkeXEb<9QAv@CBn-lC;cFT38Ms2f{Nbem$L-leQhSG#fgw}e}UbSKjcL{D$N+{d+1
zO-bU(-&{3Uj-Ig1xnZh@Q><3l^w)*KDvF(|OV>b%>HSTb5`i$2gJ1h@rq;jHp##jLh4kc$1
zub8QGOq$_U=oL$N<^E^MBfWbZBuGc|GN7?4s4Lt_0sDQeGb{$vfq+Ee8fF3#HVzil
zIskidT{L>@rR*I>uFwwi4PH)Ot;*Kw*T6;gheWp4&yKM=*r~c^PrLMIssY9rWF=m4
z*rmboaNAtgl#Vo%hiA;XVfr-Mdd?NNhuG=9R=VJhdu4UGejNP^*Y=;KYMzF`wGvZO
zsJ>OWHXS_+Z1k%GPKsLcMbFe!+RAql4%EHl=H`R+$*ieZ(Q0OdHeew5q=!Uz80;4a
z6v(zt8JL=yjx^t#aA7|8Gj4ZEGZP;`T^F_mzcTf;{!nCX)w8-fGH_sX#JI8@gz@JJK!%p#oBP(M4J(RU
zXe-@5#>IR6IEq5lcQs9&b&RG9kp9$SP&<8x?l-pC0}VFJ-VojbV>E!L`M!tsAMEe%
z-)j!>J*-#qH1VJMCghqsBvaz;pgJ6&tVaKP(;Mbk4M*)C(|v(^O9wvqczUdn9dxoI
z2kkvlmpD7jNA8A)-wq_8{5GfR;I07d;Ejf>Aptl2rz^cG-Q`|4gJX2j=al`iske-G
ziYJBxO?P}qw4p`9UpI?PFT~T7%`h860)7-(ASS_}k)K+R5L>uE)mO%I>h?O`0%TwT
z+AaoR?D*IuRw>^&JTPhtQqw4Vf$rLrgq?^*k&wJgLY(2EvgU|7v
z=w(kaL>(R0)4IaUN1UyXH1$eLl(kBUu&z^i9&Nu@kR?dc%TkAq7wN}YPnP7GpW_U<
z+I-8|+S#~bNsftLFsFLgrg>zXL71sthu4#tdH==rPvqlyY0F;eSHpiGnqA5!Fzadv
z%+)%fH@ZLD{6OvkgVci3vk%Dsa;MZ`9La*XL!8s8tE{Orqx6uj97Yu}XQy$bLZlCmRkOuafR0La
zySv1REiP^0cq;$v@#y{t=|546hJzm-4Lgn$4yqke1J2}Bt$o5h!OBvw9@MzBXiY%J
zH0VQjBs~O>J$nkrZ@P1Si8YZ95RQGTy6gr=vbm3|>Mi|bf?Q9)_h9i5~t
zrk1xB5D7H|13IOAvL>l!_32V;#xUk_&tvOBuydx5XUlfm>UFeaE8w#wa~ru7WCLH}
zG^?M%_-*&G6ORip%lIB$PZx1*2Uv#o#cz5Sk-(Lt>#_!en?G%8j!Y5)&rfePY~DEL
zxOR-sZ*Myunl@~;%jI`E9Cthl#&5zQN)H@m4l;!OYK6ZC?yqY=e+6mnt(|F2H@HT~
zgNMAYF?HA=RA5bNj#!$qHU6VBhrZm82GY3COSi<_9qD@tRM!{bo*VCj#MyKbU63IF
zidVVmk*Ie)j>%`3cUTy%UVb)XZ@__jA!IETgI+)pNMy-c@2_c;wrYz+wyrwJ**A&2
z^_X-9d|MccY1a{P;!}!$fFyD@Ay?mr?ZvtN1YpeayH^?`*
zm)s662?*EtY{9PCN4=&6-vfJpjw}fnwl3cjI-gLg8ckV0kg#_2@m)}XoqK1rBXyc<
zEy>|y`dy|RD40ZvUwzB>y~QkLdZR4JpRkmp>%QSErbQWCjtp*D7!;O(jvI1-x1QN*
zHM?)WU0Q5rn)Sdy2{t_f9)fgJO`gS5b*{zO*%qbva$Sg~mR8j3Y$oeSM%RHR?|x`Q
zS$R2!-Ea~hYkU(x(XI**DhPH1f=)9{LhT0CdtdcT7owBm)&2(1Ac;&#C+c}U499H;
z0T>3e@^9OoOYeGnd%Ld&K@er8ZGQG!b6b(MH%OXCZ*mA_sXEUzYS`OLM-goRh8_aM
zB9i_JA!TY2U3o2AO+E7LFLxC4+XFCDfUCH_{?ftTnY9d^AYfNI(cgAY!@~5+j#pAJ$wsb8OkF)akig@E?jtgU%T?SX
z2L6CXVQ)0Wi{acM0~OI88em*i?vKYhAltLN)34+#28H}QEw@t5aH%y1Vnv9b$qFuw
z#2S!rK-e8Ow(Mh>b%jMXHhxgNGu4lG;@qp=mUV_nx|9WYY9WtAcPM7At)*gPwBs-`^~#Hgq40PjF
zox*4IP42cSMO(@-F_+kr!;Qm(j@*Z#znj#^@UEB1oDfCyKZ5A*LyA=DAp^dzHN~zo
zlZ*DuD88JgF}1V$Pd}eiOXRAIzQ9lIi23W010zuQ#BBI$sj^nOZKj~r|cX?r1%1l
zd(YcHS4eZ}1F<>js|cl<+(!?<(B`lxCz^M|Dq~l9_mSpT`Iee5slBE#vWn9VIJC7K
z9X7oz7tuU-8adbQpB}C&UfSYvn$&Gpui{F&$0&{Z8Nm(zl3uyl60KMjRhG;!^1-!`
zSaZ6puHckKa}_QR(S=5aHhy6EJ@JasQdv0?crRC!^M#$zVb}9>=Ji-EF%`A4%hB%cG;Ggw%J9^P~Bb7*l7xY}%98gme8t6`TVL&om+6_Ectx6jk
z^^F=_5VJn>PfMExVw;o`ij{Ar7Qs>Db6W=v8>yqF{Yy(rI);W0qJm^y#@X>LYl%W_
z{oF7q&B3*mg&&`~)iZ1aNEzt%jgbiHNg0|kPQyu~{{0w|v&)eec!^ds@Za(aCyK(2-bM7
z6fKsaYVI>K9uiT}bCJ5v2o=Li0ntWh#Q&+A2~a6j0L=f(+M=}pq}+75mx6`|-fust
zuHwzoJQr!RYon)X2#?dDTYhNvS~^9!KyxvJSjSQN>2AuWEA>WdEjL2}2g1N0&9Kg4
zrLNVa<-nZi=AeT^@sHJa&WN(4bOEx;1}~H83b}8=5@;g;MtJoC=LcJfqTw6kL+;=D
z7CK&K$pYG-J|rR$bO)@+;+~tSQUiLigOqZs4l+*2VF>DDQ!;Vb{jTfG8irWuR!_q&
z%FxQRbiATBd<7558=OiQ>2Q4qzpxcyh?|d+5)(_MR49}~9}H@1*D6hucIsaD@OGR=
z4tg1+Oj$QAV+IMiATl4Cs7
zRCuf~Ls&oEPOenip9vJJy^G@#>I40hY$e@!NeIGoP4;K3{}iwLY797`K{)@{)7~kH
zqbcCbM@}UHNT!1T1MfuiaV1%aw2sk?mUh|grCql-J^i#8JQeRJULZ?DZ=%&w98Ka(4%9aN+FP~FHrFA1?3PxvGjb+@^>wqn(!(&{
zgl>|JGMr^lG0~R1W@gvp<34MT6SR)lRDV$c!i50~Rqzs~VcP6LGbl7KoktXRc7URC|-{J9h|0*K5@UWgQb^{6up0fay_RFBw
zmsZv)IJy!&z2~`8&{-Ee@$Z!6P|p=Z>^zZYC$nqe9X!tL~&>!wtg
zBqk)}U%pzA1QsqXpeTst3(a_o;go<7E6#{^?KaWNeV-Z7be^>i
zC4FT`TWr%kBOm*G8@Ypr{hK}MB^o7`%=_wFhtE7VwhQXidN40OJ32DNy`5gwyupTdtL=8nv(}O9`OFaR>fQM~-^BUK9b$6B(8JU+zgHw{4{0HG
zNszoWzLO?4kj2V&g;}=eL-*WW`tEiBiLr2qkf?t#{1^p}scv>6&Hh?te`;%_vM1%I
zo2@^4&DFES=SPK)rjGiqO`HGKj)sf0jqQEMk2)Arj&PtaE1_Le`0Ffd}
zwOE{|YD-O5Sx?+>4wh%tsj1ZYKIX-$S+)37}5gaQY_Ead1@ZB|nc!D${JaJg$;&m9>$kY^kfz00`XV7qPD03ITnl%p~KR`m@
zBESH;{1K6OF#?Yu;tF$a#b?6Z{00HJH3`HaOi?0qq(G>$iEQDcTdarU=gn65)Ep-^
zCQUmyLOt@3M{m!A76#U<#(HBq|lmuFWCUq`9;Rl;@J5KS}
zXZT$wKD?&Y`Hl37U_Hg}%$
zE(KD5fy)Jp>~hMzKS)$R6@Mpkr+N+_$cgE8JdQoin-fH0dW{?#=Y0JX=LiK(*(%!E
zzs}y1Uql6M-~IympA3KXH~@`dpNQc%gh6df8aT0&q;N>_?S#E=(uEQfrQ@t!*PGW|
z>54y~h8^D$_AbZRpmx3`Q;3%{cgGXy9K|ksG%?NQH#PYWg+NPrMSx?02msKON#a;@OECAan{VB%2a1}?5M2OE1AX_!
zwjRlDB?AxvO?I659anw0dJI_T@)lkCYMpa~%WNxyTZ02a(YwXushrqCL-sO*UyaGJ
z_v5|5<4x(>wP`U$l#!UR*|#|#a4QjH7|?5o!^k_#c;$Ge3!U3d7Y9JaY49T2V?bA8
z8emyD4Rb+C@gg^Oep|xuWh`o9H)u6?wAUWq@aziTFhqJ@sNX@GJxABzqki6tFz7P;
zHfV?mFY1F@Vwh-c^5k1PqG~;;)8|NkWnW#SmTj{Ue6*rx=dGK3?@^_5lT@ItD9XhB
zi1Gp|3=a>F^zgqT2tK;2MPynGU>d%IK5R`_yMQP157fPCB55Q
z9KZ?ef!qsV2Tq2zqCOF^H|cRRv#_uO@q(To*psm{E=(5xB
z(Tid;q@$$D=J?Y>Gl{`$iDBy7zPpL6rh7XC(}cmF&MiMa6Yy7U>z^xd;Z+{Dz7eGk
zlV>~f`{bP{1KHD=RUKE=qPX_J=lNz0|`
z_D-sk(?hI`zWrva3|?71r@7qQr?>=5T77SY=qHbSMZ^?CFJjZWH4h7>_b`+=VB|tx
z1%Uj1pL(5))u;|rDpv5~bBrUnp~fT-xz;N#0U)H;GkJMZ0iSdtN2w!2nl#RqA^yA@3;|X~~m+n3Gv5T8D
zj7->;X=KC&dmoxw6t$m0DWmvRNH3V~E~FrW!(mLYEVt&yBdMG6HxdivVDIX3c|SDY
z6q;fCi^SXHDMf26P3I?=f{?*JRFTSF_eJ1Nl0}mFk&aYOUwY$;ZB08>cI7YwwuDb4
z#;z}P9#g??xL&-JgyXSdf3HO*UH^AkLXK&s^Tpp+EbUa@T-ikLQ&LhEdeR7AXqSJE
zA>;qGN=2bRh1+$VwqDz;)m%B^bE@->0k32T<=w%l6T3460y?#m65!h)v
zz7!)dH!}I}1v7zZDbnycB+5q7ApY|);8_a(w2)YX*#4#qQNg@j15u3svq_WSPz8UHm}sI9ZbSA+~*
zP{rZ(zZE;hP|{oUw8F%|hb5Q)CE3L_zfxa`zxe(4@g(H^MHKn>@xMOB|2&ERbK3v5
zuK(X635|f)#jD|g<2^hH2)4DnSHU!-H7py#OSp-+}dcjK9iiiD*|5jN}
z&g-RM5y`;}fl4jm4Dsm_fqCN!chtl17zy7aASZ0g^)H3K-$IW!)dZbl{JrLU*X($qw+~~;2>W!YSoBI
zp{uKla4_u(8uxt_KMBZ`?Y;lpzyS!1E1C%o1{@D??W;5-%{#IxX`%|idj>U9`kPB+
z`jhVsOXtf*y|URjA9u*EuI34B+jPV!tMVrUNTGA{%EUBU#Q)Nz1rFJNg{Z`q%J?os
z1S=1pH+v^3BO~K5T3rYv$sV-6GGh!raa9=mK91q@8_>@RK0A_C>pD3RRTv|I(G`RS
z?R}#Wa4CnH1(o`Go|n3|PgZyii|LUw_-cpg9gHwC_-peU$r+^cBLE89b!!Dr_;0mB
z0sJ4AVw;`7bh=n2hdAA3A1_p*YC9PVpcnJgmIfX}3_n-QX%>*n^6X3@em{olyrNLa
z3;_=gk~O0Uaygl;vXm2|BW*jI(hO`QT%{NCctd646(<{W%4p)L!U#;j9)Oz-oA-6Z
zPPPR(&Dxdco#rdRVhMbUqw}RY5M2_@bASNj9;(u|e{;emLGrH7+Oc7Y^Ma00GE8xH
z(Ad0
zUBI;h$d9e8IFEJqoR<(!8nH@`9)TX@^_do{a
zF$Nt<1_!Mg%*OF+pA&-5i*?xNwf-dOp@)Y>ArCkW?K*!Ez4Dn;LXYHrLbihg)|{sb
zn!JRyATJOFc1|Pk6o3J?50>
zVoMF-(b4?%?3|oQOeV7}4Su+0MZo?_#$*982^M$_AqZf2)KB8+^?pvXlAK3o0;KH<
zqobTas)EniL8JdtN1qFDPu~oFlv<2LZaXV$d_icBH9)!GF_;8FUO_>OSs{v6U?Q+1
z1md}-G+ys461dwNT%%jbeqEez|%sJ>)l)<^RR
zOIwV4Q$>JuIgFRY$%<{~RNI`Zpq7I2iMhTa4(C|f>kowS
zGoI3`9S(Kq*1e&GWw7noSZyhguv+nGa^UD_5A+8G)!2kb#0Vtw0RZbusKx$LOsLn%
zp}RtSp}m%mo0g`wb|PRbwJoOrrrMDFk5mC-Y*@D|hQrPp(F=Qx#DtQT+Qav7hn-<)
zZG^O@2mWiM%czuw#!ElK@bLQa77Up=84RC4KWi=?1F!shqa4w$+_m7=?T#WQBtTjraqAL#bE)
zt!7mn`SFPeH`yIEwT&wFJ1RV)!DpQ7Bs_aS!uV1XAiQp91h+2G`WiRos8k1Q)aOc3
z`jYLcD=FC?%^+5WG&3r5h0Q`ehr)nZfLdY9cP*=ei^Z2qpw
z7Y3oruXDo+0H74meY5ET_-q2UMU2qJed9A78!(sepZ;av@3*F!EJMM59?e5SYjkyv
zNYnhDlb9PtMKscd^+5CyBeC=O?CfOEZ^I|1q`F$OKAIjkB25O-$d?7y6@Iwyeo-9C
z)wHZBw!6ONwfKb!O`vrd5sDfb9b=B*6A#QZY;b{w!g(E%8UU3I&C5GS2lqrz9Ia(n
z0%{)(Z>VJQA^Vl#3gn?+_1Z@5zw;idiLcbTMkI6c+4pI4`dNPfAN9j!&%gobVe~|s
z|EV^^rAvZKG727FcuhqezWEl#GwK`TY*HUAOXPLlWUO}cj$fS?*Pd{OJ`E_~mC3ci
zov4@A2@8BlM|gsr*w^gjGj7^k)V`7wyqQEH9sOKz@yBLdBcB;^0f;HkniHtlSdOXG
zn>&;b&cAdw^&IpAn*9u#nIB!r!fN|k1sPVO_m4a8XPT5Gu@1fU3AgXpyJA`@QX@Y0
zyMhu3BGr9;n|A)Ux>-$>ssw=25jrem*nk{PR6q6n$Rtq0Yg<}U@;t-|N_AY5wDZ39
z5$rXPCG0br)M(+CJNp*4L>&3nYH@>UQ217lDD69>b>6e(ztY}_ldTrT#4K!$Q*b?x
z-;lO>TS3e(OtAvH7=BmFDmcewZD@EkO%ZIu&6*{4V9Wkg%!rvJi!5`+(D7Ghnd8s?
zj)Hr{v%%SsTOqbM+nma??NwnwQy88eFP*RF_R|VW0AwmryT*i(9_3nzZfqwYN1a3L
zZo)3GQNgFoq|`;sj2R!5k0nOajeFaB_78vK&+Zn-@SpO%=&CR|cATU5%P4#feQy=G
z?%swq6O?-Bdi{*V5||A$-V4@RKPd{=2WNtz_miHBh?z`wcaZHJOAVrhv?g5(*_(>}
z)7FrCUuqIwIpo$ZU-l6enN!4{F?+|Fty2xDj+Hl5Cz&tzpJIa4zyq)WGX0QKY~X2w
z&syEc^Lb^;bU6R%RLwHf%eqy^uDt&pq!VJ=>PK{l(95y(-O}3CZDyTsQ4aG>L1>w^
zgAD#C%tN?3Sb4>0fyr5R`Dph=n;`JKv>pZbItmck)cv<5Ov{gn?naApZl1q!Oe{MC
zo2p;lk{rA;uScUL%t2>91M{C(O5YkDv@c-ySNnQ$eLyW%^w(Ziu6m6!z662)RkX#R
z(^h?31wSmg)g_I!JrgJYaw;~TuUYruP*u4*OW~>vudID=8I-bdZL1_A~
z2HtRJy^%GkI3H~MX*E~}hjrwn=1~!1j$fJ&o-jM#i#pqzaf=Gt{&8b)sgGg;3y
z*nk@p(4vV8Qh|p*aI1|B6<`H1V_xF2l%O+#y<
z2Xi_Xj7?7)??`I@6Z+oXpK;9-sjM|6QBJ*9m+gBFUYhedy}SJzVSnOy6z}><=V!pfRwjqBBy&s;4BldSg>|_Y*GIK_t#TiO(?aZ3YFs1H!
zjh;B5haPt0=gc!PgBE){*~evn1WZs0*yA_n{^aK??f7?K5OzfePq%s;?G|I+uC~L$
zJ6qWpvl65;FOnX;24eJjR@xqehbD~RbNJ@<{5H)_irB^Er?Srn1H>V_OaAAZ3Qre&
zZk})50^?Wtm+e`=AXEI2IHomv#nTLU1;U&3Tp00}Uqtv(!K6cDB4e)XVV(C|Ure*}
z?;?B*e6Jb#DadXlpkDCc}7TWu;vde53GT6so6)_iEnH+
zK43?h&6#WwhJ(-GBQk(H{hEZS32>}m?GG%1EiL2`l}xs6#yPjd6l)zrYpu-VlT+(k
zVe)K~2~SnB4ExPnL+rf}nQ^(yY@p7YD^5Xg!o(E!dmZc-$Uop)&VM}isGMZ+#~N}z
z%q&24PX$$Pa*tLZ#tK*hJPd1<(uEPPf@SkU)RK4v677CDV_UhXx8{mLL>aIC5Xzj5
zAeOehE{bej^2Jam*3(xgY}tieC?fco{Wq{?Dcr9%1ue2QxWSgCJ-B8Gy!2*5ftdH~
z`7T|4w9!1jEMD#On_uv7<%AeWgNb!K;1RIyLX3-VS8wF7SiD?tdOY=?^?ZIge?Ky1-6RpZvJvQ>%!+U$~vhCz)vXDo%%oTA>U5p(y+
z0@ymgR^9gqdmJI9pu}*fPP|L}O7bs7U%ds+e|+2fj{T^1#)IYIm$RP9&ySf~oC5?{B}qTr3-)OeB)?a~_wCR(q$yrS=K
zfu9T>zF}@4abH_ok()WLMLo|5VXbqRo}hOU7g#Ownz}Q(eovuq^5p9jVMZ?l$=vO~
zg>3dI)70H6W7AvMlDgfj_5?p9=uDl>4lM8+1P&IpjB68HUlZ4W>XaCW$!Q0R%U&ZK
zte@d+#uw7ispr28Ufg+ScDgtSL$4CE=>U!;E_^f!wpkg5C!Mgh4@T@(jO{F8p_OzZ
zx-dJPQ^1;DD(1fukK@uHH)SYVjv?mDl{3VwOnTyqHJe(Ct9M69#rV(0^eWE*B*q-Bp(-tfI0Hx5|RM|k|l3Q23SsV6n*q%O60JU>4s|jpF
zRMvN?ZEN6)_$9q>misB3)>X2FKI255q7qWX`)(qKG3y~--&pYwwIb#O$20>~b9YBE_1y8%>%$FFYEC878;x;<&ec9>0`e8G0ruj<4|>
zN^rLRusiiDkp9;8(`yQfbY?lNJ6J~X7{xS;W^lHQ1-GuhLN=e5_|OXgF6y4gsuG_C
z6B#}L2HUPRZ~Hq`@NdTMfFfV_Ux5lRZoTQ(H_F|m{U3zAbySpX*FHQ-Djk(B1hvx$pOR-{+5St&gQHxn>xy>x{jRz4vkK
zlW~C~KAWlg7*Kg7HOwK9r%%?R%CJ*S-G;Opx{uh5&X6)UDz4B5z+jBVpm`u19jx0w
zeKq|YFJDVjAK_{-s)yw4QM8T4Q|-^;t*AAn^un@jfj=o&invN6_tRAzd0Q^KV~M#}
zlE|Bs*I3)c$rWPde3Nl}js`*dx$VCmbkwd;A9=(dg#}uHt*V5GP}N&`9ACqtk2^1C
zmkc5p`ZBO%y|b@$rR(Z;O;qirKV1!y@)%|VrdNrceSiuIWhsdm;w9bQs=;kH%YgF7
zT%T^6$i?V0zc}-hWky?%FNcQ}>Je}c;~RE!lP~H7&)g(74}$KAVwY8Svp%L}B$Vvt
z-RJ|;MDqe>lV|Y<#PQWOx<0%P3)bojfr)fi`JHWqjrEx4#5v_weJTYTf^GXJG8+N6
z->@}T*4Cem&PE-*e4=cD?JVFz46kKsSX}V;sS&Fjy1CVC;al75z?51ezdPd-0g_=fwB(;`Q5t6#SP#TMnibeS?
z*CdChV@W{ZiRI}8!CTX8s|=&mqZQ?VuzIOH&i8RA)v}{#?tL60Zam*BGPgplJx^o~
zA3sE!F%?G0+*Dg!$>eW($(vgf=3c#Y>pRY7&vE0rYbvv=?#Bcw5(B7-bd}|R#b{*g
z^fCP1s@Xt4A3m)lae!(>+SBgUOYroB6MQpiaQRsrl%i9_wRu7>6%(r0l9nt5d`LmT#E!vz
zm0#qwE5qE)d-l&7lAtBkZm>tPoy!4Z$#x}sxP
z@kn00{n)|D=4yt~t34zVqfB^I<(c|`ZAQ9RYXQOy(J5eUd}24Ga0^|Kf-@Jw%BRm6
ziC^zq{Y~DBv&URSMse?YURIdML$~zER|S-6?-hE475ABfKy1_Xy;bbZde77iP<+~4
zXup$WSV&%KFh3m77ufZHyCW0SainEyd-_Y&*O`xtWmWqtcS)?$#=S#yIXCWAPp`3R
z5KAZ>tqoWv8bBbvK_MX&WUgz6m`GyS0Cqtj9AspVvNE1V@e2^~IWeyA9O!&rBlN@M
za#2r3MCxudy!30emIXpyJ9>>lIjTiXJ>QcQ_KLG>IG_z!=eE?H-Of;-Wiq+G?x60q
z_%@*@3}TpXAco=iye^Y<8?SN`b90-B@js;l$oEiF?!lA*R1WK997eKNa(|f8vhu)z
z_Pzw8She0oMpyAeN6uLuey?me+RxsYX4wT!FSN)P*)KPzJKwe_VW&8qc;9>l370Y2
z|0J|QDnE=Q24FE>r|qPJ43d~{XGcRq?&+Z^Yj4?)jy2eCwNBnn1fmlJ;6)uv3Z*$%
zYLWtrU5iB^KqV{Oo8lYgNN){wOF```+(S_RadLblafwPfXFazy^Q#l(4Tu1~3I9iL
zxX5Uc>|NfyPDp#_MG1w2P}(_3d=_m#TMI8L+#y?0K|Q=1~TgSH^eK
zr|4LCVGetgl8Oa)ZfBT|$)}Eu{D{I!kBbCan~VW^H$*w_(+xpV-7k{76%Yu;Vp_o9
z{k(uLn0-pjy3^RtK1_Vq#51Pr8GRha(%sEfzD1S4)cM&NkCE
zaTeRV7E}d34zy~vjvn03q`}~<`~rpo8_2R;`=tdZ8Fr|z?OmgeAI3AgxLWGIsroUhtd3`k73qarS-c0L||d}CQ`kXU^)bEDkU}^lq-UgfEdhF<-+3i(ET-V
zS3K#1u}P)hK}r+o1z;-~l2W_LE6z8%RTMKCh*Z-dj)fY*F%Cgy=Dj$2`#k^4dX|y@
z)d+lrkpd|~G}qC$&VTg-!e`~?0v7+9OZ#p<2(C|*C8uygo66KId!U|y5UgXnv%aG}
za`Rnsd^|jpvo?KJRE0tuqe#^BT(BQ*
zRxfIF&f{yfzjg~qIZ_hHgCVYwUs;TEWzM6O4aW9UC$sT20-6fW
zlvSP240{}S>`fb6v^k*W3K*1{1ocIV1gH0D3=40gq)OI^LQXiJ-jl%hpadKT
zSS&HIvEfbk8D&rz2AqP4u5iM5K$&KI5qkd}sGf!&4y5v_+d`M(67}@+#$h_{pil{y
zo>I62+42`mn$K<02R@DFd0NlG`WNr`F@987
z$&=q78W$SiXqW^|{CDbEkQAPs5>bmZz2Vwo`1}vwz_mGn2lZL@pHT6e#?umZjBm<89j*u`6(ME2?Dm?&FZ9%YE@tAzFu{OWjNE!%?sCc)aF
z-E&}10HMM1_hi*{gKh4}NI;)ql|&3GW`kNRt$Ykvp@0q7HgynABjfUGk_*&e0d*5M
z3i;>vC=iL>f4%c_4cGgvW|wt1gUvsy7y1zSMQ
zk?c@SYhj^IWtMS6$5%BKm7<&xwiQz!$JNymx(b3P-)8x>OI=&f{#1Mk_`-pmzR9;@
zc4AZc;|QnhrP<qZ$rlD|J8=?lQaRGWy
zJv=*
z7euK-&0hp_f50Am0u-oY3+0Ss5iD9urjE2SM%n(~V+<9HEP|z9`tUcWmEfE%b-;`K
zJFjWTfSIG><<)kN{}T1G8aQoJxSU~Bdj`ly|4IkiCJ+7pkra3z4RG~+JcO@!1t>e1Tkrn^sA*2ka}~}xt`e&D*uce0Et~;j)B|5L
zawJQTXe(3kcm0@k@$BpGi}hspDqcEugU1uef$8NWYh&%=S<+0(w>rXy#BvI3E{m0y
ztyim=35~lRTkPi-`+GYZd{m%~MY&reRiZ77dT&0JY4q+o5c+M(O7n12>Hc2sbpx^T
zf+m=zjUH2WxjJh=-O-=;2Ael>b`a1KrdI&HbQ91>%MNOkRaEk}V6B7aR<)K3a`&|!
zP*xJSSWzYbl;nF^hx5GWkoDvM;Ns=t{neca^%UJsdW^K5TS6*t|zCD5!gc7*bxV-4II#?AIN2!65_(
z*mSm@5`-xQrkS2y=rQ+9B=Ngj383ouJoaM=(xET`Z;Z)P*Zr6U>IOiYqEMmR8ppfO
zD|y(AnvB9n`=xKo9OHj9Ac~?e=QfZ`UK!s_lPd%Ykxwf(_kuHUjBJ?O-C;j7;F|Vj
zIX;I0Yx#O!ugrTe-4c_n*>WEhST|+E&3Cf0UaGq7h71S
zbPlCenW@0FqHrKF5nYuYHF3#*0L{F`C>_HXq-2iGwdy@IKC@&
ziyKln!gPD+v3sX>2}L~FRc%7@WID2`6#UUdfaH;lgz`unhl9RGvPO?yOZxX6<7;G0xz5ImRa(B3mH
zO9lEE`dC`}M$?#GqLcy#ruLs2-hi9*98M!g?|DTBuHRFk=D1yK%KOa{Zq`!o7YX1{
z6GD~j?ot1z91m#zS9XY!4g
zkNF=tKy){dW|X=ft?BN}UB4>dAov4@03^$nIgZ)^V4{HyqaIn}zhD6HOO?>@K+uOUpkFUCAPE^#@
z9nXFb&M%(b{E?A&K2ereJ#&Kdx0hJ_Z||X}B5pxdM%}N@RMpgS%E~a`@n-S6jhU%e
zYUWo};c$6ugvxza%ivTnS!io@ISi)dr*wxkZCb$j9-ENk!l3htcAO*DmNM4$`X4#1
zv^<)QhDf%&Ugon=$h#gGXg(Wgk!Ga~`j~(+^YHDRYad-Z;oF-h;{7*FV*MgixWcbj
zVXSUd3kwJNr@ell+THX6FTkZ!oS;?v3$S{Y{XgRp}gb~wUym#1}gbi&uxKHXENA*fvRhsR3VlOB
zK#*1}V#1WhGs-=OSn8Cn^tgD-sMYjbUB~g8sVGg>-Bn`YW31&G(u*{P_>z*>Eqi%q
zC^a~#wI3~s=DviJ@o2#aT0~N#^8Ji`WK-Fy)m8Oenpg(V<&VS9lupE$_pMK
zpYF^B;xVWPz?xYQmfMrI8h|t}lPQSg?zH!VI#D;I>(1;KsHq)XcZGA?PlG&TaT4rC
z1UIt#U}DCaXY{hqW83H@e#Kek8HDWSjLmIq{U>)C`TD%wd(T$3&I5loQ#WKY5#j$F
zO#yltMYZ4v4}pqmQ-Sld2kJs8sj0)$(~sXVW3qE_@F?SRa&j*1Ht+pJ!WQ%cg>PDk
z&xYW(#13-v^QkErn@~8(*Ykz^dl1yAy6B$s4iSEI#ad!Fzw2s3vY{PyWxo&1A7CYL
z|2ZT{m|~Pc|H6_g=20)uo!awZeUzx2agE?OKS
zobrhXk!q*Lvugc<$1ixRB!i-l5X|49^>a@k8P0vl4W_G7V__A-9Sijk2@Ht>oS0#=
z=X-n`p67!j`I_X^zn@0{>wzy|!G145#C0wyDXH9#k+xY5*L(DaJ&0b$x_QS5ksh|W
zkS~c(#A%fz9@iJBJ)~+)CboWZe8Yt9I+pt6q%}H=W^3s`TmZ1dnA+>1Ga&}=17B_J
z|4e2(_;ThA3EkYPGF0@Cs0VOdn>!}ou(sXBgRaI4kEoo-+1xwVtuO}uZCUW}r
zh{5#9RW`i2U%}6+T#r8OT>T}Q>Z8^VMv0j$`mEk5Ve0`g_#hcQmdreHGx$DT3zo$*Bn&_f{|;r#T)hcY5l3ANM6XKcHX>IkOsKnW&bp7_?SHwi~f
zZJV1Gwcoz+crOV5GGx8pRByLygNIcN7d+eJh}(hb-BC?XPkV@?22jK8$46z7?W8K^
z_I&@$m7?TC{Cb}L?c28`hifWC`j;vVOiNN-LXAN1nfOO9e|P8nzGC`{Zr=tfBP<)|
zk{V#!r5*mjeh45i2!J5xk#txh&O1mOTk7bDcbDnGUI=PB>_!hSzecp$Uz+=qxskjJ
zH-naK=W|+12i#sK{d&AJH=o40Q~sjg_Y(h4Z?Gm|9UbBXCanm6j5WR)htY4KWh+gF
zn?)ENaPI#j|;(>%bxyw-N8ISUFHFfpne!VsvZ<5_e)zVmd=D
z%Q>dcG2xe@CKDR>mij?E#t1eGMQi!=hZF8DPTqCepx#SJzVQtS5*_6KTjpC^(AnV|
zZI*?`w$2j@cA6Dm?{$e#Bd8jI8HiNDzA{?*=K?LF=@31QS8{QbFqHuAECZxJqonTk%}Qmg_^#S=VlC
zi18lAYq0q=s_gRnVIJ7Msv0}Hjjxe6d7_KU%R5I*`gIVsg}ct15}c0H`X{<`fBr0{
z#3+~NT2?ea0o2C#bLNE>XQ@x&E3Sx)ud1bRKPl|<%nG(b+54qMJX~2_jf;j|w{({#
z)Totv=l~at@)FuCkWEcHI{ZpH`-S*!I$E8?(a|xfUB9i=qo6&K<;>?W#4e18XM~6O
z{-M*%?d&hEk_A0cUyQ?ZcWafaz;;X|!}xwSZwJt?X>*!TZ%p!Os}HvK|IN6aieU(A
zFD3j};n8lJO5cS{zLEq@EQ~r@f?HZ${UvTNGB~$BeGh2V|GWMN>^>F5Hv|rRuqmOEP
zVNq6YXX*1j0sq(h@0h$1BgV#$u%0YgTX>f2CB+H-UCAdTe-xg+
z?J60mjkjSeJgVg-;)Y~uF@|zPFNSM}+(EB(->3P1W{4+*j)7sz@+CUCI4iITz$hQ|
zF);JZBmj)fCQDDg(vzoNV72;RdpL?Rvkjk|$MUq>z5M>LM09d0XU2Y!yoz+P|NYee
z`Fx^Ag{c3WNcq1j;u!xq)qmZj~M;`f8>VnJz{Yz
zOb>BagCRrMIXMka%R*V)Cq9^2Sutt|ZcPaIYJI+Vv2@__!|K%Z{>|Xh$Qwd&t#ll4
zpPrprZB9P_86n{8DdPhIP+Lw;wID()a3Z^_J`Gqf>eLZ|{W4eWIn)8uir7r
zbE-(Ym|o+>n5Y+Xw<@n!n=ou)-m{kkC4C(`=_BM^!ss_*K?&dtV%NCdJ+0}R9!c?
zX;iLr`{T>M^72CAmzRXv<`C{%4t92zy5Q;(!9Ei(Eyt5Oz~j({@1Ll*U+33dAF}?u
zeN*p&0S%lEJE4*fEKQwOwTj)6nWx?Ear{(WLDE65f4_>D)2idmSWyZ))%vUX%~zoY
zR(QS{mE|?`*8Tb0{-^oPj%k*>973Z9{(@(lwoYzFx^;&Gd@@r|=Z8a_I;}mY_T>nV
z{TjTrrV~EFu*}Bm@ReoD?7atGa83D}bVARKY|Ht&9bIOOf7huvFQ3!)cW!P{93Tk0tcQKA@`J-k?Aap^XRu;99oP@r}hQS7V>!~M}==InMI>(BY@8Rtrd(G9^o;ZL~K-KXD%=T=P
zF{{_vzNUKeM7cZFu|v_Dsux7uHV`cDg`Bx|0GlR3w+FTp===9bu;x<&#>Nvh$o`lz
z_;#Y~V|Zt1;v(qVQ0cVO(Xi-?0ha#ot)jHJ{hp$h-7X2Rutv>>T0C9#9lu@k1yc!>*ZRA7VE+>NY3vTGr3s7seAG>
zM8sf7Sz%h_(xiIzK#PZT^F(t!+N|lVd4IB$Ng@%9VU*{QI|)XWUzK{1hyAx`>8ba6
z>W8>1?)c58`e@R!BY}91Gok312=fY;Hu@WCD5|N
z>97^NsHm$5`*t7eY@frQn5rz+LA6)`Tq-Im`hG;nwKTm2dk=+{mtumm?H&s#Rkq|1
z)gXQk?}m0SgMogwHl(*Gt9#{%%nwC5QGj{K7mE~zOJ>CXj5e9&|nbFd(U^6JR
z69g;*ZT&qW`TElzO?gb%r_g*n-OqST()nGhm;dP*JaRw05e#(c(l!f&P`_|~f-=5!
ztLGFwpKDX;bFse1)NP5?`j=zNr&~rasCXtH4m@U@-VQ(Z)1xuQLGO9|HaQ$+NIFfZ
z{cT?^;@YpqLoCz3d?rn_;qzGRW~81ghNQf%Q4>yi3l;kG%_14s%XsrI_zqj_^c2Af)BrDph+QoKpLgq;#wk5Mna9|uO3Yl}XYZ+dzvJM%NAl=5TT*y?KDH^xN#
z)KcaGw?}L!g_g!C=kxCk<4@hxJf-=T50uYzoWq0U)9La`XR<6o&655QTaeRgzR}^K
zO&^Vp`0cHeHSh2r@4(%!9`%HGZH``RWV0#TO?{c&p43)1#c+y$?Ff|+0U@F7*_`v=
zFKDD9A3mTMR^cZwek8g)2XQcC%L?wj;iwhS`1tWvN=k~G=pt?|^@lcDS=niNEfmAe
zQOQ_2NYo46++jMgNP=(>i1Lm$KK^yPiyJN`a6%^fGv$CI0=rbL;^3St>Fw(C`#{0r
z0!9&9RJ~yE*~)A|FpvX-@uZ@zS*V%)u(rnJi_gvOAszA72?BYgsv7{sC>MtEgh9KjbCC)9KOk^ZAs&2c#b=Al^$I
z%*CmhvL(w<#LIlzB8wN1vcjNicIs2_@PgMFkErS$-jZoG%1FMRk+vQh`UGoRu@h_+
z+}!GQfR-Tm6FbkYr=2b}pI&jmQ#J^WZ``B%N*J6KTK$WaXXKa-2BkG-HaVu#E!m0$
z?OM6c3u0e5Ht8T-Oq%OGIF*XSWH~&!HalEM@Y?MKbjy+6v0ZZKt=}K&2-d}LZbZpU
zqdlz?{T}skE?9$5C{&~UR&q%2V7Cj{aU0OPD1*Hf
zm{f3lwQxrwcv^*#_BIoQWoi|gt1<|Jf5Cw1=15t(x59Te=FDvjUp+sq8F
zX?k}PlYF*vOJIrxL2DVYOz;FzxxronB5!$J&~v^9LK6JD3goW6u7s_;3!g!34y&je
z&R70&!|Yh3q;iAmNyS=jY)IYt_n$tn{4Vge=aIt9nxfue5HmuVcqj1{UcB}98HY5c
z2BwNaA*;y9%_eX@MT%N%I7{y4bszb%DT5iZ^7?S*17E-X2oUUQp<87=rvKPrwxPMu(_L9n?
zH@D!;LGdfBvKngwRtu@j$jVPd(|x
zFheN?NRoi*lh5ZPFRR?fUz=)a02@-}FlDFhyu%SO$LxI}cKvr)==_q`_0YKGbkj14
zF1`u|dm^3qru!$#Q94xmbL;p)E3jF>+w!>H2daV>z4Cv*e?iK=X$21dtW0}j>%C+($No`M8NmCFGxf;a`#(z>Pt;Y%2L4f7gpz?te_9Gcu?t!}Zojl!$x
zin0>Bc+c@oj-vAN56a5Q>xcI+P@MNwd6B8OID6}r++a86E46@;5jtJ(dL;FmUD=k(
zLY>sz4vwz}NB%}OKUwqF*MpXAv@D(H1WG_(PBNcumAK8qu&3(|B6(`R9`SrIdRmax
zrrQwH$`MpxgNC@-E`C_r8_`5kN5qtO`8L?_vO}b;`R$J1a_H+#bClpPc^dDZvdx=s
z3k7t!REs2|#x6*@3R%nrZqI}BQE_B|iCN8S8VinnP13xZKF$7V)-bOZ=617zF3=~}
z<`lQpv!4HVueZYM5Rcma8I{R_VjA05ov&{a^^^M-+i)&#Iv1;ZB#_&#tD
zXg*sExV+RojkpgGknsAeFA?ayKi&uA)Ut<|-i`-^lFkNBM8vV~V7O1)c6o-M-_Uj~
z%`ON2kjww$b*{kd##bpx6Fb==q9-<7_KAReX7|7SnJbP&Mhvz{S)|1PN^iXfFZgUitsd{Zu
zmJ@3f8g8S2#b)T(NB=%~w6q^GH`c?6i3T0(I}Br-q_t4zD>*g+v1+>~j7$u*zYh`ah$a?nNu{
zgg_GltK_42L(E>A4L#_+d+e|Q}a(-Zpgx&M5=JL&x{Gt=aGQ+Ww3u;D
zz}iL3d`MJLLw&VLE7f=5pcf{CHWOy@Oi;2dxo^9QIXId^-|VAE9DC?Wh6mf0*M)2U
zs#UL5VxJMOTGjF+ebh%WeH`UX!YhZ)cvMPg7_n=M7E$t=H33(JR;q1@LGt6D>yf>~
z@ykM@4i~~Nx$;owACa#FiBOgl59z2zsf=zRQ}fyHjR!+F4{kr3%+%5tD2c7me;iqR
zS@JBtTTZP>8GBUF-o${N68Eve0M6;J8q{64w^PqD+lJf~?~;#bgoZ|LjjQo^v*QKi
znBFW3I5!;;ml!29>C_omFiV}}<~;kVijz3Bogp4Ji!?%v37ruGd7F^XP(>i|i7kf}
z&`j2aOPHHapZ@Krl#)_Nb46$~flJ^>9Cg!W2`b;1n3%L13USi^PA{yOtC;|J4XO+Q
z_iiyc;-8aus9s*ClYJxzr+9?1;JMqXV3?QnjnaQl@QlQ(%?48{SCMMkO+IRyd4*Cp
zq}X5d`)nOl+-mr7%%9L`m`@YceB%V$3WdaFaP-v4u~#ISIeK5ei46)@+@3|{cdDO#
zSHGGv@r$3)IGn0B+ci3L^Es9W70S(?n_`3{NhsWJB>35Ty6cEvUZK=@v%l;Zdyei$dNoM6hK^N(frb
z)M4q}Ov^%ifKU)kukk=EE+K)Jcs#>(?IYxSq?b$Kr~z~+L*RVkP5t6d{ems=dpFX#
zBWdWf5JdVyjf4ZgT^r>ud$h}|hS^lAA%whBp5EX
zg6hdL9KCkh%O=g5hu*KfN}9LosC%Q4pg@JS`lWtUAa!B9NMm!n&#cH@klQf=-lg|lq8Wz676TOq9XJ%2~O+u{PMK
zHc8^LX8I(PxjXF)1ld;Z7kJkj8-=!Afdz(}8>Wj@-6V*(a#tlq#V>c)oy;Qn;bOV>
z;k4}xwEnD8{T?RpC~c_w=9zrNSJ4hjmrZwB&rkS%ypUvzDai6VME=^16tb9|sA;p+
z*sX7m
z`y2oGAXkx~Q!oD}S54z_WjU;L)lMxQT8;jk>aceeOY4))h3vyJwIbh(Y1@b5)fIis
zt}Bi_%;S2FbNOWE6+-osD-03@eWoq2_vkTpE>eUZBj*{VWW~3#DX+W2yw-gJH4SVAiN^Q+2lB%N*OOIF8+~{d4oA5ct*t3viR^Cj)bkh(i81+S$raAS_SkDND!|k
z3y#n2JDfwTdCn|zsRF)rSzn)e7
zz&viPOelY@zfDD3|8d-t;CD`*GA?|1cFbwqk?t@k0JU9a$D{k@c!KV>!Q2z$%jZ_p7dl7yD-j9OToiFC?tjqWwh!&#6T{zaPTv;4}H4sJM6U+J5tEm%Kbg%f6IOcj$cEqzWu(^FQM=cugH
zz+SNx;3T8}wCz>mV*RIf+U-7n7Lpk~b*
zo8p7=l)pua(c&Y5XJSv4SWFG_Cv>>D{
zc&_n^L~Yyk<2vnA?+1`!R->m2_1Jp?S43iKe-x>cWpav&BvPFf6>)HbMb96eJv-f=
z`U-b$iNJ2TyP3W@LJYiDwr2wux2%@!|M6(X`hO~rdnKqIVtn6y;hcN%qrYouwSM{h
z)_(7yO=$GO#hx<}D{it;d06>v58Dv`)^Q5j$X?QQ1saJ>a3Eaw=%Y;X+s@>}EzsF+
z@Sxd=W62p9TyTU(6X5FV_xwr(WMGqxj3%h}|Aw4;)mZo6ne64K8C;
zKLiyKCL4-9I4ZwiB+~&SL(VJzhdfD0)={)(&r`J9%2??A+RL(XQH^AB=f)NjUiSo5
zn`j?T+TW@v)59BMD?Y$oqhZPtC-m@KZe_y|CRufd3+YeFm)ttvdnNO6Qhj~xBW5=g
z`JnGg%#FxY2I0%iPZZ%&5Y@)dDw!RqjV-=;bfGJmYnRgG?gX<3@2zc^nOT)y&Fy?E
z(?<2$tdYE~e?vw|qGcC78qs*uZ>9V-?PmdO*@s~Ll#jM)OAhPjV^*b>tsWOB+87V{
zum04lGxxgIn^V5~5D7H)CpNkSybazNFp##u)BIYtMOAXg(YhQHMDqMaEw6>Y3uN8U
z=1j*D=s;cNmE+JeYr>uxv6CRJ`QQ8(h|Sb@Ge5ej)1H_vO%-Y-3OWAFoUVJm6J@2@
zs=s~Nn)AH-m=SNt^g?6dQgMshIJM6>c4+DLJw>z+bOxW@?CE{QOED@~^kI5>`rwJ8
zk`nIpC)YXi%GgKS=YvXVl^(AGWRie%vBmPGu3igr_xOU(VbkbiHB?*KCvjUPt*yk~
z=N-A+rd^m;9$rRz&F}w7ZakK0$E9-Aw)x4z=yGRs|JO8?QS5QFU6##mBVtiG^E&V7
z#t4xanF-SjPe^#NJ>N=b)TOfg>zO=q)b8q8Fazv60Le}xL#bTwkEB9g`~ldc5#WtG
ze3Yv005)@9ZP)Bas_Qu-OMbcj%1fNp`?;R_KNp;_yTexMz3<+=zJ
zvQz4>8(j(|a!_Q5=E(RD7vLBE6f?O?;{?Z-r$wBe3SWgv+M8-OE^CR>MbV{FkY;}n
z@$Bc~U^=$W=sb89386u0i^8fcK6MbXT78%JMz;KQsFyicjj{xvO4GJ+da*Q?BgX`GWnx}JD|a48B>Iu@3Z_S2fc
zUraVRrb-74#0TfE-YTh)<2sn4nmGGb{I$Bo{@FX+G1WRA8*UUM1Da7sx@J&o*+
zmdaPq)(#V;`0F7?5xrQf2ql#Dp7P<^ZA5$axvdw6@_~Mj-y`nb{?N*;2tM0cEUv80
z?V8&3YZXxh+uVZs>-a;w@hieQs8L5ic+isw!#;XtI*I#Z>->nm95V>NjhFg?%F@Qa
zHE{`_*-yXoLR;Y3(-03r{%yE&ekfeYR(FYER8ks#1-2Bc)uaMsWB!OzJmPqVy4`e$
z!~?XbO`AW<6(hEkxmvruaal_?J^0Nw)KsVEG?hQtWMZ=5Y*fgVSEv>iM7m}e_e#6F
zAtKTJovGlcxEm`f%EO0Lu;mBe@fu!IlK)*PeQajoGk+ZWJ4AGZ@&wbh|7XDhHlKQh
zwS>?o{|?@np4+wBYcYvUdxxpRICV<9hI&bYu$_e3FvoRV+Gs(A7tqdc`Elw@sau*#
zf;trTU9bj0N7EjtvSxi8B%4M9aqvO;3lR_Q!_~
z*T=DmY!5l01D?!(-WX=~2bL`ia!?^~Dd>t(#dLlaFPFy|D6CrUK1*;I`K?sa6>+t;
zF^LODX3yMgf|n7P;bj;X<{oXuy+hv+q_q8OmQ3JE(=p#(uY_^yue|ev*Qmn5Y%S?QOvaSA>
z3{$b1+&n;SA9sYab<@h{au=h=+L?0Mrn%$HgGRBY1U8A?XxTlP+o1$d|BLU_e
z(QO}sA`N-RD!prV+|P0@{9h`7^k#ru+WM4`!;+|qTx!7DOWp5_%Uwp5Bf%QtwzjMw
zc;n^eeHt#7z5{?5sOZx%F+KTM(q_6fQGR}Oca7cFQbh6iJ?$qK*u
zPVC|^^@I>v_Ky5#b)LH)BX5YEbm;EwV#vkMnA?maj24rxu`!tn56iuB^0ssFwj&z`
z$D65tosgmUo1`|iUs=`tFmb+nLwQxd<<9>#+3$G_NOOF5Wj+HgT?%)~kilAFq)3rs1TE`Iad%u9!sBvxn0sl&_mwq?j#RSIkH
z{XBDI5T^h1r}*hBHL4}^g{|x1X~mHZ-WSPju^I2%*534kpfS;YXcxqgb%E*TIYxJ0
zaVo0hyQ9L?!_y&VjvTzFd)U+xA?C(>yu5$L$NiU<45?xz0Ted?P4|(cqGk_Aq$jIQ
zFa$lv$K}K$@A-(8j$3Nl?mOS;LKO1;p&7hd2bOB24ocP3q@bl5!XT&-5vXfnd)oUj
zPcp1!>Fa7y`DdWx5!_x98BBc`${@K!TX|sgT_~>HYXpXQhSm@JArY
zPteTY9|*)%R8;gq5#SslbhokXeI4oT5E0&Kh|kGL*f8Dd&gHb{)v-Pb)Lm6>14ESn
zmL)2@HtJnUJvMqB-*?K7I@=m4o1=|iHHe3gW4@X(&Sd+6uT2u?MYW!cVHj;s-Z>?+
zg3$QoW92THWYO>4k2t65wscbeOddY=H28{X$J1(}-cMH05VyemGFX&|Rs6;2FV^Uw
z-U10Egqv+JTgvt5DFsYkS)sE!jx{<*cNA}@Ds_O3K|(Wus%h26`cH5U?-!N40}Pi9
z&oNR4Wc9`~&;4&v0@zc>yIY`fUdpGzr_WU%#|-q=`5&%H=3*R*9Q-(OE}AO92ydB(D8b
zNdjQd{jG)T7n#kwnnP`-neI>C2Ve@z%H9LlgZmdiKJNb847W@3G@GA~JiLvqjq>>}
zdxnZ7sFwJ(D2ksi)&_59{k4b5F=~1si+giF`J?2>1#qBle{6`!ud1w
zFpaA=c%{1kqHo6pdb963Pl-vujt<}$_(M%i4e}h{K~K;Jd0W~o@*~xZm;}#>G+%jb
zn&T^Jg>vm)Rk4PrOX!bvBlHzMn3xHLhJ-u~7EQy6?ls0uFu|f@#f306Z@<;%w!RgYm6AQiAvKer~+%WE-K)v!BlS#?`n_#n@Jp!@Dz{CCEY
zZTH0aK{rpGrGHhGQuy1G+
ztm8;GP3Cs$CZmG4fB(s_0r<9Ra8`Y2{&SxLf~Gg9JogcHhIUuMj;6{{7dqFBMB
zoL+LW#uR(z(r($cN3`YZ58D!7u2|s6DaF|1v7br&3iA?HvJV>QofR;AuM0<}c64&g
z$tE+I3F?6-#Q_1ivvRIo6SDk(K>r@mMR4vR&s(_;TKI>xW_vW8Dvht+G_z-f>YRNG
z>Y|sJB(}onj|zaVSdu-zBuOMo~#(lYE@(
z+h<0$y9XUlt%br)I|7@QKS$n2sQ2j;H_^T}s)>=MM+IAM%7NsWq>q>svmx+o)*cw@
zV*YhHec4Jip(u*-ey{KACzBaNEWUXyx^#+4-&S#29Vn7iV3ke+tE#_x$|_1Uaze-l
zr&x6(g`LKEZ7-5IS2&)&yR42HvfQP7Bm022oGiI_Y;SMqj-WRpDc=7hPtZ~?Uub@Zk%JYqb)-_a}I?UbKV
zm5@d+&9mfb@g7~_8p9Q%P=#zw=zine(Y^C?aA**9snP}BJcnrBx#5nh9fc923Lvp_
zX5C2gXEYGVlf7yGxw9L5Jknbh{h6Y+Zo}M!hK?_U?Zi;#?p
zyBP`5j}oC%`XfDg_-vwDgg`qNfAzT9r3j%r;H!+$TXB+W^OP6PZl!
zuV&4_^XErbgvT|e^URy%9yapxBtc>l81`5JKQzRbMyvG!;nW01%=3=widl->Jw4p$|g%UF&#=K_-(=
zE0gFc<8e+zoX3Xwu}zMLKAH}|t$DELYSiG39|nG%@sKVyZ!~Bl_g2n0K+%-v3l?6J
ze3^)uf(nDP8zJHTHB`vEiw(yln^E}wF56JnW?7A09bvF&lmwN{x&ki=?x)8e
z|J|l;sa`Wu0<#k#DsO`&DFgJE5thS~W5Em7LP0xw4i6!6f_2C*Gx>?SRTIAZhJ#%S
zHtTG+E;fG%#Z)oNjo`Q=@x?XE;77>8T1xNCPM{hlE4qh)SWsg=Gc9E=(%t;|CMQ(#
z@HyqUQ3twko51f;LIIJG*HW8@rx7$ZiBmD|fu+92obi>P(7AbZc{fZHdsRNcKg87F
z7Z33rUmQ;r40Y>8Vcu%7MTV&yDIJaPz)iEU^X6a?!%C;gsAtMjXZv6*-9q|EU@Jb6Ojzj#Hql6*l{~}&2>(bAbkOkT
zZe(RH=rhQdUK!!7H=6C1(U9W9Jc&!n5&T8J(^vSnc+g|~&vl}t3*Qt{D)`XRTVq#K
z=WekS)tPIzlY1abj_Xdoz04nXoX@43s$XFc>BEE-|7h2-MS(2(Y=bCF3!=vTDSi{BqjglS&(;7Se>`cs@jy=Rtgz6T4
z+tBvv$N{m{K49HEAGm0#pzAQ&auVkPD0w#z=8neqTq&&KQ~RCOwdolx=@Mz*p3=cZ`rEoTNk%60!H3#K&Ggwm^3Y2u~+?q_o@Dro67+lf-#WqpI*#074;$^Q|!
z(q&b;Re?Lscpx!lr1|!8nC0fD8s;^@Vx%iR>p*055-Uhq-wv=P;UpVMej$bzDm@{$
z(G*0`I*^IYktpqtu5NHX)AfltEm5n58%<`M7Fdo|e11$JMexwl|3!eRmhcZFqZ?Nk
zTfe73->n5qk{)?u%4mzpDSS_OMOn|l->uzQ4o9SC*mrlT$i1K^lSXDpZ}`bulEjW0
zHCpb?Y2!ZOxk0Y=hF$a+ga60YTYy#BHEp09L8UvTOAw^Hy96XuLb^e^yFoyZ?o=sJ
z>29UFrMtTuHk`G6U%&tR&NsilwW@gQrx#ymdYoyq1ZV|DOK?0plsyTay
z8Bt;0h^W}o(-6MkPW24Jg0pZK5CB-qM~G0}Xd0n#!8HXj$qJH9q#GZRA*giT8m@Ae
zzxD%O_lJ010mNeG4?G(~5Is^5n18Ymnq^AAHWLvDrHI1HyF+Ttl~B_Dt}Dh~EXdUR
z)qm^5hHI1fhJ_RD?Si)J@JB0^>hBiLzKr}w!+O!2SMXoy#9j4{R*6NEoeX3~J}A8j
zHD-;&bl{|tlzr8iq0PTNIaJ+>JnwSo8M!7Z>~pqi8&ERX<7M{!u$S7qVJGdJaPR2J
zz1N_Otk_6=brxZ_8Q(vWZTv|Tz~^KdSRNzZw>C%PvPZFs^f{Z1}#xM6q`SRK5I%6c`rSQ~xu3O}_2szY;G5DDJF>n^-;r^}8a-b0vi@p5d
zD#Y{xpCM{!)a4P0x_L9QwLE*O&RI8417CTRL7UF#(e`=6z$@|(F^v*r6Q8uDH7CY)
z)uK?oWq1`$%;VN5OuW_*W2X7u*@$j;|DTBy(JF7SUA{|M99%Hx($8mAV({DbMn6p!SjmnB;ZN@0JMJGA^(>9&Mf
zA)3mUSnPmr7ws5}t1fPU^LSv;hH__37IkR#_0#5@CvXDfSp4zCjc#O4*;*};t6dxO
z6ItCC2dq?!h=`jJO;eiiWWdF;>KmCK!`5j|iU@gt=@&
zF@OK)%iz^$wF%d6=Y8vEY_G)N(y9LV13}Snh!5prab(mFseK=b3!x#feJkE6Ej~Gr
zd-QI~iCSlDuXeiIOawsH{AHR(P0u@3Vnql0%omy8-9LA2N}k57C7~nF(u2PGgE)jm
z7aRWo`q?SE%~BUjxM9&EF<%^7&tpwmh5YdEzP>A>)C*f~t$hrbcXiPVTO`N-sv9C-
z%O?u=_|`=M;FpbL496HOL1Qq*Ll@0GpVowX8YeauFYqb-(M%v*#Q!NefPaE45k%sC
znjh2s?=9`)Y*{`AUyRl+eg3_Z;2&*9L~4y~uhw6GxUn*yz^Farx;Gu%%d8U$dx7?j
z52rORx(+H`JmOe|XX_mvn(EpKj|&~&C@**hyzftAI|(=`H9ler?OYLxmC=ib*$BSa
z&lLZ{5MfV9HgoKE20FxTZzW)CHn*G$l#X3vj
z!1eX@?D5B7W~=5Q|5{pLa5zb(UUtPi&bOk455rL4d)Nw&*8t9sW7~A~^eHTZFj;Sg
z;a8zg^ild|q&?s`_gd;w75Zi9CJodpIvi5;gkT(?T~w^DNGS8c7C!cWRw))t@;a8y
zsACai2-?EaxR<~r*$i3`IC*%CW~vGab#)_QSFLy1YvF0O=K!O1V(i~y0Xosr{g{On
zx{G_la?}2CWB~WH=i<8ThKf9bc-^5)80|NN!$Cj_w|b$9gvDkW0Yb=Qliqn3;W+T?
zvqZ?@_#IT^d~W7wgVU7dCP8GgP!U|KLIiO`t(!k16a{&lXou<
z9OSXqTf6qPBty{u!tJ)SQybLD$>i1666rN>eV?p%WdS8@A@abggl
zhgU4xQBg0mmR?}|bY>3dnJRHFH<~CW`?C=5|8J4G6WfDPlBlgIjUfOTo?)Ry{Dd1I
z8H^@Cm0-QAtyrF=_w7+9i2){r%y(A>tPSW#L3E~9H&4q9>Y52$7tSOm#!3f;Zhpi)
zC5u`qgx=_!>&;dmS*k(Dcm}g(?~ORE=4T5X5WmT&uS68QDs?^3-34bhQ5TOH&GL=Q
z4>4aNT%nsU)l-4kEuCc5kJB=5_vB7n^SKRG?j3cKqnt%{!9I!7
zvVRJboE(gerv7NGCm<>t8ET=mFx^bPx3_n>b3zP~IFOFt
zV@~y`4CEQY@KGY?^dMIHVXwF$!1wMXt7AClOS%Ie0E}(Cpq6awB=<#)61ht*_nzf-
zPX2*iv(RQzEsXkCstD7D0KYpr)n<
z#F!7JE*+Czoi>(tzxRtTC8
z`5-@UUh)@cU4^N<-$v{n^j-4k%Wy3{C^dYYg*5lIcR%uc7U*A5&8=#uh>Biu<23_J
z7m;x2-bLYTwH@&@rwTpxojN2KM3i&pe>3$M!aF&#oF1h;^s$Hp7?_@K-_ouBpkh&W
zU%-k=fLIU>NmAhxFl$Ga1V{UaCRgDdBD*CdBwWsJ6uUMJrg9N;n5K^w-U2&x6e!@k
zD!^3GBa=U9H0O^axl|QIT6coE18_Wr2R20Fc$|-eYg_E#)*ICMVZq)
zIyF4}XFV0q-8U`tJHU?pyX^ln2@Fmr~v)?pBrLLG&v&uE9d?n+lOC+
zo9pru%h-1U^8-i0v+mY+x;uZ*Qagq-Qv#be>{&X2
zzx-Di|NRXjWlrZJqMT|pR;+{4rg&5hs=RVjd{QMPIBfuZa=7*?+#L?E~o
znT5Iyn{7_Ovwt
ziVJ~~+?}R8lFD3uix)cQQla`+j|h$H=dhoe2&8)K+9+9HEH#Rls1*sFwdxA|8Kria
zZZ&1vMQk+oJf4+En&x+8=#grDs!}&nKp|(Bwwu
zVklG2KymEOuFrV#cM3T`w4)V}#YWJ%#7C5pUyGn9CNIW3!NdX~MVsyR!Ua=-Cx%Vb
z)Rh4_qOZ*Iu6G9gqf3Ma+UcbJ6f>P7hy|qHTD;}?TxHOrAf`tTlBmtYskN&ygPf%d
zK4&rWV^B?jx>wcgR}oIT`<|PBuL~p)65HJuU+7RG5jSu(Rfy=dT%O-9+sTvlGlp52
zB0PE<`)O2PqM)RlR*~uny`1s(cv-p`{oCU6@zZ}EL3B1L
zax4v#?4!__2XEpzKMLZ`Acs8>?0ypsfC2trax`~wcRYMw=S*oxC|#7Q3%&5}go52iiUtHRMS0~2~ERQS=_7sb-7~&|R
z+?!bx
zEp#zB8ZknH5k8DAZQC+hnY?ED}+}OaG4ciokfU|QdC$np$fSp2dsD-!GEmI(B|~VGR&0N
z8NY(~9bTe2RLW!Fxw?Uurk0-wQ=q4LXaEIdZRaXPPfdeHisNXJRu^|&y>mP5UFUH@
za?n2{N30eRZ~fh{$UH5zO|D8SO1Q3$e|TyNX;Ks<_ElYw3m(9`CkcNYVNrYfNW0I0HF&Xfo#X$m|F6F$>uS~h)>MYj@17cM*Rd2`4{gv+gkVyxLASZ*WMRshBZB=um9STU!HuPU
zgsJvyyg?v8rsWGU=`)rx3X9Z4PIWPMb2TIrqdMz^tJhL;-8f3bv&EwsMY}%PV!zoL
z6NA2|RutKO7&O$n`zA+$Wo}j4g&aggVr9q6598#8LAg*4s0gl8TnwDJ><#Bp5n^KP!{vxbX#H~^H7$^HgQ*uQ27))@6P_qfmjg?IkH0z+1{*P9lH
zWyst2s=Wyy={Jiv^RC!UcOQ#aJga>%ikq$(%ChUNwJ&N1mjd&>FlTgqh;}B5J3-cZ
zE@}VI#ukkURIf;PQM5*PWM2xs3!y<~ghD?>IatNL?)9r;d-ot?8bi2H3T!z78QeE}
zThFb)tdi(c93EP$reMWhFTOq>6~TBk$7(wn;<5
ztm91;Z`+gC473j;tTr0hY5*3^n8FTd%4CB(M@J;_j@5Ti8|!o;US-oA|E@9i8?$u(7;-56QypI+
zh<<03Z^Q@|^-zT+!L-XhDwAwgC7C41r-T|wf2rZka0P+h-)z+Oiy75+HHFqc5o0&9
ze1!*uZ>#_W7Qhvj?rwY|jHF2djiN|{4}31_H($^I@3~~Xl`<(t%=rthdCkEa!^
zdTqdUctv;KXCA=%zI`w1Ks!4l^Q@`*yDYJUy40d`{LYuF}kE8LQD&AfV4#JAsg}C>Gk)rBfX;g8<
zGbr=~WZcwnUWLZ!3Z!DachFKNqJ0(_BjB0h6}`}3xLzEInjjGDeyh@p{IhD+6)Rar
zuH`Hhex{t!=(X#oPO~JD9{cs-f+?@ExY%T~GrQ_JCOVX1wf=#11C#0RTd0$!LdW2U
z!b@l=&B;#~7=qp|V0$0~a>Ag;QK;kxWzMgN!{Dq1FeJb%iGp9&&Ho+-zye
zDif4DLC2>M{jSMU-U>5}d5`U95h)yW6;VfS0xv$uld!2ieL@=08uGT4pe8CzI(q|c!&b4%{RNqY;wu^;}8Y;
z1sJoOtl}u?pMD)Szr4YRY*CDFzxl4c{5kntz9Fp))b5is8+D@JUT_S;N}~ZOfJUw1
zLs;cLu*kRjOO-{>w46snnKa7?U*)9-Oi#Z}(j&v_qnG_azOtOuwDx>z?^giLCxSAC
zSLy|wH8N7$p2@x3qf!n^N^6SQ2o|e9<7s5SWj|@BA3pVD7^P+}pWmKe$UYyrNL;`{
z7`?KFi=-hEj~+wH*#D&FGMDi2<&XG1&vVlYM3u?1PY6y{1$
z4u|Z&be_VizW>I*X>3TZQ}fcP&RKp`)>*xL!lnv+wAfu)?`YAc{H;|nnG}ie*!y^E
zqpl%?P_E{XWwCZ%m)BhAm6gkjzwmQ*aX(N=(HDP3Wm1m19178=!=CgQRlHo(as6yH
zLIV-qi6nK~V$}O3r+3dU?X@YflyQ1RY9;l2QnuNs%zWr45)>F*(35BJbX2JmV0LtF
z&`Egx)b+gaCUjggj-W;V>|ysU_}VOvOMNLd=XE>j2cU%iSETQrC}3#i23;~hgly0s2tr1XvrMu3%PgYrfrz`Z~f4Y%|
zPf3MTI!HQn*pw};AYcND0AyR3M576}L{wGcTZw3RJJ>sbY)V!tK*47OnTyS?(R2x04d~
za!7U9I+>bLkWb~=@G-K+qG2(R!+FmG&~r%lr%b+*jEYK(<-!8-6J-t?5?C};X8uno
zJ$heMtc-wAz$M*Y&%}flkTXIc0GQRjsgj+srRDrD&x^9_bOGZSfc^}3yBmUNiv)o$?e!uAX$2uiOkt37WX!@NbU~H7CpHpfN{Hu6%J8-=%)zp
z;sv@4m#ERH#OgBk;MihtU6-@bxgs9z8}iCC)BJWBVpYGMEm!6wMn?1yjO1F+UgAKm
zx@#3^QuWl7V^00kG3rJ!R@n2H|8><>0pO_bHd#T669y0F+|M>2hfW&ivk6vI2VeqaD
z=jG4Rjr2fx-zyaK#v^HZ@{ojtUoWT3Z5)~{JvCoxJ;kzXA@08+O=K#%}PMf_d?_D
zqDb3+r|2r8wAI5_e}?<+dSc^fOUWCXgN2tIEscj@%ttR#CA}5Iaar@GZkM0V9v9l`
z-{0}T)j+*3=HP3bkE%~QY3k$#(b-Ba
zsBQ>A{~L_vDT45PB>mLb*s8+RG+;xhKWIY15WI}$pxue34F_0K5D#pSABh6ROG(KI
z<5RoJucX41*yhZVT{l
zt`9Rk?n5XYlzF$XGuR^tsGAHyClv=wLwfb%>|NGPrvi{AEb5GB{4p79k`qr+W)#?*
z14j2Sv>r_nryS!6xHQX9z~IcpWj3EP~Yg5f61}_jeePb;r$T<64sdhRMH7n(1v_
zXgyhLNjDJM4uOC!;T=l84k9pG70coq?Zu;@Qv{qS5wawmb6=HM_s7SR_Umw5LV(%a
z96R+(76
z0eDz5@#lE#0Xk2WR9;R!RuMjHjMn}23QvTZ`9NV$L;eZc7N>BA!t7Zda%@rEal~Zb
zzs_MqF{x=X_yKM6W@6?MbL_P5R8?IO
z8r`m>HtG89bj?!Ij|C~a>UJ(4Nvcp>xwF-0>RsHvDlwkTpGjWM@jWPvO`>ILTEi{R
z?8?{xuKtrSNh(5Jl`yvk(!CJ$rAd|Fgj$Xy9pfY+Mlx@*p|IkuJ=o{6G`tnq&z}AA
zM9HqpV6tiubj?_h}klz16H{;|kByMKGGZHpKwD8{NI7uqPLp#~~c}rIJ9UK2^-mYr3qT
zX2o}$u>3OqKvu~8?NxI&sEhzR=}NfXB?)>}#Ue#IG>$--_CS+kg1KW*qqk5
z%Sg;)GaD+;+=K{Ddu}_0c&3_|gSHkHzdrCR{7muXM*~UL5Rt*uFg>GU$N5s~Yme^k
zxTl84Ibj+Vhr%FcHM2~M*lacTHpp>+AO2#_6QgB`6`aLO7SFFPdn?tm^YS{ZzBk=n
zGn#0%E|1wjyyh@xu-#`~@?nSTvIL2zHAui=)x{3Tzb8W#!r3iM)uW0cjo2gz-J
z%B=5vR9{98X?>s;4mS6cB)#_s&3Y{TI4fu4(ryIluINorX`g0_&;{!HLFGah{nO21
zdhNY=KOmiNYVNLyb8e84kxP~ft81-0Nj!hl3i{sdC5zmJG5%jjCtBjy6n7!x{W#}wD!ji9Kr*vO%Fd}
zIGcu^UP3k|(u{!!!=(I$CyE2pzaotZWXgM`S5Jy}mQVW5`E`?QZI5?mQ;&J`_pE%v
zBl%R)Y3MM-FcC_>Q+jeWu}wy7l7wD))TwIu_xvbi2a+&ph1)t=&&nM@YFDQkQNGJ-;GO
zBtm%?T1eM+kX2FPWUj;YS}oCN##RauArM4|c_Z{yu^sANB;LJE-8gJHJEP}45WKB(
zdZv1O62oVX3DMse6j_=G+j3*I-);jBca=6rd7tEvUi}sj|_fbd$DGG!hm@MMr=J&nD
z$zdOQkOkfDsRVC_0&5Hgw8zGF+pMeS1Bz;Oj=GjR4_hyGj)np;zGzi@kqGz*LKdqF
zVdRm)8;OnPO)bNs6V46Lab&?-W2BdSXPgm2r^-KWmmLLf`bN#)z3b34%L){@^8qGe
zPc5Bu&zQvb_Nc3`hkXzuSe*B`EBoj|fI$DGxY_Ws>E=sL4uZ(tA^ZUE$@82%k75}^
zGCbVVPN55?7NhX{Ftg0J9}HUGQ}gf;00rXtP;J{OvR_N^`_1o~js5!QgoI$n0U->C
zvd){}vjy)E8FEh&9d>qQFjWxN=+m=%92+a{whBzjrBRgO;!m-z{{Dv$*j$ZGO_#|p
zW|g2i+pE4rftjxeQtffa*M(&DJ}h|%7!U+{lX+k
zFVg!xdMh=CQ0UEmEwQ6*YKRPhNPzXsU5MwtR**hxC~U-*CA<9FCWc}6t9QQ{(w)AX
z_20~_v;5qINB>E##D}LOQi%)ly^?1G?|x|2KjP`HCn6#mu7<-UAXwSMW3+4U)1+s9
z*0C%@#y#@{zuE;hhtXh!&
zK~&?r
z!jdVFN{WvwnueG6S;H=twAW{21iY*cTvewj_?0J3SORjUBy&)eB)P-<4u0h$JoBQFr5>#fdI^a7!AG}C&zfZoB6NG)4MFawgXGyC0g>5nTD
zOe;(3(YTKZkIOaWl4s}S6y+rbD}>E$Yyb;94upb_kLYuBvt|S&+IRCa{ne!rY8ns5
zz3ZS5y;dzYB-(XIjF8)wtg0Dsk&rvbAK1mcQtcy(g+yoCxGrMv$vC_~9^k*R>Z`ru
zZ-Ac9@Y=N4+Xr(Pw#kC!;-#UZTREhTY&#~cZs$++qc|P)Byinqe32jlm5Bl}#Rv-WY8U6moas=Y?%U~=BWOZZ1
zs3+`|wIL0rcgDVeZF6vI6z>CH!8KfjK(W(3PvmdkzaK5!`+UI3e<@{ZivP(%R$g98
z&83Pd!awlQXDuJ$@j|WerJMb5@+Q3~kbnRR(J54K+ZGzb>oY$!s5D?ZR<~em8JVl`_9GQ1ii%^i%~eqouh7F!G}7ARPrt^+{`tHR2;hn
zbc(GX9gAe7+-sl7q7!qIm}NS1gPuri*4Nz{)h=jFSEgJ~6$IzY`{m^1y88OWSqUXy
zIFu1_13H7am%MN*k$m{6c}ruXFFV078}lCcs0hl+%6D7R*0r8Cq%5@q*(cMw0L
zNYbd^!ND4JPDtDDc3AIfkO&2hL)~>vO`i_bFN&Y;Okf0tp#HMes!p{=3r}(hq{T(H
z-;=G%A%*j^@6^C?MHkw&yWJ4U`c&g45b%paI!YK~+YH4AE^tg@VkFmsPdFB}3>70I
zO6$cO0qg}CD%282=ik)-p;Q0pj2Ye^^g*&e=i5l#iOWw99Td4oZML3!ha3yBJFnd^
zyobs_ATSg7yvAD?r1)yiOF+)=paF^x&KJQJqxorj%1aY^2L06wu@rK<_|X({tN}DN
zbS?v7l$s8XRBpfO>7U80<*@m@>0PcJ$gb0*9N8CC6$qZ>U3FjM{Fbic`l6m(CONC&
z<9lmnfQ!VTEQcpicO0YK!F$_D=57np8m|DkA(BQ071@vN=Z+OR#tjq&e}BT
z4OGX)Fa5cV=DjMP=djczu4-qF1hZ_<^5KVF!Cb-uOnJ1M-7mChYVIO$Zu|V4`On_C
z%7}lyl$1?me)y1{o*n{;i1v~%Tf9A4LFS>R#vvj~DJ=Ua`y52fT4DAOAl6VHv1Uyl
zNxXa+`3yHFKc70DM4Y}VGaN4>7Iln#GAJ}{cOulii!6yoUhi$ZmD1eEA4Hw_kmIZC)oJ=A@BM+JLT
zD~)odyWTy7`G$QB%k1E+6E)@AgiS5;@x@oPwgd9tJT!opk8N)?&VKZxV{}?tcz0aB
zoi}-Y)q7g3z4s9dRW|M4i<<(@77AMk;VykNE4gylpA@|U8Vjzhyk8`$3=WOp0!V&>C%}fleUxJf>Z~O#GIt3DIIdwnU
z?t0M5y#0x=M6Av^wRG7_hO@73y75j=O83<@$~(IU(~YfF_$1ST%jN#udB0}zn>%6m
zz7q+{7{Bk}Xt>ZHyN$_i3>ADM(j$8I?e>y1;+V+eD2Q&y@k#GXZ*6Yj1lBED-HW@F
zvmc-OMBZqlL)BR-s+#GMWBuxUU$oGOVfus(bZLbFL@Vl>-@n&gR%Y7H&V~<&w(BD8
zXucqKaP%`V0VB@d`kaYL>V*Tls;a8;P_xMK$qCy}2SLFYXb^|~y^DDiNn^trks=xaLenY>8NUa&Q7
z4kNOV%G|Bp&;@3+6S!^qqE_!|Ff&xTnqDNXolWSr%d;?b?oO#2P983ST1fK4>apD@iH$haPA9CKul;V;dR-o%;LR!IuoCPvdI6frEe;EUsbKxd1pk0&WQA
zLqfP3r>^@JEiUe#c8McQ=`;>;RaVFeaaGcReqrK;zb!#`Aoz>)6w^94rwugDJ(_LSSGKdsE;g!oOipO
zgudVGCL3P9DC^uY4cX?UettgK4SF)_E+ZqPpU`5m`p8AlAOZvT1&aBQThn)FJ}T~F
zZuUN4J!?`VB4259w%Xy|@xwwm+JLtOb>a3c3jN)(CwJ&YYE3R%sJ=2Z!;$AGi2_la
zMo5U%EZrU7Wp~nl`x}F!r_aTHS8s1COd~;KZlZ(68+75j%~rKebye*MIx=4paC&UJ
zIcOyIW?I~YA1XIfLIoQfprYzcYWCaSW(aC!x?EkjmsT0ZSK8B5Q^UWr8~Sy5(MfJ_
z70v?4e-J?c^3lB4iZh8<7iCv>X|v1gj-UR4z?0JZ;dX-Nv^Db3a}O_rZMM>q?D(X9
zB^yJeEtP9wIh;kfvzLV_N`U2j(oyMjYxFVLY)F9P98$ESQNOO`b<+RN#6wgz1N)O7|fLONhKFkT4{Z*9n#6gU^=
z@2uKp7}e~o`C%OXi$|UKE1l#%KMC}_A~!O=C9(VIPk(!D37Z^Z
zh?cUBPH^?Y+h1X|2uGgpO=YpyT^-X^d_!`%XpSrK88#pS$C_M@O6edi{o}&$yB=Ne
zJA`_!9>F_Xl(6$E?kx9LjeL5qw_H8YlHJJoJYb?4Ad6t=t5l^l?)pMO@As88wM}ur
z*$B^Z-JJXrtrZ^wTBUiz9H)ls{V5d}^!
zjmXG$z$YucjFGXMq9vflMAQeTwA5lgCy7zc+pP$WVJ;R77G_T}`7Eyo?(Xiq_buV9
z1}&0Lxs-?(8jYd5EN6cUKuF}xD_%M<8@
zx~|jSG#<~a8#S57BAm8o|C>-rD*DX@@+4i4+T--FPNkNM9RT1@CuVi)!X$BDRk>VG
z`#sBMgdv0qTItm6#u5R?ptC(m`vaTrWuWa%Sy`FgNX3@M?Vt>+?f%D_wW_PxJ8(}*JyJv`r@BlbKHBAn3nrrqA&
zX5CLVvLBY>z(hUf2wt(^0d9G?9GyZ(*+y2Y>rPXv^@(luo`}IQZo_2@`|U=YlHD=6
z(ywUm^QFis&qK@;=RRr~sfE|c;A9(@mle@Tt`i||svWvQm*EGF3=6O7Jr603N{_=?
zN)DSmhk;d5$YlS0o-rHIr$FMk>o$9KAy5L6vb)vycgb8ggCi6A#0%*<;3(z>&W%I4
z@&pRWZVmZU+dx`H;XhS(N{|n`$9N0QDy7)*k9Q-*ny05DjDK^ao7(!FH?URFViv3<
zQfy^1t`L%-jy2{vX&piiH!jyeYX*zDh+&4c$S(}Yd0BajFt7z)H=IYkzDd8XU=UNq
z&rCXOY%4%6r@k(HNmY_&SHPb|;o|z*S@Z0Ph0a9(!687Koz!dX>dDK8Uro%;MgaCF
z(9tSoCxp~Rqdqr^0@2WQ&0h+o)Mf9%9Q^q2MevtRttLlPQU>_U%{^A&w_Ywg01t$TnH
zCqH6>^IMQowWAh!@ik%dM1EzP7JgT)1Z*`VwJ6fO394&42QE1tsaK8&H&^5hu0EA~
zN>$``Q%)+?;69WxDhc~0>}Ob$QY_XSZ#kkRGLI=8UUy{E4Bymnkhk^h_^nbAObCLXV3;G%jSrgT0@DZq6fX9%(KJ@%
zq)-2t5sJ_`v;xHTfe)(~k#`k^a*>BD_lNg$$5mts__o@l-9?6U|4c*-v#kgbDfZuK
ziQVoW(Q*@UP)upYgmKf0xnVtRY|8un%FEs-QeWLry(;6+ykJu+$KEuD|L0o&`|l-G
zJb>o!;D5)3&DQ!+V_CxAzYoa8@uFsrsn}qY-Ez+V&)0%b!2|xgNdGm6WSSTU&7Z>x
z7+^AY*ts!VkphwG*N~MK>}i3YOYi^s#(%B?-k5WMh56qp{`vSzKLtP%|9?LS{VE?=uyX9;iW3nKjf*l+jJbO2x=i5KaV>W4fVYb<{K*RBu?xezVW(xKw5x*3IC;mT|Th0N6CFN%QEkCBpRcfw@y)K74HR?{~
ztfniFL|;c}SH8m&zPUxgExLPT)DiJ3JDebGL!{1)&EtI2A`=i`6;C2422g}b+Ko?{
zt!(J|aL>>|VBH_yy|c8Nwa4KfVh2+3ICh#k7F1T8hra*!;-PcV6%`ec-2N1y2ogR)
zIs`fsq}Aok9eOm_OFpejtQQj_BZfDCs6$*{9tHHYm|?PJ;I^9dYl2=IPL>!z{L<4&
zB8Yj=8Rxxl2>O%#-+Wgyn6B88RaATkA+c|ZsoBb_g-ruQ)s9YBL{@qji`fS=xV@hU
z-|uonkO|ebj!0s*9pF@Xr}A0igYJEYlSWYv*0?Yg8fFeK_VDoVl>DPoKq}g7LVK<`x!Wtb|t86<42a7ko6pl3l!03mhAJ4Pty>
z8X8Cdn+Av-NP?cFebAe|Y7ybvLkZAFkcy5jU#R~nq9KnTDXxmHE;?l0??X$Acwfz?
zI7AeD+wLA7Hk1PH6avSeR|Cr(&0utNd5Q!oBUNbTA6e?qL7razqR
zOu&cw;2bBY>psH7BkznL3RKs1pTeb^DAtQ|U2xBD-K9k|yy!@#t+kpuaa&7B>Ys`M
z;-pbwM=5-}X#{)NJPQttprxe>$l`t~DZ!ixuTCq@6kdto5a1_55Zes^0f7I#IEb1A
zHqUu+tj}>0WXpVP>mJQFSXjDAy-^ahX8_U?RvJPQ0e}k2AR*8i6ow-(WC$d~HB!Ll
z0gOCTqnugNh0ZqvBl#}!vqyt*|G|M3npfxaI*qpBXepM$Kqub~aQ=UZ;%1zD1g$KUcM&`Ni
z4;~e`PkqlL7r`sgj>6%jf3_63Um>ugCaAI_bUjt6Qm@5E5OWLuKdp4J;8ff($ARf?
z3k=No9r&0P7Nfa0JXVuGy?Go!XFZrwKJ2QroS?{-2c(?{Vim;iMQeeEv3i`EZ?R>|
zL`g4g+m?X5XML?W=J`w%L
z)c$#fSabl5R|BvGhx-Bt5D3V?hSoaTvYYYZWHKqp@4zTj`
z#Zsz^Y%&}uS3p2JxOe=us&KRXf}BI
z4l|q~y^4X_r{}2XHsZ+h1;9-Q^YCVqbgiwnU-4vtRDjQsJ#
z%BjCs;@!K{Q?K*SeFyM1S^_WmN3FsmBNtGqw+~$bdniO$N+l0l-h
zT&Z~a{R{sJ*F$W}aPrPfk;hF-eGwDv!t>*y8W~&DSGkoY)#dqfgIp)7=-7OtpR*-v
zt3sEq7?dj>XDINR4*TR3DG(>T5M+hg)
z3svBBy$;y-oJrHTZA8Jo>v6GVX%o(ryz?^K&;+BV1Ag-W`gy2cLLy3w_c%4mCms6-
z>z0{|Y(w$FOhS*i8BX%FMD%Ik=yUCS$63iwk@V!&OVPVlmj&e+g_$m|$*N7)jbx^W
z$PDTeutc1xGjHT%5>zznj9V-LKdIz~csf=$a_nxgLTG$~P<2z97W6|t`DU(Z=Zw=^K$^_r_Luf_d#~V;t9k7w1+K$z?#|(&d3D4LLZkq}v#_#qSpd5dl
zr)dmq0OpiCaw#C30>}Q}-_=*j2ZaNRb~eWgiJvN_27y4A1+SDAH}$h;NOPX2k|4xt
z!x_{yS-iazk4Kr|vyxjbqJNENew)*JU~ZZc*vn+~+xd9=7IWncCvl++OG)!xFOib2
zo#XsXWuRU)%G^4N$}T7KfbWKX$_C@X6cQ1fN_Ai`Pa_kH16pt
z87eFgWsrfLa{E#^V&db206bj3{R3Vys1Eix-K0c2m{25+NytDGE$5SOGa=e-Ewq|S
z*km=+O4iNr*`uWBUOwg?dAt64!l3rsoOPH?v=dHPx}==Q6-9V&xJ3V8mmM{k$iO3(
zB|246e0vic}HrdF38=sQez{(B=97m
zBQ&P&*Ov@z*5@}oCQ=9IC;+${gHn?9LoNU$$n>u*GzUU3OuFpX-n-1_!KX#J2Pd0?^Kdy#DNj3dpsjY)$
zhFxw@FvGl&QmT86;M1Gm=p{4ybDyL4NTO*Oj}ijqInbt4njk`xH5kYZcP5h*H?nZ3E4J&iFGGnubMQS*7zVQVkz
z@-f3IDR_^EnU1(2CkAby*QNSKTq|tp?^fevBO9#%K|?#EXPo;yIpGJwXs;qTL5y4i
z#H>$4(U~ZG^%)uG{4*OpPynoOR1%k}kzWzgl>sSqs^hhGZ0Uus)AR2tR(v_&TisBh
zM_r4#1e|sC==k;}=P9IO?yxF8Yx$tiJv^1@Q)>-mnq!Zj7}QvoWUen{Af7x#rK?L2J%66^^=WIf
za$e74VcTqj-t92L$X8mAO0J5lx(fuapJmw?=Jfd6T5+_=rfA4v`ZemA-b&s4#yXjp
zeA-$t*kMDkV&eN|#&~J^`q-)l-QF#Xv1)kqf?kVSwr83=m*QEu%!u#E>)yz{nA#k{
zr}&fvxs!Rk87n?n5yhw}2KIwNg`PO!@1|-8Hx5n^%2-{TVMin+(8tXWJxH8V@)XfU
zO`Vd1k+`71qN(LuVFBDHYRvzKv$qb5`fb~NLFw-9M!FlM8$?=4TDk`T0YxMvL>eWO
z?uMa}Zcw_ryF+T<^Lw7>eb>A8-p8?y^@oK6^PQRdd&hO1=jX(D0@u!Aj_?FN+k0nq
zt`szQxmvEDXiC%&TwGizX{z?DC{jf4jA<&UsC+&;{`WaKvxG*P7apv-tXDa?xtX9*
z3C>}uEQV%gU%*a2hs5rOBHg4cb0#*qRvzjRH?Cr5KLu$(7spesCn?+4$IpaCX#HJ7
z=HWXy{d|P=MT&KARu!Af*J>Z=1Zmq@ODgwr+-cqtqBn`sq`nA8{lUUFfFG2Izig
zbx=$F+vYidRo@?|reEN%fIqvIM8uXfx)|&UsYzWXTQmCZZ7n2yPBhsdm
zU1{CYgGAN9k;NTbqSgyGfe(g|z;t_cqj|}aIw7*%J<#imc2z}x(nj;-0~{|e
zua=2!0mZK$nN7t6Z3ZN|x(O(qr!1L!y~D%Oy4Hw5m)5Z9bw-e0y7$%rNQXhB{KGBv
zb9Z-MPm`YAiGQfa7MsO}U?sXr+l*da0mRxdO)2Zkn$r5qS1^UNw;HIh>lMGn2PRfU
zcNWsTbjUM>NRk=a%YUB^9$;feM_-@yYGZQ~bfOU1^h-OXktwYLWKUZk@41)&0h+A#
zq`XwtGnHiElr*;6g$Cz%eb7~A6Xkrh&N+(3&W|RMf*zl#dAbd#(dEP@Ak2SaY7`II
z%Oj{q&)t0}hv0RME6@8!IZgefuq=fdb*3qu-Eni9gO&gEQ7&u-NXU!TIXn{%wX&-=
zL2i^DeVZ2CZt$x#DBFlsUj$2+?tL?+TRPz~gGxVV(f4gSd?PETSdV%=^jN_^eO*kN
zZr{u++`5>R`cpp-3%WUM`tqx-JkSIeJkxw;%k~|uwzR@7W-)2{v?tLn*H~;L4x?tw
z%+_($DLzM@Ec(TfoYl(bskYg}MJ%xi){5qsM^rnj_JoPKw{prt%&lkjYGfqZU4JAQ6lpj$bK3TBqt}oC+Tx
zG&tq08kEBynNtt>c!9(JvsjKIB-Q9Kxkd}X&z4p5Zs{GuNlSkVx$SE9?Z>Z-bJb*6
zUa&eIJo9M9nG^hjbePifQ_6fgdry?^v*3KC09ocAm(ynor?)vw$3FD)*lD{T^+n@I
zz&#$?f6AMkn@iiM$aS`;{jv$O?KNKeio!k%tAaaAaH-D?3L~>v$kgaO#CuR^Vv`SW4rad~seBEFYS(*A)y$C}hl>2)Hwg!n+i8>-#d
zN*78?kzM+E0Ycjv61($QBt0eG0o}ohJiBj|;^ddp?NB@$F$Le!9fHldg=r1D6dhB(
zHuxeHFnvau9a8A!$f{+LgqZZki2cw#2);{a{E`Hv{l;`@YMnbOOKN?jsc>0-MXVi<
z+aF`D-Gp^C$?Gx64yR=vJ1y{HA*u6Hoq$n(T2dg;C4S1$9Pf31KnYVDNd7%4EpSX~iHvExx{{Sfv8-I@Wgaj&CQ&`py
zb#M#}2}H6e3-`*tr~0))h%XozxQek}TA^jyR_t+;P1<@Glx-QP{Y}yND&#s?8FO*K
z#t66@UYHnyA`^eM*G^FEs?!@g=jb6<47y|jIr~>+pt|`rZEiw05+Sq97lced=VnD+
zNhFF-NQ4X9)UuR)3er=*e*3mN(=FgI`5N@?b4mItmjZ5AK4LE}StInpC^@?Nme1|c
zDyyn+fqYZyV|TYg@tr$kH6sR}W*Vk$A!f6aojsZh8bNEzACmx)QT$8E0FiBR4
zeu<@S@G)4+d>^0LTi&*+KzAMvirl9iyI4t%8XX(zeAJ#V90BbEQ`(F~Qf`@8mlDG5h5hIKzj~L(4Ew$bV+{C1g-kduFZa
zSGuKey^ovFtFkVKHy)!Ad|}3`e24PIF$5?GnHwt5)PvV+h-RgoO_d8HBx3P5#e4k?
zd3YG}r77AAFFA^KsUp}-4c}>8F=nNQNzPO^#%n=bs-spAm1_s#
zxTmb!v$aZ5+c763R8tvu47MV@)EAhJ?>cbEgfnWOAOAJ0`p@
z47EaDyhH)VU>T<&4X|3$W-8)fAbd@W+q+qeOPeF~l_!N97ApXyUZsZx9|Id(xreR5
z=-3!+1Xo3IaM+v40UZn2(rp+aijp^!(&I%hMH_MWh7`r6PI`%#>oT9-rgd6d^5s*d_1&(bOjB>LwD
znGtd<7N>2VGBc;ry)NC-xEx$+c=FlN&JaD__o|`K4(4lIQy5u|u0mc#>WKYDL~hBI
zwls^%b^Ytc$E?;vO`?Sd9-$g%a5;TF<1mC4q~N0^_Dg42BJ|qYdJyNS#SQ&tgt&9s
z2=(*;^O2R#T=y)ZLAzcx719qoT<2B_N}N=mZoMM4N^62UFGRolYj>Ls%0XerCn+zu
zXbo#~M2J|9_G_V00jXZaQK>BXiBZ!`WY)^!-Q``viw6M~
zqCqwJ$pxyV5=)odUN5&0mHWa~w6vQ{Gvj8|;u2>Zi||ZEC$4)I+ZfL@(=U&uNdH!DFyp8
zGBY^Pgf4H<0@>%F>#IEdP1z$>M{&m%*=}4<*6(e*#d8Z!uQc)kA`Otc8dz(kECRd8
z;M%T?NU9Fpx&s8(;5384Lv@+DFcvC17Ljq(ExyDp@J%;Wl{!>Y51Z<*rBnN*^3DC)
zZWj5bRGaa{#IZ~scf2yHxs_QaX8noxZ0Dx@O$gOqP_`rT_e>M`0J2u+1uCD+O2_BVs{$jUacCf#B2y>DR_@g`yJ?r%jb
zy<4U!o%HUx1L_@!QD|_^y2FP_5;{UXo^;becZ(a3J7@4sD*E-+C~79Q-mmn!5xKH!
zjiyt(OH0!#><&5#7R2>)*3G45Whx;Y>ZeOxO2g%HG=w~VPh7pPWJFe~zIyP)7Fy5Q
z$Hyu6(|?&grdIQCL&h`v+YKinW0qTydB@h-AG8h}?~-yk+|dVr0lj2m3*1t2u{d?T
z%V}%+N9(0-i#a!KxZggCx%?nqdE$OVSQ8Jam7S|K7GrsILuaJUx2uNn8F_NP#Yx}c
zRq-_2WZ>HD?3fKPecCECmdzWK9FNK$iuJ3>=!&L?%Vkic-^%L>MoC5&idiHIWR>zF
zM|i0V|EY31b$2>~&i)nY))F0@iD@WrEm1P2jJ)(Kkxm>ow4EwVhUau`5j(9wYwNsO
zeKB+2TVedZelY}5bg759!}iFUY=7gI$Gg~DWjBZA$q}3{1_ks96&Mg4BjR?zUS&M|5YLBEQLpn
zMWx}8SYT3`6dKP0e!GQ6bZY%Cs0py@)M?{}No#&7H&7VQobAjNwrwMfa30hCpf)5)mV@|EX
z;paN4PDTy5&;`LfZinxKNV5FP!yh-8a1}{C{)mL}hd-ku^FH_`Qa)k*p;<7<%Z=Pd
zGpYDa-e1_={FhQN(V4=ojG>1bJ~Q1lK7*lRJdp?Q4jjK_h_+)R5em&~rime~?nauf
zQx~q#%e&XD6HG0;;oh%j@T?wEd>Bbzn9t;@D2~&z>dEq8R-WBB6|0U8qS#i1E|i9S
zR4>h8oJsSm6rS%7o_VO)fEVSjDtWnQzX`vr3h$70-LI<3&A(g0XwZkKZ2998kL*k6
zO~0WuE6(rNYP`G%DsV4(3<+=&e7fT2-n5*VlQ>1KNb;whId6PoCATn8APr$>FYVp2
z$u+W;IV9T(HjoV?a$G)mkwh+=%72v7FrQM!8FvV_J&(oiaVW^OxTe4CkBcEMUz+u~
zX}s-H&OZ_SMUSR$27mV8f;}MKRuxrw8)i*BH`#~Gm~xLxJB#3TYy5}tX4zPA<{{Fi
z)-XU$S@7^Jf`IZsq}&FH-q1SGx{8Vn(6+?}DFYSV_{8`Rqk!|9mds*;5ASV;f2gUdcw?4&lFwBnc&PG*>-mKuSL}B<*$r
z!JrZ+iNeH$$@l0LqIaLO{rdn_20K6jHI_YFtvdi|m-%I7ut~9&
z*rmrd!#@PbtAM|qj-LK0Oz!v|{%NscY)BRTB{_Lc?klT5xfKk>`ro0gNG56{7hTy4ne;TuE
z8&jR^=KeA@P8*Cw!BBOFM2^D%C0B-Cse*;#|FUU*1yd6x&5#Z*>+
z=JFdy%lt_+(-n7GDPH49-%fXPv_8&2(=46nt%TTBouviQUUwyRCoj`?((RDpyH`|_
zV?OM-LI$>+
zu|chM4?1eC%bE+rsCcClezfh;CrWkSB#iONeL1lHR(dpMR%TK>&NU#y#Soy;GDF#b
z02AjoKUk?=}Iv^_tPf|I&G$2avm&`tH7wF9g2HK3-Pbd#5@jleYWm((9LC2tTw
zv`^dSkkJc6-A}+C1F63G*Yp{T3@b02oSnX?w&sI!fJRcY??ol0gSdEYb@dP6l>$Nl
z*i-TH@ePFzyyotu#D+sb7@T<-!eYl>gk(@VsnsK@b<-*+!z(j|gEWZjnt=GS2jPf6
zMvO37pg{Kh!bnCIX^-7|CO4vdOFT!LRP^+4UoDC;n#}}Zdt<6n5~2+FXJ3sHHJ!2c
zYY7;w-N-V--yn;fX{O%Oe-_ZFicPM#hZ8DXnjMG^(r+^ry4d!<^&;+Acd{*tH<>S=
z0e48s=_-RtrPqL-DF4H^PLG9qVF4cozNen5uA^SJ?8-BSj!nA`NlI<<`7df6$~e(a
zXufOFeg3L-pto^t75&wKfN*PqPu}SO@5l=xxcH_h3)5{se)~OKE))E3_MbePo>7V*
zL|sb{|4=_Z9y(`CYU^mNRf}3-@l)E9#ZNuX`YpeNO=N8)E$3WE1hi%LsOpq^yo{Ft
zg_M_P^m^ly63r{@%z>{;#rL1NKN@5*t8{=(qjfDu)k2EZQ)-Kod<4lBucw~Ush_Df
z1!+du9Hms8q3X+c2+vQ1XCgJ+AbD{pJL3T!Prk3es@nT=#9TGS>YHwdEyTAd{wrN}
zw8{MF%VcGz1*c2#7HSb!sc-i&v(hWKijxyJF$wgVmKEJaq3f_&2jOC7P}Qk)ch@pB
zMS=r8-=rB+u)yl*#%KNfNhLzndX=0S8&p_`7TjSD>X<(wjtdgIyOF@Z#;2y}==sKy
zO6+!a>TX=l%CG-)<(Cw+&1|LOL#cnz8@9X?k^FlsyAC<{EOo!5Ng{MeGRLDxj$hVzyioeYdf{Vetj&9l@mGmQf3sPm&G>J``X
zwLLI11078VIOe--QmK|y;W#a`=-NL`^t9F*>$KjdaH)?Bx$eYT|d<-
zW-3*PE}xT}c8RUYo}XQ}`}ogalwGu<-1{e$SgxBC$}Rax9I67{3hHA&5cv_R;i});
z9Bv%|&+9;d?FgP6#@Ar)>)zBC^WF@W0~$B9o2}c)#0nf5Kd
zB`n!H#C
z&!H%cJ*nVzm?(Qr)60%r=iAdsac|3}82gTAa_BGIVL*N%@~VXFpxBJRyq;c^FNaM{
z%7%?;XSPhwsiP^woIs4o(T#Ajpo}APovYzigWL0
zbUR6QE60rkJyav-D^{cL#cz^mXEw*N>;`!|o3zh87$gkgULU&IH|q5M4b+$lhDI%H
z&ZqnCI_x#L-ZY1Q{bPMAaza;?AvDmkba@kpmHD%UDj{J51zJsmLoQB%8j7o?BBP<9
zpN-}s@1B|cmK+X~V@Q2F_G|clDy)!djcD%xp<|85c&>Owb=fwg@eb5dS!Q1bgA+bX
zEM^2HTIs~k`-?{ZHGel^|7LvG<8+A&JG5i||6gkh8_&mIa_#tKd9}_Drm#1xbJD4F
z6r(CzTz(CQ>`xRWi4=hvE$qL5TDpR}>&Ve=Gout40a@HbhXM<4(udX0mAJ#*ABQLv
zERhyngfp`Br_u(izm@~LoZtwCo!GFi>rziUUF*oB{TsEH$ZDuixZBnCKd{+g+GenJ
z!Ub8*aQ3=hlKHd=L)N1S8d>%e^#q4Bf~>|xHgq_xG)NODH_6C9?!Qr8z)CcaNtmO(D<6
z1U!~Q3PdY?a3e;pD++T4B$V&0#|~W0Do*1#&`$+*H+3dy&_cesnyBL!*QVNyam+=c
zlr-cwq&qHF9`N1T+vzqgkB1!F=_dTyF2iU^4fkPm2rMR5*SMk$!nrM&^#35GkoqUv
zj*Jd>s93Y1^eMbgiY*)aoS7@0bEX6;{Lc*bS$h1@>#+$heZpMtX~}E}4c$6N@?VEl
zSIS;RB~Rmhe&QiIP4SbZ+$RmRZhsvSYR_?ZtF$(KHrRnO$^zqrlti!Pji;BL#GdEoV?Qr=Z8t`a64K>E@$A$gK}6gU(Oxp6Zyf+;9jO;kbJ
zifPoBbvio)V*{mCJz;KrT}m}1{XHWk6{zu)9E8y6clr~A9gsZ3_j+$}R^L}go?(eg
zzxQ$#cP}736``r$T)iOf;uPW;?dxM=vxR7lCSuCeC-#tsH`~tg1PtIzH86P~6wb;U
zlGeCu+9CdM?e8z2S$n}un6OBcSh(1i_QO>v$*a^}fs{OCKb^k$F>L2`e~D9w5qEF+
z*HO|~g*)6L|M;9X<;d7X@5@)*UiyjN8X7KhkR30pDta5fH3Zv%TH4QH(WZ0F?bS1f
zgO{FxFV>^9eb)#XqR#6UT5q^5>IrTW60}l&aHPp^F8^YNa9LTWIW46IXX3tI(ntQ7u>M9U)Ld(HGJ$+_CADbd5g{RWNtHv-$@8+-xwAl;50Uf6UuT-R
zyD#`?Qa{#!LQJw@@Uilz2klJz`q>}D7=l12!Kzw697bKY@T+{e6&*cbM#Q6{{v%m;
zkv2cOZsHbV1={`28G&pquWCNe1@z@4t#lSJd&THJ_`Loj12f8cFM0_9%`i}r0Ef-I
z@RskqU?98#wd?cwlf=ZsU-#(5tJ5cIZrkReJ(O6|IEN$$gmClRww$1|BQ{M31g*sU
zQ8r3U@v!j%&PA6J%B|;fmYT4I8xAL|8A)d7Y;K6WX`HVQ*<8F
z@7g?x0V$Lk8=7ia_8E7=jlFR=!45|(N)6TWren@#Q!5O{;pSCSs*rb}4~QCT97WI{
z$*R_Xs?2Sa_h$0V<>la}5>dcHCqMmC*Wc{`u8OsH95;mOe5vai8!1wMn3UWF_td6$
z{l03GA0+C{+#5T}4iP-NMXwz!|HMVL9MX+9LHzHnOfHg#W!nK5c1Z_+n~ZDwu7}U6QTLrV~gv`yX83&pVoQxPS?5aTINbf
z3^4=8oR0Y|F$26{Yty1;lXyhk!d1?d81+emlS@(Ugi$MSiclh9P=sk~N>KLo{UNRP
zzrEOd9Rb0#hfKci=*AQ-udK{c2YULCJ^;&deU$guX7=FQoc942Xro_&)9Y)Xor}oM
zX1Hsx%PQKY%d{iAe75cK`74}oPjji!FiJ-O*D${d|1(9_+vmGXzMat)(cWK1oX8^@
zKL&YaP9MaG@GYz+iUiJhrAQRMb9bjIkV8obgX4KbB=3AXpXT5m+N!@5W*o1RlVDW!
zX$MhAYxHkA^B&3<5k}G#xv}bLhqnSGSZv?7iJ9m}PS70%Pd3vH<0rol);(k};z
zH6pDB(&aE>K1<;7Xe40Qo^HPwv1-+@OIX?Pt)9JM!fkRqF^u}kYg*>@1$)wT$;v4~
zZQ9%^N{&vDC(LU(A}E_A*YUE#vm0tx65}m1UFexV%EjRkyGNJ4hImo4UK}+;W-`gp
z&XB<*$-)`P2q`LMy>(#sDpOs5J#%GcRYgrcigk{dcv{>P2Q?T0vi8p&o5S)u
zh`C$NI-_R=<&;~objrf8TPFc~cTZBq=82BREYEQKWD`9R#HMJ|
zS~KLDvl%s#q?dlzrl}656tn@saLnZM6mJ7wY^s1eoxDT{0)3#3(O8Oi1K!
zJVWAjJ}$%Wt7sFJlDExN8u#y7ue3^+>=8EsyP0C2tgkahjyR*Vf
zZh&C=y7m65r+6k%0hl7-;pS@Zu~pMS)@;ii-oKr5gLUh8pfQBePzrcMi(O-y9P%KQ
z{`BpCOthG=+2vNhv(k@Eyw}*#15XG
zXhjpJ63bUDpioK`a4dayIxs>a?23aWmKxYxh`R}Fbh7gDh)9^T(BhTOT;omURvqJ6^i(?VVKmIF`z
z;CnDJZM)44;7CuoTFNnYc1(_wT1}DR0PUm^7)e54w225C<4C|HXnL3}dV5%J>o%b~
z^}6f3%j=6>8CbO=$uvL&U
zyUs4cT`T^cQ0fn(eLF>D&HIp{rZDa9vaFBoT_UvId7jD2?N{_ll>>)a)%5~9JkI&6
z8+&Rx>syFgsyG#L%9xdZE>2cAUJY=Ud3bg)1@+)(j0xbLbzKXbc8ATyf#*1pu*m3A
zcU)eBLZ6o4(jTlqk-YP=wclx6ydb3~Zo#TG^})TE-m@Bv9rs#bQusWj%}Bx8)w|u6
z=oGzEzV*Rdn)e&F#zsfcb7p+aW*iV$K1)+IbwITamS*?0fdt@aSplj^x&$)Fv480A{EI~TC9@=_)xKz@dwA*lo
zVF*3@BvH&bN-vIC852HtY!-t52iyBgM@dt6BJhzx+`#??jX6zt##pGOM(R0Gx4#W!#i`h@?)rsRFj8VLKLkd&nxt@{qQ-
zf9BkBA(+jO2l(rc;d3sHgwP?g_usye!H{pl7u91t4|QwDOPY@n-MI=dvu=yuk-`bc
z2nUR$%!WcT7{3SRd>yXeT3P!d*)B!xL&B_<9=XP>-rWzp;8i2yQGg4hI#vsA`$J<_
zv4#y0Gj>b#)7Msj>V8XV=pNj)2T;A`K1Nm7nT;gNjGrCHy|UP=Eq;gH9MHuOS!^*3
zmzEPz6&01=z&GspaG`&9Ij5Hzxbg`Qu#AmAeKK3CHFEAwmb!ya0s)pF3kS#`D96t8
z_=Y>PBBvmj(=%vgSsc;c0_J9DJJnq}KkVXH$ncf*KZfVqM1=b>J(`GboSol8ki)B%j-glVhQHp_y*3%pd#Z5fP-1LBBJ7TTN+9A)gs(`DKj5|(#O4;>(z*n
zildg>l$Go}@3wI5yeDvz?`}C-?l;Nj-|acU)`a)lj_q9f0Uu!A=n=_Vf{qaE9)KQ;
z0MqXIp+B#n%VK24!;zxhEbJTY_jX;^7?V;U`~rd&4^Gf0a4_`I@SKbJC@S;od7d5_
zfM@ZY-KldMzL>6aqX*)}aAH$~5Os2)ADS7G1~t2?=erZ+pg{c|=yLedf$XR0aj}s^
z_zjND@LxVyY1w}%;4F$)9o&2tRK))UB3iAFM5r+0{Xe2S)d83pV0X1XqQLzkwN3wo
z2ps`{YFvd#ig0w!re1O9UF9*?wbVT=Ez{_R*;fQa0Z~PzEl4oP7u*l(v*v~Pbt?dN
z0<%25ghVstOAQ=3KQN$~6*pU!!In@cczQAYqiQrY&?)%FWG%O$ckbj(Bz$Xk69M}*U%%o?
z;&)g>tgtWj1g38-U%9ma$R-$z>p27>$gDIuG4T_CEdU856`vknIG2?KW3}mw>sRKd
zEAvglq@RGdH~4UtKq6uv&#R6gZ2q`!Z2mIY1;V99K366@1}
z*9}Ovfx6;x6~dfZ0R7q3r{uNO=5~I+*K`1!&S1k(}&iI@AC}q
zp>x%XHC&AO{jX_&R`;sJqqb-_uOCV1>u?#%9#QKvjfr}VIZHpwp5C>WGe0mm%rBT)
zNMldd;WIM!uL2LSUT|&9+0|C499wk|$t%s22{nZun|8cFo#fS;?87_aV^}L2(8vsM
z=+Dpa*w|3n)VZRnosxz>!Rnk$|?YFSC4}+{)2sA?7I#NYQaK5X99w#=_
zCzyCapI_TnG1Qizx9p>Z8T3D2Bkx~u;{_JW|T9guC?WS
zjB}lGjUPpR{$zfRaOyFXYD&2|C8^sKU^kG$<@90O*wa_OK#d_x6UC!eF=T71w$}W?
z&u7RX)0W1EvOXif?$wwn6Vs8`w(nimBR;cfmp5gaoPQqgz8+Mxg9bIvRea=?y|wts
z=;GB~Esi|CF1DEVW9YPi-5z{^>FNUEs>7EiH+zTq=m?>AgaOFWKG;Q0@^2=7DFo5X
zhMu0fzpJrN5E)?MW5b8RH;!7bIDs?*c^-002?NK0H_Q-Y$-C}m_D}4p#Xp=%se8@q
zovn=Hhufo-<&W6X;Nz)y48z@yO^;Tj@yEpdrDqIEP1G2E5hdITs^<
zkddMh6C-D>m`U;5uV;pV_JAr5i`c}Ir{QY*gO|e;99*>UDN7^?51uBc&l4_oKdMk_
zHw2j19ahv55fK@!#-wiHYG1KEo?Z=HP4yT7$pk#GZl}lpO4GS~#`3H8Yt{<@5CW#<
z*8toH&K=zD<19_(j-)VgJ!tLAf#Z(jNp^Pj>;37D@;58ZFrFB&Z7=hSEtr5&^EV|##0=l7P&!S8aHKbt#2e$st)Z2*>%l`*)Mbj;SfAh4~p
zFQpc?!O#%9$ACds)I?4g2nYy%7@1N5U=uyNNhQM6NIfpx?;>v(7#P#o<01i^MfuDc
z$uN-qKtXVQ%d&>}>9K6xNyr|&T*??IDE+%OT^Y)-sO7iWa
zM5_CmU9Kye`(Q;69S+8Fy={8;eu_R&xnn1dq<$(jX?!+DfPqxuv86GX?t=)5_dIWY
zFV^kuI=q1}NLS;Mrlbg4?LSs|AD-wEct1Yw_Z=`G-~|~6b)qTNjAjO%>fn^WB-9xX
zDw&O_x!0YQ^hdFG04#8WoXJ|f7ju~<&>kZW7O9g-vp=Ug2v1jXGryp*GAKP^5SfpS
zTTiWOmC}HW>>m!AYG{ul&s{&3gZ@piin8RtvSNf%do6uRvo
z0^DHJwuR$dEnx)6S*Y4F2BC;Ck|9XXkD`xo@B*(%o8^45QVzY+`p)li9m07!o}`+I
zuCkxaCLI!dkVuJ+{R~b!EdfWymzT}#9lWO0Jps|mb&9JLpkP%ja1zkaZ+J!~_35kC)
zqG*FXnNlljh}+J_{kHpe*u)&j^3=Y>V5sDtO%Q5#Lxe7IV;2%yC?y;J5~cY|c`Kwg
z?~v_(Eg{M*sxc2LTP?BIA3lJlH`D8nCKh1N)XRo+=(4cXLY|s;g9OXg0
zrMMcz{6_`Oxya9kpGhps#F$YAxZ0x4SDvjOU!n`-F1En
zdxn3W=0Csr6aOd2^uNCzqwz85{~i8029h}c_ix|fuWY3I3U-yHO1YY`85v6pO#l3t
za}@(*3CQcTl$aLejFn~pOfi8*JVr5oRWf)0nI8inB921U!GR56&Sz(58`xd`xhe+#
z2Dun^upRkq^_QXWv-m&P>K5wt+Y)&)1$D>om~_!^C!Z!oiNP4L?_XmCc=fC
zAqC|BEW+KsX2z53m{}99&~key}b)(eo=2%RnP8sjXRhuf^XRqtv;8l
z%henV%KwBbuG1ARSEUPe2bXh0=Tw2Kr~r~I*6uW44)4uw9M-S?z2fq~E5D>jplcjN
zv3!yGi{h|k8VbIC0^MM9eY|hYi+Qd@EqnQ{2m~tJUp-O<8nrx0_%3L9nL1Na)
zMnm!>`=kl}^-er+&4v3sUeL4qFH7q<&qnHUwFZ5qSAJ^y$r++d<8eTNE2vlttI)jbsVGXdSh4zzmgkGU3Qo7t<%T=?vo?
zdE4^t;U|}K>ZrEcT0LIrfF(II8Z+Rv^<=yQc(5T}s0ptFkseT<0P~pS5fNuY932C#Kgs`i
z`#od&`&Gs#CoJx+Px`sLS$cu@>23EF*bhB@@9vq+qn;@&QJ4mEm{0#UAJzKu=M6!P
zS4}#k7wn6>%YSxc%M{?2scajAfv{B_9UL<_iuYx8YHw@hGhs%@J|VMe5}V#TtX5Mg
zY!0`rZH1XL4iK9Sl&o<~nu1V5Vq(idWy^P7O5o&91NQ@%M*Xf1<;~5_Llr*a%lJyp
zEI7frDUMYi3V!(SVOeWvy%Iw1EC;;8p=)Pkl)#Aq%4A0GTRF^rQm8X@uXNAv
zwIIW>aBy^uB2%4Hq!EP6m0R4P#gAlgEj)skmzCRq1XwSSeK3Ym?f2|Y@~j6&sVjOp*
zu%~5A*IOdP{Q%6FPxoji$CcJ^_bU|P;igP)Df!rGvt54ulgtf9NsMV!uAOn6>y9Nl
zZF3ZJ#@i=jAaN=;m&}u#qk0XX-@xd+BEW7|p!n2bKJPWPuz58PK0Exghdss8r2zii
z)HDg(TF>}A+W5r^*PoU;n-N@1?`Iocu^YIOcPYsDN^d`1@bPB%61(Lv}7^5-Z$zpfhY49iGaZmzM&Ku
z7KM($oVLZ0(egH*
zn71Pszg@xD(20QMVs8qyM2it|c3LNy98R}-_Td#9R2YlepMec23|{;ByYpXG*p=e~
zsyCxT?(Mrc^%=(_gp-`J;ioa*8oas(Q*4mYZlU(5wEj;uX8s+KDw4bXChx1KqRWjs
zv`QhgqDpN<)~mGf);JtueHws@N35tEy9g`IoBCboHeK!(B_0?-9Zv)h3)8@ya4-i2
zH&-cSpY0iEyTsKU8FZ-@4xMQuyRp`eEVj9
zW(Y>$@d-2aTC8D}_yLe@vvsHPBZ0XN5cs9RkVkS?MA_;4pK;W7bkWxZ^VOsSQ~?Nl
zHpBdiXq;g3R!w3*p!jb+^R8%*Oh
zF3r{trJ&aWa?g1H<47(`YuZBP$hrnwVJq%S@8$^={E4V8
z@*D5>ErWQMnS$L2%8q15lLCA>RO(-gcxMziz=N0h8BDqsE165K9#nwfD&HT=SCdv*Ot^HqQ`lr&ym5?nv|I?g~T0E-X
zJ6@%FL6HmFQ<#KK@kwm+N#T#Umhm^PO0@afMn>ddFY(IAXlO}0S8b>A?gFW>u+VkMzqKP%
z-rL5`=slINa9DPG(Vcf5gXTFZK_p|m*z#yH55)ZqDNPa=U9
z9kb7n`Nw8lM?dS~SAf|HGNlj+eSbeiyOlUqQV3LYok#&vE#|*L(4;uQpAf@Vs;m7%|N3zNRB9
zD&hUJK@y{&ol)K|D(Y%2f*{$WOi@pN3Hkd}*lnE!gH&{IzH}FHZ{E2SUP+)+%qaLg
zP7y6OB`Z(kKu(lciav+WtIWGLu7>Swl{im5fw4KSiYbgevo+ESibJ9V;j@(!#+4WU2Pm?T`Zu?Wfqw-#s142+rfCi)v(;okN)q2
zOkC2VMXB?vXARC{xC|fB>JPWt>a5uHwU_Hy{(a%2&>u7@=8_BAA9oiTM@99fymSuc
zKY+a3m7Xu$wXeuVSA`hUqKtV`H+SJQZC_EX3AbiS>t6;RzPa0pEv<`jK6+bLsVR1J
zxyH->&GS;^$idTUJcRmAO(?O?kMm8y{z!?M8M>)P$9ltp)&XVNcM{fae|EFEV4P9>
z@~OO!VPb_lb=D(((DQ@6OyQi*Q<`J}V>Jim57mOt-u2klj8*pFO6KFRt18x-O!oB>
zsrWi7DwfWIaD!L31$+6c=h^|zeEhxbg{4jj63%lkd%S;84PYhyYuz~)VNtS)@%O5E
z$-_$&0n5z;y=V?VA#m%V42|GwA^C`e8QZPh>_-gTwjkb(8)O;5^<5?>t#wK|73JDR
zhvXNU@8;n;dzTtfuvk2uffy_LN=NMc?IP1lDy>zd=#7q^WsEHy>(JEPt#;fs53INfJw3ZnUwFwB~0Zso`lh0X9T3Xco?G-@R>n8J9B7s)&v#6sbT``^?`6vnf4APqEQ~ZNy478gW*r|@%98g(`=~!vJ@GpBE0W5T`u^n}+(rArBF1XI_KKpx
zg+o$5E2c>(Cra$Iyo`!cJ2IJ{F|zR(pJWnU3*A9}*QiMEqHLjj$nHHscKWl2OO+nY
zJeei0*Ct7mS?nvFUad#WCd7VeuOmexl@o{f2#@I-^tGi+BrI`@+%h1R~XC?~27n6Lrj
za=GbjSQY}QtV0IS^8)QW3y_m83rtPlwV{8#zD*joZlg|B*7Qi?T
zEjF>PQ=x#Ng+?Qkra5%M7gMab!ZQ|Yaa|B89}Qjl{^F@e2BI{hTy8D-;}|*Rj(~mF0A~u0UB#c4r7k4d
zFwo>S77A8Mfm7B3lV=0cjK`t@Fnhn&;-!>Uwh4WP2^EDV(G(P8lg%++8jM28*1loq
z9rTgtWTq`h`uLE{S-BalT`=RR4!xLVo@I#`p~}-8yU2&K?!JCD*WBrNCHPZ~=JGI^
zsY==Ar9u+0kZDBK=jHq2>3{j}K5xwm-4Du^;7p+@m|H!uPyH?v#-Y_ZOyw>85?W(7
z7bR*z=cyNQb&6~1jBS4rgHofq1Z^|S09B~yVoq4_Gw1oFz1!|x)l?C8F_
zhQ&UAnSbu?4CeD4iY8GvL-{_0*f0J!=Ow0evHA;Lf0v#$_3h4Eyb3^2Ry1i_{Mvmv
z_fl}R;mBL3Q2Xok@CBLq7Es*3xgudQ%yQ-OsK>F}TeqRu!gy1mr4VyggqQaJF!t6#
zRd@Z~Fe)gBbV^D$NH<6~h;+AvgmiC|&P_;2OM`U7rlcDbq)S@ZgoJdwYhTxW&ikC1
zGxI!uI3pwOSiiN_w?3iOmCfwv%fK>o6)C6h2#263_=<(ZOu+lpS9k*ry7F^>?|@jF
z3(Wbxe*~C++EZjqN}=$(N0Hc=+fO3lzvF3;+=6RrkdTga$v~S9<@O4tfhAtv6c|%@
ztwr?z0IJ7%j*vWE
zeXq+TOY%Dc*)8ft>Ps1gYPrUbDKB=WECdLWpotn1H!Hxw^t7{}Q;7$e9rH3GA!S?IgF)aDVfmyzu<MWdG
zOq!w2UO~_$llp6+ZQ&or^sFiQPm-VxjRL9Z<>n@1wm2nlJ^JnF8jfz9sg~fr7tE6}
zGtl4$|N7OlxU8ZaH$u}~_d50`>99;R&x$&eRQ_cZUGz_hF}|SBlu2!>5^Pg?3VKeB
z`Z
z9S<@j%!F60Gw?43qq8@C$1N-`$0*fq3kGuoie|xPfIMPxzS^;Ni)#C~O+<`O%l$1!
z>Pgb|V@$GeAcX3#|hYsB%8(VJUL+_7<6
zw0xX>TgUfMLp1Awd`AR*BoUAY#dQ6g89=+KmV*
zEffwC``*Q_u(9cozUh-cp(bM_aU2Xf!c0a_ILHjJ{HymaQ?!1KO_q5~uVwV?xNbhx
zZ`&Z=bMZ}5OWD{~Rd4^_b)C3VT=g~~|K|GVy>)DGOae}S30&xF(V(p@dTEkf9L()J
z8=I23BYTr2W5l?e!m0Dl-+f?oP-5^)=fL2odkn|)^yA+`$4}AYL8#5m{fP7-=m}~3
zr}U^o8aeE!UcZG#>v0N%QW7cfoUWOdGq6hw1sxScXTzY;v2)H^O_BTDNJ)f3j%Pj^
z?$m^XsQtlDz~P2wF%%fNI+pdU^>#?Q|8*3(n_VXs@sj7)MKn&aB?BcTxE_IN9@BY<
zB$aZ801gmU>QCc+2UpBsFA`bK2AS*HVG&e{g=D+aS%ab6i@I1L2~gK>
z!_9|efOwXv8qYe#%r7m!PFzGI&ihnh`g$%}<;M#TJi^vsg*hiq(P2I;&WX`geCb5Z
zxdb6=s$s#Td>iMz@STgnmU;R)kB+eim)=QKu1_y36X#R#95T;9?iQ1O<)#R#M6%`KO=qt!YZ}3J5=s`>i)~
zkTNmBFQ})RdtWk>Zv2&8@3^Q?y~7OQvC$tWtv2QQ3Ol%0fs=_26&}s#`j1+`eG??u&5@@8MbySQJj~zS7w6r(ca*E2L(2A8
zgHKL=0ORW1k91k)v~d}`yr7%MB20Ru`wYa?2lB~UN<5JO
C9D}0ViFaitldvA?s
z{OA0RWOpm~*S?iFv_0zGe%g}@T
zuJVtLM1+B7ihO5tlN#lvJ!E^;mN;))+ume%(>79kZa*P_nSic>aunY7fs=JfpQwStx`
z1lf1)X8
zfn-u;;|`zin}+aB`nBn;KR}6Z%{em8{C3dxQ(RRl`VT^aG@NO6Mg86JP!;nLQMu3d
zLO#f7MsgAzlF}q_gl`a)l#=u5fEk&P8#bEg$FkRik&#be)9NyjkCR_HmG!T7hkft3
zN5Us)jE#%t0j*srkl(-h@eOx{ug@Haxd70}T6NQ9=1CT`0xsW!cQLirdjT9%gY;62
zBb^{82EQ5nbZP+^yuRLD;IMTE=|kkA0w$oI@GW$xeLf`m^i91nm52+z5T`I+|6
z2ag_qUWfwTPP-*VYnv%1vVfKWOac*VtO%)>+oxB0^QJYA9jW8p(nysQk$Fg3kK?1y
zLJNgUN>Crb6U%d6%M*Juojpqqx7g<^B-vmJYiE=U*F_PaY;!}wQKeH>jIAxOO^&38
zPHQ9;%{#|eFxsl2=V0@g1(zzv)uq%gw`+t|f%MmiNR8iGBQy|DomeecEnrd4s7~u&mqf?-jTkf<&DS10tk&?!l
zo=OOHop;zU81Z$Pc3E27)^4mux0`@v(dearpK2dvmlcAiQswV9nyZ%c2@NY4J0A0e
z8$dM8OZ0hork8d#`go2yr4_6%XBVQjoD;6f!L>vCIZ{b`ruMOR-`rHsy0fLV6%Ao5
zRs8oKl~v-q=Z8{C@6fN#DL;U~g@1M!3!+aP2tutQ=kYNS(hp-W{@OSSMFv7b3W?E>
zWO^Ur#Pbi(7o$T%e|d(jQg
zvFS*5Z?PHg{Kk&+@iXENr4=xJ?`WWBXiL?DqZ9gXV@~u5C`Df|Fgz(QFQ1MP`m^kN
zxSHWQRt-AMZ;Ji)>u28okRdVyau`SnG)yTRCeXQB>%6L}@2TPJd_7t*o_S{F2GSp)
zPZI_y=Fy^vpFa(;hq_A)R4+Wv`(d9ARbXT_ptP4#{?21T{@wi@u@qJu??}wbSZJ+2
za6*77?
z6-La|0=3_sK0VUSluav?NQrEP<*{0>eHK;W%$Smmh#;Jlj$afdPqpa9Dc@gQh>4F_
zIP2Zvse>-Ql--^SVdw9;kjmKzw_O)&NQpX9J22HSAzkC9a*xd?^Y7!9-1KuJrXtMC
zZ?&@Bfvp-Ug~tCyp^?*3{
zuIed$x{@d-Y~Kt?`B7%eL1UJhF^;tWx!nes?E4Il;rH<1yqZq^YIwV?a1
z<})$JmmY`9F>Su*Yu&)Us+Y(FcwKq`WJ`6))5hOF__fa=-xXjLw1xTYcW7(0YKR^4|n
zaelaOf>ab)MM-yviXc|s2IuJnuY^UTz*i+!r;|o{A{r~JbfEz43`rtZE33q!U9ZZl
zg|iD<9O5}g4(lXFhOB_?ON>D7rut`=o14i{#l*y<@^#&u5lLBNDXL%|jQ6QryzY<%
znVR4i#h3Ck-!2FVzEI&mbTi^!S2d2FzL`BV;gEPECON^x2SZPQxoI`2lU)*Ilh$A&
z_xW2kE>XXVgiFXe5HFBP)&wxngXre?YA^WhPL;KPcIx=$&yUbzX$gi84+{U#4B0xm
zyXgt-wA*QB4oP2I_UA7?@D`5`il(HUu
z0v)v52f>nQf`MG(E#J7?L60$R3o_rKYXEoB%;I5%GEn22#KeNPlm>9vvV(WzEc}
zJPsBkYRdcda^ZE7K`tMyh1e4fa
zKc}LHj^R(L+J&Tb8!AD29=CYEo|sFF)Oc%Wr<*iIIJ<|Nr=5~n_DtDgw0q-nYCh9)
z4Mti*`^Ni|ARFu1!d+A`@~i9SWO6v8Z+iT$3*ia#y=*M=sA>4NvXODt&TO|q1%_vl
z;jtU~Wj*=3wzD@2lKQA=gn@5UCG|WG2PSyPDyA>ktjw86MtNfoF7bwEn#0H0rcRWU
ztd?N|#|48!qwq`fmrJ8PcGXEh-E
zE9bk!p~WwMpGifuthrOz($q_HP+P<_zeX5)L{Z-!(EIZED$qb^I?}WMxPsMxd_B{n
zX!lFW)#oz%vJS1yEu$jbSglObJU`1B%-~+!O1V3$O&S*dbrQ@s2SySgnE`uTMK1P>
zjVao^xx+=>TYj5
zHvomY#N=e5E<61iB3o8MsSe03c8sj^#sChOT&?V>q$ed=g<{!K(SCW9gItH4kW1_K
z8}`SjPP!|D`Frwb_nvH~jS>=1CWf{n1A9h;8Bvn(K1e@mq2}R%C0PlMU7BgSyOHwn
z=L&^)CNp2q@~-9^edddH2iaYX1xQb@yJ#J7C-LMQ24&snS~ZhzA~7G;c5;w8ZHzlQ
zF{^wNTPhi0H}Xu*WNxiyXVd5wQ=$mT+V^qU_-s?^zci4t6ZvP=4|}-NS%^%$EN{B!
zWr>C*TlxlFGAkwLV{2mv58JaHm}Ws~ful^wrvX7Oq*th@bn|kub|gFtb>+;;MWsKV
z(>q_;RN*I|2-R+>Z1Lb8K0h*cHtr>tQttMlEXhm^C9hfFRzQ7Kv+W~)L6MIW<|RH$
z4z**j8+We2ksPRwE}+P_9fZ|aNHwY*X3D>ssXKGZ8D6ihG-#mX*IiHS+w@B*4JMmw
znf8(^SRUO!Y98@fy<&c&tobYJNzv$;J7={2^n;yf4%kbIH;rm(zl>w6rZF-kv&!x)
zD&e%lY8n1LCYegn-S0xtd~apyXp*p+Gr#9qoc(gK)W$DU2
z1?oeuMX=*TeUQGzziXG<+5M!YIu@o1Xzh1@D=n^0IfT11
zt_wI;C)<3F)=8au;&Qs*kMgc?iHAu2Q7V?EN$&~EK>tTen9Vcn_S&4}<
z=Wr~stzg-02NMn&^lxIfQS@;6DjTJl_4U{nxkrK_I8MHXp|!ntly=r3^GtDy!%Vcq
zZ87_~1-!9+m)N+q^z7>6dzTmyJE4-v6gTD+g`EAn*@rhDi*ryW=#(;YMflWB*TS;1ggWBawkp
z?00-O5FSMNVlnXAdiyPZgZ*6e?$Xp}_niX3Wt3J?;bm{xJAUPCiQD1ed^BG#p1pq5
zWEIhCzBK`w0U%IdM(t8E7dged#k!Iw?X%uskeC~n~)$|qr{?#aa`9K_s;+rSU&KGW5
z)KDNDtl8Qiz^3|0kXh~n`HE->N@;W}$uT9C2EP!`U{%QAG
zm|EtTT(>NZk&0_%^g&ntRazB#g7F#+qHgalPLH^c*+28FD1)&1o|gmCJAe0c9!Q%0^Wvv^=Cg*$PPN{!na_*NQ^(}aV$5cIpGJvla=@59v_
zzh}eZ6b=sMAO}W4+5lqY3=I5UhO2(k015l0m^ciJyk}MF$phNkhmRs7K`mwT;^XA6
zU_7y)qHLe111weiY{Btp&?%4An`CLIgscR}L2(^SgEom#_^JFaszMFx-
zhU&I7m%h-B>Gc=?vAtc4+^pq=<~qL@mV;+Yk8F*o5x;?kDrxHLO?Nimq@
z^22Bd>Q7Q>+pG!3S?2s-M1GSM%&?I3sg-t2m&_v=Co~HXF
zl}Y>~0~uqG0gGfGx9W{Imc`HuZ_9E`Unw(_d$$eQg$+4gy2I;~NT#LY+)B}}O0EIK
z&o>lc-==E2%Grkg1E=yQML->*xxmmD03`d*X@lN)bXmUyKOzkpw|)SwN~~ZQT#Mrn
zE}ipwp#I0sG-@K%V_s=Si=}e@>aYA&{@DaGkh+R~U1SA?D`PJ~jp+L!caR+;Q&pa}
zPSo|kW3r~iBsuaDH@9St{{1~ZDj~PFf3!MzM2VSw9hLuR$O-Gv?e{aPH(O=6oYD%w
zl-eUe?~Zg^Phh3SSIxt}MEd(i04K()nX)`u8Q~r;@*@U*`SJKgGx`9>CKDxD*kHn6
zn5Wgw!v6cGl?mz$fkuv!l{2Uck#QimbDxF3F%QE%YIgcryZ<+517huW=H6Jhe^J5@
zL$f*fOH|LeV^_g$lr-&C#8$A;HF@o96+w;es~uf7@I&Wc~BwWy+aqDEECX
zF@Dcut$9bu$R&t+9KJ(*h!#1VT~TP?6;E$(jB~|X78#>o*cy&AF|2tmJrr#(8W=UtW`(vrkcrmN3+cW}Y7}M_}i>2{oy7yS-^F
za!^|tE&NG!d@V^YKQCj_=$i&g%&oXKDXVMgz04a+_Z;YKPFLxA(yq~4B3-Ng>zW^q
zv2tGGnOA#o$l9@03l`NxtO{hF=POix*NyCLL#0x%`Sy=Uf&I*(jMb&xfKDNK*g^vP
zbRjwX)j!vEFd6)H+#Yi1GxE>}GBU*_6|%PgEsQtLaF;u4cKQ6jBLB@>{j6aQ)eSc1%diwmoQDbx3jkyczQF@2n>!21|wS-J3<;1)^AXMSi@GAO8fH3%#rhPy1m)CHQ0T@d!#(VRN8fod&V1sH
z;uIZ;)}CIFonMP-k~84Zx*MJQjawc23ZcMq
zYWV+>RyD4)?s9#tYuh^~tyL
zKBlxVJoxiYs;YdU(ld(5Jxz9L?aEGQ$eN5
zKT&XJt@W_sl2!;(_RxJwZP?t_64bZw+zahPDwKa|y>;0ut`AIY|J4O(hKxmshVL!9
z^~iGEOp~_u=(|7HgP=5U7zJ+p2dj#JxDS3&cNq9^IqU3gg9a&hcvpCVvh^vBqiJyt^IMlc$d
zNt}1LKaH#wg6c8exTivsJD819jcP=irYvAeiOPj+o
z9dZc9!i-u(AA2}Y9JX{XzXc5H{_G|Kk#cCFD{Q9(QhHom^F!2sJv}z{9HFbFRBcHB{n>H|!y{#8W?cyQ(|r$csR0G)WlzT*DIN4TI2bsOw{`S>`}nA3
zA){`#Dd!M!t|
z%=-~OS-FP$mn$`CqRK)?h0p0Hb1h&VZYU7p2UpB$W=3(3w5E>hUQcmOR5uoVPq(M*
z!OBw;LIb{|yg*Os0TKY;!RB(?Re(O{-D$r#LMCoz^i~Y%3*g$cc+UxCT;n5pb#w
zdhd@AZI8{9O8z3UrIvFIk*gH(ytPbEFx?B~v=EB|zxhB_)SVTe;8uXas+!o502u56
z*4B$f*e{QaJ)9JRr>5Z1NTy3Z=xuAXN3tvLg4?bYFJ
zlMjV?az-a>Z=b}a9cv{48cQ|gR!F2~PYofs%ISCUeuSliqA1(>F|fTjs!fMP11K(4
zMs_R)!QrnI&-o3Q4azB-4FrXg$!WXKyFKWkv_nkZaD7_hltqv
z!9wt{2HbhK0w+SGZ?TXI{|sJdYR7h~2jFY``ThvYbU1kwP;k35SlS~iA^VD!*4F8l
z&AYo!zmEDTWTd1-K^qe;a36?Xb$WMQZL2{CCaE!$E2kP60I2iE*U9KTX;Ce}{7tY0
z!xoSd#L^1gz4J7Z-g?eXr2H@?ea;m9YD7~I3{v4ctf>u3R(T5z?H}5dZ$l4ld{R*t
z^k%H+yJ6(n3JYMXpJEEVIUnpvs2~?*!ZK{Kv{N^l2|ktO18z7hDZn-teY_w1k=yKx
zA?D0|W^y~9qWjb4b-BkFZL6S
zi;=2{o{%9%)kgPs{OnD?Bt`BvG@4fXDA$)f8&^|{vL%6f(82Af6JkI5UEZMoIjs%o
zZJJd5lnNE~Ju?NviKcyM$i;k;&gvmh32B^ZM?v~Hyc#flgU}UxwgtI=;&oh7#OZx3
z2*y~-pWoAq-TZk3#8Vz10kh*O|LbeSA*qHeEkG^wbJ;Eq&MUebD{t8m^DmRzE91q}
z$?SE&v$@#Jj6y;RFg!zrAcDt9z%4MmUdK>^Ec<)19O%}eZfEk72lyZ8EkYI^8oCYA
zUF?iQpl$WOM{DRTfR0#jc9y(jk9g#wfX0Uvr)t5L>BQiX%(gROv~mSUbNk6&y=SS4
zB(BlmK?gZbAH4p;vXkhmI*@{yJ$YA{uFddc>O3pn7&arV=CA!9UJMNLnx9rKh5`lY
z;`oxtRKtpnBH%`yhuonHg=p;CU{QuS#Y{&)fZz7LAC{GsmB3}9MpaSaV~*Pu1g*8#
z_pm(*41-yX{jmD{&T0{-=zhr1
zmm!nq@hg|$4Pp4qYHk!q=Y0Kr*X(!z#R_aoAJAz{FaEGpy_;e8JMExUJUJV?`di_V
zF?)9_rDgoJ)N_4G$GGp}Xr0q{j0}|AYv2rGB$4u)!jsuP^IVc4ee1cuz{>F6(tAt#
z?kZ)R-$B57Nb_d=z6=oZ+18E(5Cc$9-)(Ge3CVIrJ|h#r)(N;JWn^LL?oE02EsgiS
zCydhX1CvG(3j34z++1_R+rLgoK*GGX`nZ><>h|{hwYGMsXQM;!7m0qey=`&CbtWJC
zg9qdC((KhFVg!#MHrxYlj{tGRukDT|lzz$pk19<7?m6xm7a)69!f*g@JSk4cUZwPyfPIWGmg9i>h
z6?#-zb29I=w8%Z&4Hs#Ss9sW#wdZVq!rVjGm$t+7;Tkv9ui`Wx9{C?Yt9x-f)pNiU
zyN+aezfj(2`s>@r&%E$AN-a5GzI-ENv%P^b0LlQ~Y@08?;$zGn=b$I)*XZcz>aSma
zxO(*D{m`~p7<>ytiHI3l-d9Y@_s5q_2e9VZdiV;kP465J@cGo63s==wZ8
z4=I*RFc64rBxb&U2!Q9#gJnvb7F#k1GMKK<{h{;CQNP8==W%NB4kX~*jxGz}9LOKa
zUZc(l3Nk+DLA^dZl;R;lxR`+01#Gvuu#7#3i;uYgSi3t`oFZG$nHKUVh>|)n$%^7r
zc6KZfmyt_Dgvk9yj&Fku+0hG!y1@Wox)^ZpzmxU&Npo}a$6+eK=$?UWw=`YBSH7XM
zX#Xm?hde}lx%|OT2tHN!?fFs|1~_Ch9iFQOD_49xDz2h^V*~1WFTMVlvNr8wMqQ)>
zY?}yC4iC96xTNALLRS#%;D0MTkb?#xT-l{$P?q&NC=Sa^V)qwTt<(~EZ?)|AbkLLvp*(aQ)?mOP-Sbz`z|zrlaX4)Z!CLR
z@U9&ZBe*d-#>OGZgqQpn=|Hm9?UWJdW_<~foUO`vxX@5&4>0SXZQTXLvZ~zSgqnxT
zGQvwM?jGM=E!G0Dx=PcHfp`JO?=M;}`$)Y&)^HSM;D~~hh)D?@hn!j7Z1nSg
zDJdDu@Zbe%b2PGvs|UU3zhVQtP#c$T(2>4@eC=Zk(Mr&|T=Xk&Vob7q2|GFtJ%7(s
zQoc3vVPbFFbJ^J3T-`Eo>XpJ0`H&8Ap}~zn23mq4ly`sRkUl7Jw2;ZgQuLy;B(Eo>
z=&Tyd_>o$xrA1>kba0HOr;tB(^iJhGp+@?K5GL!mxx_hz&tP%CHAWag@1PE@$5MV&
zdTSKfA$HDsXFW<{cr;bHnmF!1wkU22L@KP#$XKr@DV?ta4XS^qc%q0|*SH9rD{Zgl
z-QQy8#JQ5m36S*#DW!aAZ>IoMk*@QK^r(pYBTA%%m2na4A^e-o@z`Ggv6(E$_H}_1
z@wotJE~EfdgLSSQ!K98ioR01850Y<>VlT!i{U`y{A^X0I=%JbhydMzOsPapHApLgB
zIy3ZgL_7t_iJ-uZ>PPSq5a2JK9kvx`4fc5)byR~szO~xXGg5yDzqH+>QEO
z$Hk%mw(_va_ec~#0p%I=5v0gdb_DTD;lGY5_$UL_{fN-+xv~`MTBt1J>WX)Fc4KnX
z36$b4IULbwWhun`hzURzA3~IDu{9F)QupExG~}@*6aEKjJebTi_@w({JKbrmBirxc
zD;K-@bSI+^3ZLk&p+IPPZQ11h=|Y2J@1{v=Olij*2J{$kJS1t~4^2~Gj$Z#VcnAx3z(r3bFA2lSBU%CjmSwQ0{>H#3-5n
zpLIzP%Q@it@ZZ-N_+S6LpJ&eh#`^y+cGdr}qCyz|gFpSxe~(k8X=%ZDabS}+{U2cf
z?1?$|0kGUxtabZp*yJ2_?mR5O0qXf_9I4iOa`X=-Vi
z9j&#n^*+@VD-`;>s3n*{~Eg?sM^0`{xM8EP}#+6~kW*DBEGLTfvt#B*NE+;<@UK}5!
zh(HVqDK6vT>A(+~rZeG{UU0Nka$LYN{$A-2S5#6OwUvyC_X2F=rp@H^qdo3%#-e-R
z99*Xys~_-XxyFPy|fm=9`V(?MzX2vtyFJ9w3hIt(=A*35LwYAN666m1u
zA!~e`hbe}BIDj5HB9f9a&OJOjo>+o`fq{6huGOl|4B}`~&on08hu>O{T}D_q&ZCKt
z0M7swNz^5u5uB!prGIkOTpe4_bNhYUs1+`=Ip@_0UUbAsLq!YyirITbK(z$?SNnP*
z@J7|$L*@BB_H?5KZKIhqr+;c%0Kov%uT-FFRTh=>uO87GSya9kiX#AemNk;6|7Nt5=}Fm&XL#U#=$w
z>H)HVVhpqm913gS|DY}@2Psa^&E?E`q+l)iiY0P_xg{WePq(*?)ol(kWL0ha4Mb;`
z-Ygvb{L<_py-HRz5a8m@0?HG9H-r73`SuOvmWcqzK33$o>iL=J#tTHw3bvqVNH-{&
z30RUX)_Nj_PJX4Vt(k)__)NR)G@;pHG%dh<8%j@<)tM
z$MIF~Rik?Kor8VF;s-2oFUstL5(%F9JsSEY!$5({QFmvwIBjg7pwCn+q~kU4{9{zv
zKPM|XWH?Ki{aGFuh`hB&yym=o&nQElHZf{NC@*_|=O>O3x1T4wqZNhaj-r7Oi4MJk
zvZGE>PJ@IY>|W?KdxSKRI2-DYz*;d35cG4aOsKk6U#eb=pn3W3>jUaHkd`n7O#dN(
z0nLa&=g4^Qg6YBtQ1wAq=8?SW17Y7WFasw_zphLdo)Pf?dy`n5uSijfA+Uh6>#zq;jc2ls8z=!FL^C4r
z7|f6JYe#=X%NkpcXIVr-CJX;jBG5p}@xHM^=C=)8k2mx;fQRo~x~N8INu
zKsn--2^}CntGM$5WJbz?lY;}IM}#R$UA)|e9t0(g#<8+O4Lf05ebz5|&0*FOV8C-E
zuY&$UQ6G95LeW$8?2E1bFP`2%#{K$HEUugJ&?N~_7}=gGa~VKW>vQr>3r_IyRVI;|
zvP}^8;-})>k2|eVL9N{_aHEw^aAMKH2Ict)y~~>ZQboBLciPg|ZLJhjK^0h%H`J?FAqB)!3ea;Tz9N)dk5os%`kgE;PsnByai>W
z8N0ztscRSoA$ak)6?Ju*f=RZ{&YXau4Mpq}a78TuMMEteBZsZq>VAq|z;{QJi#S@;nNRZ=}!iScAFtqmzQ^nkkbK3&1_wT
z<5+Da7MYWTgoJ>GGv~gq^{vm|N(UukBPS%_id^q;gFzP}2zH9R1wlmj?=j03Pu1qh
zwr`{tcuJu3;6^+uIo|L`bpnH?D6kBxq2h
zR5NL;T5ii`*fC9NXqOO9@um;bWxmT}IX0L_
zy+PzP;rj4J?nrMmdcQzz@jn1RqB
zrgu|+qPKTOFp7pEB}uRAjqFZhioO2K0i%lpQjwT2l`bjm@=Bmh>%c7>&~JrHtxmDAKTyV&lrZ-D6k
zBMmxfk*t)1y$Y@|NxN8LOnLtl7jSX_^CrV*wVLL9s@%U6b#S{3
zSBw5XvDCxzjJF1eIDNiF-jBK?`COCbf6Z!UR{u6jvC;J6p_Gt$aBX8{V+@ydqNu;p
z9Gy<^{@u`+6Qrl4ebHBGVP7j4ckP&{QUtT3-|e)u6ncagwsKMlKT}WW+>1A&8M|gr
zN*>alL|jdHi16z81%^
zR)>PDjW+|VO{#780MclUE55m^O>`cqQ(w*^s{kul-8LlMo}q{p%u;_-l30(Tv9Rgz
zNUK?QhCDfSLE}hIT<-^+yMo6XnzjsZDiFBK;C_Wq4C{YqOt@t_++MbO3*5GHJdlS3
z9i^|_5S|^XL70nyB=$Ln9)b_L^|SCl0v)Lh2=jLmo(zwx9S~D2%sM2WF*0-YegiM-
z3e!eHh(8t3;O(y>>B@2%|3}M%UQK9WF#sqob%LzMiUNbmwfC6dVioIta#0L~qLD1_
zg^`xe{2i?NP2V{;OU(}5UAO;BlDpd6I~-Vq&@L*FYi^
zFNV)zA$b%ks}G8H@w+1|(BJ$OWpYCe%KGYndr0f?5X*nF?$rQp3n&W`$4E_uQ_nTm
zhR5y0->x^_c2HWHe@Nk`B{ySYG|mkrRg}<~(a>0cJx#bH$EjIi7H%8Xb#h8yxNqqv
z|H(-sJgr6skrwW7_98#rjDF*Qb<9S7KgN|*tLBit>nT@s_;5p`4n{Ty@zWoC+_eu&
z@W}eZ$c@MwFtq%owPPD%H)<&@UQE-xIb_-9OJaivInTl26X!)`RzC7aUERz>jdIeE9^Q`&Rh&Ma!Fy0)XSzM@hrgzCqXWt#=IW6L9sJF_!Z4MTe#jp9twUnk^sUMJ3N^;djpTWqU9;ZWx)
zj)N~AIw70OWmqvU`g~oGdwnIdJD@DH=aG*s_sjB89*kXUd&GejkvvS`XpT7@Uh)3I
zr!DWwSN!EtN}5KF6cTKi>1LUml!CgYU3pCRBkugaumBw2B5*G7Xky$OkKf~c)Y>Nn
z$f2&`v(jBtW4?jotz=60B}&4K()In>{-8+}AxtH_E`O3;o_?l$yRW|7OihYVb|QY9
zT^?p6S=RrbO3M;Kk@#W54RRNqy(nr9j&Xb%jN_9NoEX_01~(fj@1SxJS)Z|xW2y%$
zLbzYEDJq7@rxQQ749-puHy39w7MQ|W^gW#?oehm~F(Wd6KHn=ZFg)sX=^YWuTomKn
zZrPSs0LAQ7|A8Yhp~Q2HOM5GjxLASGp~@9CNniD1$HY`+bCCI=Fqv|iDD)SfSHu#S
zE)7vx{w4oQCV^XJJOkbS)Wbv{nZW!b6HyODDn{1@oPUP`fM|PI&pH2#NTsv7n+j67
z$iJ$-ORp#Eev%qe%Rk0p1PUf?m`7jVF$q8MnWd19RxWa6to_k`FolVGQZS@;toyCW
zcyA_w2SP)kAY?8q>x5OxvWC0B7q^e~S}l2VSk-W-i@aw
z0tHP}{0$=0-MSKB1Mw8}tWco;Zqc~0z(C8#z@SR!06nZ5w814<32Va>0L1_lF^ZfM
zK)DeK+t&sD9S@DxZMB0^VuD^(NE6>HcFR@BD0)2ukOvzzeAWdDW}v-!_F
zUFu>7-h_=&GgWMAx!iIyA-=;+#uGSm?%j6d$0}-ZZp%7%(h8Tiv(Gc1AeGWg8A?*Q
zisC<2h{cfsjh~$ekcW?OaL8TWT();`OT(UMiOS&9SWPxY&i2YxJ7z2%F3$}*q(6^R
z>L=H_flSEDMf2<{Y9;vvpB(fsz+c!*JNVE3rh9c&f?hh7UbfgOt?Zi>?H9gJ)%h^T
z-|WVtdO>@pG3yZ7EiaFmcIH#tX#7x9IqMDD-kHl$F2~er?&xT^GzoTWFZR%oBw&O9
zyg!)`u>^2ChS(L0e<(W>z@&(N@zYopFe25}IWc8P069&a>$iZ(5g-Yr=#(SoCdusn
zNT8kl-JLw0&!Ow^um$U6Xc&wyum#4KK!ex^75IJz&#_+*s_?IZ!mcjZ_T9VguUZ_d
z0K+ZksLEc^x~rH0xq7~2j+nZD-T4^sV&DJ%F0t7Tn*882VZmoA8~vn?%Nv)wMpC&&
z*Qeb(ITNaclyUbl6VKxI@Ap*`ewqv1TCIiYa?fFc7vNc?7-n~sarEXD=J6z8TF^Fb~n6Y;x7$r>YeSy)8J
zGE~aBqm68@K_Ir4(DQMKdsXmc%3DhZegw+%7YJ#u`Fg?KD#VY-@QEO;#6L*AYx@Zqa+e
zBH|$^9@kElLNL}P4~!W3){Y4GR&>G^GsqI3kwj-K
z8qQppJ2-r(psB3F28csOW)k44;#Gws*xYO*;
zA*m(+WMB>r>Je(3`R4g35~wajYGq+wXbIEzsZwqu1JdNxM0GYn>jn~mcsHBN=o$dLMYtB9KM0cc~j=)9anjJ)BBmMz3~u7cRYUQQC*!Vh^%e^
zpMF%g)HnRfqBAVvT}i>HeMY?}g5vJknwP}c#~1f|nZBQmwfqk|e8-iyG6xM^(ii1(
z6~bNc!=I>D6GT6hQ7?6=`YYLNV^F>;5j0kqyHa!RcCOxMXvKRBqIfGxLW$-QR&`^EamoNTrOYcn-<
z9&&ii$6oJUA&H>qhEJwJcqD;6X)
z#t3^J^eCx`i{j8&jftEnFZ!RKZ^yh4*6LU1i`=0K&1AJ2&=a{Q<~
zgvUlfp2C=_<9M9Gs}~??Ux$_uF{gj2!8PryGG#eGQBcG=s-pulwCbjBzgnY-gprBO
z9m#B&%R&a844*qXbTT>cMXu?_P`gRvbm=!^2b&ddR5n>NDFX2wTfz#@(#r}W8anrn
zPpZ%y8?Fl3j0G#^BW*2T!{f9`Lz1R)zFT#mF3=xb{xtb1RTE3p|5zfJ5qCd`v05)6
z#Q+|edmCp~#O}3;=EN?+wSTcu#+-i1+{MSuAU5WrO07(vYf0i^rt(hU;Qu%x@YC8Rs0mF^|oAYB5|u>_>MyU)Fz=Y7Au_Za)HbIuqr
z7{I#os(H=%i=W23tr_a->Yh)xk4=ArP+q_-6=G>t8pdqr__S?4_+soo?cOtxN7R|+MRc`yi
zvToC4#W`!`cZF9E^~e-!aHP#IP}*NRgs?^Tk^EfNo0a)#r5`_yKrs5k$OXeJ%6q1F
zf%Q$65ki+V9VweU_2_aPyW!!IhCqiuy0h!
zhR0a5^lqoBTsD&n=}|WGQT9_(A@8l>?lir(wFr4_hL0~T;1G^yuEdo2wubqUlEK69t%lDBN%@_Yh8I{F?_z8
zGqJQpdM}iC7Atu4vk;Ji=;-LU_)AezKXB$vw?7uzw933VDhH*G#6Wxzgi0xuN;B2(
z8)A)%)WeV*>a=z)ONyiuV?zF7V97@l?`HBMJha}?yQDoAw1ZAH!{U-@ZISi58XNvS
z4gp8p>ayx2{dHvQXIZ-wl>3c$jQR9BZ8{8w`U}mfT^^UZ5cK!nKf0$D
z#kPe$J=$ee9JO6Hu^(9)0-dg0m3axlj-owhlz&pxN9Bq^6E?B!-JZ1~d<
z&o)~cTFIHA>TiR6!lFAJBek?dAnGJ;1;5Si{yN`s!3>wRwN>G3PDb~|1x|k~
zdC$+kiGSE&0#56J(yAvX)_qCFQETmpiJRps=NqBgKc#}MCojYFOJUc~`IDXXlg{1-?jYB#F^M0%x?
zKMi)op_-^h$II>WjSl2FzGrf6t7r~C0T{#SWLn3x&gz)BgLX06Tm}XnLIgqjg1)@>
zWKp|I51R-GkEYMRfLSNXGm&P)lzYC$XS{4p1p`421a_x4jS*1jk(0tOQ=y6tU*A~n
zQFRilxdJH&*Vsi8=u}dPhto%^4J6Zm54=!@?3V;;J-pq6MMsog6s{g(QE_IQ>Wb))
z3dHK3`l_xe
zqQWF@2xc{OnEsb7O_-gUdA1keYda0-sM)Jz*_rwv2+1c4&zY@p*lSMb%
z&zpGyP1L@_dk`oLBUFqdsHV7a(sq9De6b-&Y_Y
zc>*}9BTwf#E|xU^Y-~=={C_P?Y@wo}5xATgNWfnw)Ib$Ls-k_qPt=>M4
zuLFA515+xZF)ri6_h0kW;AJ=X&w(`RhirViWwxJ_Nf3c=&B(<~ehQ+^&?0M(NLRYnwso&*>
z*O~P4dj;hw3Dr}QaFzy3FBfmM@+~9vm^T=Cxb(@s$0q;2)vgq+crJpwx8C#THXmy7
zR9HPSN6Wu##ST2rr0<1*n!BGaZmk9-%7=aZr|6*{
zf@bCH3<-}|v31&cGj>HKx^Xkx&c{$>9I-v>9^=&uATBU++~xR{Y;p33)8`cUW>?SY
z`a5YxAj%%fhV;9&iIumlqr;!+XkW&?oi~T50RmZB8Cy040E+3JYo`M*;9%IS-@oN;
z7wd)uquoE*+M)`2JP`wu$AK^h%Bt3f4L|;j+Jwk>v?A13XzgkEezkfPe$otMv2nAgz&=Z#ol3
z;j{K{Y*6?2_y1m5$-SsL+}V+heH#on=DoXSR
zlnWP)!1+4PXi_|*aEc0kNv<%lr$ONaJTC_NOuI5tV?E=rp50H_)>8h9Ri%|oH=F4#
zN)cdZ9J4pNq2aWUk?SCT2kjAaI0|M~D&I{anLw`53Sk7xSX$_%8}r=$H`Ot$>u+sx
zqWxcgE7XfJGJ%dLn9ntfGYMf-lS$W&>oV;*Dbi+pQu1Kkb~ZoOGI;dOmWaFkV7nqj
z)r9!{BV|mKNvLiasDH(&Vn)5fi956vJMG=_Zs*ypPOXZm8{dUo)B%#ggAjy{uJ4|HOfCmlkrCn4ZUGHeOO-4JF<_CB@-)D>zbaX#=9=1+5&zuq#)DM
zDu08lfa4L?bTaK9YU9>sS^q?0o0tGR;H7GIH`@J!_z_tFYUr}7_lh%n
z46j*;H+?y5%W1l4F`;L4N|iXFvzhw%G*ds+igQTp&53&b-x(TJ93V|i6%W|8S`axi
zXdjUlCox4%$G*|&vUVRC+{L;5gBgk>C@{IQ2qp*}f>e5Rk^$N%7;D{Ev9tT2JeJDm
zq5J8Ukev$}aUMbULg?hC(EY}bq`G31jWS1c@=QAjtVGA#
zM;jmpl0`!iZva{XL5ee>QRTT~y_%Se1zjqWPG}+zqZ;1pt7CYKZ$g|geSVJw`ZYLk
zYykULIhs_)VvY(9Q?rUgkk{hW;rZ&Bt<8hL!FMY2W|}&5JD50u}MJtYa)rV}$kcrv@T&S>-c=#IZVE
zoBl-2&q{c(Aj%mG$_FPNM%khFXeTS$PWRFXZ&8Vm(MV-*O5#&X`G}HmEPU;U
zIK)MKfR3T{6mcHHsT{&Aje8Rw&+_^^XD2dJB1>5Qyg7EMow!frQnQwJyasFA#)q1?
zg7{-fttTA3O{Pu0^BkO!GtOST3L2rAv72A-haEP@DFyns)jR=!&!mv;F`=KNItD_C
zX1SU$6o=Z*h-cDC8lp0fz^(O2jD!)O0u|x*W<0@cuIZKK&ua5FN~PajJjS`=2$A(E
z=4y=T*q9-;+w5nMjXWfL>F_63b$^4URf!!d-p0Ff4=EL2Q*iE4URYRr$pzWmyog;`
z7!6Ll&Jwew1rPUa`E)SQx~QluU8g4beEzmL?+@?^2=s$avFVWCWCfuS8-9j%Tyg(-
zih*KM{JgS(Fq6Fcrzt2aY2h&H%euU4oIX9Dds>el6@}D0O_>7|2N7L=|C(V?tYNTI
zaBUe9El&oeY>PD0n@D7}GcO$;JTd(DX9z<#TBNJRD2byOAd_-biH`}2STviLTuN41
zS3*}F(#;5RnYGfw{r15lMc#dby#hL)r$Z*V*a$#R6+s0!$^<3()JvNJf+}eDF=u&&
zaxJN+-fQMH{i_}R%y`t7H)`15Uz-XmU~!o|r!&1$2rA&BQhRpcM}{uwNC9X@;omD(
zUT(O4k_93H9FWQltOnbGbfa|fVrG30l5T143iD~oJv-3dMp&i6U(nMnaw3ml&3@B@
zTXo(c({Ze=7ta9W*7U8ezR2YfQ|5WdP=(#7lIpxVqRjpZP2Ot$$I9@n4iM
z0Enx)PO~-l@Mg`a@K9dG%E?REdxBd#ena(?DpybRPPnn}`ZkaL!kqxePV(-GcFg%=
z5NhU2G;m3QfB^{peIbY9zLf17WOH56?<9D$fs%Me&*9SQXguUTCyHBUEq`_C#?Pd0
zTws%HuT|xu68T$(WajXjxrJXa8DJGK*S59=?x14%|Mm>c>XM0tP6mv0VR11s+Wd^^c^93Wf
z>6xbqL8Ou?tnzM060@gE3gGVb=X*t)$0|A%%4fNXfEFsVq?0C-}X-19ZBSiuxKSPwITJ_`0bh3qP)t`8F?|hR~PrCssx%_{^*KvuqtxKnhwpIUj;Ixc3$eg?G&mzW~HKPIXV2j
zgQ3~M&b^g=xz=_geZ`i+goReaGb&R`aTB@Vg`JmFT^?Y;q=Y$v2p}e>^O7&K(;-NuSZid+Dshit85ySl!(Dd%2!M|SpwomWu0
zXXh})&cJpQxty$K|J_ic8#q76lwI%PjH0|MbLQPRuPCuxe%zZT`Ap<}NOni%Nhog9XmW1UeX@#~Hl4)eAkW)@BR6Apk6Ei4xjaSvr
z$1RKa(irRT!xRVBqM{zS&ZR=|X)sra9SR^Tkz=nt4R=p0|6G*D7w8
zN<4yoUV(#l%p%r+RwtVcHfVpBZN`#lzdc7M$aL8aklcbjM!Y7_X-CTYd({Yb(7z=Pv_CEVcoThhPKw4a7{p3}lGFe;2*-i?`YhkiuP&OSbnZ;6PHIAG
zKGicX?M5r$)2x4o-(6@yDslj%?PVj5cVs~?PUREMG#1>rDeLgXkSCshM#h4Iz?d{t?yYO^VlPh-pHPgJV=1g)IViHRCd+@G64dJY?0yU1QSHekN^A2S~-
z6?)k*`00Ky)6t8fj_E=A<_FKm>-6qW43Y=wKJH*?@7TsNnQE0RFDP-137$^^wA*_6
zbd8fiD^39^(Ytzt2v;Z0ZgFVW*xJ+@qJwd~0ENQD7vfp#trpoF7vo?bF9ot2!U~j?#b&lyhtD&^i_U
z;HorX4LuUT(EMCvd3?4@sa%a-JjO~CuQHGRYyF+9f1Uh8@@7)8_3K9-A
zKHuR+oh6-~?^lPb2Eocfm6c;{9-C>~rSMXtLZz5keI|}awtwT4fBP~9M;Z+6|I22p
ze1`{oXwQAf)5k<<>fd9*{68O)^?CnaYdH=Gzm7m%7Sk>@!l&YYZBxYYh*tH9|3U8m
z_fBA^)@k}bSp@$)b{+84|GDn}d^SGy|7Kjr@jvM9|4f>|VY;vW55u*8{vkWElNBS|
zKQLec%0QG;Q5o0&mqft93XljkU?c)OfJ873&Z8gx!}1*2XrdHI0oPJb60tO$=xM+$%Nlte6U!wgs)}YL~^$L!qizjc%nm
zav~=uCvY@U4+apClai9wrt1!`v+7fAHWiT_+PIAiIO=OL=DZNK-yYF_@7t#p9}8&
z4+!1Vut(YVzb{FlnK~pkJDb+21Ws`rU$dRmgfjOMt3vD!y
ztJY}I7FzQuI3r83>4VRGmVZt5PjHDC-2
z3apSYWYq$(X7A$R)2gq27?v?x1JIOL?e_BZX2`
zeDB*!w_?@_#u-w6Z^%g~Ap3^$PliaxNeekbhB;ah_gP-
zZh}b-w9_kJ6_2vC#;i5DM%m{pM4PVb6q1Dv_&TYXu@mRr*(Plw%%sO%i$POb>1*V_
z#KdUIro!F0HSnbmX88Mvq*?(}Ztq8xQEX3FRc9W7KAh~s0^DpnT{*){X<^OqM9kg;
z_)4ruV%#FXV)gnjn=M-nc2bKW4UT@3c_g3})@F;XFetiN{J-6v;~o}K!`R-T*CGaU
z&8j%7rNXVMENRtO$!>6;t!G#+ZewGyN2Eg9D?;sNt6L1r`O2CyaNRKwG>s;&gxgd3
zYBT3|X04`|^HyT4`kmk^ydVw^c(tnCR0bnmZlW#=qfPE+yI5RBU|KrY<&OoI!Jc0yE;Yhk+1nti%Y~Sx00ET;lpJr
z1*W}Vve*|q)EN;8_Kc8p&G&1R}YRe6~J_^!54T(ByTA8o6
zTWZH3AxjNIZ7)wC*CO;pnh8y3G6VxRe?~f{q0mlkvY}lDN1_c?Oe&IR!>5LvM^!ui
zpaB2-#q`CJ{^R=xJKW2H${RP1+@2OoMZm{~W3EY3_LeoO;;zUcyIU)My2n*Sg4Auc
zP2kbi*hcj0VUVv82Rd!%82GuB7W!&MAgR)SRnOg5;Fnp%zB7TQ5l0MCs+8%r1GP<}
z+bUzle|jq(El>sN-Pk|?IxCrp4^WkhB^88KX>F>SUjcb~KF<@1j>}4i)wL+r{<4qd
z6|0ZHUWgE?6=pJf
z6=R|1G08O(;XS>$5C_&L@18;A@%p8i`$d`GWdlZ9f;I7;d4jcB-|>*@1}{fjcyz9#
z{Ot`P?qHwCoHx#7_|H|9B+9X65~IVoEQ7=*Xp>`zt%0RE*4G6Z)ZKX
zSLJTI#IEyKAzEU;dqY`(YdZ4|h`BY3MRT`X;^219JE~`VT%<_&^%ZVnX5sxla919*
zv7hVWpOQFnv8{~@&HgFs&z#lq-B;r25*+EzJLD9$&5UPhge2D#5K%sd$Dk8m-h9+M
zJ5kOoME&pkBZIv^&YqrG=>-7k41+KL_9SrG*-q|n(a?+l)`2I$WX=vU#gPJbXME``
zGlyL4eFT65m;?4e)0*2VmUE5wSBr>b^P3{1(&ycVxw(=wsRY!(0z@>E)^kanDaAqj
zv&c2~4-saahR`az4s?MuQvY2}h@Srf;^bK_ORH_UR(!>ZSnBeK$aQ2ulfB?M0#)r)
zu$2kztj{2ee69x8e1lVcg;(XVw
z^o~lrM3#@44s%%#FK_@UjHEjaZF9Xjl}GPwouDjPgd!iIt2B(s^_O%8WmjH|rCPbV
z8%^I6$?P$qS_=>{N>B-D>5N7)deMyp5_T6DIyf!FFD8aP`+(m@T_XNF_VB2HH}(_g
zank6dt_PWt9v&W4(#YQ4-faB*5hX;FNQY=uz?50-J*o?5y{_(-p<#2s?s5=BhJooldsW$PICdk=BmO@LZk*CNN(tDs`}-NC$Iyj#2r!`HVx7W5`cSOlmZr5K>JPYCVmf10x;uh{HN)){MEMhb{-R
zGqN4wCAG^Es+Oy!yxkxqcSqdR&}ZO@7`i$|>sVin{3cPiO{Zbka}GY{qI9RIKE7`c>;;<)i(L=QGAer
z)!?vCW-yCF$<>I1jL0By9S0-Nu$hhs>tyQr!G|nCvb+MnC1z>!zGKjXIsbNzq<^5d
zaNR^m;ySh*0~5jh<^2a9Rkw_Vsj`A!-Uc(Sr32+wnByN?ImcC!>-g?Az$3LIgt|#z
zdW@|~$@S8agW!yC`tnQ>n^c`ENIDSM^HE~CA{
zG3m$4sa;J|{+MOI+@{`4p^2%6@qvk5tXNzq)8;@1SkB)Z44%VrxNIO+`BU+Nv06sK#2sUFlI^h{5TRHeaa>$e!)J-jwIHr7kO-wC5Kbv
zh4gY;oVo3rcn=rFqJ1rw`&)}RYH(0NC5YY#=}QCB2H$;Q=Pc*8J9oXWmmTGth;qV)
z>Ta9|_%rmE9~wVcb_6SBR)W;>krMP9KQc7y>Q9P#XQO^NAELc^6R13-VkK9HKW!?o
ztd*C8Efq?Ue!Z*#X-=3o1?SN3+JpO6hum;7>36kq_Hn7FxNcDr57l{rdiuab4~Ra+
zo2|)ONiCQEM*z8ifPiYL;_BbPNA2mEFJ>cQzw0ek%{@2M2`M6fFU`Rcr$EO+goBmd
z=JKQn$cZJI^{*O^f!^N-tYs(AG%#T8XgNZGS?kkisS+5(~4W1l*a%(exDQ=${x;B3IcGh})cx=YG&i
zBUe+;8By`N8u4tLdt2@YndY#S<_p&4mmssxRIo@dW|6cwT4BRYHq9gydKterc$to<
z_cTMNhI8C($0tp_Ek~3$5}4FEx+Ph=unE$b%U&T==FSzmc3O)#hqvN~-liO0Bp5@M
zcw?83$mZm#Rk``<_5N6h#RI6A>s=>7NQ!TC7S{URf(%{xmHb-O4R@AiLtQacQA{oO
zj_L68-#ct&%d~9o7L9=t0dZkmYKeVrwZpQ`1L)G1Dh^wL_$Z1nE5`9PVd`F43jd;Q
z;p;c)ar(7>f}gd&QlG=85u|?%OIdD{<6}83!VNMdFb{C=y6Tusv*VFvwEo;6@P$(P
zCE(p-h@TwHwbDa1Uhn;7mZdt~VwyArt^dB%y{>*K-acsx5A5w@!TT63Tc$3f${@eD
zD?9ZGA2hR{X%H8iHr1vMY4ozVWaH`de38oDidts~Up
zQe5-+t5WZ@;~LBfDH<2%5s1umxI>7IBOM46eZZ_(`9XP|)q4CSVt>D<<@kh%|97~2
zdFI2zC~7%U+~MMv&WCBb%2WSa1#oY>p!?q%08l7}-`-Ccs*k?mC^^r=()xhh_K=k(
zc&;DP4Cvb(?~4JmTOA`TK>776+GPbm{5T!AUmF8q9L$(bKv00)+ZG2<_v;=UL;?zx
zLDuz=QnCF}Ge&BaRAri~^#Y34Xu1d`uUbqx{KYtu#~b2
z0tj_U3`tEfHRWKI_lqHNn8ge{g~l7=nA8TV{D`7q`84B!CJMo$=?NAJI3Lj_gmEDc
zgRZ)KXA5RpiR5^yYG|6+--RS)t|8VE55)$xOkrOY>eSz|RjJ@0Amx?(tRKdpDHKW?
zPnorz(_m?IXCF6*p!B^fO%~LXc|{FR>iW8b+hDAY-e;0a_FDd%a1@5*?1grAm79?e_s9zcBuW>tRL`_&1Dnf(nT8%Y2_@(*6O9(
z!<#boeP6tZZ|eOd-!&qz(M9JHNN`62(2}<@anaw(Yf%`rD!U@8*ZJISab`*)V}HN{
zh(hl13*fwB@Yi?|7(wx7+5FnIE@L&
z@Oa4!xSeDU4axbg&gwb!r2wvxi8L;D=Kx~U&c9@Wd6co9fC_qgH(EVBI|WRossJoz>RIfY=b
z2#<3}Qcey}w;TK9?76ko(#6sXp*QL<5-B9pW`y=Y#$^Bd4~JV7b{F4yH9cW#C7
z}FklXg6UP2mZqO@t_Og2)FVVa91
z{(KE7Q&~K%1NO+m7#ZM5?>sHWnmNq^>yXw5bcu68VSJ&54&PD
z2dMLpmHPR6G9}~KD&?56LIvUk>&%ye&pH$+iHqm5KD1ql19$E7gXhvte`$du$7tZTua;g5>`3GOI
z#nN6HS@ZVstW)z(N1FTAI&rT2at#8phR^Df?-lMP8|mIB(-#F^5LAAh(Pn1_78g7Nk(=*tSK$E!4507#H{g#iHc$>bxoYg}
z@dB_8NWmDm8d(Fs5Cd+y-mYJ8j(xS^++xNzxXAdW8eaM7ALQdPzrOn|F0j>CY(V)w
znZ|81Yizk0&#ra_eEcVV=LIg!A6Q2Y)kFujxmrfn&K#V70=vYru5y)oVACzW=rjKa
zKG44d$CsT^o>s{_N^Dy%Q3Aqh$3=W%nKFn0fDcTg3lNfI=G#nGZyWOh!i-aZ75Wn5
ze_4()AoKqUwkrZcFSL3`WPw*KafTvgU0R7)|ElU;xDN56+Bz5NONwGjlX}qHcUB#G
zAw1Q|X{D=3X(tRzar5}t&%mZYOamKKPT36?;UdOo7t-@H)u9rL>XL1<-wy-9YI&Ov
z5;IHXtH+;o8ldNc2#oo*F}(J1akw$#-T;S
zQc{!h%vZzQSlOW;pmgF$Yj@wSA}>lgp=T29=vQOza%2(C$;rh+>}sQ5>MR%c*i%~&
zCEJH-q-W1SkpVNx##Jp}mw1{hie|>^42p8_N-q<5FhMUAbRhL)c+7kKFgRE)-}gG^
za{@ts)Tt@;or8m#$h4&;8buW)0L6`LG7x9)*r3x&b(FlC7xg
z4o1g$_H$G@#9zgp;1EEM5)cr)2LhbgNVD;wF*U-{`4TSro!({L
zkoxN48vkQ7XT{XcV((gM={p!B=J(u6+?1hjM$K_m>rwA%^}6RR}MS3x#axa
zCaWJi@AFa1{+Kr08!^$5Sy=df*^ve%h3R{b)
zLI4!<=9h&?Oq}1rdacM_ZGJv{ah5Z($oa0yIxsh+G0KbFAJpFbDi)2oet0^b!(DmU
zVVK*xxVR#M($dm70xmxl`lWvQ!jWHw0i6pY%RY>&qot_ahYdP_7akBk*ZFh_C?z)D
zVcvh+noEV+WqhT-ZJ(00?sNvNaC3j3N~eUtmr4}9ho9h%WHAW4uyBbUL3g9nE_K%|
z=Vn(ZP>J?b%ObHB&|i};e|8NMy8_Q-7_Nxk>gAgY)OK_CVQJ+I4TPI*?rmnVR%QR-
z)~V7cv?C0t-#3VvG+UxvuM=a6@=ZLaJH9XGcbc!_q;N<(AG~)jTf+3Z-B)(8My$9F
zvNh3M-o4eHY2@!1D704@$@2}^9}~Rw^x`tnHKeN4*GRrJwboqHEDh_N=}K2G8g&~o
zUt-^3diLfoKhH_a4M@lt*!3&i$kw0b9BEy2`Y9Xc-r>Y*!-)Nc3{a5v{(
zP@6A7xVkX25CQD+KRrKfzkpLuN}7LuIM?1^$P8$>8By`WI&RrRZUaI%$Lpn)fjczf
zlbq`|d^pEr;pAtf`36_z0-sg1QAZCVP92INeNhwuwK6<=>bY+PI++W=Vo{;IE6guLtlcL!NyvVsaOTJX-`BCYRQf-)E^3Xou&9_A;a^Vdp^
z@R@Zt94s7IVeCnv)0=g^;}l3QfKO)Qs>1@fk7wxlqy)soJpm5`tUs&(jkt$x(E$UG
zM{-!&PDV=$9~NZ&&3(Sjya^V)f%_lG{GwIy>TdD%+RhHWvR$6`G=s9}I%-xx7h;pg
z0Q#Sk;s8_%vce|+o>!ZEl<$Y~?{glm>0VF}#+1aNwgE$B^^CDfzB^tKYIAGe?ej1pkR8NV5*}@$+{Z
zouUzGx#!LREFTXbEq4LKm|Z|1((gW}=N4c8TX=2v6R^S0N#qS`^F*l01~mI+oO}=X
zctSj6IC;eC2eY(u9tn-+#mRWr%)_cQV}}kBU@_5wg5;#jqQ&dCeK~)
zui3fzhmK{j#ATyyws?=b0i~SqeMsjEAlLm?^np#pyXW%e033i0NCfo*21$W)oky4R
z9gjqCKl>m)2F^@y09F}i&VD6!fGkSz2}Y5>Dc7@ykxgNxi@1OX6Fwl6KA8b#EIsfQ
z$3wqE8|L%j<1sv(zGv61=eFR=7n=r$+)G!7g&M?Tzm@we5X~2YTVQH@o5|}?B}j&x
zsPt*!Y?EO5zOJUSwierFwt_ttH|7Q)!}LYrn>agT0n&dv$Hyu}%fJ*dblNROHDcGY
zE>4E24y8X1o%mMA&62=Fxf%MMk7v4rm(KegfP=#*S$Q+{97KVOm(t&wDr5D~0QzOJ
zzC6HvFAi;7KO?1#pvWu#La1E07&!JLW+~%?hN#sa9!%8^mLf|$!tEjSDxm@0_?%B}
zd<#AwQT|M|5RGx@MM`;9EyO<{t4=!34|bq9k3GE&C?C?Vn=)t@3>W%)#k8?cO=Z5v>gK5P
zD;@p$R15uOF%*jNKG~ZTzT|dq%;r9(a>I(b+Ss7u?G&5sh>oR-UEebuq<5sWRu^f^
zY5+YG`*$>*pCwJ|K10I|%-?;Qu^EXyJ&^4hC7Sg}h)dh$65QY|mbaQ|2
zmvy+YpH^wC6tYZTNXfNRAAQ5_EYFusP-EU+43Y8i6T~H&5~`gcpSrNT#d%%UM``;Z
z;PN3QPDu?^FIGtd%5S@|%~XIf)DjE%y!ptynw)1c3P|-UHQBv4*Z@}1kKS{ixTuy^
zcEI&IMIKRIJxRO5uguKa8VmRh8=DRY6TySCIm?EBZY;?AD#1;-03_OR^P^V1f&bk<
z>G}a+-QBG*g9*Gju72sXCpq6cA0KeJzgm3@X+;NeB>gE`h6%pN#RiUk5@!$Rti2L%
zg+r>>2eR{D%vHo>2P`cuX?OT~)%dNroLVC4^y=0MT=Ju#qW*nAVePd8KgyqZY|U0S
zJw%o}p8OPpW0RJ9SxV4oKB{Y55|JMq9K3V9KXA(KBAGXpT3o7-x#x^fpxb=GQ%R^Mwg1#YcW^Xd>9hRdk=tr#b+OuxgJ-b%6;
zjil8?|AID^bTmj&=Ck*=iO(f`*doT6iEz-e}Gai`1F-np0&lzfZArHVA66
zp7MBWQ|Y7$to~Si<(Hi8L)BpaiNvB7hw?Iw&nz-wk4Lt10logc$P4%4q>-+5q9Gu6
z1~*f-60VmyC5eyIMzp
z;&x%W7CQ08yK{)BgHk!F}pvI2jWB1V#jz$HP5&)=h%i`zXNMX
zw)CBYma0PX`NtE%>n(`&E+B+(Da*{89o;cpYMVEg*lV`qG~}<rSS%(ho~L-spT3rhxLN9cZHF;e4S?ueg#o0YI|{VUB|
zOhtt?$m|8I_~ti`4yte?tI}iu^bL9^%@{vSnoA8+MN%>Cu^2fUlK|T6pB#tO-~g#X
z(AO-2fxII%gKK*knQ)KJd+WASC5LXnhB?|IhmeJ&Uw;Y+=$@Zeo=Iln{77c3aZ}`J
zZhiU~4Fg@q_+JAcIN%Ggm!ScC5IF#1W4=C%34p4q8od^ej)wmXTM`XCmaLHU#1F8$
zalawQ#T|O%KpWbTfe|}@{UEaWCyK=zjiqIWdkASj1`u6<*PA>hTMU_8ZTG?Ufo1reBmWpXLi(X0#Af`iiF=9+ks5K+OZD7LKcHU^Lq~_`H5P
zCGU(4c-k`HJM1ea+$GZGpH?FVFd3xjU%$SWkqL9di;yo2a&FewqC=nKr4Cq+ap<)W
zIk$=?A?n)uSndQQg6Qs9{FnAmj>;iCvBH3%EzH*14RA`RhqUu8JeO&;69FOeTVQOZ
zp?+$;m~5mrHf^Pp9D?PVL>!l1!}aFbaQ4c64l6x_2@KSnqcsU(+^mggj|ga(uReaGt_;qMJh!}v|dg}7cxNlH9R0>
z)R*oNxcg8e`1R#|JN*0TpxCs-xe2p4r);iFjDl-L->i1uccf^a$S1xDt|C}_mX#Fp
zy-qNcz}AV6v8HloP-C!?AR;62suHc0jP^1v*roVL>e(QKUve#076z3R51`B5_=9Rq
zDOoK`NOM)>l}4iXn#ZD98wO!OX9~gKz;9Y!a&DJeHZK?5{Gz9k{Hr`*@KX2I&kCiO
z%*Q3+(8V_GrDnIsX4Jcz!tWMQiKR4W=2ECA2ge%~0ye27JLl+bZ+dI88ypKTIG{x4
zgtBpN^?(GyqngOVJ>mrf_u>b_OV-KlRb}@
zp{fGHNb=i!(S8-Ohc`z{)$p+Rj~9@^xhe0wLnZUxq09<+`V#rKAZ`#_dH&FMXEtZ6O*AH*5IM_yU50PMaxO
zUZc9JJ^eAnPOD$=0g1k&UhtB$!dA6H8jDmwCH6SyII0P-3`WjtGo%32*Eqm)M$cl}
zR))u6Iobp4$NhAWPmT!Zdm=$@ANkKZM+B^MFa%@HVr}cY)po~q+GKfQAR8SCM-fj-
z?-gX~EA)4-v8*BR5N(=COzP8q0%KG{{qz3b>ANt8d2-qIT&Z!VzJ5M~tL6FkslgO6
zJ@vvrvWkhT9_FV&XCsLXLN!3XafJ*0Cr!wXG73OUN$D@Dq&@1)b%&hPVtF(yxPZ>hDo!nY$eHa*TLe-c
zVO1a-a+>#99@+0B@hCMIN;KDM8BL|D4kwLDID2FQdz{)T`qMZm(m|L^Q!tsO)LITe
z@Je)rBhBx=6x+Mb8!zA$=Cfx|O7Efnou|IP7eh(}f^QtUHxl|1eMu@p5wL{|R{d=|ew?FTIjU2#1Imvm*>i@z>_rwuPWvlQ%z!`{1Kj&&{r)+J
zRx~)rK3pvxrD%k;=
z_t~7GXCLq(qzaPH53wPcU-&j1!zqF%olp@uZ-{+{r<*5E(vV9@MZ&E+Vs3$=z&lAN
zzOzi3{$0uUXS{(bCfT<(j9LFDAH0>G6RS1GeOYhG9S+6wtFtp>wV8Fz>Hr{7K0O7&4lSNALL7~AFFGQ5_jg4L)^HbfF
zN@_2c0*OqkFT_TC;;zDH@rs*o5#=)~skukx03F}JXF=G!*aDXp-0<2d@mW9;>{DJ6)ok(K5}NZMb{U)-yEM7$Z=UFjp)Vnm4uri-tmXO5LIxUfR60NYjx5ss?M+Xqz
zV2L&|{N-d#01Wu3$nidu89s{vQk7%o)ciuoEGa3et&{(ON!@u{4bstbR$zJm8>R>{
zDjq|S!aI(S_!jpqi_3dugR-H#n@P4u063iPDx~0j+i$tx14H1-cw#F--?JnOdQ?@j4Dozw>I^QfwBR!Hst|%v-wprh3#I)5&ZBxVcF`73-M}
z7$hf1#IbcaE6H}{No%!eZVLtV>sw*Ddj+x|u@MIdlbKn5MH_VMvMeNQ(YCO;)a6V}
zvQszHK2z0MH&^K~*8O?UH?l9EEO}#zVwA-7^fx*F?$%@sqX7!i>kDO@O>fil~Yx9cuoC6^kSu3aTJ0It^naep3X=7
zm_HgZyWnbkDhwqCfNq
zS8RQO5*6c{=jMG
z#If;IBjBo9zx(ywI9=7!%>HbY6$5ZRt?tj+e<)Gw*w~Dib^@a*Ss$aTKJq#}9&l`g
z2Wv)6$Ap<=Kqhdt1((jk$?0k2>&IlX^<(n5R|P?5{^p!AX6#S|`0+ThD6uRHQczv<
zadbTEoLYh0XY*Gnss7j%F@*ERB_;0i6rU3bu1OL~kFcx_W)1gZCvAl#^ems~C}=A8
zxbOI8
z-F|hf@7QY+E(m_fv9x?|cfMW0FiR3U`$WgWt|(e-$f*N`>qD*zOHkMX|S;hl7w!Gu23`YWTKq8RtAKtLZF3x
zFDfG`^v<~(YpQ8{AkDenW7kg#8BknNf53x_l43E(3)&k&jIBnp9gjCfe
zzT9U+A!7{JOVpJONad1p#tEoD3U?qw5CZ(#-)q>ujlqFB5Jl>9?R~1}t@x
z*eJ_-Vhv-veddIsR0rfQJ~#L2U9uMTzt#i`IefEp{ZGY6Nr&~yQ)y8Yk{jdlK@R1o
zS>pE#WNXvj-P5ixW21R}eS<5><2!}iTVDDXCC|(j=>YDRWmHQz`YdcRL#(`W
zOI&LQ9c}D{#=~Xk?acsQaeWb}UME^H+xwKrmY_2cWh8Q0vy#VeQ5I|v!e$?@+}3Ou
z)QeWK?k~+GUGTHXrrM{^IG%EP#>nimkAx%N&q*PEO)Vg6rX2a$^mWZ0rSN<78J^NT1*4sOvB5%3(2P<}gSdE@;h6
zw=_b|u=hDDs#hWV%2_3NCq>pcW}}|9tES`8h3AA}agzIzIbt-#3Hl)`=7#uHUg@JL
zZ$B$(kQ`$q?$D}1(QqNgoA_OIs8oiidg-HJQ^|>>PWQWswtqqQe^~{1i!Xj3o+LJeB7i|Z
z;&{Kd%~>cG5VLpddD$yS7KvN6aY<<2mqn;L=zrm(?tp1C1MXhF&t&Af529xSX^&DX
z2o5fu#cZ^jd`AIox|3GHpNA?!Of-A8v`J+eNzpfZv=@Uj1t7A2noMpMnu|s|RQ%CW
z0tcXa3XpbPNxJA{t9U-GMDRFe1y>>AXqy9g+h?U;o4)>yw*AxY@XrAfGn~^;5aHP1
z;d@NYW2hc?__-Ua;HTz0H^YDKh{&6k_Fq8EjkoYMt*wHxI7F(y6#vE}!UtIuAwn1d
z{_f5{pJ>(p^`n1(|G&|j{{j5_=O89nXr%ua?wDcAMvO&3kQ!o)LCVX^Yis@#awA>!
z-u6RLFca}`s!m5(d>#Sml(uzuG!OaX`6p_5O3_U=HD-4*{|ZJ;jEMeqK|4mu(A^6Q
z3)B9F0xS7oEe*a6H~R>~`$aoBKHLW;b@?<_^m(^wMFN%hKwsYvNcveQy4S$Y&aUqh
z=r?d?@%#V4NdD6R;=TXh_w((4!7l$7WHxx9hV839Ds=PT$W}pdwN@ad$YNw_b!Fk@2c#zJFSnvH56c
zlMr;5`pTd=2i1goT8&|E?@teQwRi!rwuq&+=nqN|M+cYVPw>Snq`v7xi@(&JspC$?
ztP1Jpi>lW+=$mcV=L5`o8C&+1?ZeW?<>9=Xi%$xx5Oy5~{apUmYhQTj#1FnYo;V&t`O>V>-ryAC{uZ1(Vo
zu;Y-ho)vH}m6Nthu%#6BR#I{Hb;pzJ8AUrxt+lXD7}tI{
zMHCHQseg>h_lDC9L}*(EohhapZMOZ0(C|>YovqT0)Y*g4G4Q~ec$_R0pA;7}n*0pv
zTE;+Gan1Q$c$v(RNP?!J19X-@>D%SYe!`4yMH&kJq@j7+V=v?CW6oJ$y%^72$v8=`
zHr-#UqUB&NmFVW)q91V~)LQn>B!z(hs>8cLKd7~LfxIk)I_z@MgFl_J1xQ^T`LfqP
z0pNuyUlw3fb`B1@plbmA(n!k3=sr{b9o>-KDrBrtrfFQ}X@P#XZ=;Uhx<6OwxHMuB
zRT^*Eu7X1K`|1XqRSP=1Gr43V$qZ7hUi37vCA`%ggNaq7wrtCZMf{WlRS`@owNN<`
zD?58>y1K8+Dwy*7K#+irGm)eoSbLIsH8kEegWG0+-ioao*Y$PdWr$;TeG#m=fO#Zz
z6Vf~P|9(oXPdzEo!m(Gtm0S9($m;d|)r`kRlMpR#yG%aw^F%E)Mt
zFe`bOPu?|Rq%7~~+(=8!bkPzwT4NSI>s_a$QRl_w#cvS$5mwk^Q#(A1F`vS-m%+0B
z%jVnP<2EfJK-dLr-xuIPCls
z8nyQ)zwt8E7r3dC(3mpeIBfT_-LCCYg*wLQCFX(%oHrVgTyS|%+jmU3kkX=(_80eV6@A2;>e`A={NhZD#
z5?&qXviF8M_R<{Q{ROtWSY(?*85y&#&$|ub
zi2~njBa^N=iOe0;7d2rzJ(M?99+ehVsZlz{K1m#v4Fmjqwa^!$#^q)+c#-W%92@q(
zdd5YQZfx*H+B%&Ns1zxmD|l+~P3$o)*A}6XfoF^rUL{!sovhu)IaJ2`Z2MO%m3Yr>
zrtR3J?#)79zSfkmN+M#ucy^XN($HlCjz~|5AuqjHb<|Fqs^G7X`hoA2cRfE9jV9Xz
zVI!xBe@?Tpm{%;nCQZhhUV$xNydwBgQ>pgJp$fBX#@S@NxY2pXRol=I8?bG>gN96~
z*dIV`5akWb3$RQ^d%4>-_2w(Aju;Ho4}~H^1fer}P4%fFu)-#Iyz0CjRn?$+(0B!5VdC;coDQXi2i1H&p&jL?&F)
zXA5&*xddPP$F?%Ewuuw?`G$rW6Ee)Yz~uB+zWDj-3$al|gj1!tFH38U?xIfbtm|fw
zbJ4@+ie78PAlOLN0U8wL?`2{#Dj!gL%98a;KN^(H)0P4LYQ9E){|SHCO`GbhP@&%+
zkk$+m2~8Y*r=j`zpD4B41+T9Q9j9DoQ&MdP&@=n#Y@zdkB?k#a3b$gmO7FH}as`C$
zQa;=I!_*>EO%|>jSQq>z7bS1P!pjQ2tRol4E{&C6j1cMGJ1X13=IiwlmZ))G%4OJT
zI*>K9p^)O2AHh?x@wPUbD5cXdy=+eR%H-7Z=a@tz8Anp1KLMn@MI73BNeR~7*IARp
zCuT!cH9doZxq~vY(o0*zt&gb<>|td;b59@mH!mFOM(3-d1}3Ii10pCTtX{)W`@hE5
z$Hce8_49;Ug?jn=g_7pLQ-mX)o*yl5)ZM@GbussGAiG}$2gCD63ZOBC_u0KB3N#@l
zGATW?spD=~a2Y%dv)xUakxQPfsycFO8sT&qui6>o&Dpul%m3y|@24d4Tp6SR&nSyUI*MB#1)m%*1N`k}Z-h&tm)
zid=2x?=V~<*TS6g=dsAvf<(j7%!mApusyTkg+%zdM#gZG9Npt_QSXeOYKE`%X6=2A
za?wv5>Fw
z@2YbEeTV8Dr64&9DLOawGL2X9W~PE`vRI*BwVjm>Iw@*EM4zb^4^Z!3-F;SopZ|b<
zIt#<@^O;9fUg1tIFZJWDnb-S1mEabr^2%I$t|-Fp73F=aywfRR35{ergt|B-4b_op
zo%})S7OpC-#g0+G43aNcxFFPhGdw@-X;+I8&q=3~d_L6d05mCyQwds@g<#}0KKNku
zm%aa>VUEba&iwR>&va*3UR5y1FmYe-gZ~u?_{M1cckx>tlghab;}P
z@=vV>RKVNYF2wHyTV~jw0u==JmofNfh7+oSOT7*01SUFBq!A>O$hHg$UWK@lMLj(D
z2e@`=S=re;ef!x*;GYlcv^-3GK^QeIRpP)NU0AAsOS&00fyJ4J;-HWn8|8#mAxJIE
zDWw(m{mHZvsHVQ0@Zr6+044@}>jvWxHF{8OMulfWtCBo5}7EzDo23!US-_5v;V!je5-)a}Zwj-T*8*Hgl2d&_rcNA
z*cqnohlR-Yu3QEUYZ+(97xv-|d%saBkh|>>GLWhFX)NHjqjV%te?H%NTkEQ`yN4|j
z9o@978Z1sRDXMCa=YsZl`t)4J14+elG@CP6%S?sR3x`4TM&3v$QJgX;OkP8R!E|@0
z?!;|l_FF9%V-V%*ArYK(o`8$l6W@09_3%Ka8W;ofz_HVpK2M!%>%wIx(;a45ak-{K
z=eoqLz4e|`Q`3YO6}AJ+BJ-$GTVTXH#_?T{`vzY}46YAZuOWY3!bdvRVSEWQHJp03@LV#M+gVm567f+6R)k
zhlhtfv$M(3UOrdC!Deth{M3labjTWkle&_d(Iv5RyU|gEOEDGS-tl=$DZDLqD`AUE
zKAcsqX^r~nj0`^GB(zStQV+74xFQ*`>SK+eIMvo0abJ
z>eSw}B2;6kXd)<_-YXL~C$FewlFAF|BOj04-ft2=ER{|cxCm>!Fgpna5eeIQ${CE}
z*yr7X)>JtZ{sLN6>=h(D57l;BYe@R8_lhzUpL>7VwK!QMy}`=re6_l^D`vAv#~I>0
zD=aWV`n5+VzNg?iMS?A^ClWapxvbVud{Q5c<~HmiZRs{QQ910O2ubOKvd%>k2JZf@
zh@2e8^QNzXO3#^PMw55*v}IiIJPOT;FjVsPRc8Mt344Y!^4J=GkGnlSg)Cymzxgg{J3uSXD@&z2tj}=vi$0qSFaS#AV+rv$k+-p!zhO1Dz;x
zFm}bdMo2!KfX^!;#l}Sd7X>R@z`uQNI9x7qNTM*#%POyip&+DfBpWVC?MmGS@hwTW
zMRIbj1AI`T)};KWWbtrVGVYb$f^qV1$a$Oygb6+4FfA=@GjUu&yu1BaS|`^$)HKu)
zy_@eTui}&!zlOH@F|zV_`}&F^Ae?11raifLbIZ*y5|s&Y)7MLT|4zjS=EY4|y2U3q
zO3|n9vQ4B!E0p>;PB
zYt(SH)G?1c20(8vJ3ExQ6K)hDCCVi!r~Ayj^(fMaqr2BtoVd
z9Nqq`+pOpb)&+AY3MmOryL{4$gPo@OD-9f1J+7jvDq_hFe^=}D$Yx?0F1s&nm(ZBW
zj9g5#vYGbi#H~|wf|)xU)NFeSX7LKnRB@4iQ1&jbu;IdrPT&?Ci7tgx!ZUXYVD1!^xvWqWsIiZXoUMT
zo@`k*rw;p{b-_i+yRZPsAjPof@w18HPDoDO}W
z7|FDf5)>c7ClpCmPXTX)$4XW49R|>L$t@VGD{@^F6L`}N0IHDLL)uV0oc39Ty?r1d
zCnER?0i6Zn!v9})1h)Kc9%tZ7#cFTqbLp|0W^Pm-9(;y%?6D6jt@lRjOYwQ!g
zjic;V%Y6)?L{i~fn7Z@t0sIle_n~)3>Vu;kPUN1W0l*eG*p?R)hi?NsipB7puaHD5
zxe{(<%O_JsPgA0H2TH%9+g686%DnJJU6ZNg4H^xY%IZp4a-Ze9%GcLE`PE>55{?2?H>d&=rQ71
zJZG2ZIvWK)+!n{Jq4T0KLw^($76c(O#P$-cXQhWGV!QIkC6mYYa!!Agm-m!=yiQ$(
z0rfQiC6-=Og9SSCD%Rr*g2zoxYD+NI!Dy4LC>U_OLrXry#KiG6z`?v~^jQt%MiTn=
zjpJ%U&1o^UAmts+Ghbidqh!m)AiToDs}@YlmcSUA&bJRKW*Cm{=QLaUyX`XUZdmcs
zqEnjH#`5V$k`jYO$=t^w#fv^4D3ZQ@E^0t}`}S=XxtN5U!mX4~R$XDCOjqZ{#j|D3
zb3{bZ#JKspYuAT%Jddk1m=c3iLv`2gERNOSFgTsEJ6`j7u7ak$z|!nQ$TQdxl*i=Q
zNt#o_l(F|SKfk4$A~kqs=9A9jQ5PeCQ8Rv?pslw*qPyEsX==f-toMwP2WP6^Bj}rJ>$7W8S1%Dp__|S-7&8nPa{Q8Yv`rLM5Hm^Vr?V
zddY;rAQ>b}iP=NpnBwHlnm#~Yx!dOSUDzzA@=GD1EvS&oqG)~jl1EaqzK`rAEIGxQuXHRO^4mr#0rHc}K@FCl}T<
zfKf!Aj4CrR#+NJf80vNev3FlPv>MeGMk~sGmLf?s1q8Y_=cW(QEx#Z27zV
z=Ecn{j~yUAFg!C8
zn3HnjQL^KW3YncC4vfd+rH5bIvQGV>_a$Uu)0!p(b6mIhh(A9~yKr9QC{uoIU^F?9
zT)k2%b$lfBO17NJlE(cwX!BP_1v){~k|3>mIqb9Ls>})cJrB8LaQK0Khfel8p17J
zT&~@$VZ-LgR}77vGz=C!NMWSEte(y)sX;SQOWN5rV1{grTndJXs*&w?_nHL}gsAMv
zYweBq-I$2w98Zc#Ab*oT4UKv3uqb_TdR)Ejov?71w$uh^I|R=o{cbF1c@F^~P(w_q
z*Pn<}30fHYx>f)hh}}y5YwQwft81!u4O-fxr6)-1q7Fnlyq
zlFE73TPOX}XNWn33xq}=r{vwQTHe|u?bKeYgO%}mqFEI^o`lCLWS(f&K2&qZ3LxIY
z=~TZ@`03dC%FuPGbtN|2jhy>U%dKWU{5vO=oT
zN#D<6yR|b_dT-Nsa@{=h(Z_2lKKPI_PpGi-OCVycZ4Eptouu16N^L`j!{A!}Zk7TS
zE1Qg%qY(_0_C?b7BTjirwDA3%wxuPg1l*>}j~a^K%qro*T3blyTO2un`xqM|ga4jA
z6O&(Dq8ESKTp&|*-&$Dx=y_{hUi@m8q0Ve%JqJFF|AB*z|CTm;FwPS~nv|3Jz#nbP
z=R9M=F|-iMFy};KI2a#vzRQ5f?_*0l{Gfa*oXD8QYRG)mll;h0WDQ()oyh?_W0QEl
zsEHI(TwA;t4n0wp#+qX_<34?F`RqE6DjaxBxEeetzY%@*^)DDiejF+$*zk
z7%d>Od4w;2*e*FzwtJamCbMHuxs`6gx@|q8lN+)6MI9|PknCG4_cs)lB}ugP#9Z}0
zQpj5(5tgj2wkyjji7j<%()W`hly-*A&Wy~4S~s`0dN-9Ma#w2}t-W;=si0o}Zg(qk
zKcELDkT_fQ5p_Eh>0D3!1`%1n*>h#^BWO;=mA`UbFh{`%o^nSYpqrcX!oI^!(kI?66L;2Y-3
zSnUhKmnJ&WunX&ESV{`l@fc?JQ_+*`TAgokdSpMevb;16jHDX))SR`b#NdER*6)=`
zD=fOX#U*;YLd5^`8)?f93!!qjzD_`F$1Hs+#fD#)k|h7EUm+f8JktC<^JMRs8@=^(
zT!DSV%nX+k3l9hqr@KA!WdkF8hi2VaWuo{3O
z1X0FjPj{us%#eLl954j{;L`_=$5nz(NIqjD@%FVJ)9~2j&;_CKxJaDrEXRuevm88Z3$`9<`uGcq$X4{v-1`cSE>C1M24Cc6`91`Dn{
z7h5Dygwmbe*<1RM3EY_f7yn!pn9b|YMx?5@vl&Pd`&V$Znxy3c|y`x`t7)`RnotG+mv!RTa{K-SXbpb6G!exKi={u{<;E$P|p#aZHs5M@#gFeuSTcDndR*Q
zir6n}WScKtvySnn(+*1t#LVB%dh^()I`g6~#tAt4c{}mKx301WdUgwvqLMsMdl?ZW
zepq1DYDd4g%P&pQlq`vEZrDPKLx-6Zt6PbaEe+9?<861ErtH?%O52($b*iG3g;B|o
zFCe7a1m&QB=ZZ3;l%&fL6Z7j}d$W5}pb#2tQ^~fJ3A0g*h(B%0-Zle5YZz`RZIj)i
z%UGv@8av*m$8Lf8^WL}!w69ixpxcX3H0TZ~R_txbef}F0j3&Ef3IPn#58Tt0Q%vt0
zCrA&v-{hkkAd>;n%_;gKDc!v8iOl3z>utgg(6@FiDGelOi@pIfDw2t!()GF-w2~N6
z7HvudrQ<$rvW5pFq}NC7q|x-^FD|B5f6eH@J9$Y=PUu?fy9Ng%=m7!)sP`HgA^G_`
zYdTq87BLiUkkUcvWRZKZBHgA9Rc+RBmv@9}pvRCHyYrWk6V_
z;_5cCU1`!umV4iB&T-MP&;;%@Bd)3bDz4vfcyczV6W>jkhH_RLsN2im2MoM%%?
zy)VHh5Mm^b?WIAA=&Ct{7xWuH);{Ag9za*lqzcRY9M2+P4u#{4N`v&&rFfANqrwx1
zLUN`kB+>{|s9@RKE0a?FI6bC9rP^>?FbRq#$PUW;Q21$zmB+^fA$bJ~ao^i#Msf7?
z3tu|3%_|)HtKcKq%qD~XsRgLlIN{TnL4}J9Kb5yeZdObTnT+Un!!ploC?D2*WJ(xA3h|&c8|uH2F56+v;=#V^!~d)*^^8Z<}fsUBlyYLUx?Dr*OV?1|8D6TDk;Hh%4VMhhA$n
zocMMs>>X+4Hng;cQ~mxOtQ6GL
zeck-l?mpt^@0Pjy9g8JF?Q56sdc7O{kPTh>%v0dY4317wh6#37SQ2tiZT%do6jZt3
zY|RiHnI35Qd1H|jU^UQmwrT}BB@szr0d+O^c9NQeel^t5(SD_=@-g<90~t2AC_@ht
z^LKPV%gFg8?ZZpXZiOmdlA;&1$&B2Kt
z3d}I8fG_0NXO*LdMSzc8NyK4K&&z`Y7~<;H(Ag53c1fO_EfS7px5L&io5^8=S}urC
zOK0{u5M|)F@c6jzbZWkX8nz+w(fYb;n}DwxpquD8@n4hncI|Q6f;lAmP=efGIo%O>
zT{TcYU_+b5SvT4)g^b`9U8>Ne5#NQ~%57~UQ1T{;aGxnY-*%?;I|&eK9UWI~##O(hAFcZM&qt|i$xt0~oa^G232l#B5g{|dpB
zdNR)nO67wj
zb`neb>A$?i7SK5Os!VT|yaTICJvuiRoR9#C=(CQo|7f^}DxId4{p9kxlINCoX7<(6
z4Pq*cHfFzmGXtF2*<$E~vg<{D)62_Ac2)?vi{C3eQ8%Gy-wCR4q25Qy>P_saiV8&f
zRNe9R3YAD>oW%Wx%*;BZkhvD>_s;lXCs@x6yK8$;T9s}qxNtOo4?Ao_l~c;5s%U5N
zcyLW}S_zmc{bI{u{&V+|@QHSNPmI%18s%Voc(vPY@62r*d`)eh&T1&j!|Ha<6KLHF
z(9KC^WZ+4Tw7oU2TE3XIc!mt;2P!IvE*eWP`ERG?tT*C~mb)p~mn&xvf3LI$LA=b=
zhc${gZX^0i^G61#<|;~p>PL6=Djgw8QO&b}prfJISI=Of2a4VH=^@svQ_t}qLxTtv_vr@1I|Bo=95W86yAH-Oy!E9xrO+bBmWuYkgb8;$$0g5r>N@u`&{J5Q(RI0fLRf
zJyPckjF0$>?GfBmF%-$yv&LFT`fZ1tm=7>p}mm-S1{(~v1
zS>@nP3@T#ie2Skxkm0d^k$Uq&zYH=VrTM>Q}l!$e6mr(=q8=?(W^tv^jx
zuLcM49ZTE+t^*yh&wnkr%Qrhh)<{7t?K^}9Ohn{){?GAgY7oJ;sY$B*CWf1BDGr>s
z>*~#vx?$_gXSSPt5cb9vJupbIL4aoKa|Z_&d(&kw@EG*J7k^TI#);2C?Q}{+mybjxw%=yv&@z>|o3rE%$Q{EEEZzKljAts_8*CyVWp~VS}
zN7%^MZ-w$&W0xRG#D7h~j3kwyLve02KJ$Ql(mbjI-H%FLabBWQO4AXsY3z=Avj$oq
zZaBm#>8%TfDF@6tc*c)Mq!^YHK6{}=pTLT#Oc_gGJCg^~c?{Z=R}mmL#u)2eTldN@
z4iN?)L~{b}O33b1B$(5bLmkrONtG4%+uChQrH)N%I2fo5>sO6O?TH1)V2oP7jRX_X
z43$Ov?@m$mr#CKbVWb9vC+)H7fnWuTCM^a}dA((mgo!s=Q2`=*EF~b=@^~pGrvpyc
z8j-dSbAdDZ4jJ0I;AGC@fkM+||E;?H`FP6%$ZNw8-0_2`cH7N)tWWCd8#;(GEF|R(
ze6j#bi#cOn$D6ZlV`F0|sQT*-zP@A@6=a;zZB`Im0VQr&FC(LpLGW{>=Vwt1KXCD(
zmV&fu^JsNR-+8UYMaWLBXn+(6aL?1rGM@4Bsv?|S>Vbj^C`dGErk0D9&5$vpMiqq^
z%M2~;@QasiTe+re@QR@IwykcDan5tymdt?25yNer!ZL~?on+zg=+;qAPW2W$&Q4ZS
z<^ZSuz0nY5DJIV@V)2vRK;8|DrII#Iot4!~AD?p50CsiT()JCj(diGNi)OE3z6Vc9
zX;qTdd@QaST0DLruq&&>4gwG-i+6?AO6#d^H@cuA+v&H1S
zO0v~cKGz+wqkR|lmz#5Tqp|1$;eIl+FQI6F=x3;fNuR#eu6dQ;Vm~yo&M+B%%Fp75
zB<6h@!q6%G3`PUH#an&-GS#z-cu+`3U#7b*nN(?kS828oTz625%07R#ex#NNqI_w2
z>Tq68YStU7MmkRVZ!Q-d2`020u%HNIdzZEFT@awGwzGD7$wi+wI}%m_6glX=rJBtL
zMee}J;qh^wg_T>QW-p(qT6-E0mU}K=+SrKCV%SHS=(gHCk|lL~$-amH702%(Fx_$v
zbrn@2Mu!qUxE?L)sHrdGU3hj~_
zhwk>gHqJ53y8RWHHABym_}_QnPZ{D!qLO^$@G1PLrrxeF>#VQ>-R)GDZYdUc+Y4k*
zirC?zYW1=@WFYyIcdqxs3-l^tO;^sZ7~bWxp!>%*$t(mgCBu!6O6|g$%(7$b=Up+n
zO&R@QocCy)OIS_l$snbn$$LCgYF9dtHvh1A2?A9u1|S2-mx}oS$QrKLnVG%R>HU_M
zm#uCAhtpAYRv3qa4hivUwo)=>oLi-32yk9-e}V`B2#`JoL1=2bLV~qt%AHvav8~(D
zJpuv)1KXAXt1<~jgI)wN8xj)IN+`EQrwFFoQ{cU|(^bs{<5*OqKpsC3Jg^#%@$k7N
zxWb<(P(@7vyvv`|t(tvW*hy8ZK`2QPH2&u+L(m6SN^nMRI(`wiVN*PeSUMnel3MkGhGF6Wdw?gY0}VcE_qTMD`b4
zSZ8?|2!?sRQL#JJp1iCUzca4%{@#3=KJZTcoXbS8{Vt
zYRYkb7%FHg8i4Z>`}KJf$sl2@`!^(=F_jUv1Of}`W`XjOyt=iFz_tM4mkTlUoeeT~cF6g(8i!_{hpY>xG`LF{VnpjMDe)44fRGho(u
zI89y7r};)T#L#pX_}kYMV*&HSgj@$~pV(ytiUNf1KY^q%ywRd__DA_>DRHlZ?k0cL?IR`L3KY*
zOF%Q}(#^-L;Je_50+i>akvj6#(S->1DHkQe9oLf_g5GEudy_&^63BWYz!cSH@o6>d
z^_6t>smx|85y8TO3hhmR{t#?86%>xaTP$pEq7;}b_aBCSbv))78MwT$QeL|{8i5+?
zEPAfa8i}G`cbdNGKZ?rF+0*d)A|9`r3I5p%V+(s7MC
zW~>}IF*FnY)MCHhIiIe50n^KeHycyAB+|a25s*!gtrehd!D+JYyG%Kja6mXA=X1&r
zdpIlzwvyA?hviK2+i^T0cJ8b*Z#q_
z+O*R__*B2a101uhB;cTd#Pu*?LF(_52p~s=YScLZCG-Pkd@YY{=esbLfj447{t9VS
zY80G$*CAac+Ua5iDAe?$_am(F(C_c=OG6|WlbK=!!1S(L5dZT0vzJqypnY>5yv(%Z
zUso>BH56T__*Fp+FO3$@EMQLk;Br-tDiQJ6^s9CZuSBP4$|U
zoM?_WtxiZ)7#~;RxilaXH^Q|{t{kyvg)?=G1|LCAWGB+*c$I*fdu&!U^26r$%w(80nl8REEy8
z%Ub|R?$14>+ereX*k5;FKM!f$Y|2v9RNS3E?O|w#M;IAwnz$88)cG=NWA)>lU#3pY
zj5hWQhLmc`6Zwant|jQot|*2N$W=2NF#{x?pHDs{Ne@
zKd?Y3s1F}LP*LUFf
z&i9}^Exu$dz}NOL{|nIN6!7N0;y)j&d%-5T!UMLwyW^7vd!
zs1A9_;(1aznP+x<|H-TbxKe`30#kM_u46
zU^(xE6c3CIp|=!wCH2?CRJ%7V$9s(Q*UR{VAA6e2WkM+*9*mR5@u??9
zPVdX0^m?rMi|JLNS=COaL%Vg0kr<+XEIAvOR6O*FA5x-G^wae(Ya$hd0yUVZu4CjPe_~d(6IrxLSL&)V$;~*XfSn??
z=oMHyPUY|N{v{2Ms)y%JC9DH^F;i^)m2{dK*ES&(^z>@=^ua!gZy8CZ53`gKMNus{
z#Wtcd3ToP-&Z@S&COUVdN}F1{tmkb<)&YS;_KVUt+tkueGY;3*6=GKh$J^y4DZ&Gg
zNmOy!T%`8DZYen8B4*zO);(GqNKDF7i3~ZI<9M4xK{aM~hO!~HpDy1{+-OqajYYaU
z{uN6G7VNKw3W+_YeX}%a?*eY}KH%3>X}UpoUF__OXR!v!9#9>liZjsIVELo8^fgEk
z0fz?mau=8K&YjRE{ZufzRKG>vDPq?DwVI{%ws1Ebt;h?PR+fM(?Dn+4;`Np_>G0Jm
zjZHMZ-l`Sm0UhOff7KtbqA8e)NUx_jKG_lDL0K#1v=`ZMGOZ-BW%=$p7rHkk67KGJ
zOH*I$R#wQCZRwlWbEzl)kPyu$>s3Q{>?A<8{{i*21jkK7vRVSKPXb!v3xO@^%t5~~
z?n2g_;`!zKxmRWNmbTEn+oVsxsK#bJNUB_Q;-;l`$V@cIldcw4Mzwt_IXV0uvxrW1
z^0YSu%xI>KQx_o{SQZ6Z&!2o=wUSV=BWN8;8cBy=Bs*L?LB)iTN|k~sSLk^^;*9st
z_})nl3WWojo1ferpR*Zwq`m*W(Vr*}>gRWh>X2e${$FWl9n=Qbw)wPBT#8e?#fukr
zcPmz)SaElEiWGPEQVO(Ki#rsT(xAoN-Cg(OdEW2anVp^aW_J09BqSl3oSbvZ^}Ft5
z9$?<+cL$8#ORJzAS-j5G%lF`ppr;p?z0`Ub`l?_mU^SRNny&w$8p9NNOg2fw!Dnq6
zFY7PELo^vzSGK#ivY*(QDm!!Kx{ar|Qymjw{E@fcr8oE|HCDL0oyX4o=GgLz1Tlk(
zCcOy;RFFWFFCIOnH-WF(!;yDx(*lmXsAOwj75~~p&tFF>)Vg}iqAe0fE9N(6OS$8e
zjFWQylV|aR8qkqR+5HG_vKXn-=qAiN=dN>4?)SuC`qhYEurS~J-&*(JEE;TTY2+D5Zjzn
zsQC(dFbp>oYOG`>n#l^+7>g-5g
zGX(7c>>poA@Law5WPm|RboA1EYR;Fap}p{0B#?UB
z&8ed2^|+H#`%@v>m$U#S!H7~Xs&j2PR@_~9KHDVgxgN)W%VT0#e6#I(2b~-r&y@|8
zJ3>YgwHtD8#2G)5(b#kxqg~Zif{jGLA8j)f+Gg4j3~Q3cqbmXO=&9nSg}?k{0n!s^Yu*-ItanwbZhJ
zIMB|9^rg>Yr~%!tOJ7{Z^D-W`H^;XhBN3nHYMxZ3_|r6eWh*}*xr|~?{(3H-SZ`Kk
zU47Y3C6Qq>p0j=QkT}+BfIVelr`b>)zjDINtgF^iLUQP#SO4D;42XGt|AL*IF(h0h
z#1f$WODFZl${I8Qd63$cI_0;Ctw^OYjO~64kU+?H8cs|b(VxFrn}xD(v8tp;Z`
zbt$Whl8<&A+M09li}Yr9?>8U66FOFqbVVk(d80iQVi6;f@XEZ}Bx}1T$xI{Y8X8DY
zTAEnIe9-Ui6qf(uni})0)>pQxp6Yn(g7_4_co=Uok1|~G{Vm%1KoWVuS~UGVnGUyr
zvddJ?GEI{dLm`c)8T`fR&_EKGUL~FE^R96zogyP6lROGAU*MkTXQW~Ip^UJ{i%&z&
zB8#44nnj7WOJd18TpLOv#?(?LwQwqaeb+|VdmXl|2Wv#B>W`bT+do!^V$0)g*Xk0-
zGhHpmdk>lAcAm+$mOgE4EUO)qlCoGVn5Z=SHaoL)_`Bj)Umq*z_&*{4R$MIB&hojA
zHu6&s+UWL-gdyqvF5D8OhRPF2-{uKOvA$(;F;(b+JQNHa_yMzUGW_rX;#%X%b52>b
zf|GkiWd(e4LxGs$pH0R18FGT@=c@cp55{aIV}Ld^=qf#@MnpgW*={tbhSQ3i+^%iw
zB!;QJE~c==rc^{XO~jF=2?ue-c9}D4<```u)As$Yo2{|o@igCr13${e?shrOw-SI_RI!Bh$`xI$q$?eNwE_!u4yWBLVr
z{OFhEd%??NJKu<0ne=ZKBl8sYQ5Vr#3vl_~xQvgFFLe_bbRh~IeLNygXuDfyf%%E{
ze%dEMX%7>JYQI8#*NhW*Uhj%Wd5w_Qf4IAXJA!ORBV8Q{Ct~xfBnGbm>rd7|vA9^S
zkY;F|eiUx@l;g6rVTg5to=S#k#k6D++Wu>)FF2H_A!4O*6h^s5YS7$z--y#_XOnO1
zD*I(+(fo}R0z(@n*xB3%Vs%0S+PbHmlB#T@xZIx$N6d_~=2g7bPr8bF%`2?@jk$Dc
zo|fg2@J3eRn`dP(b1GyWG4&RaA)55k=tL&;@~_F^P_Ih76?$u+R&Fyis|qhW5>Jer
zpf5)vX>rri(2S_=J(%w$#UQg2!~SygQmxySB3TZ(BmY28{P~+pyScDb1HTubdyxh-
zgM`&X*ax27T`~;^1(aUGR5(=A{GAs9%YB&$yBL!@tK0)ON?K0cWb;-mCI7l;VgY)J8r6_6vp1Zv~iI{(Mk#);1V(gOGaUTv9$
zxdE)Yk(8WGL*VMVwX-8;z3aakM1J=+{Ch4TSYrNm(=aBlPyypn`Dp+B)mXtR!|x)4UNKG=UKiN2x0ROsS2
zA3xGNX~)f(BTTKkK0CS8pcVS}w-W_QMjozo
z1%ORP-7*wuJFX56&+(Fz`!=1nc$|<#;tulKMbXgFUuG-u&rShd@2X}gQnyTwM#;P7
zbaOwUb@+ba)(1Yn+X4Gy+7eCc*h3(@0lp3uU>Z26y7(Nyk;96#J=1dkN&9hOgaR0!
z(qjx8UH}9M4m;nAU^Cplm41_`rH#zycmD!r?!bZvT$FEI9QrS7}F0*kD~(w}dWt
zm=kQ1D7*(DU$VVKNUh~4{wD5dk@(?}Gv0Tb<8&xnvZmg3QZ6-(biu1P*6?I_6>4zg
zKbT{_QenMvz2s1eO3HR@XFDK*9uxAypC6}Rd_NWo>x7Ya)aNVp8Hmdn4q4fqIo^BI
zeX%sv$!ue_R?25{Be_K^+&8y`1>%?dX4^}PhI@oniOLL*LO?k>6)4!L-6Ar1%%b!b
zWk=9UG{N5m-jyOuEJkV=d6!4mclPW7do-^Z=ZcTSpbqeI5qQ*j0`}8Q9rq-GDl
zD?*}oguWS=3-_s^MFJRIqLODe?RUB_7RXXSoI;1opQ8Be
z=Jxg&G)Nd=BRg!SD*uY-&?}&yT<43j*)r3$2p7-_e`bzxjMoY34Yv62fKg
zW6+FQnU6qY{)tY2IGf3{2Mo+TwPxDTHnGWPufZ!|Gz#sL-9}DUk|y7s@6)@$i^tgFf_Yo
z+;^iUFS;~8e__k;H0Q8$HRa?`Vbekh3<$SG85$EzO)Im*cqhcv&Oa!AeEQq)Cb;=b
zHVTw%h)=7g)h9QQbEr$p^?dA{hS1$G9`}qQkFF6qz2Ux4Q7Si(n^#%tTq<#HhO`Pn
zpl+nhLyDQvAgK|}8Wd*G3#8|HQ($oXtj9NIJLpX32daZ7ex_n-wM^*Oh+{~T6#R*Ds!MD
z^#0KLc>9ohxN=XM6J|M9xEx||j~(J8>dpM01=m0!T8XBvp#h*Rt+{PD*d$Z>qO4b8
z@gfxJ53pgzV1`$9nQCMLJr}H<-QDg04k*@f?4h;|K9!02r$0jjB$InS
z6XH4#WQHz&Cep)Ix^7amI8@8>P$a1DFQQE!W%CI*eiCkT$C*C)77A1RdMQd7gxws6
z9|};GNvs4$46|@djj(a#QJQS|RN*-+`q(p1?5R$uhNR{~Lq6uBuGHEs=637XDWQ$6
zrIqDV&AXH@7NHs>5t4YcdfD92Fc{Neq$-6d0ZX(v$oL19SIAb&Y};kghCWYK)+
zcBMsBedsKLJJdCaVH&qJ8e6igy
zixZNOi5b{q60s{*7?QcqIeHvVw)M!fv;@~!Pky?MCE*PObKHa-{%UCUeqz&xN%s6e
zw{Z3F;oz`FZTO86&oX?LFO>JHhr2cA`gFti;qDorut=rl|E*PrslEh@X?)@@ec;-!
zB?xd6VD-MRIbQqn))RIJP7G>KHMz3@9e;)QrCpZyLBmv)IcALTgNORNN}bgTe|$$O
zE0^MZKH+95H@mKy^fhZ+!CX%j+V>z?OyvpcY4vfc$U}FaJc{571n4sx4bYzjYfEJtr7qM$+F22nf*
z58~qvPa0q5w$J;QN9~BIl&=ru(+z|>R;ge*ehKy%WR}>ebp^-T_hl3%#YKW(!i%C^
zo?k1&krFGa=EeQ}M3RQPNFTfrEJph-5FeAAwqBp~WE*>Pp_m3Zi=cRJ{(eQ#b(`o{8eEpSItK_V#;n0B0ujNhxX<0dfis-bX0xaJZdHUi_
zCs*mQ(~0%_tq5xwKDL@Hw{KYZkH$m(SBCl_6<$8lyshbRrIcyqrba>Mr)<;)e(sX{
zL=u)q0!nskofq{#r&X>6e@uwGe);&;$Xk^KF(wnYv#vUTFtAU7!mYCu7>!WSqN9VhxcEk#oZB^jw
z0FzBWp0LC&D?gs8rLlGT-b{v@?b`bV!F(e^2z&%e#~%EL1cFix7CyB-?6zS@4n#zt
zfED7&b2?ZB8-xa=1qLG&u1{(It!mNG!dwJ;deAE8=Q~<~1x1$6N&mO9GQ11SSTti$
z1OVm}9Xg1M9bj%K189vcttBc;`T7dZ%*_0B*&cOBqB>MCrPR=(l(gw8fZ+a$#lZTZ
zjNxy|n-S71V@&*nis!je^r>7e^x)ev@kPF}FULv5JdUF}@#2*Er8a(&s{WGPvFD~}
z#R$}nSGXgBoQ-3KBP{Ua&M^De_cFPAx~I)Dx(E=1RUS4(Qcvt;6;-9}@RTnP?FT_q
z^4XaF97(2K$y8CYh*$!sXU8$$#aUC99!~C`868uOaB5jdl)+oR?(W62EPEIGrBR-T
zksm(j4SuvqSnylFHlM|;QPKnDH;o@3(bI=s4~?<*U>lksEnVAWMg9&$@7LJ%9A&$X
zy;VeE5wKU~6-N#v6uhJRx#deWk*+nLkyk={GGsb}(
z8GG=~{8QWz`X1A-OAW04y9amwiS7{7N*#CGDb6k&{)K+hf~(q~r<&v|i+>GK^U^d6
zr!igJq(r4_RLMu1!j-FRRF8#9NXfg;!mfK#2`U7RE#p=hCh$Al^A8D@2qLa6`uJO;
zK6z4=Wv1{|cQmY%j0q`gjm&bZj4PJ(jc>e16Dx7fH|0$ac~Ry%v`_YN{iZST=TC4@>1ca`p
z3Cadj@_J4w={AJq9QntP_K|hZkRyIJN2qv%X7lY;sH!ZD+#9x0uE28Ky^gQ6vhPwv
z6s})qnboT7XJJJ{IrU4zCsR{)KB2b|(r;oua^U7hji#);RZ`kwJ%0lBt|P$!azSio
z*J^6PP?s3~ayKEeIwiNh7=N7_#fAeU;-{UGKMp~t0g|{{VSA>R`?gtI~w=Cj@fGP
zT*XWp7DL~Qs;X1dqJLLMiB=o~hB!|kAaJMlQ34(!CQW>xLK{HSdnovBavbJ*Bb3`a
zJWNseH}cg6_zjew2naD>TJv7UmjSfAexKZ~`yO*HHs9A*%YWKbt(;kn+m^`c{)5~-
z*l5(>X}ruX7xndRiAw?exzD||I~aR<1-EdTbGgFuc*35>?|uOP{y)Hay{e6QbPdkU
z)F$SSdooZR=Fe{Oy>;W@a(Z90)|(^97hrM_;>Z2e>T
zI=?n&#p=aTr=)gHacdky;A(h*tU1dgf6aOb6CIJe#O)<(fAWYDcl!
zs6|PfvX@H-ZX0u|&c)oSKZDbQC{!Fuc8o=17m3lg)j%P
z>*?++CEh>y(ubR^@Eep;P92y(&$NJx9D69AoIG?nBzA6*pE7zEVmTb1V3i~5hI$U?
zOsa03Ki3nkH2$JAc)L>Qy^G=YDVxakT|Ybw4LUebT65<8-^AR=I0u}ifo*
zqd4LhJs=k_$tZ+_RL<-1%uGfO6k9=r%!X9>xo59{%RLK#e=#@x?^a=<*n*EUIgAvO
zFigT3JMB0l9uv$xy>32A{k`7N_OBEK4HGkT795qKy-dFU?phK~0z>&&3F}6nN4~Yk
zv$AHR*W%?`5B)zOF%S3vfdAo!c=Q(26^ronR@>TX7EewQ9s78+=AuYd;rd*W1&Glr
zVPzB2&lGY%Id5IU6<+lmEgy^Nyb&EWpOAbN>cAw7{aUNi^8GaEB;g9M+?i#L=o?b&
zi?H)nt(?fF3J1!xkETY9_N^-&=PGJNvM_MbX4~m(zQsPR|COxb>p6zXJ8CbYu)W2`
zv+r^lTE_(4?g=K*jPJXf3v;v*O~t&S?~-6s)y2F^^!gah!szH}*BEN09pjfda;VO-
zfdW+zVtOy_d_~?dLRsiU{kb18o6d5OWy?=Ei!JP+VvF!R;)@BDLa`~T+_aHDApe)8
zpHVeX^zWriOglbYlcFTp^pjG8T7;M%g6Alh_f0TzD{`5$zKeCox!2Gs`9){FV|jA_
z@PmHXS~u6Vm-evp4{zE|6Bh5>VEKL}MG+!VYzI8bb=y|E-@Ufj)a%BLE)k?Aa#&QZ
z@`6qe+k5QO{j()yO*-(hyt*~|thGj8ttQrdFpEGBsm@JEO6n63HlRVim6uCtB;QsS
z8)|L8N5eq-%r+Lhki!TdGsx365#vJSd+AsjY@Qd9_$_d;_ou?E$FyXjh?t=MFXTul
zaqaQ1o56-d6X0_vbx%D7PL9Ma?1cj&SsHN7vyLl{u3)l4m`g%Rif8>XszDcJtUxf3
z;)dCoO2nfDnMOfn19u-$1>Z14XswhT3!`?F01FkUHz
zQ9BUkya4Ig4Oq&V2V&g{04yC5rTEP|J`h5x0dJQ2xM4q%)*tN2pMDw*E7jwhSKoWH`>=H0FYtUVIEpX*`CMc`zFk)z@w$uGgjZz;&*a72Iu&Tvk_OjEG
z=eoASD!)~;+6U}-Wx?h$-{kWJoseYm9|c_DKQsGiTP#aPZ^d@Em*aFUks3B{l}2{%
zL8_4AGXzvaD6$FrCEgL9&^~8WRlt3oMbyk=i~qvq0?9J&uuWAehzH~rbW#YW8n~Nh
zjv2oxBz*RZlki=0|HztRzj7UVR-4rAykMrLJsMIlL(C$Pfo&NfPpfotNqL}~sK=)}
zpj>Uh*x7hX@gr1<0so{;`#YmHNi<*5-O@f?kNv55Z+QF&Z^j}Yt-^`n@etF)b@%M<
zYdNbiBt;>4%a!bNvGi0w#P6(3JKx-APqTrZ04}>PQLbR=Wg6Kc&JNPWW-4Rjb`B|M
zZyJ`IZrQBwHW%_`G45CzAW#b}>gFyR3Nq3#r#2eslF_?LGAr2%YI*hSLPuJR6Rn$?
zufDl;;n;8?1bRWVw~A;@}Kp2e8#WH{i$ZQvTsyo
zJQ33sp|7K=^%TbB3)~tJkIZQI-!b{de)tg6YQ#d@AG)1e}H&
zFYk~MN669d&0ItX?1QqIZhp~ZFdq#}TB6g@z)k^>94xZUis&Osxy|ABAebXcIH*O1
zMB?YsW_B-&hj!k+OH>MdYRZ)8h2dhB1AI#Td3177bb+rCRBF-*~uZRYm6NZEz
z1z>RC_30+RUX}l&Uo+_ZTy04UXYdGtt!J?L8ucx(%K#FscY!in%RrnJY((`LC81d@
z#JxOfLiWcD_O!Y#dqg~1w#>?CS}auq9Z8j5@zU~ZsT0EzBjD+_^-Z;#tID{a>iKc)
zPRCDV0PK=045s8MrBa>hXa4gO?%LO!^a!i<}U^d~et|bx8Y8-6@h=
z%RJuUxH}jx6q;uOdT{Kb%yoC}M=L8%HJXf8{R0__>Tq2?43a-4zUzZW$zIqi8JDzgy6pXNIfBj-`%pF*
zreQ4i2^&aRj>>qKGV)xR2sB?s!OfIdt3BlU77`e
zddfW;%PCAlUw+ha;|5rdS`KCiq5>Ya&#WpfTL})S(DaYV8*l|wtkCN|%IF?!ZT%V^
zj-y~T18m6o#Xmh7`cItRP!fO;mAKSy6({35g&Ae?7pbBC@<%+m&
z(XY2Y_NMfI1oYPkS-qjUK$iql;JA?R?zt$Q4r;@o{ZY$fZ>&2c+(cI7sB8-4KXnQ=
z=A-D+{3n$}y63VWv
zuVND>?$GLRsmvl%>9QpqlR=_qgq?t_R3X^gP+2Uidv^N-S9BD=PVp%0f^zUx3B*7O
zrXQwr%ap*^nPc9@zlfyeHK6S^eLYlY{?Sel>R8zM&dmlYB6M)|hL}Ze23`cm5o4MP
z3Z<%*2yE+Qf9vTs74BR*K;a_G|h2Vt}e$p||80{o*tl<7m_u_J{_HXD^>xfHW1eiN!NV84#)wnvl
zzUwoSY1Tq0yy4gTGB?OC*f4GIne6jMrz`N-?q2M(7y}9vMlFK^XE)eN2xHPrjsjQy
z!+ZrF`fbk6&>JdV9KpbM$1z0%DVjtq_}2fX=#xV_!8#pqXL`}*c{~Yu>R3@%r-{Um
z_IQiAlpxQ-KJ(b=@2f!EYDY8&?sv7^CiLk%RWDDW;AX9mHp=rU1xfrsWF#<_x*9Yu
z@5(l~N3m{C&DW&U=j0ac7a&QoV;^&`0h{>B9pHVjq8iR3mX2LeS7z-kNh=_&;
z9x(nKo=R(v+Axz0Gx>>?5U|DiMB-zhZ7Q5bl*#Ufl+W7d_(Cm(;gYlv9Q$0UBwX~^
zXiBB9QQk7w+42hp!MST{oW8Umg-Yvc3}T(}d2`oo^^=0nh*R+ZwHch28;lTMmPkrTStQlAO=WDZ+(p6NU9|1z5)
zcUQ`~vT3Zv^|p1Z-%GV+(##x&Zy`oDaycSg1S0|S#l{ww396U0&Uif{+2d?P+M(liA@mf=PoCR$0mjvD?<#eID%eLLsv*2|VbQ5Y
z%Wc{q%BSn^>I1wydJ41NdnW-PRA$?DVFLQU0MAo`Bo{&FxD5C(r^xumt993GoQ&}J
z09up;WSNP`$zhpTrJtX66WqB}MoofBDCkSsr5nfPhq3f1Ko{AX~*VPl4E^zzFVsE
z6Ukq*A-0oUr0m(LRLlhJtn{)wdil{M>RR$~6bsPmLE9$*Q}nz9Oz(q1rUZ*zVo3Q*
z$7*(3UwY1L7r|U;kRMH+#J)t060kX2JGo@UEb=nF2;C%^!h~p5IB5{N{T8^lKo%mw
zzxXdwe(1Zsg$Sq~jXaDg@sk2qL{$$`;=H~+K)F{@e1f@gfH)b0oGi6#Y!~Wa=WB~5?OX|zi$51ESQfeLPeqvn7OIj9{syLbK!1)Fo)3Q&IQlfwZQ?(
zPRiVz*6$`U_rpO}!&L2k8w7swi_g--EzIaRkI-|3mbpV5Qy7inIZxX~O_KvyxxvQ=
zb2T{1HePRV*>b1O)`AtM2dY5fzl=_snGKsl)Je{8_pe}zj`SRDM=J~~B(xhAn@^30C2LS)8fDu4dD#zmg6Nfjt&@pI9vFI0>z
z!ReD;<2h#BR$nFe7Okw_)j*^*uoFBG@Z-(6l5%by=fMg083|D`EGdfp(=yS^ViWDC
z>n2_C+cp25G%5dXx(hzjnMdgxAnEo$-YKymCz1_}Z4ar3PLReDzud0$pIe}AE<+A(
zb=ut4((g3TwA##YimWJ~j5?Q*6=AgWiO!{1h+)mE0B|{LB?iRr`tH=Dmw(|Sh-O3b
z_hCrs<6Nb7TKV5+Tqp60ri}nM1_ODWJ1jauJgk%B%Y{4j2?4PtAHlt?kr+fgMC>n2
zQB-?CJ`Q9eTmU^B8?$0b#o?3gz!BW~2I@vOnZsN$q4YR>b(|KVR*lEQ>Q6q%^$yLapKD
zB3RN{@N(S5$OKm`PWOHba;d*tEa?bsd~9pEjVwDUU4=aG+a_Xvt{#^75R@Tq=pQ_4
zL&az{3}HSnGBaa_QsA1CbV1nJ<%at6v>exbLlWvw!G0kgZ8WLtb~|
znxzDJgVSwjJ9D8fjHlBIm@LXqg8=oN#xs*>D}$JC~QdOQ>%VUro}{|DCwGPYadrOG|F9)fXneJ5&u)BlGM&V}aN}`4!(6LYBLk+wOF}MFMpVwoi)C_$aZ|V`yd-)
z@?J0lqafp*?mOTXLIO+=a5kJuT?9uj3w67r+6p7rbw5YVGn_ExS?L{{W@CkeM%I{>XvkF^E
z3W2wkLUSVh@9uS9vg*u^VBKCm{(SCXcW@A6YjADV3}6G{db^#S2)(9D+?lCXW9ib?
z&4uE;#mb2Zo|CFv&8*%E-A7tY3)mxy+Nu~bGBa0?mMKSOZ+EX2qlu}1u#m~s%r&GW
zek$7>dSvHvb?u&siSao9Ymj`_Fc;VGeI??LPMuxy9!riU`-+>!I^yFE1&9s^a&;Oi
z2Q;31sQe*(p%t|uwc15&FEO;xf`t`NC40BM)*lu&RaIm@(a{$+dn$r~hSrr)W4$uh
zP-R*|r#AV+AePu&C?5dR#BgwMY`{hBWs+{Ai)E=+h0(+fH*7xmDuHyYltfnxr;@Z5
zH2djGxDpUWL0H-UZp5n%aUx|J;w
z!v-%gKsyio{+8+^L@q9_`6^S7JD;@@A2=V4EczE){gUxaSLh*u1-Iab(FS~7D*Wz0
zT^}HDV#_@J=fg>NB3~{B5ga7AgAUjeN$p2m%j~0QwGVt>)v#^1u?@uQ8<_at9`e6R?@o@wI
z6}JE`|mp_dNGJ_jzuf^LgS7^fd2Kuu=d3fIHe+YDNG6!3w@DP6ou+t$yS_
zctH-+f_ei0pw8Q$AWay=hF6mMXg^aYT_I&=P+QVpz(1~lSsh9+0@8*QTjLrP8
zE$5;$ms(3Sh*Xhorz-8n{F;@_;ky!4Z52c#b@TrsPzfpoGP^rsUB0y~*R5={)w{ZM
zR1{fLoBZJCTD4OT6&Upz8;OmdIt=%7*=i1^_Ee>#c(_vu+qxLf58Q789v|bszVuRo
z_28HDlYb^c)^mdvl>TG~%_EW}x|C^%RcO?pLr6?SwsqH7qrs#@WQHW2#Pj50Mw
zmqrcK&WxafU_A#zwk@5~V~dCnMISbq1S@r&D#^Ihd$1;znE|C`&H-A1M(
z+3n>%*Km);Q53vSBN=Jo^{Hwuf9U=(T!{)ubPR8Ph_rIQT@FLfSUZg&9X)=!Sd9H^
zY^S}1pr@uzq?kl?EN8i5i}I!v)?Ol`|0O>{n>k72dHxH~e^!;ToK+uHlCjH!+b80z
zNsfsv_T7?y=;MfGlXYge5-_P+{9ghcOO=6{+_CX$oA-p9x$}p}5Iw}zQ&fl^{%C=k
zMRHon$XS{MW0p#D5x(D$to8p3XsA1>iXG7t_4TWexdmJ8Kt3T7K?8-Tr^p)#4F|W|=LL^`aOUB~ylYHb_
zny_p-8x?J8do07We`VZ?U_&mQ2>f~bJa|80t~KU{Lv=8fzO2uLcwWZ8l8FQG
zd(_i?&ed?vwv@ejO<0T34i<-NRt^xZUpdjn7Xk2_oT!oi5b63L)AnqM0v*<#xW4WF
zn-tY};1P!7-ZRp$)y1{d{C>o4dBSqNS*X%fy}NyOB>x1urF=K$Fk~q}QA}OqgR|#W
zgc0?t)Hf618ihnj^UC$=#kTfj)``6G(%~q5NhI4UqlX1?#llo101$P#0jurc5-N+*
z3R7U6xr+T66>!g1des-Snh5eZ-J=00w!O-B6B!&U=qXZ
z?Mj`U4BSv7eSqq63>8re80wn}`af@_xOG@ojkBJN=ScvCI-h_7I41WHZmE
z9GB5i+_<7Nqj>9Sk`PtM8Oh-1p9n(~T{cM`3|$wyFk7Ut{6{oGyY?@9pD&6jls;vi
zZziKD`6!%x*2N}X-8lRA{b$|h2=Q?=je&^Wu|`*gx?4~3Zw+G(^gxv8w#LZfIbr$3EU0bF3JR_!pUTpW67RWU(>b#~N1{oOWr
zA<@kl!tc5VYQ7NGo&pMF_NXIGvfnVW!U6A2r1deihQ3m`yi$5S^L)GbTiir=@-^Uc
zSLnp>1Byzj7q`om9&O1J1+Lx*gNvxnAbicOZn#4an&Fs3ZuSvTG>W{mPy+@ve?DQ?
zfc|^_#93ylLCc~gwMO`Zyh$!X-n5j1_bNX0p@=JDQ=yb&c-pk6qe8cqeb>Z9uA0XN
zl*1T3AK$pvk6?7+5$mC&WJl)L$zybYO@|F?iymf)3_>SHEuX5kty#Tc%rh8t$%Zi$
zD_oRBDd&@2ll`E_>?<18zUlA3{OMB=1GeRZ+vOp@^=VV=dXWB7gX_@=&IWTt>bJbU
zUg)VJ{i5tDIb_`iQnFL`^OW<9qw&FNM8`LeS47(^y;Znwy*0&sS_iX>Nij{Lo0grX
z7n<#xSiwG%T>qMsU9TO-5HrfOWxny{R1Y)uTh;UwwtZ<274lQCGzPlxYqX|a^R)6s
z)kzA7Y?W$P2crKzrN!^7wcJ+mhjV2j@7`^>?YaWUPwBv*_myYFjS|uY=HRnyGquN*TvM6gtS0Lz-=aa>;G?yl=EzNhVjC41
zIo|+$3__ndJ~ZeFOFjdoJ>a-g<(+nAreU~Bc9Pm>;Pv;eyi=klJ9g7uwvFt-R-}{Z@UiyvOU=gjqJi#zC7ikPoF_d4Is9kjiUt}
z5BpB?2Q|;MY;rFIQ}#xVi^~>Vm(#qgw1j2y#in`%V}iFr_!twkLmYg39_D*wD+QTu
zvHkE^cp0ar+U%jGF?C~A*JU5yKcVq<3QLRW>XbS?$Taj5Mdj5J4h0w?DQiWb-)n5D
zd&X;*qe5NH?alr+@sDLz$1{&0HTVZU2}SNoL(sN4JH1;s?_I
za>LN{`?O~*=4>17S(Un8Z7~Yr>Wri21MmjiFju_f_;T`&(z3FaK)FM*_;B0QuK#Hu
zix{-|a7>Z|iA8*rbc5x)tlF`20Ral~3d4N{5UvXUv%y{$!t41CXE&Yb;N6lR_Tm97
z|NfSTFMxh;b-$WC9-+k?vb-%YSo&P34W|eLaqel|!jQwGERE$adjU#0nj*nA_vCVo8{_
z)hx&GKK8BqV!?D78_!PvhC}v%Wz6QmY#sWeVJ~5pH9h`)V&hC)}k!~zEPJ}uVV#JCF~bDZ2kU6
z`N+FFBJVk!J1;T*!-awR)<9K0*~%vJc?Le&gY=4I__rmOo&nS+x&beguuB|t
zE7R=#Fh@Vlk(n<0dlNQ+k7cp+6
z)&bjyT7b^aHre*$jKZ$^3B?MZvU9OFCN6G~I0tD-c#Vr;68;JK#$46UBU3jtHWNj^
z4O}cGIwSR9a?Kh`Fl_m>B}pw}j;qI(Pz`qts`lZ}^}jo8tC}6aOdM5%K5%gAvui5Z
z{A1}@CpYNZ3t>KHt9gEAB4|N%wt)muAl^F&r7oU&(IOq?_GW)n2*I=45a{fzx}8iw
zY)aH;`UBwG`hcq?+1GuPVuGUf&hKLt^sj3_{ba)GQAtQ~IM47x@=05v=lM^SQ2j84
zTtxD+l5(T7fhr$!+UaY4<9c(}+%^|?QuxK(zBJL4ulejZ6N}-DZ;4lOz8Sp!3M;%v
z1gBmwnm*GB!uxA&dEH)kOVRt`p7MuNLxC^Ja+VZVAvW#wxV3U^u&E-tfg+LKzgW`V2N%h4y=3DV2+KSOwR4v8U~cC
z8O9XiS#U4a(Ld1#0t_Ef#hawYKO#+t1;j3{Z3ZQ)78jj$}ZSh*9
zNY8x+blHnaMzK$p=^1=cA5EG5p+mOTK8T&4|GX$QSvlTcUJh;ZZ(9`1)TD)T3FtWq
zm(;;Q@ZhQyTIz;M#*(eGHi?rDy^oK-^m3`;EQ=3`Ja!3MelV7d6U+s@T6$p&y74?V
z-U$-GdifYheKov)3gSu+RNRkwI%4*Z**6kJ&NN({_ojHx&Ti^auX)X{Xc@mR0*%M#
zQJX34E(XeShj6vUg+@~IA3_6>&c!RjDzS$sr+@>TzyXs-*xRf_h|tGU*dwbuG1FC}
z@lE7YP;%RwWbOv($B}NFWDR|znqL-Dl>fVsn&e$2_%l=(EXj_}C3(8c6GqoH&D744
z6}cAZoMqbP=ab9wrnH$n>DQ6+
zZ2Wi{wD;F@eTMR})ncq?A<+!MzBOw9mvantUv{uFCk!=~Lt!D<=b^Onq{IUNxGCFo
zQ6U{yz-eLiZ?5`C&VG%YOq#bs@@qDejB!@BSZV5t&?nT^3dVJyYNH9lKd5&mjRZ!_
zl1R`9fA0{eH}v~6KWn!mm8KZKZ~pQ1>&6KmS0LDEu^9ks&YsCt=Y^-n3Z-q!h-ftI
zMJ@rmGoavFN{z_X1)Xg6_)Ju~8OFH~k_WQntS2=+Qi4sU(MPK1Wt71J=es^SxF^Da
zgHY1XQ;}t-V4q{^){;?d@2dlAZ}f#=%-*)e;F_Op_rQ|bE6
z9{hCb<2rmB%voy_HTC!1^&E?v=VKec7G7IHX?l_UaoNO8pyTOL)vxMwhxrbWeLi>?
zPFMqQkyGAkx+X{gzOX*%>?C$yKqpmJN+?#jAboxcK$@fe92McAfjg&6l9E^gh{kBOJ7vtp*}g;M8+0f
z9;YNd_eCrs1IVhk#rr*KYh9;s+vygo=|-rbc=_|eJxVCOck)vZ)J4AU<1Kchg;G_(
zcu98WKOU5elV#Ja_OjtvaqDL;sjC&hGiztICVRH9+Z%9!{=FJGC;UJX0tTQab}Ub(
z?$d;`a>Z
z1AW9wLUgyZ54>gK&TQob9xc@@=bCbZ?vHpTRmZb@f^|7IW^OJPyNqXFJjIG<^^0ff
z;_G2emENlZQu{U9^<;-iX8X#FV-yXZU-7^e*siJkeVi*1sgZCK?vGCnc(sQWC*b*B
z`5`N2#qsX)vI8?4TL*_7&G@E|_{N<LmIW9G9tnZODvI2qhP0F*URdNh0sFC&1>dK&br|;3tBpQeX?BC4DMovzY?#tuT
PNdRqiJ+(4b+lc=G{9FZB

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png
new file mode 100644
index 0000000000000000000000000000000000000000..9147d3e4a84e1694859f3d70d1faba43c92dea6f
GIT binary patch
literal 16105
zcmeI3Wl&r}wC4v1?(Xgm!QI^9)Cr5FYp_@
zi>&Tf003p^-wPs*5rq)k3F|JWBnA5y77quPkE$pP4geqn$VrNQ@yp7m|sHrR)DQAV8i8|pOCSB&PGB3IGq@QB;I-g)p(C=>1tl5PF5A(Q?$
zEolEG>k6q_t81oKtIJqurfDY7)W*gJP7-`@vV2%pB8vX|^o?B+9emLDu}OiOrGP;!
za4Q88N#ox*1h)U8Co#*LFecK=etjhJed6%j?!1L;wFn>t_v{GhLRYl^4fUEwB>o|W
zdb*^tz3mQa4R9XR;5C0x^!OPaZG*wCIM=+@(G8oFIWstS5T~*!3`;PXbGf*8M5Ng5
z(ybLv+B1)^VhH;Fp0AY~*bP_ito(u}D=Eo-J^YhJlsD1*=c+p4(H}b-T)V=zbaY<{
z?$7D==ylm+^J)&>E;YXyDk822mi>|QxoCz|#C{H(NZYq4ux&(eIBu*0WqFRMDJY7^
zc_!@2p0_)f5?T?tD!kpGw94y-YL7j=VahuVu%9ak%>*%B7|
z+`(}31qZhLbG~-UjTbP;?_*1HrA{RB%?*>tYxt&185q)<5S3D!-~CzLos&`C)nDpp
zvHEqID|hV!(qRthoJi1_5OwuDGKi_hKtYiWVdapicUi-En1S@ciVOqrc0+ZLiK{=!
ztoMUK;0QeFVH5??e
z6!CB9OdS6DB(9#|&IRFtKCF;St3k+*VMsrjhcVIk%5W?jT$V^%LzYG)y$Xqq5mea9
zbeuvX{@<#R56X|D@&vbit{pfY&Rhe>w|$7Bd6_VSo&H!(Y~qYZ3wvjdQ9oKCaQp;v
zg@D;D4f_S{j^8djw{2Rt{F|^nWq1Uk06RM=)d~{#WfavMHt0$ZoHIYns=4(o7jC9K
z3oT-{kO5m~Q7@Q`4!y^r8_Uqz7l)pv`8ebB^lVny$#-v@SAoY(CfZt0t8b+adpbSM
zf+pg^M!jmW+vuf3yM_3!^+%r+;mw)x`V4U$m@f*i0t5_d*In+BlbX2%jk4kKPvT`&
zmPNVt4>0;&S1v-&&g>Qqn+MKC62HKMFR@P%^bNk##gdw$IN8cH)2)ArJi9jZ{$158
z(r3HV{S&NFb02-X-^BU~vb8Y}!=^}5Y&+Ip&0NVC^5?F}XXoYZ(Jn^Q4ENNF3tO3+
z22W0H!iI-}B#HwFY_?TYnKNaJ*#;2z%#u9TMcp@6=RT-|I~v|Po+7Iy
z)9$Cs%s6}zXC49+;{KxvlyHako|DjXGC0=ta$^c{Ld{6~8QZF0yGqDY?+b7Mb
z4RVr$kgIO>^c|l2=Ag2YY8H()x~kYjz;f=@`3H;!$=b
zNy(=AtQq?t*t@n*tV1oIzA-jEve_r2xB}bY>*IDW%tX6?_3fBck&gx1yqUEMy@y
zmfYxQz+@xa-rHZne1@N4hpD!7Q&C1*%-a#W78P9|BLDMyYr$`A_4Ho0f=;8{U*}#;=(LtF%v_qS
zVJDX;h$~M390O$)SK5uT*yc`IJ|@Ed
zq|&(PSbLX6
z(OLgf>-+YBj7*08*re2S4z%~9O>~Xyz^sU?xHxfX`4;#rYy%wDkOa0s4He-MZPLV>}4Psx1YH5FCb3p
z#^}cVgInW*^Mec@@P*(o{YAplm~|iOn(c0h>M(;bs5D_EkVKOQnsw}+^wqrVEZA}e
zhNzR_t+|HR?|T47s;Bn24nDj4Hz>_#^Vo
zly{vu*<=FUU)jZI<~AL(gsbzoH;y+0@9#dQN*d1`Q4z#jOV8@Bx3v8I0%m07Q0s`|
zpXfy{HUeK)UOt^%^n?j~+f2u{`}moxfxZJ1%14knX|;W|UF(=|81<>J|Na0nbn#Lz
z1FOg-&F0;yee`%iMp9Coqt(hz5ix!Y)B)>b{^xD+!Up#b#)Z_|@|P#(ee+A?PXx7_
z6ozP8fXM|4ONiNJ#sG3eU6}r!*RPzjWst>wPam%tb3vnl>rN&5yn&)Dispg^GF^g%
z<1Spt2Nchq$HLfN3WG#BEdMJ@j%X3sl28)FOj!5_)Hwx&2o&l9awjJ
zgrbaTfyk!^l{izfu&Eu#n>B_j@0QovkrV;yZ@8jwZ9%YSg4p}-odh7CZYTL)_*BZo
zOE#Awe^};p3<>=ACgc&oE^7nl&EWR}s~UVu$KSkU?Jq~O=!mzhuwKCXx19{*3iZ!%
z^&4z&;*y+ZKu37FS@BuT2@hB=w9e7Yhi~T%q)QlFs01_P0&Z2yL?d1M)$9VLD)e_N
zg)vZMj>jkM$PZ*AbZxLb0}Nus&1&IhU_V5Mqcux~g(U0c{>h0kqcN>y$IL}S;q`3?
z_$9rHBWP=2)j5ZNKuu=f2$4WQg1LcodEz48-jN*nozNiEJ-tbbs5Cdv@j6CBJnlPo
z=s48DoO?jLO6dgwK^;OFs{zpy2YyVn&A?PK8#Gyecq&@k?mB~UFm*lVoj9dps3}Z0
zE`ypS;zCGQFJbz@F-5mf00Q`qG|Q%-lA`t{JXxw&2`K8`O`v=4X^K~sR9He0+*ugF?7?Ze5X8Df2b%7
z^ttd%t||Y)X2J(kzd@_q^OSBj6RF`iCGShikFE4d&dgT3ITv+bAJ3v9UP8kxfh(It
z^yi_ccRdo;^V{aZ&Bf^K2`z7!>#JuD%wD10&k*Zn`kJ4V&ggw)j`MF;Th0-X?3V{K
zJMk)ko~!FjHbDHRZ#NV;#T^Z29eKRO*3z|3!e82>Hcyl)e6O%h=LB1+jl#b3!b#J$
z?Wk_?~UFHmj_@wBlX8G8hxeUDI$}Z!(Jp
zB)O9t@#ZkP7IwH{APBO9Z3yw}m4y{oAXB9y!DXLk5lk!ME|bGhvraDj;>3ud+t%ba
zLKo?|MvZ!JWWXHvA4i$NhHU|=n-s46;Tbuxcai-PIo@k;5uyyrpGS)n7Z&tL10nk0
z8(ukCYb7kQR7~;R0gFq)XU-t-ljC6T&;hGU;cIr7?wg_dw=W
z?7b1YJxWV9Czkl?7)Ewd*ay54omPZMWC5DyC&iXhth)R$;sgF>HqBho@zkthBMOZC5n*{s;RGC`^a9=Xd9X$590!Jd*LU3M
ze%45hU$gZT?7FWS1);3>V!j~u+RdR52~ZJeGl>?%iwNn)!j_zs<{97x{ze!k%paM_
zF&e&id0`9o^$|`q_9ukZZtzKpw&BkX0GrdkWubckx+Cl!D$KpnYFH)qO1+nNCcpzh
zai%-sv}VJmiEC%=#gn%Sid3Ok+}{l&m1K6Xf@h$f0(mV5QR5`p>zSdEpPBa~
zj;8td+S`OWx$u*ig~OQGW+$i37XUx4)i+LiqXE_rAThEvp-G1?^0e^9*mD!NNUY4t
zA({v*-VE=h*hFjF;BSsU4+_X<1DuB|HD8SU(vl+`%j+n5S3*Y8rC0SjXO|X`XIz46
z+P$f0S^9T0r7dcHMLI#)mqbUGHL)TgBO@z$kb{GZXsb%ywMnp5NpkYxmHq3$GRdR>
zAL_xTvEY_0L?r#cCiH)w{I9VHR=q%{)jF?14&Ehb^5Wmorgri^CiKd~jpm7SasfD}
zdfBmt8G`Kkal1MU>C83Zl&{qssR!!p>CDWLKUg~-q?(MaUW9WuI$f>StzKxx
z3(LnzcgSNIZj9F_8JJE
zSwP?G_!7TlRrNR=s^{PCM?<9c=3?Xv<*f6^`*O_Gf(A)NB{Wb8;fph5mcqBP#^43{
zikaMlg_(?*6F$~uE7i>FZ~3b)Osi=v7!w8@d*P(gq41;5nIm^vGtLHp=EkGW4dO?a
zwgERK*nl?jwSmVL+RN>=LtNT5R;LVXQEADWY5ALGStB;>&yIGn7(%!NQ(QKY=+A{m
z42SvNh#%KOSlIS@96Kfp@R^Ze*4EVNj)pOYCWYC;?sOepGopSCUj0y5dDr+{{i27f`4iNP7`#fNJX@ZM)d}!Dk5&coqpJZ
zmN(4m0fYY$W8j~T?3
zAGp%#4?Ur8HtoMf^g0!Wb-3q|`(h<@Lob34GtVxhZyL%k$6WXl7_XwMi69EL*NqfU`!#HBtLVccK|dn+dYIK3tBs9
z0716KMNBf^0P#-oCnom$Xp6=av
zoA7xuPo|cacxT=VCd9SkZt=drtZ@@bKMMldrg!(OSnCgMzgI6jS`oVxGSmU?g#IZ&
z-Iw;jquz^AmwXrFKm-xN)!26*ev9{dw4008-JLy+$2nL--c=XKGU$+#`+-0QOcX=d
zR9q@@{I>1x-{G;LPPe^x+^y75l`jdaTBVUao$x3&Cad2gu(;Sh0yPhnjvWV*ZthFY
zSPJE3#jeExP)@uckqFWrP;__Gfoh}V^}9-CgZ)=rUrer98sF_x*TVj8_y-_3u&7gq
zI+R)OcX)08ji?!l&L>5$3ObA2bHjB)1@O0AtC*SjxYP_IU|~h@MMY2BzV8P7WNbe|
zE1Ka+2Sw=kTT^T0)TF-aqvx-@_#eRQn`9&lgVzz3D;fA4AJgtJ0YbBjcJ&%
z;Rmmri;<1g)4WzGkH^+vcyK_nCX(#EnEOp6$Nkg%!v)()f@{G|Jn!lvxh(;Xp+5SY
zhxu|YWt3HXZPBkqY6%77bA)W)gPrN3A3qf$83Z8r{e8w~=kqR*Hd0u`J{#U{raW0J
zTp;x{X*9kkmPjaQc%k&%_>IR>Ed)#m@GnwlIUYV-AYm)Cjf*Jh(a;{qRg~S_T5D>_$8ygNZ)Uwt<$~{Nsh{ujw)Le^!N*u
zS8ZQ}9y+@R1#vHW_`c1~gC{7$dvi5A#-7|6SW)KZPI9u{{2wz-zYykee*r-=zAU5_
zy+wk52(nCM^@B9+$2~6aGgIB8$zfAbQPG^a^Z4xb#s$*bJ?lIEhnsW7+Yc__^;y?v
z&d%uVr@exSOE2HsrgomiTTDaYY)^0e^vgQT2T;dYXz>mA=-tP?V!vcYx>Zvv
zQ6K?$;a=%8M$mrt5GZiF9_*Nh;=hj7T{i@hcycAW&ZXgJm2^=?d=8A6j+^%pS0>%<
z{wva!aPmU;2#l-4-1#iYQTNJ$ckrYxdJ8<9_Su}Tc_kA
zPc&YFh(r>kdy{IgpuRSdT8GV_yUs-X+k1;aBI&zYAZNByHZ|rgY!iX}M2EFR$E+J8
z2&e_gGUy^|$^W_lk+!b8Q0fubAO}xzT@(KLu-EBKbiKaN)}Lr8ESpU(803|_|NYX&
zQ9-ouN02!cx9rnffaCOK9K#_(zVs$!pT|A24vS{V0E|uC}Rh&i2Fi#|SCjCo^56JGC70PcY
zdDfd-g#>ia`A{Gq^OdmLa$}LRqKGCzFRM^ptm}loMhv!SG8}Tu2Yk4<&msaCu>Eru
zp-*~Y{EzLBITsqW?3(4=vwEvUH-Ecut(ymAymAdf97Js2C`nU!ZN=K9L9XDRcMGe(
zFjZJy6|9f!5z4XkA!Jn3C^Z{i2cW%mo8x~xsgHXMdQCG9mW0l*zpvx(ykXvVvO~?J
zkWY470fSky>U`@7(v=`IOWy^64*O|3RyfR}Yowxtvx0cYs7^tULHb`iTu>xLeVQK_
zdpNAx^>|$L{ss_2b{J~)B|{`!YJ&O=FWjIY$|=LNguOTe82y*JJo*N_-UI#}F=*^YsZi^?wXP}0_idpg
zcDy5>H?KC+F!Uo3+7u=+=#JVu`_#x*Vjgdus~dHM{X(ah-+1J>b6ey>j;a=QDwXkTH#|`sooqY1_sA8ZsNJK2BO7dU
zke8O(Z>^P8=UkM?AX^HNLeTdQM3yW~pDm<%@Sj69xD{29ttNr=Nt3!tPMsq4DkJ^-
z4tTG77p4Sajwq6jTA#1%OF%vHf2#t9)=gqhmO=uttoX9AJH`}oG*?Q)MY2$CcToVM
z33YIGy=93A-Z
z+BN97$k^A(+oAo-u|Qs8(*Dfrj@kbx`S=?aXnqFo5B4JJZ~@#+e8+QZda313zp%(Gks?
z@r@`ZA3VIf1&n#4ce>2RM1RLH^4iqzsHXot?~t8AC(qesQ}5#9hTXjM@=vn)Gk|uW
zW_;FLO2d%tGm0?|jDGTjDJGf`9$8ko0BB87%FUe_L8CDSnxxKsKZd
zpl2}@3#bq_qd>nkjy`Qdy#lJzzSzzn%Cz9$2?aY@qqmAQjIIP7|3&A#eYBS29B76E
zFjer|BKzXxcXcdz4RB=^LT&Y^B2Sd}+aG%6%iJg(`L4U(*LdEdvf9rgPuMTHK+RTj
zQ0Vdt7+i)6Na7r(0O0`BCC6#OmQXIn)zX82U@00rj6o)uN)WQw78=|!)}aS*;_t^d
zE@NelcSQ3;(l6!##(Qr*#V@swb|crSQOsg(Pcq(#m#_)X#_;m@VvGZCp2*k;;=OGs
zHKC>udiLZM32|1N4U+Y&#XU}Rf(KGdtSqT_lYL+RPNHf6+`H^kU>Q;JZiw|dm4IuN
z%<~Nl{EX%=24&RHyf%R2Hu+Hm*FrmsjrTQ*4nk9oIwTU((wR_0{SyogE6z*84UeI_q!1K3%}rVCVDUwwhXfiDr7JWpUf|lXefgNu*13p1NzKe
z-M98;2rNQB*H21?WM(rNF7jZ!yu5#_@cn@S+gdwxJjJ?Yt{dfs{H4|GbtXZjXy-7{
z!N&#)#qbU?=E?g!iXP&|_G(HKur+d&2fQP(LAeV+rL#WU)p?uUpK}woj^LS&4wG@C
ztYgOGHjx?j(l(jsm(LB{!>UBV*}BsHBbtk@&!I8U8}!S^#AjMN$AEhzDQOm@{c-jj
z(!#GGf8`sp)itk+Zx&BSET8@N;BsvGg#UZ)6s#R$=*%5BBG|y_uZJ5nJyq=Ee;wou
z$LKaB(TPP=MI9H$8|^lS_XEc7bfQ1;vEClw{Z2rn;J75hABaEa;F6D$nUY@2L9AEs
zgC1SUc6pUfbyiF$L>YMUev@WeH{CVmp9?7k=i*b-2o_=KE*wS=Sra~CCh|aZH6qkI
z{56>#J>i*bH|%yhHCBM9ArkQ;oM?sVZY#tg&0qSp4vdls17*kh#=pha{6|3h2D}o3
zv>!FwSaE1JUcY>22gj?}ME=Ta*78xQgxZD7M)pj{#oAto
z0`vVb%8i=}&wMcrRy3nk0@3)Q5Y^gcI|G@ojRYYK*mn1Lh!2zEqMVe_-8;8#N6cOS;O#0hvu%58ATZHZseu7`owncvKUilK~
zrdB{NfxqboLx=jO7VU+s(q|CiD=>b)6a9+Mxq7C-{8gmSdJVjP{vYA(ZzQP`OV4h+
z&9Riws%7}i{3Iu1_R~N8tqkG+CR^%f{wL^Co%R1$mIHzXBC_J~wj12@pDY6ho8zQ5
zWu0)6Sd?I*ra+?i_3ww02Rc|EMCQKv5ANnN0_@Ni{bczBZp|qUXaBb>_}|*7zu*~f
z6PT=N47}4>S
zrh`dR{!)jgn4WE7aFOWs3^e4O5{AOLoJgEb1Wq;&d$;WF-1T{Egf74$)<0v*96sS#
z6|$+Z30;AwIqC4G=gQ_m+8!A#*tUjX4*MCmza0gNc5LXr
zm*zwY&pJwnzRx$X!8GqWk49=Y?KKM-zD8N&7rI1IVa3}O`l?=E(~5J9o3wLl3Hw|W
z34X}6ie$|Q({OrtGhxmlvHS5Cew4x58$Ee(CMsrz@hE6qj;)w=V6dLD3P+RX-M}bn
zh+!W@Xk*lK3V;TF)X+B=_*n2WHaOVl`TL473;(IfdA&wUz)iBG$R@Xv;{XBH)*!>M
zk~>eG&4@|?x5i=Abg~el1a8aa<5nKMjuBtkMowtKSdp!@XZTOhD}+p52qrMvS}Qq-uRptzPEBof;X7^)uC3XboND|u(SOvBCHa7Mtn|ev>d`+6S
zwM-QEjQO__Pp+dD=h~Xd$Dui|-?Pk0W-?@r7NYq+&EMKN@<0^v2WI#$`oWeh5Fb2X
zc@2|h2ns+{p{Ez@d*lbXf8_i->Eg^Wm6hj)`t{lcX0d1)43Jzn)Pyy=VpXB+W?<_M
zJoq?q72TOJGTqC
zjafaZ8y3Y=kP3S0AS3-)R7L1H6bdtH&#S5DGL+Dl;puelU~_XH8m8pCx+vtbAomJ`
z?+j<>cAtf^p1{`8W2*OZAM{w^(M?N+JR2BhtC^5W7en+IGv|3_4-3R~aMmt4FUI!#
z0Dhq^HMs&=QwHV0M@sgWi@=Xw>vZ>^aJF&|EYJTVsRH5uw3SsO9ZFfEE?W23R=cg1
zEn>wI(_lNdw5zHiOlWfM>t8x#ueG|D6*8O>JM75frTu
zrZk8XJ`2c8#!g+b-Qln4QMIVYy%YRquSbJ)e%kuoxt$ZcGHW1>Swtyw94L`1R~BNv1jonVwA5i
zNaWmeJ|#*drG?_tzCM7PKr^x7e#&~@y^FqJ*lGP5mrXmVL3HfYAa5+%e9q?q3nV&2
zFSmUB^-b*fZXp*E%>zZYF(>Im8GXkV6F6k%>-=?kB=!6gE;`n_$Ql*ZkrX%It?s2n
zD`)j+{pRwkaxyxj#}orJu!b`l*+b$DN!&?}dv*1}`06AQPkKJ5kEB*}KFA$b0#&F1Ck%DVV?hY)$;
zbr~Q!eS8P)D6ku+5Vm^lnXgwY6Qu0)qE%#AlNoYH;igyRg|d-vH54
zS8|p*W8|%ZLhht1nB9x2l-Ovr|M-@&A{(WT-b0d%)8j_rEaY~t44pq
zqo#Jqs5xd6o_8EhJFzy%n%h{hcei`CSGGHwNl`}+Ilc^Rs3%6PU`L^-L%#9M?5a-F
z5ZT3e25*WC2H2vKpnv*F2Br1owN8Fj@}+(y)G+4(JW`VL$jT*?KvG6QWcrixvvW`c
z>5#VpJwP-GJ3VJUh9Ogn37^=}$A|z4=1IRNV{I1u{F!GZ_B(ya5~oEnSe6URNipRlJi9Wo4~T9=t&X&Y=rRE{6m?^3xPECN$NcToc|b58{34!bpPE#)rt^@@@^e
zv1!T>C#@t#GFnZYNKa%G)A{9lCogUyug%e$+sS
z@H1S{C29V6EWd-05dBD_ITprZ2;g?xnJzI}b6)^EzfQ!ZP>K%%YkNv1vnF}uh2s+^
zeLt;_|Kc|J;M4tN5}T$#{_+*zy-{EAJIN3nx{YWWCX67{nh;b4snW3a5{U#XWanmY6!3!iA#oCuk&W*vLCuz!K+SqtX?Pn8hgh^ZJ+YJvcDkD
z(8aSGYC<#V)a>j`Fvj}R#Q!1dhzmA1Jr@Nv;yJ`1`Xe~%xF~o+g=G#so*v2xI=N^p
z4j0%ynpoU_5A8vA*Y{kbZZr*CR&g^V*NnbTl;?DQfe_)!3X3B-ybWy&Xf!AABRd~Pjd2r6N(@Pr2J
zXe7+`BiM$S4DQ*lI>F7!tv|t3vP3JFFdW7zZ~YjZ4}IQ0)CTyd2qJ@tB?H2IVHL!;
z%S$BV#$V~506O(}&wB`dN|STsU7}&n+EgzkZPP`Q
z97kX_zHX^T4c*{OQsTLngcXZhI_|EiT0&Y6p^%X%hriA1sL=LTF2M46
zt%nXP3`kb%5T1*%v7n=}(Cw(of61h^1>9coX7|xJZCu$;(&>}emAR|{Lq;YJ)TkXl
zEB^^OK>Sp)CotTC28JE0XsN{*RK*EeYmngx13Y!0rxtzI6?djVH|m8M#G_igA~6=M
zRmmEzoMf^I>L*@ib@iY;-0AgiZ!Rvl4!BY?j|-;GmL|yvg~}4+Uj@S7cGj|MqN^J|
zLs?oq1+G;84iVpWJs2VVzzY0%|4g8hTOC4?&A`!Qb-eO{TOO*+W<1my6n%%80MUo|
z(zO(79I88ucyik^EAk!kPwG9no%lCL(s|2X1H;4Tv_p#2kO4?rP?oJ(5&8*E?traa
zU$fzbfTxKrMzJBC(tTC`$ayE#g-!QTw#O7htNGMV9Ym8YGOjOiAe){}93Z?s{k5o`U_3XOIHXQ^7irOI3;o
zFo3&xcc$tGjET&UAfh<7ZtV>rSvYc&(+VN4J=*%fkY}e^nM^H`@pryM5r=$x*C(2%
zHR1i_EimUPcWd7bFY@jLh8og7gkFo=IXu^2w4OEu!h*u}y~TNARoWNC5$10`wa}%m
z@oXo*UOXNVn^r;MwL*j7-GGRR(yZjsnf3m5U!+1f1p?EW*jTI!VMIo@rfK
z%V`q$7DJBf%EqCAA0+3|Wg^K~G-v_H*|3rehV2`;{k|>PXcO9E#B!p_W76-a5>eCO
zstd3dJu+AYOt^5YljN|kil!N!MAY~=5?hz)C!X;teV+<<7kpS-9|~X?Dfxk3Gym-@
zZ_{;CinFB|=9|f6Hq9#W;FX*pmH4!tTyKNOpU41ldAtxgoi@*1l)v$OQ83bZTWXR3
z0O}v12KuOjh5J<|8}5!1oIhVMV!WB)?oyNxuy0j>u?4lr#?kL59=!EF)FeJqzlrN4
zu{I~|_g~scS>O0vLJ@w)z1u-*Eux-S`g|RF)OEe8BrHq#w)&l2?VN+c9(^nMcCg{q
zp68yxy|4VtCUv=ec#pzx%{*w@paSp&mb-CUnUl;!rc`2qa_$(*XPqwc!eh2*Jj&X+
zGS9yaY-ruKw%Ltin@
z_2#G!MQg%$4H^FsewFcyqypzI#6Dp4c{+RG_$nV47sz&DrN8_^0kx^<6`tt9$6>@!Bi47>{$@H
zAo(?h9j7heuh+;A3mj9wYSc!NfJi^Mjiz5q%(bYCAf9pD=O+RxakMhw4rEk!bI!Yt
zxpnf)ZZi06xj-X@*HnYknyKN-VOZy~<&mk3ikn2pSXsPo2%OCg`Slwr(Tjz`kzBcvFb{JZxn>B8l>7K}vG>
zbJM`0^E+{Zn3BJ-=sgtX+|8e`<%!UKNQl3JRwMVcp5agHQU2SjEGRk-A>{NVk&{T<
zzC^4zTcfz0bF7^YJ=I^OcN|*
ze0Eysk(Ofg!I_fdQtbQ&$Uzg4+>BpptZT3-nSCAt_78>PY*=E`&oU_=g9iNv=Ksjh
zMwF{77%>y*;2c(yiT4}0rMC9o(bxrC$l^c$;MJ|e9@Q8I{mkj3w~cy1ZCcbwaz0fx
zJ@}|w9m3nb`$k>1THN6FJMzS&7{PQ669ZZV7nCnT`cP3eAm8c=UoAEx+%IEKK$D8^
z@LRUELs=(9A{iA
zCwRWFhM2k*W6Zm&ad9H3anddqiFJ&rxrY5)OzJ4ZU2=v^{CTBxJLkikz1gMcq=cop
zrFp;ucTAv50(cB9x3gch$$z@$3Cl+~Ur5}J?03PV*2x;G-!Zx>J@~*8oW3>db7RMd
zL5<6AD5e#?4~>0$5?d(bCBKXg@~Fi_^{_CN>8HU{Z^^tMOf$r)-Pp}Rs={v|{
zCbWK{wb_^^AmXL3(BwRo*mlGILN{PE=tGq1FZ!QgYGrV1u@C+j>wIyI9{IQn{yN{V8=g*
z>~cq0Mc`B^p`ybf!kUbT<3$;P%l
z>UKSXVX^#6rs}~ne;~d3E2RnvxM%`p?M!?27AW!hXHx3N7`jv6r^`+k-xv8sDr@qf
z8=7kU6v(OWIkg#~g4W$`DVM?i(Ba2@?|ckVN%Sl+(_@Z5&k3cSTfH;GJhUcC=O+m}
z#yeT~vofo!;x$2NM>eTE*!OxS9$=S=*RaB!?se3^*%A3lC$0;Hv-e1JXrpZhY$R~2
zpCnkk^OPz?c2K<|KYy3*oJ3oUWU?scs&F{prx|DU8edgcA5YpLMI>mDx~#yg14C9X
zIjTSEbHBBo_dDhOrbV?5hFLGb3&c_oY;4=xtya<-+?M+Kgl=(&N*PePp$Bakg73o&
zO-{nIh&sAAW|xr4la=yNYs2@y*x=8hKO{{b+XFZz{bM5NexntKI20%C`QWdRDi0C`|_!9K)vcuulrk
zH~g^pGJ7V7Za~RlYu4e!N>q0?dPLH%_gNtsb2k2mo_aVf$1tj-@MY}Z0g`eFIgjW-
zwz=qqqQ4dCgE%~fXFbF%#M_@q$j4#Mil1<#X
zchhvk0sg$DsmH5X_iG}ULCD?(5X+N%6V6aexE+;`;Gy?s?GD!PloOKcM)zawjyvEv
zra-x2Fm2Ms3G}^UCi;Um)lei3rkN?7#b4}T?zIX;jjmViRjChlABQnb!^Vb4Cm3va
z^7{Oo)B3T>CPOadru_-(c$Uo82WZ+op4ew2X2=xzu$i
z6_b&rmsz1JoJ|F1al;)eLU2*y
z^tn^}Im%37B$#PmbG95zPD?zMBG1-ZqGuDj!D(#sESXx4w!c`Xo=_tf=7X0*Jv3b;
zG}TFgas1w*YaGi{T>6gCs9&k3u?|8G)_b0
zKM_vrS8ekwMY+cR3Dol)>#(-~d4a)v@r6ojXN73kuT$CJB@O!?_0*-qDd{{Zc!p&o
z8Ck;j*CAADjE#7}znW&cR|iSSkbjCLSx{?15z<8-8-062NVLs<7T*-Os#Q{Q0qy_J
s{`^1HHH!(v{0F!_^j1{NhwR#ikpP~5AS9w9RL6T

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png
new file mode 100644
index 0000000000000000000000000000000000000000..29c6618677c0c3698dfebc4c7e0ebb50a8c1d512
GIT binary patch
literal 19531
zcmce7RZtz#wk_^18+Uhiceh|03v3AP?hxE91PSg=VB_xYF2NP&g
z!5RF3zq(8@^tpsZ=zOfe_tC(BEDi}S<4)OZr|*CuR_=*IRvyMIU`RecY*uv7xC)6&~{cCkKCelnCfg-en8hph@5sGp1h5kE+BmxH#
z>_4QC&4>7h1N1om{R(~<)IY>1REPM7rZ`CCp%{{}l92x}QsY1HQFqjbS`nk9p$lAt
z{?1JLT3$va^Z;d&!|O=ozo1Wu8;tQ5$k<)@1sx_aqpNTnuz%G8{X>Ec?L9ItrJ^p@V}4x@=&
ztu7~n-$!_)X)Gm+^ILQX%$+$|b46nABvV+^rA0cTk-L&+kj9ORgB!#R1&X3CTgO1hilou
z(pk!ZqDjQTh=zv5pIxlXsxb{m@cb?}XwfJ}R#2Kscq^@`jc&>+XFC>_tjd^@AIlx!
zF8CyQ7+WDZenG*$sUajz1wBk)R?7E!0}IpPL7+NHxxDE`EV#Z)VoRrSN4s7?c5*Fr
z$KL4U6{29OFC}-$>rM;zhvY(`p
zkXtSRGS~F&N|ZiOjJK4WAo|DhY`Yo)#lCqb7!X;WLZU;`7VWuyKi~25wcB)mVQ~bD
zkU}+1&}{l((W&`2@Ky(4K{@jXkfhqv$b*?U6PYcuwr#Ldhpj`R&7kx9<3R_sC)Mam){X(^u6
z>fVEHA%sj2)q9h^3Ts_75Fe7GwM_=A9OV*?DCUH>O+iF8q_2uU6ef&{mKW}q3y`0WOP%u`r3
zezOzZ4G?moaCOLZk~EU0rmGkCQ80~?
zMP65C@dtDjzaWn*R;pneI;xoUPONn$Z=u46472_#(+`)J{5dO%)byV965gR2!wAT@
zNoU_JN#^HOyf7r#1wz$kf7eqR{8ld((Q|dwzx}^-s>KIVHh>)uiL5GPrE~j>Eka%I
z7KA4)S{=ITSp;!psT2Lj@L*>3pW^+Z)E2p5r@Owx+`EA$m3H814DMTp3#7EckAyf^
z(V;G}J@**piR#*$D^$0;1rcXEWwg>y^>VE?`;f*bW#w<|T+PE*uwvWu
zs*4nV3qez;u_vO4y=oimY&DA63M;NoI1_aR?6z+Z>#+;d&7Of|Lh*hvgvISc5=q!0
zW|=yBrQ^Nyrmw|1mG{rRUB--DVPVzqF98DRWMBqGo
zN{i{O=%Xx3`o$`wo+gluMZ^Qy^iXrIXUMO+z$)A1#K81GW%y=JE)+SmocTt2H=t&o
z-fKWD4{nLx_iK?l!acxyBptzXmD2*=g0N~~xa8OGR^4Lk<`0UY-;iK0=YbG6Vqi#3
zz=b5U?ZH)VNazmHdUN3Ya8*<7Ke2#a*{rPgv)*$`=RVfvGZVGasxce4x(d}DP%
z0_NAu!K0H72L>u|+{_i$dS2sCtomd%F63;9{Q5ZJwwPFp9VUQ%+3q!4qi2{JN+B7q
z{p&%9T1&o<>T3om-H%l7`q~V7jkkXS-5a71a6r;Q-5aS;f^i-kdyz~})
z^;FK~fqobC(k&Ytn$rPS1<+r8u5XgNxyZvq-?B5&%gY^VEcZ$ODqshjD-Z14a6QyDMXm5M^O`#
zpySRSuqasdet@jSuqAf*j0UJOjA^u80!=NbvNs&(C}l^PDOv6rI@NWxCuZv(H2uCJ
z5F}NyP?6qJozz2C98pq@GkEpfRX529Xv2#7NK2xA7)s=r=P-A34nRn-I-C;8(z=S@5oVdQavB8<;iNY$Z@gGhY
zqmprp6^htZU)eDyZCZOrM-k)N10pf2Z4hB&0p-nVRMlm5P{2@|Y|-J1>~VItEA|P4
zYwYmn1=evG9jmp4i(r;^KGV0do%FURcx9r6-)E%ZIx%N6@?}pdmG#bE{g6cn)^!gK
zL6>*|aV0!P?$$O-X5`^~x2!6fH|O;uCf1Cjsy&X6{da37-wE`~MoQ|CU)plk`V
zJIk!GX3rdFmpIYuO7{;TUtZm|yUDKcZhF1&4$r$tvVxieQ!xx7OZ7#8?T`3N)A%8q
zA!6pQji{NHfe`)J%=+#~4;L+=exMiYrQa&G7Q=uEd_H2Tt`{_ev_Qy1muA)In@h?X
zyB<=CeN-+F%oF%R_@p}Kd_Ie-<@{v1bjpx}4EgB-b!3~q&7~iUw&YFg
zQCK#2cCD0{&oU`)W>HnMV1I)ZWdBQ3E@bW+BNFpC6wL;kHP}V_`z@9qBQtrckR~0Ow+BMpJ9XpOr~z1W|YUb*A&Hx6p33
zy480F9U}u!Mlbg=sH=gDbxd@172z4AfRO~${$C+trXLG690h@DcNglqVFg@NHGX878i-m(mRv=LPU$
zq>bZpY+=#saxB|tc1Fjzs87s+uIw^6ff-}L__@R%t~9O3^t>oMrW2V9;TxJ%(E|qu
z#XR?E{S-`hjHxOFVV>|P!@=4HP7l+W2r*{Iqa)%$9dGYMEL(XmzE(UVlPt`gTae{A
z9$#6#+AwK;tn^QgOQf6f2NsDOrm0Wpoz7LQ9~OVnOqVx)zx4lC?zQm&#EVJ}j>Iek
zOQy3T7L`i+=T!rnv*s(DK!@o3fb@JOCvUvm&bw3CIzor!
zjc!tp`FmiyN!ho$Pxga=o7CEatpqcTroI3zK+meMx%0Cslci`0w&X|gCJ=&Qu;TN#
zijT=^dOW)u(CTN@O063WY00te6F_H*ovU%F^H9NVgX6BghQocVLDASa@PVVl&iFh8
zN{82hJtf6`R{mUs!*pUmalXI1i%
zNL)a=DQQ=yUW^yTewIlFwj08~JKGI;xwq{P_Lbp79r)7HwkBbNzg6{xl0g_t4V`*^
zj0%H52}wtG*kfp7U^X9_xSO(i_b2h)srrK!1>PfFlY>yaq|T=N`NqsFxJpcz
zjTh>*21crSHdV*%nUyK74&yPfJ#uBP>!+^Vn7%|daaAY-Ih`PiZ%t_J(%if?V^1d)
z9tPV)LtPD&&|#gOn!gJYon!cEIF4@otIf!jKvgs}
z3~rV;dr(<|OQ5)VjS7VHyb`|+S
zX;(R=Cxu%I*7VtWG!&69V-4iYFGYN7HG05$H%Qq8{OBK=^TKgALfl?;7_
zLTOG%k6d0jDHVYip_od-*U#&#R;PNYI+7#Z(_-}B*|A*RNVs+NaY}RgUW_dB
zW=5`-X7pCtf^oaf_4A@Lp-}==Qa%~54Di&r?H&Md@#k>MhwmnfTPoE3LR1GPr*)%8
z3rzwQEq~IA6~^ZFPr_s;w}$eZH@3g9DwL?Q)LIRDpq#G)w2jWl&E+JhQ+r$W{X2y0
zC;@86!}?fk-RPXnsle9oziKfrwabnB((GV2>5vEi+KY%Vt3$&VU?7dO)q*c$7ych;
z9uZ=SMbvz(-iba^(#6$=fMPsO@O58N%37`IoOpxnEXHpS-ZuZe(TS=Z?Mg_&`*-}c
zc#^*1OD{1l#Tbm6%bPy|$T4K#pGjB|P$2H#^2|X7xQ;+!O-|>Lad~NrfYn4zY%V3Q
zmi82Y?3;Ya`nn;`XiWZR6g7wPBn!yQ9$5)_-bKu-Oh!VVkrOHAo+@<3Q?S*$uj#B8
zjsAu!@y9PV6bankp62u!Hdb^rPB#-Zp<%E?u)Q8gz?$rTZj%vH52if2JfDKgD|w}Nu9nN#c4
zhOVF)oK?l#
zL`l)jn<*)yZ*B6}zFEY79iP9si(xYVj@!l||EsN^|9?%U|Hw>%*xokGb2l+z43Zz8zUPqA
zg%c7plbJ0H9S$2^Aq!A(wRi6GMj(hZu)q)Ty2^$nsF5Euq2($67p@c4mm*c}o!50EiQeXVAGm+9Cdm7SET3G>l
z&OY=*{`>^_V|?y@jHOd?!{-L(hZvto@{Aa%U95!PXa>k>mYo*n!LBFrex2`F+{~As
zDhu9GxHnwnl!*Euyqn}2P;VAVB2(N}X>KZN|9g=zXbc}IE1M6JiM0rEzGgG*(sE~|
z|J%cF47p*H{&cFO7g)Ba`7#Uwk{Hvtt_Jn-`m6IJjh1BXqRfxxe`_x)+UDrma>HS7
z49>1*nfMz7d^-nx!z~Zv`O5ZD$8Jcdv)BeY8IY(=?BqANAw3&j>I_gvoY(ec9n4Y?
zWydYqLQsv7I}99hMCZDnr^FOY$O!L3&AOYP-dQy#1x#NcxjuYN!i{ooPskUi7g0X1
zG+T;hD08@(wkZRM34}0cmhQFVR)Q~HdD@nzJ+VTIYm~4&Vza~dAV>S2_hKcsCnRhSq>JM=TN1T?32X6ORCB|rE
z>z1HURq@kMPQIy%>PbQ&=^9kQiB
z?@MLownL0liqi0}l)|)_day|UdU18gKS(08@Iwdjq*AcLX43Jg8I^a;ErXvDO+sac
z$#u;jErpQrS&h1M+&@9|SlHN!EKL!Wjmp3R372#-$%5UaAF1)Xu?XuLi@n`v4HO4K%V#M~ADrJqIqzSLfQ@dYd5gb(Y{xwP!@uUCC5>QqwNdrlQ@&
z%#oI^zsKs;YwusGsv>7oMUMz{YGJh>v{6dO3ETa%cp9kUC|qLZ0r^R$&}8T}
zI3^qccSOqmV2oZHtteRHb&_X4(_1|jCSG9#HOkdDWdY)BViU>$_pma~QFPx+bJN)&
zk#rshYB+SlU{4~!LUI8piJfcqX4ml6C>L)g%}+
z)uqJRB}oS#Vo9l7at0Cf5?(Y(*aC!vOE@XeIfS`BHK|CHbo>_>Un1Mc#j0X}8<8ct
zVQ__w`^qmXlgsVk-717{*1)ewhxu*%cp7SwdI5tJRJxE%LcZyBx8LXKG4J^?oRM79
z0W`ZBRxmC~K%cX!&^Km@FK+mKl%|OpdJxFI@aYQ1Mi{y!!UNa7gnq&YR13fLaZx98
zP5Q&}-G~;jegp&8A0~s<4pZA))5VrJKwVx~*&|b(hQK!dUc)b`yuYcjdjoQtP7@lgEWW|Ww!;J`kGLXB
zT&kE9M7>3!o$L&qz8g*f=SR#Z{v3NMSVhdrbfjfafGNZe+|;TGuh8u)erg)rzNJZm
z66V&50_6=JkXc1fVGsELO;J$2i^+1jR`X<8ds<%ACK~E`RbuWBl4l#
z`r6H*JY~eRSf7aiks+NN#
zSY7RWCf96`7@2j+0%9oL7wu?L=qeh0JZBq$02;eC>R!Cpch{A}NpcC{CAN+52})dP
zECyv2Y78Z1ld;t6W%u2b;uXIK4rGQZA3;OuEC|9#XR47P)IBb4N_cOfF?4YiK16H
zHOp~U5y3O^-`GJ>Nmpw;DaUAMlhEx>Vgkl^erZ!1q3T_^(WPTUv*yT7bg=TRV6@YC
zv0!~_i!B_1*C?>A4@kL$TgR&7ti|
z0%Wl1-!IC!oRFFp)pE*R0DS=P;dgEXgRPF);M+5>%}a17fg~bVPyHJ_{9}OW7LPY3
z8nIXq$tmBS&HCwC&O9YwJIq}3Nxy8mCM|MA>2%NK$MG34yOi?;&BU)J%vqQBFXlEF
z2g_+6&ghA$p>a3Vu+$x%T7V)sK+W7d
zCQ7+^vY=M3?PBXm2p%Jw4s<(!AX*EHtR_>JtQn}HfU^8EN(;~G;c_Dyhr+BcVR|6k
z_~QE_qn->mW{ibe?;wJIvsJ;C-WjkSX$=T**v)iy<59(bE#J%>l_D_Cw+T0Vz;sgw
zl-cV(rhH>_s?pOpuyy)zM>X`{qkA
zxTF4aU#&jcf>v+G#{;yj7`#+GXEBw)Tp=&M-*)dVC|lFc*6U08?=8vsuvz*!qt)r)
zMBhYhYG!P!#q~I&+ZG-?>`-eKPq$;{3*~RL!zo3snR53BOGb*b{%T9fO6zp}I<5+K
zls6+*4tL?F#JN;q3g|6KT)M7$Ht%@j^O7wb^=U50jHtTAFHDa+mPD=JK&6e=%`Hjq
zmM#bNGl~GmMfQAH}|Kmhy4i
z1`s3dEM%}dnBJxu=C;bU7^afxH)aX7SV1iN3;e;EXFNH()<&U&-7
zV%ko-*fa*ey6ypgD_u^vv^#reg|kc}3ruxh&W9NUaz<(biky+VywXku?HKT~D-RTJ
zG+ST`+nqNobGM`Sch=8XjanF()SL(39#e6gS6%vlz1i%)o*!(Ua{UtWpHFM|Js0M)
zog=)6a*ErhG5UKjy*Y)OQr3FpYTF7jKHICiYagd?8E1-c**XjCxltN4S{F`O^WZxE
z*3Vu&Vm
z>4u}XK2`(ox|OZAs3s;e5}<>E*sYw{d@bY5k1Yd!hZZzrM3ZdRo(+?cl6Z;XG6
zjVE^;O=$4`Vm+??huu@{kJ}B-45H?Tj0=7KW(QhNZt|#3rfsx9j-P8zA!?=3LhTNe
zo=?AbURX-GG3};FNe*7n*ZYd=_S5!hoLvv5cXy+oPIK+^>5~oWoUrhI=}x2!fN$)t
zu
z0;V3y&i^tqH;c1eR?v?y{ccFp{Ymhh0h_MYKRx6YR%V3$Mt5;Z_}MV@xv>IVR==R=r=W<$m&KU?HtNCa8FhH)yuz)
z?smR`xA{;~T%Ed}4gs_Om-1@NLz!3%pb7Z=e%67tA4Y@p*lc(G^|Ben1Uglkn0-5+
zszpPTrWPVw9d>v7B&0=AbaCcj$5owtEp*29=gURJV311smCjoN&7d&BJ0!6rO@*wISus$b#3tt^7vx}eLO+Y!8jl7cC@`IjbL4-E3Qv%4(}IBOYCMc8pkEhRI~<?mS
zg0@@h^%Zc{-}Hp^pTggyVG1o`nrb=R;(lcmf*YZQ+EV6mEX^KWn&J?Xoerjqz8xSv
zYU)+4w+ApGbbhIlFo9+x(hRjku(Yo3vN~{(uSPuKE{k~^ksrzR6l!9JS$?lmZ;$@>
zPs`ynEi}YpXwa6OEk@Qm)e7C?X)oqq
zU5R@pE|UG31(;3a1MTa^s0Z%**sXRThO{r?0zT-b1=9N@Qfo=r8I~=XlSS4_$74D_
zL}UZq;mp$fryoEfa6I6d$-_&`)eJpxeFvh?U-%D~DB{Uyw({eXG8o8kBpEHp;~#>L
z0rg|?lS{cyXX}V=WuT~+_wN3DT;n`y6ZEe18v~Kk&LXgjwthuCR+}i`GN4#cqO{~O-dOqX_
zbx_AEg>IlQ-Qj_C*f@hG+0!Na>rJ|T(5DmnTR{#9gBC@nFbHn=L(||_Pp`TF6I((^
zQw3~;^UjC{!XaEcDRISO{}1=@TWg{R5}|18PQoMJQTV4Xc1E~DI@4eEh`%_V_4d?s
z1<8Hlo(XP5CS?;L5C3+tXpT$eVcG7fjFog
zT;q#Vu$hTS4oAt=@aYCwwTHf=Uq!5ax+J~5qcnmQqbHlvnKQYI2NvIZ$!WpEnrt$5
z5IXzD;aVQH0JAg(f{l(>MC%^DE`AhOv{rOl;f4
zeGd!t7%`Kt;1<_ru`whvV!yVI
z$taE!qlu1YY~3=mfF@h2oAh!bPQbeN*0|b-V;#`XcZegb!phIo7VuC#U??uz0zv3F
zJdqkzl-Nx(i^C;g~G_yUM|y#YyM35
zKCwRsx-D)v6MUXWHKih=LTP{IMHgd0^nHq}
zACH&_Tx25!$=vEslc`v5VB8DWVPa)}xkgfGj}a@_>|3EQa(|SoPtL6sv}#q!opk#p#XucwqF3mREFJbjNzaTVQ^ot*@S>90
z`}jCs`&o;3rksO1p8D{Wxt3n9k`2L`;2Bp{zW&AkTJId{?e110mDa;9n04=vq^k-+
zVd$c@s%fm0h8|yLO65AhUuj3PMqQOsM~xs15?XAolU7+M`Y1xK)@IAhk3CN;qwxje
z{1gCsZhMzsY}uZtaozsm1P3j4ln?~{YI-)-KEuz~-vG|WbT$=$OCXF{_`q8g?)c{7}pZG0Io&9=(2R3H{5?$J?``-Is&{Mci8xf~3nl)4NE!KiZ=
zh~M04#*So4`w&;P&Mm!@ITOexhAX=s+S`B=mWavlUYh*>+Vlta|PBDa7x!!@3qv
z=E0_i^!PxvZO*m;!92*{>J9I=>h5>H56WUa3)X`^>B#FFi$8r*XsNa3a}Zl7eO~V}
zqp!V}G>Y*uG+Ew}>RwxM?<4CgGa8w&*Jv)`a@atW*81WTmd9MVM8G6kHyAW2w)-KK
zYRRVxI{2W&zgr{+c3e?2^z0PBI>~vG!0kB4!*m+x2DVAu>qkBjQS`ko2L~py^K(O^
z5-x`;^EISQCR_H39U*oQHiWgO5L56$yHS06g4U_g)@%We_}qAjk@
zdj0$sKNPp&K7aF*JQUBjKmk>5BZ^iHxi{pBc>^-}mqCF>eX0qI-9xXia2sB%T^yjq
zLR+IAsj|4taJHg?Wg%=dQcosVEuO_%+3b(zEdkiX67)AWIB+8*pBglvteX1IfBo-&0?uHGU}9fu4u%2LJXVs6%Oua_6wXasaHpNMk*pH_J{Pw)c
z1$!vRCbpUzL!HBcor}U2B)q~_b8Q`V97^88P}s49S~GKL)pcy0eird;T9zFvR>`kE
z#5vM5k_?<-zV|O>I~J2@#e~+gph!iFdz&Rf=lkE22Ww#DJr3IDj7Ztc=E4|v+8?)C
zPL=xTJRQVt{bSxYXI{cS#PCz=kSc^c;tmTcMPnxgdZ>6CAC2r)Fv=i;E0Lb{WM
z>+oVNF=9dCJBpk0lYE|kXDF$r{*a^$+X#TYa3U#bcu|#K84aN7dsSS8LsMY+=@Rgy
z17;mHnqgcmg3)U0dt={9T7{lTR5Xipwcw%~3thE-d@Y37w`=II3F4VLZ+~E&esd7#
z9^ys#apnC|{Nikj1a6VE=y&%N+Ozc97;#VgfkMUpk}Hp&6u)qTHN3;xYzN1hXfwF)
z7d$0KHJ#_h4AW?p9^0-KiVA1IXf^_38~#5NFt*6Ql{Y2|EK2jt6aVC22y5;{eDm=8
zt`vWJ6;ulMOOa>bf#*ucjLpb9>Gp|R^n(L-t<+Q6P#S50lZo5m5B|f!3u_^YhiX}N
zMgN9uG>(ouQwL#T8+3Op85CKp+;wXkQYsA-QO2^%9C~HoL~vRZ!O6m%q@*7vA#V*T
z@`L$X*$g~Lq1LTBK77##lLQxXI)i!Zi6X0N5$BT{0(|_Y&a0{AxJ0b&W{#qsj+yXe
zYQVicjVWvJ<$FYsb=mR|Q7iLznZJ0)H$Em?*I6he^fuTDichiz1Ut1FI!-D
zWQTVf#BLo5*DH@t$-OB8Is8%pnob9@DNXMGsJzRNWBx~C?-};5H#Hc)^n&A-Q3EaR1CzBV``WtL
zZVR(QJM?kHN4kTJgNX|R{5Jw0-*N}F7=u3>1p9C(97$m@Zff$DTH$#Me@sfseL$%5kGCU#jPmQte^18
zoyu+|YK(k*N>xg)QyIeuD}+U9x_7*LAg^RbhlYi|eLng?A-p0L>pV^yQ<^U4MM;OI
zb>j$FE!bE!{Oy*9DUU)NsCjK$0_>huSOcB=$iis!(*>4>?s&EejWyA!9%A0Gi(yEH
z7p$2ulZw9sEuvE24@~bTzSb5fLOqjR`#{Ot0EnB5DcbjI{Iz2;JX)^6bi^uQ1c6Dk
zY-shv3B4)9$9=>(R9&05Lb5zyK#6g3Fu&i&Gd_$o{v4&`?e
z-$?iS7PcbHSQuHNISZWLh8@AjK0nxvO+X13i)V@XbSL4F3_`d>MqJvF5M;gm92M$a79Zzm_;GVdtY{|FN7fj?gogLgcg~
z%O0(zpEuon^?BeADi^O5A6dla_Ypv7YW!omohW+MkVgphymg(>5|u-k6z&-?D*Y3y
zOm`U#UGzHidAunOCqI4l7Tb_@JH}P1!CDhJAV6ZKj+~Oyy?1|cjpL2vG7Uv>x>ujn
zvPoqin9LE8D+l{u8mIE!(KV2QHPTHPk;y~f5`6cXU-{#Z0-p{kgJ98rmE$n^v~~Dh
znXm*eWCm{AP*gJ9FrUxdcg8zmy(F~!U|zpM4$=oI{}UK=KMom?4>F7%wa~ynE`C>|
zg3ls6gCjatYQokMSP^k&Zd#9?aW`J|G{_77CtKIH;gjtS3YjfQrTP$VffD<`41KGjF0#Ny%!RI6@7MuR
zLEBY;mUf@54k!knWn#dG3R$(mLbOu`k-Vxjz(za7VAHz$TNWdBj|Wq?iu1BuK+(oV
zSotYiEza?(=L-_i&~wiW;xPQ?@N&Xl&##zB`H_&w;(CQsR($prF&lx-{Uhig{Ur2H
zS2?Gr8&qmb94U+Q=+x}Z;k>Sm9Sdy_<+s4>c%DFN1WmiN4Y8i)%835K#KsIP!xwL!
zfHsUOwQl)n9e=u=(_VXWF1zr?-8w92r|X267LQ9zmlQ^wkXqRdxXD@Ht6?jn4OyT@
zPk9pHB*JVMeJ23Osc3?fCRokBT_|C-+=Gg%_KW+Blm{9Qm*z!bx*2@Yj_8zzQ~$me
zk*l^TA)62P+x?H(Q`yd0``P^|$4TVY)pfAcHqL5fP3(fwZ`rHFQ9M%O^#?kzdNF&AKUi&KcSeC@^?d)@IqT2?(+pAG7m?1x$)9A
zokqrW(OSqg)lK+uTydM|oaAK_EhS58c%z}IPI!z|Ed|6if69^gt?)%L;svhKb{ohqH(0K4wu2
zIS;>tPP`C}f&>BFg>yj|gYN8bCZVn&Pv3tE1SXI%5s{~(+^fwOV#0R<9kB&?9?@Fn
zttM!Z6aAe&K4Z}4D8!NDED+SQexLrVp(L+}T{6(>_zK#*WOz{ki*#*16Up+_n<*@k
zZ+>zwRU5`-&W64G{Tn&J=|<3rP%roRJ!CZ|*qlIBJ9b74-E{E}i`UPOv#CsAtI5j3
z<<%g3HSknDv|!;ioyP*{g8BryY+xPDxOyc7Q*_ZyMc;eOU-{LP*f05hXS&G;y=n_g
ztU~-;%q%}F(pMw2w3mjAu2E3Fe|Or65McLtznU*2@rC}uK|jctElm8{jp+-uRLDg?
zhvNxe*`X=xgz`YNC){qNVW4Q9kJ{Ns6MFn_qi|RBh-_mLed!WO3X#
zsy}h-l+4wJr)*8z5!a3s&zq33B;82i&K_~1UlX!51ykX?tM!9M)=I$vdxGmRzy0td
zqNG$%2)R&myS4})0DaeUsoQTu0>F+(Mj>o`Y%UaF11xI4r`hvn=8HF+DUsW&9U>t1
z9LVbj{1xUZqzn4nr8L4;UbVUb`|7V-m~&U0`4XyiB|DvW*5bz;Gry&mCSYKqzLADb
z+EFyKCa;W(gbbkn^LPttWa{bk_S9;`wvY<(m1Cu>`EgoKF9M-dsyZ~~ngXBDoiY+!
zTm${B*vuQ*dG=Cc&{8*=(&@e;|LeG-s
z9mam{e2<^eS4sx#{G7SF7CW!58f}2EVkOsD(oMt?N$*mIsbNRDY4Its
zGiX?cw+56C$*b?$sD7Yy!f$(`!B%E1f_Psu9bRDKnBy$JsDuTeFHBCTNvT_wWAfH
zU~yL;$h!M<0BNf@eR&2YXC_MzMn2eFH5=hGWO@*pEo|+o?42rRwb5~1?mRRfCYA!4
zg4tyRPyI5t_6Kci%CMw=?h8YWE^i@YiaDY}$mxnN#z|w*~lXKOwr#
zwzM9dLv;3*wtH&eolQ;^x!rxQLm*OBHv8qYQ5(&5x;7qUtdjEYwiB^^$eQ;hL9D!k
z2KH-x@r|?#Rpf@9UP1*o(X0BDE4uaxmk&9?HCxc@-L9nb@J&#a()C{y;$PQzw|&L}
zGi_K&B1_?e#
zFQe2|hRwK{-Im@WMO-#Q_&2gqnea>7I+5($Yh&2ZhmON>?H^aSopJW{V!cWc;ijJ?i(E{|_`=Z?KJ|H=kWOIMU?hIuwG
zy>d^dnF8F!`#p+14&y>*YjYA-pbhDyD@ASJLdkAYb!F?^D6-T8}+i
z<_tl|OHZqqRL94jbXX=1%QFmMM(y^lKCb)8Vo+vsmyC(Y->=D&H8Fzj75!uCJb|QO
zrZ)78$T=b0uz)8nb$a0zEa479h(`8<)qy!U$IcBXT2mI&OQV5Ft$bc4F1Z?T@@#!R
z9d#8uMrPag#>YFzviQ>>KBnhB0}OWiO{nq5HdrE>rszVo&rO(RBwd
zOz;9p)ex0UDY+g!)nPRnH(55{pwz=^IqC0xtoDlF3yHtU7<%8O9Ms(-5sVj)|ba~TZ8_M
zzVw3#q{qNd*jYxYq;If%dK4F1?J>TdtEXSd7veqIEG6Bzy`OGL+vOL-@3kZSFpyfm
zw9E`z9Id=daql9lzY~jiT|8e6-c!R`
zUmf#2PM6>0zKXhQ)vYPdXpb{G<3Ew+RcW)@pDIYnaAtqscp5z8+fu{sM+D!!!8P0E
zzWUK*vw;V{i$b(ODH7o*L%75?+=eRZQ-d}!mThX`v8dh*G6O|t6IRI(|N5$f`CL;L
z4V0m&u4E)p6L!RRYPVhReaG;oxK|osL=5VsraH-p5G_b%Vk}e-f~F0I12Yrb^pYzU@n#RfyPL)3;fQek`RT+
z%si26-I$)<*4t$$C098qoxh{=)w>Fcsvcb71XiTR3V5hjCT4fKV7{{kI%tuNmo^M9
z*IFOjDdP(PTs;lH-yCO3gyQeS!C;uz5ubA27dOS?ie^`)ZJ>J*9D~s@Q>bILUMly|
zou4G7t@(7qa_zq1rF_Zv36Qws!^#xOJ6v-o$BY+u2w)_o`$oxhCrCMWSB@?4l-Hfm
zE*e(VkQhB^UY?S%d!BC$>MaPH_D8kT1mrQ&1uHyj_WU7`qE)VOGiY0`Vz4^5H*Qi<
z4OtOdcGi8qt2SaG-Dn-s|00R4NnYX9#E?I8-zuD&j@$8f@lufZ7Ek8~>kiLLrw;Rz
zZryMd)U{i2W*C{yRGK^fbuK3tM+vSWqE3sDyz>yCxwC|I+eFegcl|!op<(pT1z==+Qw3wVAwZ^-F#Psc0uU-ZO@u(MA3A_bp?wr>
zJwF4tDf^Xs_K}UUSUlb2jHoN_(dW_UU~#aNV{AFBUyVeLGw@c1S*npx)x5jCICbx%
zbB%r}j@DFhWBfo+z+~I-t(oTWJeS8w~C)^SS7^KzT3tNn9U5)Ud
z8aMMA@^Q4>T&FA6V7vXY3vK5RcCeIc4x9Z2Dq%?U$l&;4rE=Q0OxxkRxbuVA*}8KX
zclShwn=FathQY@H7BA~c)XE&BJm&%^Oz)TBoAVQ#i!nyENQXhKAtN#ZK?$i{;H!2H
z@59M#g^soOZ*m?&kXjtOCSY(o$+(DpP!$%8c;YRHsQF3rOW>saXS-Toygd;3#wAfj
zeuB39WYHr2r;WpqaY(uF7f^6_gAD-s=T%tgvKIpQKVzPuE)$f>Zbxyka}OYLEZL%y
zXJzznz`*YN{pz=gks?|pNJG%ZV$JCasx$2++&if5Z&vE^J!tg0P+q9f0TkcNIa0DS
zCND}9mwh&&uUDatH$?JxBiHki$T&$e&(*smrKE<|_82_9PY~dwR$66_F*C*vD75*I
z?l2I@E2)GTKJR8U1`QOGY+h2j1-rTkBX!2M>)tndfXi9_G}}Y|+CdaZLL_XcM7HIk
zXl_6<6l*0)BaV9GhxMul`8JMPM3R24@G)I3-DcU_G@!clM
ziR?4Q<$mK$LHbrQ^k1#q`9Bkm1IKaFK2kZ#Et<0=q$K)Sle-)lNn?bKQF0_En)cC3
zCdZcCX^vQtJJ;MJ2$Q>n>(UhWk_b(~nF;
zd_Z*lYW%0=?cdn!O;<4Kdu?IuV3-!LQ8Hu7N(S)q)Z@+o+NZgsN%(%llk|yQG
zF`=nj@h=HbeLsywFwPozP3A@Z<9l8+@Ch4TU?|-`QgStM0j(hlJZ>_T3A?Ud4rsEe+Hy@y|?WnM_u5
zc^ZP&bM3vA=i|RTXT9kg>5l8}4F_aulR{ANQps?zlPiQ1te!eZj2cFz!&?
z&g5Qc-^KwEL{HZnWBrpt1|?B#bm#ns*Hlld9l_x;<*Kb+xo7To8}oBUkv4qaFTnB(#66LY~l2{Q8BzMnPYAz6lcKcoIVSF^{$-Cgzlr7rIw
zmP1}^^egCZQ!}OYODNrt@Jg$DNCkT6!QP-y*aO7Z*;2WYVf&1BqP~OP{H{v9`=WQ)
zec_1u@hgz(QIPg-6XQ8heOPL$r)~kd>v&<#j^cJ=Fle!YP&|Gy^)b4EHGS4}rR91h
za$R{haoOg$x?bwTp7xaUyWH4oMI61^+fdZKTfD#j
zjJGu>?hg(R5KsTPvp@a{61yHeI^9^bW&{YDT(ed&adz>EFT%=t_jY@*+_zJXDo#hf
z_ll27cx%*hg5>+rVXIL?)j9a9$iST3YpfU13lM09KK$LO%ElV9D;*?Ct`f*Ck0?HP
zFsvQ>leZ`^d+1d{cO-4>=}z0pj;GNU*@B{AoK%EGjy{Rp!OoaW9n+gwzsj7Yw9|wf}*2TNh8E1*_y>T
zU1!aPbd(jG&BOTBSM>hjP@-jp?o^xjxiLB_YwAtwK>#Wx@=t*l?D5$t&v%+s
z{Vn0pi!RplgN(C2ZO`8R&4&It?R=N@b{<}po~o>)A#%}DTj!kZa3JmYQp8G30pJ;4
z5;KJ==2$emQzADrg$;6g6PtbP?Cc5BZ3pLmt$dkHQLj1dDQs6wlkyK6dQ0A-F{ERYK_e2c#m-Ip`c*}1A_3(6VnJp8lX)g!AXO>+DKqEj
z)qV)SRO~^cCBkU@6NExfy9wDZdJ?X)@8oa*O;9K{fl{HOG`_C=MEON>c4M-#vxakB
z4h%k?_0fOkc2bzk^yd{R30Py^?n5CxRv%7oqD1<&lBMorKStWyrQ0zRt5PHIQ$9bj
zQo3K}3Si}6e@Djgt*gl)bE~EFv=ZCT5x?7ElZ77HNA+PJ*4S|u?2l1CDfSEuSU-wU
zd#yQg#7pGY?t|_gyOWs3w@wbUrs!75nvmMT9S2`78=oeCxul?rr7~_jjl1rh
zwK_+ihhs=@ss>i(SB4~hRXe_cIcU?$OJ?{@Whw;nd7Ciq&Uu}0>3;mf!CT+DQ(3EQ
zAELe@h5vGdpAeV=fa-KFB|l1v12~@TQ-72lwQX|D9o(=ZbccQrK_q%u_a}+-+Ypgm
z(`)+k^YreK@;yH#R}^n_E^*UxiyNdA7`)1%YHlh&{fck{w?tiHBzXzZoo+uJEq7D65$4U
zdyd(egHufmH$9!Eh`8dNVpiF*;N|Hz@yzYRtd$
O;Hu>{i!w8>$NvC!K9(f_

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index bbfc235758..458bc46173 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -131,37 +131,83 @@ If you want to check how the ticket shows up in Intune, see [Use Intune to remed
 
 ## File for exception
 
-As an alternative to a remediation request, you can create exceptions for recommendations.
+As an alternative to a remediation request, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md)
 
-There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons.
+If your organization has device groups, you will now be able to scope the exception to specific groups. If you have global administrator permission (called Microsoft Defender ATP administrator), then you can choose to set the exception for all current and future device groups.  
 
-When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
+When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception (by device group)**.
 
-1. Select a security recommendation you would like create an exception for, and then **Exception options**.
-![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png)
+### How to create an exception
 
-2. Select your exception scope. There are two types of exceptions:
-    - **Global exception**: Global admins will be able to create a global exception. It affects all current and future device groups in your organization. It can only be cancelled by someone with admin privileges.
-    - **Exception by device groups**: Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed. If you have filtered by device group, just your filtered device groups will appear as options.
+Select a security recommendation you would like create an exception for, and then select **Exception options**.  
 
-    Some things to keep in mind:
-    - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired.
-    - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires.
+![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png)
 
-3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
+Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. 
 
-    The following list details the justifications behind the exception options:
+### Exception scope
 
-    - **Third party control** - A third party product or software already addresses this recommendation
+Exceptions can either be created for selected device groups, or for all device groups past and present.  
+
+#### Exception by device group
+
+Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.”
+
+If you have filtered by device group, just your filtered device groups will appear as options.
+
+If your organization has more than 20 device groups, select Edit next to the filtered device.
+
+A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. 
+
+#### Global exceptions
+
+Some things to keep in mind:
+
+- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired.
+- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires.
+
+### Justification
+
+Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
+
+The following list details the justifications behind the exception options:
+
+- **Third party control** - A third party product or software already addresses this recommendation
         - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced
-    - **Alternate mitigation** - An internal tool already addresses this recommendation
+- **Alternate mitigation** - An internal tool already addresses this recommendation
         - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced
-    - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
-    - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
+- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
+- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
 
-4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
+### How to cancel an exception
 
-5. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat and vulnerability management** menu and select the **Exceptions** tab to view all your exceptions (current and past).
+To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception.
+
+![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png)
+
+#### Cancel the exception for a specific device group
+
+If the exception is per device group, then you will need to select a specific device group to cancel the exception for.  
+
+![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png)
+
+A flyout will appear for the device group, and you can select **Cancel exception**.
+
+#### Cancel a global exception
+
+If it is a global exception, select an exception from the list and then select Cancel exception from the flyout.
+
+![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png)
+
+### View impact after exceptions are applied
+
+In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**.
+
+![Showing customize columns options.](images/tvm-after-exceptions.png)
+
+The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed.
+
+The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change.
 
 ## Report inaccuracy
 

From 2ac3759958666b852e4faefb7249af4c9a608c19 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 24 Jul 2020 17:05:45 -0700
Subject: [PATCH 022/384] more images

---
 .../images/tvm-after-exceptions-table.png     | Bin 0 -> 19211 bytes
 .../images/tvm-exception-cancel-global.png    | Bin 13617 -> 0 bytes
 .../images/tvm-exception-device-filter.png    | Bin 0 -> 20259 bytes
 .../images/tvm-exception-device-filter500.png | Bin 0 -> 26234 bytes
 .../images/tvm-exception-device-group-500.png | Bin 0 -> 18628 bytes
 .../tvm-exception-device-group-flyout-400.png | Bin 0 -> 12506 bytes
 .../tvm-exception-device-group-flyout.png     | Bin 0 -> 14781 bytes
 .../images/tvm-exception-edit-groups.png      | Bin 0 -> 2004 bytes
 .../images/tvm-exception-global.png           | Bin 0 -> 16485 bytes
 .../tvm-security-recommendation.md            |  26 +++++++++++++++---
 10 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png
 delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout-400.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-global.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png
new file mode 100644
index 0000000000000000000000000000000000000000..f62d8f66b631c3a4874273add18f989c89e8d1de
GIT binary patch
literal 19211
zcmcG$byQT{|Nf11r<9Ze64E6N3P?#PNF&`T-5{OPogyvW-JPQ#4Barm&^5pi&%yit
ze1Feh&-$)seSWi+&aAVR=j^l3K6}5f>ve6zKPbuIU_Qe{KtRBela*3IKtMtVe&3^`
z0)J;S&_)Aa7+++yoDdLj`yT&1Nn*jJ01l!#%PGD?+e9NHC3^~?F9}9Kc#a?^_4bo{
z=Khk8_os_2*n8sELg1n~M=&oXiA<#;B7(o4=e)B|!X7`e54p&1r5-=n^7wzh
z`@a7d4sg={d;Xy<-cyL%%2rY!Cp#s(Ueg<61;kE;a5EdtBRl54U1uRLwrk`-m?JYg?UK_PS>@fDC$}iiI>W8u!{V_(;D8k%v
zb{3oM;)zb{9i8iIa(WlCy@PEZ7Q1@I)07lA)Hxn+$TQ;(>Au=XMErecf2mp#@xlzh
zhwY@UuYcV(#(<=|3`CJ`*>{;(Ur?c&}u)!B$XdCBzQaRc74JS
z;nw3QRG|${5ruMPgT~<}mX)(4S_Xa%t~JNsCvhYql0Cg0tzO-!kM$gp?>61|VlX^B
z=vh!&F?_@bXY%Q{I`kG3mUm<-ZXOHZyWULR8QZ}t+ooi_EN$+8vo)-x$71^u?sd4i
zx)|DKjD${SwyaBdulw!5Duf(a46JI@vsIZV25ztE)B$_TxMDSjixz9N)Go6_snC)$
zk>d%Ss%E`38&M*an|J49mIY-HX+rnP2W4;L7zG7-guOtBoR<}y>*l1evx)xYS>G=g
zJGXZ~Tgs5ipXzSUe@WboO-y}b7fvT|0!uv-Et<~!Wer30->ccfTk{uQAo_Y7r#IZC
zs7h`w{)c4&wsXycuJ!KI_P~V^)1Bt6$}6lus-W|#_yk-MA3R%%&4u
zyK`?`D(Sutpip$`D^HdOv(VI`)gU()`dXv+FLnbxX_jcGxHK;At;#b-Q)}DsRlk#4
zMKI;)$eZS3d@=GD+6|s=Z>-p=-b^n~^*L0It}5jV$qDun!=p1Y@#2>lTk7?I
zJpZD>5&Qx{Kz^p@Mgnn#S$nRDEx25*;%xDw@>VO0@>Z)zVyl=f7=g9b1j;AI){^0M4
zgXZXX%Iz(+D$9=n@XX`;rKLF^MKQU^h?1fAE_VZBkZ^lzr6MQAo9HEpiaDc1auhzj
z!Ih$ZMzr_e+{oA2ZQFcHqqp9|#WRkUhrQ-i7erV7n^WWF8W?031&K;cykO1$UO
z6EKaA@;=~N8gtqS%68$?e%FUSZS95d_T<|cF8@(q`-65WL7Vfm5@Yh^YQ8^H0Tu;a
zP?3{p5OL(gO(~SSTb?{}2_reDX3*{hSoMw5;;ULiP4#jNzBd
z(QcQI+T((n@~6U?omrI>58#{}C)}O$h0dw#MjMDhC|fYfNw&Mt@{wTGrb)FW#A^E`
z!|~#KDyZ(Q9(WnPb=0!!zOpq{bL0{Oz81RhQ@p8UEPG1tY2-#lBO~VvcR1B?_0adD
zincDgi!$zB)OK}llD6;64c>El;(Hu9D9B@_Quz`MLBMPM44fsd9OlO0dEedy0%o8r
zxL%aowuW$4(TaOdn*ITBq$sOW{P%tPR5K_o=Q!x>0`&Rp{`T8cR$-3s21e!Xp}oGd
zkGT!J-)ErZ^MZp=)-;CzQI7l4ZmUV?f%kpO83cnv0M-n#UzxCkK$Y887a@y~F_`yJ
z`w~dsZM)N<DR6oH915sbW7ZC>Doyg
zQh3gO1igS@WOEzm@QCNOV;^_0!`jJ?)Xc708-y#SV7EKY2NX6FEA76;cN-;H6B=SR
z51Q~n+liWi%7)6jr4G{ey-?&z|IbL!p&7C@|+0xYEN(6Cbr>
z$N3RFOZwvX;^sXF1yb?NUT8%G3aRo&X&35aVs8wq=|kQ&CH|PUot8d~YTO~9QuB&Q
z*sxzcQO-4KIJM(B-s|kI=ex|D;zR!d@Iyex`l@1CmA)V
zCCDG@5pG&GJ1OSOAjknq1@VdoZ`#&V-gLp-GbTwA;#4DhLG_zg-=iXaOw$wB+cO)x
zh6)Xo?!(NM^c19B>p_ABfn8fSbfub&bC@R%nvDyoXJHt{SXE-^ntm>M3Srrc9myv9io)5b?I44kG$9ZDSOMDvVH`m7l8es8;R2KFSWl*iRH1T6PD-C!aq{JYAS^KI@
ze3<3JOH9ft8L0fgmaEnbuMI>A1nfFZQ{bMQ6`fa~xElhYEkj0zN~}8Vp-&Z~Ufx)Q
zCWWr_fVTHdo0}8iQ$$S(5D@?f7JxF+$v7;-#HaV4T`jd2v
z-Pr3(12+Cb?}P=m%3ALoDic2^!VQbA%a42i&8jN)1*@fY
zBlgYI{h5;QH2t|rYV&oziTmzx?D(er>a8g{6KeHU%01(1BfP&nvBEAp@SS_+3#X)B
zz9vz&$?gNG*c+~Y5pbvqaXAV;nKg#N4u3`YAF@ol-D@(Z>c4kQvd-+7&YUU{1k?CI
z@?E@0v98+9T0twDR>2$3yU1;nKJk2_^H;SLDn*h~50p2pF;>3W1*vabe;hFuE
z>b1YU7IjQme+vsM@TAIeu$rRO>)9%B;|oU5%U;%nT#15pqiq%pMFMMnPu;8&bS92m
zq)`g~WK_8c#T*eoW((X_u%j{5->s=5Of~u{@Rq%9FHn*
z@0VqhF)oLxZyxv|b^NPg1tc3x7=4|Wnq
zEO#YT!sGOMl`8btpNP9@!Dk3rl~WZJw)
zmIUrCSsMtBkzq;-d@WAgGa3ohbGa;hrC}qoL{CW!&(gt3Y6HOgj4gMzw3M!uX5x%F
zDRpzIwmG5v9K*njft+V)C7-yaJGrZ^Z@L0QdVBXL!ptm5?WQBtsWF{(Ze4V|o`ZRT
zNK^9?==SNaUqCy>8OuiJD!#MG+hjm&?Dgu2%T+)6zA9q%ghv4BZnIxgcbd;QjIDzUwCZ7W}8M@tu5d0x#?8e7hdv+pv18r5%Tz=Kc@;t
z0nnSFS3kJNk(~vWc{Hl)IoZ4F>k`YC&ss*e-T+Iwsx~!?ql%n7a?VPIKDkSt43-`fY#rdh{qh
zyGfX)m(?og;wBN|EP
zQP5{d`^ui}Y)t)?)17Y7lS2%oX(D`?kwjMGt1Jf>mogR+Q;ja?r9HlUzBFPTU2x!r
z1vq?Y`q!Wz)42c3qOjSXiKS9n+HMm*$Om{>HUZ|(bZ^HPGoRpGw!oC>OuS~K=0j|i
zJNw4iR>6i|Yo-25v5tGnm)HBL9nNo3s=G@Vb$eS#kUcCsD{;992?*jU*$?A1XLgC_
zG=}`Q=D4@7yu#EfgjBU(HC!X@;9Xr1sXLLFpglBCiygkjf0WsA{!*gow2vR74*}2r
z{y=^CUpzo|+P|C79sQ4fzX``Ln%c#7#s7PqNpXv?xW5XYEb;l@@36NR0ss92hC{(v
zqybccf6shQ^g^j7V`}2qZ-Q?;XI#a7Ey*%DlD^5A}QS
zs%YJ1ptWm@lfxS`+$sLpjr;zw5uV|m_?r=wUe;Kb5m^FOm(@o(zWvq?7@B?;oy|L6
zkcD|4+p~-EZ@W!aXREImqna<&845%Yx~@TcSLfgOuTH0oGvTB9=vXvLJFzc2}wb}eKI-*C3vpZVrHD(!nM{m>)sf!B{zK|aA;Ul8
z@@+oy+m`bCUxw1Y2Zee%D^=CT74c1jbbPC$4>_KC=*Q|ED$E(};m!n6F8t6>kc1N9(Yv_TysPX;
zNd9>tayQw^>#k@$`;gPt^`qo;|y+v_9ypxB|&hRZ65
z@$?Te-;XC<@^ATl?N`od-*}id#%2^7AC9_EyLv22(HDD<@H>4k{nJ`Dc2a({Xqr=T
z)?E^c5s#02K)K*ddkV|iPpe8iXr5Qn>}4iTj>VfZ)6rn8k6s*4UsWlxKA6Vh@xt%EEmtmFiQI
z{m#4DH_EtNr-jQDMt@dJ%G`4D)TUFXDsEX1XcY2E)oba+W*yF*`0D%INAlT9pL2ke
zf0&!**;YF!*^Jj#|C;Jr69sQif6^_eLc^4iqi(RN+#osLmXr$k!I0yzpfalsv`>wh
z1=sZ2lF0$^q!5*tn#4l*&P2n%CIwuZj?GQFTr(kQ;1LB0)I??*cSoJ*O@(k-mBBm9
zIrk6AbZy5;b4#H0eBjNqyG=^gL8P%S-oi&&9Vz4|9We?DciVxB+-B%O(MG3=V5jX-
z&sBVQ8Nrxrd%~9xP7hDS4P5HgFI~HO^GYiB8Kz|(TXgKM4+gqCd)9b(d&s#7>E1c&
zhNXfKOi!#f?az*^0z!5BfK3+FGuui$xWWtO1|HzGruC^0qYi`%pNr6-iPf3~*KB>+daYx8cw=hj=cz!_DZX`{JJFu+ci_6ZE
z>u;dy;J>=0N~|4eN)87Z^^X~iSba@bd2Pz}dgSBdKXgs5HhvC%xt^y%qvD#l$;nZP
zSa=(|^0cr?2TnD6sa|F2i)cMCa1z+*7u}fw<%_-xNJ_~mG1z{eA&1B5x#d1C^W_M!
z5LMp%nYhsc{F{Q8JLZ?K1Cd0jA`^E@O%4hcwNpL)2vZALtPgG@*RPdDJQ>$S#jyib
zMz7C!{TxEVDCjuE&k*V@KO$xz$eQ&hOH6vTF#xupiptNQT8M`)-qdn(=)XIxC7}$i
zwpmQ>8IefPU{Nyk0%R^`W;x)_EM(N>g
zpw8I6a3ioO{>gv~yRd9fNuxk{s;X3CO~H3fZ`%-m=)xoNJqV|0t?SH$$~Vi*ZzWVr
z>X2XK;fD0$LX0TCQ&SZra%oe3A2+)B|En(}u#xwNapteN6s@
zyTTf}s6xe}i3($MdS?nze9zuQwd_c-5v!`SOZ%jTWg%|KPzhAUQEuER7(M0UVX4YO
zKs~bU;VS@o{&fMdik8}VPBL!Zs=eP}xB6Fst$Z$4xXUg0l!dB)3^SGk{kDa5Pi3A
z8=;Xj1_9Jdhxw0Fqf$2IKIhFRIDTHw<;+%g)zNovb1p1VHW=XPRZYJ&5n_QPb8$GZ
zagBav|{499_<^I`{jZy2U+uEvAM@gCk5=YWG%@f&7@Tpdn
zFEbKvIbqz}&5@BVAsb=gF;epP&Y^PAc@0Vn;SqAK<=rz51_dl0vE6yfdQL)C(yw@8
z%CJiSYsF-XOk96{Wv!q`
zCG`yXy$VCKn;E*KM2yqv(+bwhKXTEbF$U6IyI%;%xa}wja&p#8L=_@;>Ls}>{?Lex
z4P~68=GkR5N0f_tE)Tpk_8EkrQ)+s?DC@Ra_bFuxxKywEI{d^vds-H4<8AAX(%@qM
z$M~s|l);bjGS`bLW1cg;F-%5{C$m!kSm*{I{JC1Im)#M?bDwWFO=P0}fms2qcY
zbWr;07%>kh|4<{E`6Y?Q-si*SM`EbDJZCOeLPQJpGo48rW6+-2P&&uRS-U^LY;FW1
zm_VE~(s8GaATB3(%=Lr(-fdZ(Kg`WX{x%9(JWT=VDCL$P2X-IC7`2IDfZ3>c7m$u8
zRuD`Q?fYT8zscPWLtx2tC*S@o@9FI2!nXr^Q9{W(#!%D)il~+v%T}+=x}~0$A9n0d
z$={z(Oxx^VsZ+EDn>Q3xxxB~R0<~n5hGk?87rJ!dxdK*^Tl)4oHQcfdrN>%ycSomYR_b$^Uo6jH%t=lmD#{#3Hh%b7gS|Je9<|zXX>+U
zM+k>l!O)yELBFXln>i>N|>8`-)LF19%>%{U{1JNX5OU{4u9L+rvNpW)`_$
zfHV!ZmKsP=zSr}NSfttf!0AzY^dWC!!Q<#wROI#a%B9%Wv7v>)Ew}QKqjJmIg2;6w
zS`!p4^6FgwJ}F7Lp3~%%-@`k%bcN-Ya|{Nv_;xiY2a;5Obi7IQ%xd#skuit!vSA^B
zYG9f;r$54_g#INWAZln!Td@EcH~PvE!Wg@m9bes%nCem*K2b676k|@6(7n)vWV^1w
zCN=(1#v#x{l8lsCOajY&(o6Y`NMbP-h-9^qvmx~B2Y|3DW7X3`meK*WAA@J~&PaVPRoTajkXLRHR1jTY(?Gow7y}
z=hsv-EU7h2KdlZ?v-yUmdTYc@2sZNQ70Ha#Zw>#ID;Y?o64Q2F{?zVaSDDPmdIgW0GAD5svOwle
zsp%LI#`Y%_wrtS$p}X8iHbrAA42tuS>YD1l03dv*WTk@s!H3xn8XKQNrQ_XoB{?Bp
zdRv*pA+IWhiU&%gZX)v#FBfj9=OV+Uv@=5DLw`RqCp{FanLfXj(DOWOd)y6Wn+swG{8`mYxQGGqSULM
z(NfGUdL~ja2*0NwgrnJgk2fgjm-i)WP|%m(4(UMo51foQTckhj4(`xU?@-d=Z>4osnpS7v8E=6OOFrGuJ-^<0}5+hq(6cGYDUozmcOFzzbYR8e<)Hi$F-hd
zgTa4Vbte@zwd;&3jQ&^A?b7h}$v(=C|1L-V9~LbcK=oCZVxIl;`ecf}sP*#26}F#nYM-qWJXeZx=Z<8}3Qjvyxxs<1B5usG{vLgZbZaz({Iwk%saes^&<
zy`k5Wm&^qG(%dF}=si85Q_kD0dB(r
z=P`fq{z|mvM+>|I4TTKP#6;!$aQJ`C%uAd#JJr3`%fDEE$Ii#QYGX~eK0wj@K?CiL
zwG)r6qN1+b**G?Za0td!FS&&Jf3g5YXZ2{Eqkwh{XmfkKl%t?LexCsx1fG4!SOLZj
z{~CvY+ha_*p+_bHtH{g1EHdt*8}`-mU))o}zwjBhoW*l_f@ZN|tDwAo)1
ziusBFLmJg1=J7df$_M{5i^Q%9!cTIpZ5CcfcYKr>`jsnHROHm#4nyWE1jOdsr4C@Q
z4b>}%qJxW-+3XGOT*TNQAg5kYHy(!x%8tvd>wmR$fC5GjU!k22^UT8?;_7CyjBi&E
z{1D4k_VETLW0>AHg?OK=h3=0GZw+V-FWyh(APZAI4vyVW&)d++^cbz`RKK3aF?AR+
zT7z5Ub*KzLt^H@rC}m#Fo}cG!CJP``r4vOx=<8v@Ba%;4-bupq8%QQ7mlTIP%hn2N
z5-OUX#ng7%&~dP@4EcWDR%TwQ3Q1CC+t}T*W}4qhk5N53UROQzsCau3id*f|Enzo4
z_Q7#AG><+szYlps|Lu4Zt8Kya!2rlu$D+p})3DoTy0=?YwMg$Lk`B+_m;*Evb_w^I
z-h^ioQ9BOJ@kw7v|PLay>_r86~(5<|T)Hb`TZUyE;*m&gNSgv2Jx-$|yJ^vCter|XhdWMBlWPBY#VZ*(W-gtdB~i%W
zqb&Ju6VTBS3E)frEI7ykDn|%7KFbWTHMk~Kgi#VYiV#v$62S2ylKv)zI@&n_xYR>%Pfk&Ftr0txxILVe~^YRnB(W|
zz0=@Fic
z^=tw5v6k
zp@^a#RqqU<`Ni47(j{?|jLRM7ewDGUJ>dV6k)~9GCDvNcx+t}L+dHa3J4c-knVU9845@}ROEk@CiRJlZ=j{aNBWRVS-&6LA8y{@XTNQdUCIER(JG&e5II~uv^Ecx
zT;s=c+r#B`gtYG2;r3UkPKsU3u)cwqt6uBSaG!nV?ep(0O`Y?1ZhjzOVH9k4Gbfv({OgSx*OMawHkmRPbFO|O8LKYlj`yhz0;i14K{wK$2O-n&H7|03sJD1
zl}TX`Sr5g8^1aB}EZe4CLp*hrOFv+mCO!q-KIT)#dfL2+n?c%No(|MF=wPy7DSk)*
zwb?S;l)vg@%CLnGPrX2PGXd);@2y_N#UB3hyPu$5K(8~o-K-G0eDr1Gw}2e~HOB1V|J
zfzV8Wx`?FaCo^CENS`jUwrB>PCoV}GwrDn}vrV56pU9YgKld-qexB(G@o~n}?8lyz1^tH^yY(f|uJmyxC&?*TycoKP!uN$H;+NCJ2X0
z9$1P}CUO{WLrxac)4Fk{j&NLuko4d@=+x?%+pV6MV_&B;B@dFyssJylq5qRQam!4S
zQ(A#}g;8niyG}--!K1FpUKbpxtXD&$>QNQB>SdLM++x2(Dy~N&01>Qutu>Cpnh$sq
zzP}QQj=
zlKSPihB(piTB1h+1B0R`mVnNpeKxGN9w*Zls4BP*CoH9;q`4g~`5$XVmjp&4LPGhC
zUDc?tsGwNDc2~2$B>xM*2vM3aWy3u3;gP}sAdGfkQ&eQm2s3^AJ&n#dd^xRuAl-Q-
z!~0(?h$V7X7OWM#+c!R8vL+PCC4&C^6+@aLRblf}RrT7$Cig|jBJN?_U+=ID(z6lI
z7D817hH;sVxDrVO9v2(^xQ=14A%
z%9n1wV%2KzTc@oV9obaLnc82XgPsQwC0!yuSa}8Ih)|9Cb*u{i*}0nd%)8wBwM5k0
z`(|@ZlGiaFtj@8)2dlG8dl)m$)_uONL=8V_^ccS7u3Wr&8gp^-ArGjA23CCdUlDkc!Iu46NzQQnf$dhqLWj^3#5aOEV+h=4+h+^j_8H{Hu9m>ji6YnKIaHC>0
zQ_djN`b?GHL|JY%EnX{iD!HaR4C|3!6#*D;Mr?eVf(vUX=m3MB4KXKImC7jkVjcqU
zwg2e6?=m2UW!TfoCBaN+%T7RD`sZ@9EEZ|NH2Y*TchJr?bI@-xrne`oqu5b8tw3zN
z5~(oQ)-Pdag!ntlb66^$F3EqA;xSIiGy9fo9`|^j$DYSfj(ylTfJ)&=;IkI-K0azD
zP+WE68peJR)uhrXPS((`!2B{kft#=-H;tP!@>~Axy0(!}+vyBsjxdnr33RyB;hj_k
zb&|iM#~sUCvY^E0x`Hp!+u!|#Hjh7jfbuIz^{=8K6!}k9^H;Bo|GUR(&xBLu{{~_D
z-;0Eh7o_aE=&sn0#USmZ^1ll99}IT?Rx;|bky8JaZ0Y}Kg8y{FW7t&oVQOYlVk4X=
zbM~GcyyVRzkd;|cG2jgTjG!yxlb%Z_bJ`zD!*w&m{A;`Kewm#?A?Jxev-7=(WDnhy
z(TbR~-yO70x2daSsg<0^<(2LDc-?Eh$9lVWtv4zn{K@K~zL-P#=qOcHgNjJ9d7zSnzL9bN=p!~-tl+bh+Slf8~VQoz3vLKJ~
zL|aFjOvsTwWsl;^{(_9GEILHIH1D@Bp@f8mwH1T&?1yK{*_#1NO0&mbo*giT1A^aq
z=YxecoypDz35j0a9RJuChCw(qxG!FGiwZn;H@N9v^f$>b=6n6{wf5U~2&&l1J-ZOjxMF71aD_($X
z7|R5Q%6zX+Iv$dhkdSPKX*~1|W!Pc5YCg7-yNl^98M4yB9Fh_v&lpNK?%#onD$u^|
zj4yC;Z#S^y;8oR&A2)in+Md;o`&NqH;u9(^r93|B6FB^cXS<=K8&~pi6ruY6zmb#m
zY8v~e^t;BVd?`r(a$;5Eh#$@lK;DehH!2zn--CVLjk=fo
z=r*74-=O(;KT@f6JtE^zYP+cTdur6(v=i>MK)UZ^io=qlJuo#2{!jTdn|7o-Jt|NnJ&X&=+b#q7CJuM^0q?RycJ3Q|
zMs*+HJ3_dhvnoZw{T^FD@_3+Uiue--ZvZ7!8Om3A1z1E&&T8CrwW2FR1px
z`RAAmBk~>9i7Q{4Vw)6KQE$}$qff{!vdzlgUAK8Y;YQ#D6oO(4WFZU018?LS>qM%0
z`zQaT?Z%V*!Fs@3x*1a91#@wYAzOA~g1A<1tlExwIwykrklNJhvIZQ!)kR^}8DOD3
zKoxNt{2i=)j&1ee`xLk5bIuIH%iH|{536_fw^8H>YXnla*PoZgQ{J4C!EOiLYWauE
z{{Z#}z!O<}D?7!S{IL*$flDVNF%&P4n=P|Y2gEKK}Lv=$ThSuQ4cU8GR(*<%+;^o9X
zMI;I2>_+2_6eDb(yWY|U>cU3epb2X#n5w;4mH$JUu39qYlENHmQ#Pxj=$Q`<@yedt
zyRWc!X~cH+MwnAOylG;{$$xj9|A~!n1i#a?mCSQC5MRdiw-amX?|vvZp55kkAhXHX
zIn0zQc|}|H;Y6}8sJXDu#N;&4*8bzRC5Dw~mmld;*M=6%nSA&pt5qPuUEB@lEZdV2
z@8J%V>SZmpiXvWpJP&E)IzX+oBp`54wy;F$k>MIi$cbtR%`b7;U-GK)A$2==L3^Ud
z;7o3~B2@3iu~E20(1(ti2SgloA8OO@>Z<;1Cg>PB)OV!n=RN0&R20_W0WHPPElaL0
zNlay_D^*@QJ<_-?A%Mn_wdsi8Dq0`aj}Fe4yqlS4HY=Sgy%@AFjs45t?uw@y>ccre
zyv_jD9X2OWomZ)(Fa;m^Y+68UIw#cMo^Ot-J;!B*+LUQ#PfS-@A=)m;Ykg#(h#CFN=a)6~V$(~S
z2b1kJck?s+py#?(DzS|*D1Hyu!4-%y{|3?!^|$_wLjBG_O-K_{m-{b
z1!^V&dVP56fY1-$_1Hpkk2y-1
zU}Q5Q6jKN;)&ScKhQSYprA~g11|AJjf}>O62U7@0Jn=^dC5P%FX!W7o
zhOM3X^U?=>pMIRpSH6`Q)*iyuyQRI8rb+Rq{##wSt~kmJ5VqGwQ5{Yo5F>B2S+?8(c9Qxj|CxZ7Yh|
z&PJmdthT{Iqq%?K@{(k7Dw+Fc^9acv`mYd7Km<+7EdbK519!L6WC8~#(aUGL%9`#a
zPKn6%B9elD{x}QAZE|CwSif6HO9x&|XHM(;`z#oq*pTiZJFZfD&LHi?2M3glBika^
zBg4}`JXEfLZsVyR$giKojzzEqR|NC{fb`x9W}i8RDctvD*h9-#TTs~P5e9>NLdJB1
z>3*pI2>FQBOwq^zURU->_PzPmBIWkWYIsW
zm?KIEPcT*gGD34HOL-jyX(cw?A72$}M3<^hN=$5y2A(v@Gb}eo&_0JAL$5@JpZ+VR
zKi|sX8#6`c7!#)GD4JG40UiYGLeQMm-dR%F`iDpqh(@(VPfl`+o!;Ea-7$%=QQ0b_
z3GBY`br0>Vj{j^c9FdyVU&b=bZP&pDjWCpdwK@+uZ7xWq!_e-xpj-f^R7a~hZ2>H%
zZCM58BsB(bJ%rkGQ!n5@X=hwlo5&Xh_&YL?T-mB~HS(Qj=^H;&=0n#4N}t$Nmx3vt
zmllWiM&A6yM$T(oRQ68cSSWxI1xhUa+jga97R|E0#ASlO$Pm}8^A
zxzpqjlH+(+*J&of#JNYYNPc$Y?Ti}5C6(LAwXuw@HxFmun8@5bY{tM|%VL@HthB0{
z`y#YJM&R<2JRW&n=jzF0V%0jzurA%HxILbDW|IfBP2Oo)@EpSZ9;ADbgjqasB794~
z6R1&yd0Io9S9)sT!|c`sLMJAd`wJX{?p^@*uSJ
zhx^XG-EI9Dd!sFFdlkBl(NAGZ1+#a046|SV*-_(1?nRL!KQN)Pmx|(EZzMfoG?7Rp
zR+|oFgg3RYqW85&AZBq&$Apw|_l3$MT~`I4)SKYNHnbm8<`ULA%!
zq(QPD%(K1jQ^wk#6q?@iC>JWMhEOnmIZZ&yv_yLLvslnwbYtMU!hBK`#%=gOGv|6w
zZHDY&0xDVZBI7@pSViSZowF9?<{{B|WnECVGeY7x2h_upGmV9<#sj{-@}IGqI$Y$ndAgz)@3aP-
z7_cJ0({fyJ+ebo^!m2l~JX{M36BT)k!+ZM5n)N_(vq0J*)QN*TYoFOvq;|q}ZVjIn
z{G)>vX~QvcXjbbzRfV2)PWJf~tNPgaPy31hmREioDK#%j5f?E0^j+B(UZVSqQ?ezT0Sr@zj&T40cTf;)eGJRpql<4k2~qwK`v&B%&SvW-@M+`HvU6DI=?
zS0I48o4QynqPqTt*jZY)0xd?-GFWVCUVm4GGe5o>~c-!*vqVwQu;X83**rk9)v2MmGVQwF1TF|$
zrePyRvH6YwZzS1Y!A=7oT2a2!lvJq$v1pmj~v6{)2vA4W*T^wkSli8
z1}x4GL_tqXj!u)l0#?M?g--Wwen&&{@9JuSg?V%;p{EiO0=0gf(3mX2tjve9=y0cw
z{^C@NkSMa>mRS?YBoZO#_ZxI~!GuA}KmKket;i${5_4^-c{Te2Ti_qr9w76dIBLa>
zLA^o?N|Cge?g!>5j
z50r298t2m$G(wKcxz(#=FpJL?MXCW#v
z!bBc)zun!5my8{@@`IzB!kAseP|mkGK8
zCxV7+y_R)3^gsjvhzjJEe~SeI0~k0?KBy8QK?JY81%iT*VXKe5th@1VpUbXXU2Q!C
z)|Mx|$HDQwKg8|n`Pa$7W2C1KstQAwR!ScN(y3RcJ6s)?OGn&$+Zp5pe9XlTG0O7T
zdzX*iLWSwxTQd4bGo{DeB~#ct71U^7WT!(;_k)3JJDC}qf|I^CwqTw{#`(qIL;&C(u
zzKJ0U+BQ~a-Of2?tK~aZAboYE=7@;GhwvC(rGM%9kkQ@gjSkdq@r35brLYX2lt!H)
zMTO@jrMAC%I)0e8efqu1bFh9A!{oOGF7w{X>xz7RSh%xm+E%l2*L;9=*-`U<7^%x7
z-`yYKwyQtf+3Y_H`^`}pnf(kOW4Cd4$e`VJFLHicZG1X1k+SX4EPK004kWNhqYG((
zilq2=%lm6+{khk<#Amk8SZZ0j>`@12v9aEX%C8Y)*aS=|F37
z`s@zcfM>W5k{q|x0qq{^Habe6!YA+hgnH>iE>LxGOpeUbKgzF4qoyor^4%l7nq=#2
z4`m3UOUl!bZ#UcCO$@ZZGQjzO+lBfuVc={JYI<8qen!5PU39nvo)a~42j^xk^hXCa
zazTH8)FZ+>R{!n#Y>;n~`_-=iHp<&de!*GPf%1#)MvsG9`{OC|skD9f3{tH7Kv?Gq
zj~POc4E_nk&Er8AaoBkAjAmtgxzd-<`=$A%-&hrwF_~S6LZi9LG&Q0s?0I!I7=wvtU{6<4Mk*0+bz+)?5
z0cAk&HSSwf+2-h&hLqs26cYYm{7L}U@-$|`%
z{U{(tr|D->_T}EAjxU_4b~_rr{JdBn8rJ8P_RBQL2l^*lG%CYY1{hURR`P=JDT5=;
zfZ$iA2-jed!cBHNmDB#D@J{dNZzCfqD4v^>AKfI#YOZv!|p+0LGgfV9>Zc*8-1_bu`(!Q62y9;6~2A#BF972
z%kGW1U$;d`eEE5@&{}NzMU}=wW1SytHAwU~WZF)xsCcLqyCKQ}?}|A6dhG6xPEE^h
z70D&d#D{q4`Un<1z_yu-tr;5#WE<8MkICi6V!=I0!*MWLQOLoQ+&O|^Qu*x>{
zx0)4Sk&0L&K=G{rk3`PTfH?`uBR9cPQ1h$xLj>K+(o}9`ese`;neB-l6JT45=yba`
z-&}(TPWX=EBXErc_1aIYzx8`)*sLw@D9x4ylzMy`&yxO2^bC^g-H-}q)2XMkaZ_rr
zOSKQGed)}Rt6DVe?ELrQ+3JQsvhCVxuXuh%pM>YU%Dujq8;$C;&!EFC&g?`*uUy&(!`gKl0}G5*
zRg~Xr!DeLUUzWHNe&kQyRhMDEPcL+0BIO;;)*hU#F~LqLwQ+$<+S@g-6UQo0tJAn2
zNAvy|d#`AK)GldSrIpkwj!Vhz?(y@vfp}%-D&^{}67H?9w_oQG%#FnP&hXs2{?Eq;
z6GShDvvt7!{wc5Y<_1d7v6njn{iM7^Kq<<+f8A{+;Yo45q|>>*G{ir5n(E-|YlB!y
zb#&}Is;;u+QYXc5JV~_lM`8U`^W=+}FWQqFvT1wbsx>T@lFLHUc
zOw?6r1SaqW;DQyDV^&hSQ{Icr2Om1F-JvGaKjpSc^XE7;V|PCP<-(iO9yl1?(G613XS~p-IsFr1
zkH3zGEH*e2=4Nq-$`d*y9svQ1b#qMQFch~&PM0{0ZTvB*5G(MUpFdt~9ZXpBd@&#B
zC@jxZTAs_=(IwKb7L{>sYwVrCkt;{v_^dWF$$Rt`&7zJ{DNP856ASFaSHkT#?^%=H
zW8@S-wy&+JTtuf#K;UjSE0;)+Rbu^K!<>>Thr_#;pTAGre|w9_xYsk6&FSBm<)*Is
zP7Lm&$B}w&L{V||R9)-I>nczSkuFk^u~UgXC#stHN6J$9GeIp8$8g_t=XvJ(x8K<8
zETW#{qN43iSpBT3S{W2)>4vh_QPpisv`DB~G3<{hRb
zkOz49(9+4*|DV|fbFRE*$hPI7>;7|#ER4+V+Fur%3|#fLuc>Utvx66VZEtf`9*s+G
zG1RV1@!V+X)>9e3@MVhb`DGhKBr4?eg)`?d$vh$L{w_kCoki_y4m0=VbpCf7LqcYXAJt_wO4GyuPyY=Oi36%DmC@
zG{Dx;r>}SEwJ8ggp86@69kqCt9KHQPso1TY1WBH*7mCT{1UJa^92)%l-RH{MU(u3YWL{nA~(%jC$L4F_0?`&{ihudvtk
z*clYgd|$P~-@v~A_~V%`-F%|{yY`9ib3c)7=^Wj6E{K=4^+BVwuC7i`*P-+G=SQzy
zs}u3h^_Tsw=6DANx&HQd&(fO0)*U#1e!jGL^p4`!V&?j>i~hfhWqNl0`Q?QRzm$~}
zY~Mcpyv=7GN9{$GR+=v-#yI}Cv+Bppye6AVJyXvzE62Z>Iph4vM=Gn%hWaP}+?#Ww
za=q#cKWocOR%TNV>z{8~it^9@Sv#%tb#2~Tvjy$-Wj5y?Z7AGU{%*_U$z`o;1h1Ef
z9SxL9T(Wtm?9Dw1Yd>Brlm9-Iy_G$&zR=2Iljf0CQ!FOBPy2Pi@V$4#PAP>miqF44
zW30Qgr>2wjydC#nxvH3Oj+kvc=l9nAdCuCf-`?ErM?>qyiw{0txPI^4<@kFp4=ydW
z5v!QZ%_c(XtRx(!p)0X!csI2q;v
d41vG$uDfEUPwR8o4?M_FqCvi3kcGw64Ibj!T?e;lr%$kcM5`nN{7TqOLr*X4-k+Bi4o~W
zVu*pW`JYekr}x{r&YA0(0cLn+p1t?I?|ZFvuZh#qQX?g1B*wzRBGph=eu;&JLl1r*
zAtC^ejclcr;KvCgq|9jDujOt>1o+nh#E_1v9Q>%G?W$e
zeY18K`~s<=9g+tn>3dETJ=}OW?8@nsI&7g2IhuZ3@WgIN|11^e^tGitBZVn+(YU@_
z{`~}}5Q6(N_AV+OCt`<~I8p^)A(DcPOC5(jWz=!`m0lP;Ip7YV
zS5{WGenbEPFV!;R5>Qf7zIuZl0bYC9AF2ReOSk%e=(HbTtfhNRt|%ORsDv4{iU>v@
zI@wr_RHVQM)1gbvPQ;-+=JS?I<7UApH}8fTk9`Xx;v(c5l9&OX^X_q$@?|ZU%|-5r
zQR>+MYu5aXLa#2zDK1?9?Jf==~rw
z&hIK1HQu5j);^%iu&<-lTG9K`ey|Y+$rU3n~&wp&Rt=_Ig~(4*c77
zs8w$4ow{{Mv6ZM*O8M9{*7ojL4IJDn#K+XUEk!yIi})|!A)}AZv-r(=W6VaxfrVW_
z#2Zhfpu^`ZVUfbdK@9I=8}w~AFGb?0=$^n)C;rPP(c}!qT`9_xsSlOXZS)eNM67v<
z+2Zrf82Uoh5IFN(%
z!ULk_RchpP@daHghiKerI+kQZa)!Aun9vrr%78^r%>G>>4wSKAc!Ww3$M|yi__C#T
z*OD9u5d{rCl2?%iN>qRYrDUg%myJ+TZOZNLq@tXZg3udw|M#9>*y_R)b1`bsd(cCo
zN6Ew#Ky$Wr1v@OlL5vhOB4$6IKYnD%{!&suWd|
zpj>qadk7m>I2lffAFKEso6~fe=sLSn4hlV-G@L)2%0!@MYD^)F;zY@^*LbOEX;r6{
zl#?3ulJKFy|9T2k_BW^bAFDrMCL79ngzIQfHHBc355{51k!dzQt?w8mo9mk+fpxj|
zuAFx59zH$vKM}To(1*E(rJ%|>IG&@o*%ccZOpO@#&X)iDT-Lqc;Y>oYEOa!X7|n(b
zks^p2ef-vSfg3_EF<7Qoa?qFcXkd64AFCYJ$r6{ui27)o6E*z0^}hhyq?P{UmG>F2
zzMt7oQnIoV{SY@a_V)HPa%&T1dPXNdcxI|CWXV|NAXpot`MA;KtYKpxKdL`_)>0nS
z;<ob-97DE@$TLAzU+y)VXKNFsZeDfy~hzX6oneZ!og!t5$0p6DTsk6S(MZeC_$-%
zisBHv*P#^Lrf6fW9>N6I3I=HQ*N93P1q!x7uYa8Tf4(Oeopuu%Rl~7O1#R_{5B=MX
zYW`RaeU#<-D-uJ_+V{H|VKG}vF8uFv#%Q71NNzpMum24ys!RxeufIYY@ySzOlxTSP{1-=H;Co@Jy|HMfW_vw;AQq(8
z_8s&Qkp?nbr#|gX3ocEjg5Z$O){@R9lV&En+1HY0){@TZNEqKd7FdVLU41W;H!#WQ
zMIBd+=bKG8P@*?IAEU%8=QrcGV0&Ab;ZnJ|78{bIqod<(PSwP3Gc{I}R8$cJq>RfQ
zmwRd>Ibkku1xy;2NAs0*t8UPTD@L8y9vFWI2R@dI{To%wLe=Wd$5J1j-bnra@655oespr#KL<&Yc5XCNoYAZIeY7dK8o2^
zyRQ-lcDQ7lYb>^SIYL+hNrJsbs`vsc8Lc#{t)vo!?0iw)twB*mER7a+PI>q7kba5+7%Ar|ZTj_EBAJrq$HXwYxEk|bS5Zk3
zVX-oAn2q2%q8NG;a=w~@M#Zo$yFapM?9Y3iA=rdDoj-(iUfusB>1@0yX9vRBJOm>V
zn3Y|zL~HLkwVoUD#x^JT8Q2Ra(sk6SAU(J8yV(OQl*i{}
zx5wGidivHa6*hyT`7IU3jiP2FgHH%D25l~e?(~DL7n3*j#<6M_e$jXrkKNjH@NJ>m
zva2-TZgko1c9k~0FozDcklf{t-op>_OZqZUQ`5wqomKSJKQG^)DW~Jj@&03JD740F
zo3>5dgBt|K$-J2$PsdCP4a|Az&AWH;W~
z<~ZA&AhN^5!;C{2nsT$R1Ycjbv%KU=&&^H#{5)g1mt6i^nzn45h}B-HtHFQE1;Yon
zN;DV?g|celmr%+L1Kl=%qOsFgP#Rwub6**kabB9nc{<_WEH|+5=zDz^c~Rj=1d1er4Kk`zIxXIToWA^|aH!wEQ|N>^lnA
z>jGJo?KaRs#9<_>rW0gaJzgZY+b=&2k}iB-^`L_Oa5cmH*EW9E^}4CPex&_)@t-fd
z^GYlk;Oas0t8<<=Ag3R@xW3#!1QmJatF6zslSUE|ykTv;CF)?ijq3^?)yYe6w5}
zE`5)TnwIvHi{rgDF`@gPlQ#Vo6tGRTY(Eoj%ynE}M4E9?GE2K+A%;Fu)rhv%)lqxA
z9{H7UB;M+?-&a?rr-|wrSUFq@AXqL>kp^QMIA})DiQKg0+0z
ze*L%sF>ipn!1-r@H)3Vcq5cx?>#*!IMxltaj(3==g?QF3Xy$xHc^pv)=w|`(B=*DPJ
zaly4UtzPmoTQg{|xw&~j)_CS8+ELmHb<6FIitAE2h>6RqW`C9vo-WZ~iTBg-?gw`9CbC|7+MZ|<0blxbi71F{9$pkl
zysVYjp>6*;yw
zJyD#*$BvB{&i>MADCxWyE_Hpx{R!rwsXxMW&>nJg+Ii#1
z7rgVUo}U(DC2~7|Z?apf5B5W*&sYzW2pVWgihu?C~_%>&+LXD0zP1r@kd@}k34#jAa|GHaXL
ztBFgvwbX!UKQXvE?YMj~cuy{nK10w92a8$O9}gCUc^?b|8};ybT)Qyn@{~e_5@f5U
z?aEfy=>;Fdrrn|sror9wIN$u!kT9Su^kB(r$3hy5bj@=4IoyA
z8t8CsS=UGsmN~C+3IoJI>ASA;mpEa)D`ZO?e~4W+4}8X(PF6A4eY++xP*9E}os19{
zk|E&Qta|o?V*pmc!n(^O(Gx+g^=;Y2Wh~liw(t9+8~uGL|4CS@7lQ
zp2V(Fu3XTu%i}LFz0j)5)fF248h%@;hTy~d1Y~WGc1oFa-yK)xMUygF9xQj?qKyLo
z#i!`A{dW)aMk`FDFcR~HYT7c_XsY6n+zOLMWv3dvK-BtMH5L_zR&NSC>Teb|K^L6-GmOz#pbju3;F92|9hCr6P26bAdvur@BgeQR0MQ4rqiDjHYF7(M%x3($DKiS1W8cY)Rg%R^P_NpYcL%wvi=+r_1X4*8mXfo{Ls^v
z`-UyatE;PMkb-Lv`{sXF@AZxqs<|Eg)zBmPG5gilZLE6O?h!K?^CSOnp7Zb4bH0On
zQk%Su4eukvyMCXq&xMW|L@Y`TDT3&9X)p=I77@{<^{$bTkbf!Du1ZEUybCUnqJ@@+vvW)xBZR4b_7`-W2#M-EB~y
zFy5d*@6_6Q_>)Ahna`3l-}SMt4BB$rAh5=ZAHdufS<;l99cPQx``xbL+hxWL
zb_}PX4vq5`U-82~Rk854gv@^`0=Wa-|0jgwNx-A@kYh?vh;HHUHRf{V3~bE@Aqthn
zV76o9;+icl0UFnvsah^a0ybT*Td~VwpE)<>DSNgt7OSGa{_NQc3=(U!PUCxTkMfVe
z(D5vJSh$$&PklE;A)VWqB=vu`c*)nX;xE4&={V$M_QG!RF?7r_;aVxLXYK}8
zFxB4#a)qW6S*`TY&fEzPeaoqay2ZZ$
zSW>um4z7NK-CRhT2b|CVItr`7eA%tjD6Ew?M}0xf)-ecm9`VgJB9f_iv_7Qo&efaf
zSFO*?7!}otG*ZMceRe-8^1~!$iiZir(>B}!o1&=(cu`SZ*u%k##teX$E#@1X2Zn|q
z=WDGV>slB{d}tL-L2bUx+h}GQ8k)=tZYoBu4c5>*(d5=x(lCD(m&PZ5ai!5w_MTU0
zxAKd>RG5ocO3p(7H8(Zq4K#mSH_nche|%&;oShk!336W>4U@5O;`-@m4?Z5+1UGSk
zb1l?@?{uOV-w^vLHrrF(p)@ZBp^kI$M7?wpoqQae;|nr9L0$Y<|D+hAr(>+^0dm4x
zpTb=8RatAd$o2b-src`6aos`(`L5hY9t7(nG5hAcLSn4?X^axcmlSqO9kMN6+tF2>
zN0VI4k9{dX9Vvc`fA5L6atv8m#3fCDrV3j;2LXgWG#GQiezu`|tMu?2ly_~8hp|UH
zPL+43@iPT
zf!o`=;{88Ry)h>SN?m8oPFF7oLR}VGR8ANxZmEC+f<$$`VPmGIaI>Kq(H{4n-*9Wm
z=)b|i8u!&_LqXe`*b?G
zrj;w_+_DRloS9mi=ihd7WCNxqFu$7Iti}mVb#*B_$n~Hw%8KXRyxfwsfMSa;oK8-|
zUOm>=k{`J2jat0VL1-*wJ-bFu>u!fC$ye>Ae;m%UBkKH|$e~{NrzSgb7$bS_2CXiP
z`;$j(B!YcRN&my(2<09k9qhTf)7_J8mSn>DMrZQ#OtUs$%2xNGuY%q?6AzI2-k)yk
z+p=aDJS8(T0c_eoUDuck=LkgecTb(lH`Dsk1-u-XIY*Jr{Fnoj8Y?QJleu7N{m|ES
zZAe?UqQt61tGH(nB)p(-fkIZYd!my9MMXu+j3H9GW_i5CQ$ZbC`y9BTVYmoMFK8Ju
z-fR0h0@WLhO7D)S-e^Bt_9STWKx`~7Tp^krGwh`iy1H-eUyp*kwbHVUBY^-3;jf+}
zuIks;qrjhQa|0s`NM7{)~oim?YaW^r*5jG-UJiZffZtY7t|uq*LpXCd3lA&52+
zLiy{B=aqCq=HJ54{~eyUcwLAd-nr9s(lCEaz6aF6%=l)IlY|3KA2Q1ao5K2gqDWqR
z_jy0tXk^X*iwJGd^4cK%dB
zO->AJLpe!6s=_Ru(-nPlkhLNxPDP_WiNR+m_k}XW873d>vW+a>78Lm*RG}1
zsx2Co`gA(pZ$UDXRC1PJmYZn`A?7T!$A%pYLetCnn^Rwm-AF+sd1Zr;R|}9BV`@m7eyN8tyL^
zr+3_gg;e;E_wjJuCbHtG9{$5m@mxYeJvmC?5Ga*AaYFR&NIKFWmDrcgMvRzuvFPp#j~(0+-qa(33zz
z@s*y5iHVKXI~rpAx2GyZ{5`qB2mC^e$Nwyt1iP&0^XJWBgrA>Z)7c_y`)sf_ab{+Q
zxb+#MluKe=-Dxp*TNDW$9N-fyoN=wQtx1xPAFZkb&(*L3mrm0KF0lsFgD7f${{3tH
z+ke}cX0KJmwA8qXLWTD_1^Z@$xWb^9o~$my>p&_5^P(gkN8zw%o2HJc?jqrd4R8D(
z`DK0`D8pRcig{IfE>sD9C(-h-Lf-Y6-!2;m5l&mURCN{>5z_n>jxGh;kC*DMM+>wY
zYj2fBw!W6BUP^6ytRyx4`{{;WjtId$m}G1N!}mRzH0-IA5)q+Hmb;(_m73x7I=;?j
zfpMY5ESZ#P3irTE%I@NLFNtj0oau-jVA{95@!{Zw%y^34&533)kYJ5bqMralhWA9?
zL7!$Kjx9<6(HhbmX;hjK`ze*9u|K7{F%Mp
zPM-O3B)d{zh1#vk9!A)=a+@sZ+JL-So*Op7D%4~8MO>Wj>of0~w)
z^TutZPo=FB`o*B>CXBF0tMC4xC`-VO8<62jdxDaallyPs$)^;4=GKKbYODc}&hueJ
z;is!FqTMR*Qac@$rvz&uv#%pG(|a43@ftZknDF2bBCOcPjK!QJD^!#nHAjspox-N@
zdhd^J!IMV|D9fNqq6?MseVy4KK6HI&p~7vIZ9!fluZCItj&)z47xwuunfG~kR=}84
z5WP}0$XIX@nz#t!0N7Fo=7maLALi?kgx8~AWqxL^2+NJ!KhaJzOH;s=3jh?+7%C^@}&C}_&7q7hehFzk}tEfnl_Z?DPfq4|dk
z9GBMJ(^yu2e0+TL-?W?Ysz%3*=xOs1(%oObbc}RDzuJ!UxFjp=%LN?(B=BdtlT7|<
z`1Mzd<*v*zO!S^~z}~~)i%m$IxzJ~LexZ8p=vVO$BRa=lpFI^LW1wi
zpX!b==-m{!`DG4A13q*+mZ$|5s?#L|I+hYWo_n1LS`von$8OE0Yd9w8&aUn6$>AZ?
z8m{U@j0%>e&BD{Fc&ev(s%hwrLMccxNySMueiUU0T)6JBU15x}!tuz0g;8$jdqqjl
z7&Ojvh^6JuwT_h-=AF%>9pORO0!-$Q+Qh~7OE@|frT)Sx^5{tP-Me>Bb*Z_yxeIJZ
zATP4S?||`AgH;gPZePe#z;#+`AYCW@>I~S3I()>1Od$O)8
zNm9{Hy)KP~3W~U;I)J_uYkN-v+4y*Snzi!=6XCma*sr-y0;s%ziDc&DlL!KGvIpjE
zYo8p2AB#~MXnFSh`N>J6<22c=1pjV5w|`^oqlG+fxcu|V=3;zMtzTbQ>b-m!
zKA9U-tPP*4wornw%Jq2GHX)J!J;qmfs;G#gtQ$GF`s+q+ZhO6^pS9mAS^f=(wa6fh
zxcx6Y055JeAVQ71BKE(O=p`K9ZT^E&;Cb%MQ1-@pP0SU>
z9+9~;9k4YtGm<|i%9KJF5Rx$)IpRh`IkK^98cr(AH9?&f&$3*Q*DIF1lYUov^8@YU
zh933$S#r0I=s^0%OzTa~ZsDPZx5If{TKwDY(usClL-?d`Ga902@)5UOChH
z8{r%xfu`?0GD}fai#@)l(A~p}@_eE?arM+9?FO4g7RB%cxhJLUaCLJA^QwMUUp``b
z2a^7&T1x^(x_5&
z16fdmj&9_}Ne{n9iuEf*JJB8b>rgne9r7aM-^GX{{EW{tbJmaj;RrZq6HzYz)UU79LWv?43*j7jJlb@w=f_
zQFm7M`$8#y6H~g(?YVA~NvSmMABKmNB8gPSUawAQ$rTGR+!YLcN)lbbn{s7q{hsT=
zC}Y87a_L$qiiwuV?z=E;nfV@>Db1YrhU;L{kX|o3Zm2{$m>vSqU*Q@E?H~4G#C3`_s_yS
zj+`7w1ikQ;sHkYl*MO19#Ux_^X?lHX!NlY{WnYMla}QfYsL_=q{?&)|=8+_H7mUYC
ziI>IrL=_3&x5?@H1nI0?iG4o#Vep(&i*nPrUOGZ3b%VMp;w=RBB2dC7fVEOc*-S>Qe|qSQa9v8#+G(i0yDtXZ(IkJFdSh*
zLXUw1sD7kLrD*qpREIIy7^|q__M@ThKAElizFd%7g9t8xnS$XKmLr5ZgUTV1(=3oj
zL5w_#RPZHfB~2VPAH85~EWL0kZR_udCXrHLnOM35gSHDQZ8OG+w@sk~irxwcA8C7
z9vT6kM}r`wfcUEnf6B&D%c!0H^#3()%m3ZJoiyxaN5r`~Q#iC@WAxsuIb}_?%imfuizMkb+XB!WcK27SJ@V0v+S(*yFU=Qf_2J
zC{T=8xPbpg*g7_tRh~PJuLMVDx-yEFz+aLB_x^kM_w(V(cZuK1)Ch(Rtx892SXFpWxB|4P{4s;Izol4f)9Hh&8F4!yTHVdV)LkIH5m-6w1KmEDx6Xf4m#q#GC3*adIc8)
z^nDTA?}1$W+oh33&L{>94O;((V@ysuLY~^@RrK)dhy|Az@W`b>q4IWVsB}?y3iQ`l
zz#*OeGex+vJ%s)tc<(Q#aSe4T7S>;9f!G%V#`W#nw++l7*j~AI`{Wse_>J?M-zC2gaDh~{^$4a?2?kSwGWk2xddn|9ijb-cuv
zCE?FqVAIcWTVwH_s1@k!-j$iJ;L<2&coG-ukoM)SaCk(7q&W2Q>7?L$d`OI%%Bjz1
z-@|{o2P?BrMY6bvo64MJ%o+SiFB;+qnG{PUN29YGszS(SxeMmXRqNn(R8CQ?$}e5J
zBQ7(tzcsWyZ|bzYySV>8vOz-%*muh|8;#7{UOlz8#bR1!9FzVlr^7;~IQ?
z3nQg461f~sXqCYnGgxT3|JT#g?zNnkaRPxTLCJl%o(n_pWw*u*7xvef`cTcgu7BE?
zZvIWaGIh_qtY+O=pf@x5roTR3O6l(5ad?n>6S*n&8uZ9l9QL*9`5!#!=1k)$G^{fB
z^*#FgrTq!0TdEZ#^hn~Nc>_p{$#)*|I+bUfCNrye*iD~6AwL;IC~II(Nvx|9M|aFP#YD@>QFM8b3rmslP}r
z>G0>9uLEtB?7?oDkd6zhfaj-xLlCBM%f*5gIh*Yn%XkpKVP&;7lXdorU%!&e^JmX`
zidX-lA_~OgY*M?nZ@wdB>iY-ZbxDRE6O;l;5^fQ`{$1zcV?HC
zZQ^3L(u_e@+&s^|Es_3_jzx$jE<@UdxayDlLZAAc`<7}`$(qt<`=DQ|c>3$NwH-oK
zh2$z>r!$kHI4j{#;SUQjr-!J;eSq89{=^LdTV?{IQR+=a!(QhbD4jWwGhAu
ziTPJsE9|^Q0=lf;-_{-LHrjoHMg)4~Kz@~~7lhYoy>n~(7A0z!r|z+UO89Vm_~7@f
z1m$k#jO$3J)^c_J6J=d&73kZ=Z-#|$;dF)x2FXKDyKw|U>F
zt*lQs(Gohwf1hlL_OaWaHU#mi(3|%wi{ya|9Q$t^lRkGoQvf+&&(t5M|L1x7Bd}Mh
zh&`QN4+~F#&HVNk_iC*w2k5?YeAaxXj`KwMy%l%w
z-JXv2fWzeos+0a#?fc+Ni|NUbE-Y#~Iu!84=*nxaoW_tb6~}OJI-ATbDN
z+H?lZ^}y>aSn5@%E^6Fg;1?eGz4iIQk&wyq#b2W<8|CM}Co3o|ZLn)dt=pbdN;I$v
zsckDW*a+f#G*IUoZcEo4YJdBT>}q~)-t@l9lwPAIwQT;gD35m5L}$I)bAE^fqkM4q
zrhn7&uObbq@ow+=44A=8IOu@s__k00M`+)t$uGTvVy8cAbobAiJ=S$VR5Og1SoIxm
zvY!zWhF$J;vL?UCNd%GJ2dqFZDzFUp15~zuDSmXjd_UH(RI4&r9WoEJ_Covd*V2AR
zk!6!yz!PHM3_2-wPGfhYN=OP9C4oKpc2&VNKM=t$jQ$z0>2
zKS*s7cTb6s_ZQWjDCe
z7Yi(J?b2RJIL|@0rJR&szP!s!M)>+?mTr`-3#}%}f9ON1huJb)>qFa=fy?+v#8O&X
z+88jZ4H^TChmonTOu)nHGo7YLCbNqVxc0*N+DM!KyCU+Tp8neRqGWBUTr;`EBpuh-(9+jXpXgbJskq{N^2FVrFpug&*TVt_F_
z(NK~$f0AE*c`+pSTj3Yt!wsZjqS3n;gDRGuXigjS->?Syv9kQl!*DF|xQx+)uyPpk
zmuxDC!nicuhg?4l$0MQ{|m*&D!_UHz(KRNPgl8xfa^s8p<{4Utc1L2Bo{GyTK0kTu`(g#
z+4Ck2TfN~S<_NG=EPrQP^^%!nf&2>!6^7|>uHNxj803O*x)RMVN9trrw63pTV-^(HBWfvef5_BcpJ)K8S)c)w(6vEET?=!Esyb|i;JR6bVZ
z;ZVS3mHPANUp<#vy?3Jlkb=)ml%e-p5hwHM4};{n@T{$^H}Z8%42#lZV|cVx=O-G9
zcX@!;S-3h22jOxktcUyRC!=knb
zR~+Thipu&-ld-gr73q+I3-tpS7TaP-*>%}UY;1WiH%@_ZqyVF`zKOm`7hD$qtrt3&
zqu^7eajSY_R3>aB>kfeZ;CPj8aoYi(J+|*r(fu34JIQZ690iCAIL0?`<+y!qb@ivX
zy#cZNYqrb39*1uD5bDx37E>MO&w$D<0({V0v4TxVig08!S51ZpmPS;9UVz&@lkn6Oc6^
z$^y=!$4}4&S2!^_P^YZG=j7%l02Q~`01~=S$ASEatN>|@OCx;vHSRJAb2qlqC47~T
zd(y{vH>$=(W83(h%|`)xW&IVX(ooS-u2h7F|1TX?RZ;)|

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png
new file mode 100644
index 0000000000000000000000000000000000000000..ebb2c939510d7cfdd693f9000b4ac3452eeec4e7
GIT binary patch
literal 20259
zcmcG$2RzmP`~QEWXv-+cEXoR@jLeW7kz=pO-g}e0k&wt}7$IaH^T;NfB71MgI`-cF
z*Qw9v^Zniax7+{s{oQW=@2_|763+2@J=b+z_s8RU1wB=ex^(`=c?1G+Nk&>i8G$&p
z4Ij^+C4fH_j~%4ouXDE28V(4=X4Y4k=}L)_{M1qt1w
zlza`_yQi98YMi<*vz<;o^zi`STWdrJ{@cJu1db_2Wz;=V+!?Z|vf1exX+LPwnRk46
z=@#x+Y4*{eCi%likMk
zs-lvCq>$R$Gz6mg1&PPd&^V03nya9p&S0!H#{2cj1
z&e%97Lm0cYw|>Kw`4n#+t*p?9PJr*)>S}t(IuTJq{)0P-B3GKEDHn)Nt6=Z3jIFLR
z*XCCoESIhBP&bzzN!;?~@R?WSUfAR~o-`Z56i{=gbp@4{KHS@2RZGQSj7>~1OWi#^
z6Y(C)oOjh2xZVWPx<5s-ml-ind$V4;c$!m~=gx^h-?pI?*T=d_4j-AKkr!M+_=-Z!
zq*%WY}1M*iWf|$%nCM|ieXPKa1ePJ
zMyTsvq1!Xd9&^D&^2ckv(u=6R%(AKohKahMDf^dwvpe+O^ZDjNuuj*%Xl4H%zcLxa
z-pVV4xW~_L#`=yF%g0R;(26;QfTg>BT;;l7s4bjlX=>Y4XlYV;pwso4C2vJs+;839
zV645$8}C8YLj_sYFb#3T&vuL(!!8fC1alfwx8+CuC
z$)iS`-K6zzoC-hL-kl1oop+q+_O>6f$%fTxzq)K+Vs9FxJ2
zciGs|D^WUn8X6QWt-QuwTvo%&snkWQjzZyV=^tKhfH%-Wwnk$VJ2wE>sZwad>SzM)WowG+QD
zIYtfHm1y_pKKGmFQf-N7_qJdjlQ+^*LvI@fqS;~Shp$?9soaJ$N%N$4#4%=%fUOwc
z#s2{PiCNmiFLy9fF>`iy))v!Jc=(SOw%5u+6YY6@B+J;LtcVu(BI?Ip1__~DKDr-1
zmb@WXOlZJMP~2ir`YQf<6AunH{jQ47h%CV%D%WMV+O*adGW@0eNIy;oFZaslwFKX_
z*%{u;>@^pwx390~A4Zm3QJmdk>N16qnx1ArY>{dzRl=~JiOcA+9D~bHX&vM@Huz{&
zR3v@pJ)h5U`QaXVP?LYWFM0TF$1|5Qqh^z;4UL$%?PSlc6e%t87ROto_pcBWk5u+9
z26?eWiLFk{AXxE`rnb^;8*v}5OWg{8is5H`FC#d$(^^x)Amh3frA8+cA?V8WQQpAR
z^q%4QpMTD|?I`>+Q6+~jkM-r3vhKP|AkKgD2~`!S?zGG`5tgXHt1hzWoA&*93!xfq
z$!zI{dA?wUOyuu&M?)Iu%mcXY%{wU;TaoXD5=qRTuGmyp;vc2
z(}`PQ+|EN`9q1_DbV)ck+(e?Lu4HvH6B83>E5aCy2=k{>&wvI=
zHww|ZegKevzsiUnZdoZj4N8{vL@U8WU4hZ+L>RSn^o`0uWR>t
zc}+aW&Zl*q)3ZU9D^z%?<$L@@TaVlk`9+}5e@Uu@+Un@_(XS%-xA&K1bgd3SizT3M!dqhl_tqt&RVbR*z>}8}qDp4Ckc6whcWk
z@22IQh9M|C&Mwoidu`1d-elUqaa!tDvi;Kps~j&}Iv}Rr1z(c&zwVQWd{%IVkVyC!
zUOK!+#Szk_^%tAsD)OPY@9S}t!t}#c5fewT%>3&E1i?0Zr-a1qm%c){uPB|<*H^@S
zLgm!;|NdKgpXk&6Ctc#aa?$uGHtWCgAe98Uh<_mT*OVCwI16nvrKY8=Nk~a4Vbv`Q
z)Q6-QNcy+>lV3|n2IqU{+t6LFo2U(>lj+nXPZ^i+2yUFR(1~=C@p#)2?`N%+u5w<{
z(Q#GKPzjuuO#@
z&o0u3E4jK@@@D_zD)=^jnf)Jvz$;ab6oj6_UF{bh$Ld=LHt0!1M4apJMuWueV-tCV_PNbt8nqpM(i5zDQCFXilS=$hyD*`nDTMdPFyes|;%1xegOVI2i&
z^xo@N^@rdt;7XqQ#aX?om%AygtL_zN#;lopP15&XaH_@2rd**pmzwt
z6c!gJr>9epCwCOFlMp91`5x7qk~uj!eap#_eEj$f1m4X3vL+Svd8pRkCE`GgS6`kxW5lYBp)IVTL8gpjYm}pk5hUg`Jo?_Wr@=IdS(!trZ)0
zFNFi0g2QLYYkbZWafa(7B6-VV+u@c6;Y+dl&cnZ=xmg2yjIydaHW3x`Wrah)NaNpG$Up7^mQ~*&#JA9$5Kl?Wov$
zlYVb(kn23WO@*OH_QFP=_p0CK7PhZod1Y=+FSD1v_h!p(_xlrFq(Vi0u$Rwb$2GUl
zk_YrH8N-PKEv`0<3m+N_o#yY(3RHCwjv3;mCluntkI=TA+gYZyZ1rN2Ln{tsS
zdMe#TaI+=LMKE+>r-=4Y^tiaEv^QBzWRe^6Fsf0n>_pP&B3!d(;I4d`_QUKkV?Rd4
z)SaaRd-t(Q4wEc#8=s;^Y?PWV=ZFidmptmCv6U_=TWH%fIHN6p>p@gY&zpf
zg}IJ9=6CX8rS4vxi2=Mwr#ozP?fxLq5|0GM)`E;pLcNK*5$B*PkNX(+!-VNlpZW!Q
z_xw2SkT#6_tU)r@Oj%Zxg^KX(1J=kbOXu>UKDtaR`h@lCRzuQvuW?(}x;KjNeT3tt
zFVXTyFiw|WxLw#oey87JC~MT4V#}&xBTQ*nAERkjbaa=4BaMi9Kf_$3;@CRnIHcDn
zt&YO^>Qc~A6l+(%s#fsAf;pnPEshAG-rU?OB}mg)SH~BB?)0=E*Plqqk(!n|?U)c0
zWcRcE*VK!9-&%Mr4i9GwW)gHlBs+#XZ^cj}Dp#B6Q~j!Pv_DF^?Mb?c;8kO{jHju*
zS8D?KAj%=F54e31@ILoAIWOyDay;*miG4ZwR{kWg))zA6yX>P8&tjF+$zCxkLUpBv
z=@5uhxbJ6ZeBs%019-Er|n
z>|B$k9^&^%mmg$f*KgeTxtDW1`17K>M^%z}+2Gcl_cHQ|PZG1Ub)3p+d=BlpoV1n<
z2f6s-6bg%q)Auu#ble4LPVa{qxb8+C{==Z9SKuMPQaMX=|G|USlhKk5ype6=>1B`Q
zM=pwrk{|0y<^Ps#bq1V0U0Gc(tmwDG{c!sKp@y7c4yorGeaez
zy}kXpmX%dQ(OtdEf%tky3pac6$gNls?lX48N6iwT`hp>m$v~SIjc8#UAKF3rkzr8-
zYvx6_L(Xy}A3gcwbBpy~G%#o6w1*=vF_V)gD~%|mEPlAP!_oJMA?hECi#v7xHiU*c
z(4`n&J`cG$R4I7(P;z!ZuHqNNJ}qlh84~_mG~6B5&Q)1)Uy`F_S{$qpm^y8pasqP-
z6PVfdd9bvvjFVJiEU%O!^Hh|a%>5ewO;p`{cztUb!mz8&6mPPFnj(mLm-
znZRU@y^Y6bOzbl|6SnoO(DkODEesD=LU*jct@qdY+zM3qemyj)+>^egrDbvD#kHhI
zWvs*Khov9PnwD~M3oo%Yk~UoospI51|HU`TnUC9{r|_;Sc5trD*(}Tly>DN}irYu6
zt*z+dGu4~BL0fOqtZwmk$y!&$38$(BT%zRprjXA&TJ~IBb*Y~2&zdiC;$TlzHL}oq
zd3^5B;J&$g&6UF0C*ecoQ0yXT2|XxzEPo$)V`f@jovEyUXLa&sL@F{Xmiu%C8g(ci
zJH|6oCR3~vOu4YP$FJ3TY5=9Q7u%Q5S(?tF`YvBH@<`&e1+1MLHz+asim^Lcg<;xe
z8;gN~ikNct4wpK0a*Pk~ly!UO!3v$0@^!I7k@2=S-1bV5^Xwdw$xvhU4~?cC>^PXT
z&pddn0;P4=O7MH_oKO|{qYu&yw&UrHdBqi%ezCDppfn<3S-hq8xCXgvsBQugyzjU4
zfr#)_eMvXvcC=89^|)0`hkxq3d}>8euMSA7qQ~w){a5=^Dp#}5{f*8^{nv74vaY1d
zr~P0{`a{7>!L087#?6=8AO(eSkiQ^v+I_M)p9=|fdQIQZXD8~GG+8*@)Nrk|o;4)NL>rECT18o>NIk_`7J4sg2F*bF3
zeH_*Ejv3x#21O%nb^$tPd<+06!a@C3xQcd7E{6LUyEvQ>ZebqP)2BR`Mp;6#5fwlX
zcn^ruZ1rbi#$j&y=Wu|xG+Fg{w6M;2UVHSihtaa$lOzVqDq2uVe(z&rfhqVC>*7
z@J(%YauyaA93v3y(&L;7BA2?>BSGb7>sps9j(HX+Su#3_EV^oJ
zgc?KQEemdg
z3T4I036kkXlU9nA%U>ZNoVm1EFVkyT_q{3X*H#^K<;sdcQVT1YLsziVn~zcov3xm$
zZJDS_7GB$>FUSckj`A;>#b@vSyll(BmC>^G;KpwrU;@ZgiCcI+W5kZm%Q1RUL3l<-
zzAw$=A{d$-+JZ5q9`0PxattK96BekCy~$S%rpwVeQ)}NRuAk!U^l&#n@0a*4L!MF5
z8^7nlgA7bIjpF#!)YZ^Rqj_Y7k_HqrnW*wpG7)$CisJSuF8Z(59ISkfe$xCc`*MI7
zATPCFN%Zy>QB~)N!y18#U(eCg5SEFsovgF#aV8BqUAgt+!uq-@!NreJS_6$)To$c>
zL4Xa0w?<^+Ho5~aj8t>INmr)Ui&=$@fFa6BJqTCoMw{Jho@V6aG{8!dxRt!CJu=JH
zYth}N7|VCr#b4_IHmr#rsS6c(M@ZrMaLUhCISXR>skK*!0k5K+f7|g~3JrZ-xpgh)goRqlwv5$wrfjT!
zvsT_T3><<3R4Ee!%7T>7I
z*Db%ID6oqg2S`O($knQsa(<6E-+XO9*Aoa6;paOWAA`NB{*eN+yGDBb`ctBxh3>M7QvWy2@pJp*L)Z^nT5xVzj-d1w9I=R1J{tiZFyupK4rIGbMA46LBwCq59l$TV9
zT&GssoTgctaG8gDuC2o(>ofrFjf#i2b-njeVs{>w>AA?pKJUY+TsprWM6h$-OUYa+8GOu`7e6#j0as&?7bM^DE5RO|yczG=nOfQTxZ?!kl07D=XvsB$G}t4HBsk
zkEE|3QJ-Paxpnl|rqY{xviQ;Fj1~KtluDl$@(~Q4yAy$rjc7a~jqQnyQ1BeRO
z`qbvScTgRQXojTx4TaC*=#^o1S+A3(57%F7gp3*9EG4~aMB|Yp;M+A{2l#kmB9KPK
zD<@`0&V`*b!GY`J®Cx4qS>mu(FGypTx%)`PySes=I96|N74|AIvy-iZGnQ=|VK
zSklwSuc3>dn-gV;Vp(v8;sp0G1J@^~0Z?Of!i3DtG`Pc?zL}3nP!PPTDev_V_%Ghn
zTgv2ezaw>OZC8`LzFYL(>wk-S=Mkb23{=9N-{`!0+xTD0)|%^#otN=w>$NB@ZrwYr
zPHPm}I92MTnWe5Tv{*o4Wm(vJy&vT;DW)w;-Y)&({;WPD35CB)qw~m#Z2DVM|L^))
z4d;Yt!cdv-xjQtU>#6Hxy2U4V?lc#%i>C9BZ(Mcsf?~qkng;dvTKZs=Jr)CgG{GmoC>}w`Phi(Pw9S{2nY#
zW5TA&Lz)3#zKCV$Q$m7P)Y6q~7fG+g-+jeBwgRyQY8!%T7fTvWsZec7D;>F`OV)l^flkUMuMmD7
z6?ObokjB6bGuBrs5>#5KNeENFjV`|VQ9dcHtkt$+u(U(2xzkz=HM)c6XZ=Ffzq*on$A-rYYeJ!*>
z5NeKDu`CNvD0|+9^xCB8X2s8Ls?WP54VUP8I1cqn(WXapzByAkgj|kU|86=|9Oa;Z
zuC(MqKV7j=ZL4rUD5Pn;e(iQHsHIREPW+U<4tX6hphv`S+Ou=)BAyFc5D|g^6XHNN
zRLcw`=N7GOYGD&LV_$=$hgh8z5^{6u1QFpzKmY+|Jar6&pi9>NDme<3yr!k5yz(g$Pwz1=VV
z+Y4apdK#x38d1>*8@VTuQ5#ImygICa7gpOG_u62}eZ+uFjBfKlwcT>CAB8$31PSW2
zlk>8agIsX=l341mziJ!(wczwq#Ud;7N<}FkBZ3w%?QU*rSqHrPXIooFZw#={;QFU}
zdPIS>&%d_=D*Td>9Sirv6KxY2LvfaXnC9HnA(ni)s?mT`j?uR4Xg&~C5df9y)1sK7
zWyO-h5`1CWwvc}&>`SiPpi+*b{b%CYSi}x;GZWBY5325jb!SLtq9KU1@up0~f|VlN
z_ulo76_xGiHp|U6H&F2py`-kyy9I=S_4cUg)l@sQXAb5&Cp`X4_$6cIDbqg?Xx&O6
zoZ$F;z3Khr5U8dhBmPoaI_RjE73&8(6r`0B>-szrn?8xExcE#GJJ<$*7K7c^vq>$FR<$^62I6*~EltRKnCkBfw
z)^~6MCV-H+qvQo?tc<6e#*0{lP;S23W&xvp;6|2O401r?W
z{a9b;dKrbD%(2ZJjOfEYhT^j%KIBv^@0cfkaBy+16P9PhDn*(3v|_wO!WgP_m;W#M
zLa6T7{R_i={)^#I)^y2{az6XxenfewWbxx2_c_ISa|f3(hcNSm&Hbo8ED}Q?Ky|sW
zsK_MSgL^OMnTIea8<41}G!B4_ota4qKX95-0f-68d+S{W+iPLeu!)`E*4yA#Ohk;s
z!#I#%pN*Ww-+o2UI!gzn%CIpWDHMqtUJ!pH{kS?BBOl$!C0T^BQ38pK8jk+_=@arO
zJ3XC0`SPaeMt0mEj|kVc-eOEXtpcAzVJtih5
zTyk(VHV*ZIE4?%|s1oIQFH)|e-^lSU}10qtxtP
zNKRBiCwhh2b7DrU?O9V0eg?zxa$U7Tahcf8IqRIlgE?D1$oFQ8Xhml#;qdQ
z@zTE;l-rofT>7x~N407dQ)4_?Fe7NIRv@He5fG9t*~o)9@&w;UKSdE1H1do}b;~m*
zBYne7ow6gDp*y|eJ}j!ATZ{Cp`g8FRxrK!)x%vGXY3Sj}M`AGc=KM-w##?vx%ll0#
zf-{`GWXqga+RmQJF0{BA2vsMDsUf$d~Q2hP4N*c-^sF?l-LcNAYtlvA>FRqh>AiQ$oFGxD#qyE
zc4eZW3<&TcC6`(wOH3=ffLM<=dt4UQ5^N{Dx&631jM&a(i1w^LY;%}wa!a&doB*w;
zD?>=dl2vIzUlsx8+_RrNxad~N{w#jgd1*8h$FJMkeqgt}sjlqMJ{ax=0SSYlR8mz<
zJ#gt@gtA?Q`HC#4uc>22a{nIxf-V$rlZ!+NEgql!)nW7jd)=J9kL?h?356%$YWMpL
zO4GG&=|Z<9o)9Ju{Yfep&KnOZ5|Q~1m)|r_t@9(V9NdZb+&_3r_fZ}M;1|RCfM=RZ
zn%vFrqxQF8^(9LkAdi$d&i=#t1+-^zfIgO#d2rTUGcC&dR;rVZc6myv8O>P&2XAS*cs_qH0d*~_-!;DR
zbnx~@4If3EL_>+S=&ICe&q@}IBBV0~{VCAKR@_cXUizNGz&Whlq
zeaS_eCV#Owy!QdZbHX@acKg*OTQWXcT8)|O;UF&UHDG{%;*HCfntB6!TZt}eB7dt;EwMgl%XIlR
zplgO5kr|Y^{hKxL1Bb4MJ*n@)$MAdL3c^GMm(x(M?p>+a<$-{bKT|kxlc43_cukZ1
z^Y&JeYlH!&C~e*8_{Wb|EJW?nut~bqng;eI(Cd+!KBwOF&20X)^v!J?TyVByZFpEv
zL_hJ1cMO3j-&}XOh_6+^!|^t_w>Nue+L0%Bxf!$y64^wi-8=f7XAwRk8K@
zeT9a1ypj~*B4Sz|pIKJ(@=>Zoq5Aj5&%V>(P~Cquu)P%0mD{qEQw=^9uw4An
z1d2NV=T6iTiPVi9jf`Ppg_WgCdV}LOVxtT{wih*;#wK3(Fjj-u5vxmYYI0vWXKayg
z@XwI>Z0Ma>H0)l;^!j$?&xlp){-i$+8AILp#}z2mu-A^s-E8p?>G=3h%1^{o$-m>#
z5*;hke2{+8eQ(FfcqYSKv-B@s>#4rY*_WfwgUI`Ep7XmBYq<0{06Dsop%yx&OdROS
z5U{r+c}CFWj&E2;mG3+gq)O7of2zqf<<4NBGmF^T&?(tTgByU>%n;E{;XMkxz|~i4
z`*iVF*RqHPY1>FPc0N(}DbFjGp!t{Rw9D$cER1Z)!Wx|#wU{=(Uno+@6r>@7sK`AC
z?f`J1Vhr_4N|c=vuQfiU$fBfPfs*?@W7W-B2G*e1eiwt4@wk2g4I9&?E4;xi0}pY<
z`PzY#%|CUdXwyx$5#MOY$*$8XV$nVy_(gEI(@_SAs>@ha#DSk(#GxY0FP4%?37mZSL=?Xi4EPq~2WK
zP>c(Np^_4QPoKpD3eMOb;TN--u{MJ5QLkqEA#tPP?+nC613zMbX&(|2!~w^cL2Xa?
zzXGkC7>+xsZVU6v5ga*jaR(ieGVc=(o86^u=
zNA~ePl~6ATo*X)?S6zq--04acG4iw
zJM7uNA`RX&!oQefP+$$_sNCd=7vA-GvFPHW80JY8y8dV>tLrTkQQ!(RE=(4#(zEUZ
z!e9#|BEtyoodQ2Vh=zzD-a|KsS3jkKR>b=hKK}k}*na>Uxu<0Kay$*l8SjRwz?iy5
z>Jt>B=gn-Wv33ua`9It_(P$V0CnHp8$OD2bDtyePjOcuw;1yiC2)?E-{M)MgWoLgt
z?qDMSxxZ_~|H+Q^54?o-!m&3S0a4D$!^iceDn;xS*iSu`hz|)T=e;V(ti%uMhUPYk
zUZm-Uv^f~}5&W5RBE;Td)}eL67{_e(=b(B6ilb*`ieRI;GPe>~g;Mn9d+y9ezPN1!
zp3paM&Vx>gO*PY)7xyo{h6*U_oOg6D;<-cMnmr>bdz*7LE4w1wls{S`)Bh;wd{AS7
zV^B@2?{Tuly6qcjARqwf%2`MwUi|2J9B_!&Rh1H{rr*0q50Jhp1gSU8mE1XF+{PlT=xZ~B&6qCx*2qCY)
zsp`AkX~IVHWl2P2^n45~WE~0xLi*th=K_gnTfQeEb
zuqyzNdD%5D@mE{~FBQ1gpz`_G*|jz~-zDfmOng;ZDZZbP8(tIF^rHEUNKlk97MrDN<1Gw6yMyiUNC@r1?`}
zGm=5aWWcs>1_m@*Ti;xWb2Z9VGhV{lBy*l~-%1(g&5PIG)>$b7Yio-u8|tSVB%9oC
z{h|!bBZsooq*{!M8hg#%KPXYZHu5MfgToRe<0rbKEqrhOS3_Bp61nQzK)znE&F5&_
z476mjz2`yxSa7|@>h-wf$2q&l9N|T9Cl-qui*WmmG_eS{=Z$SH4<>M!)#U#rM
z7cOL2T~EoIi&KOyhov?E}x#j>VQ%S9O93`3y-5bkdG3G
z-y8`(B+~P^1W^(E_LA@=92ol-==1D&lA;V1qwVq5h4qIAf5`6iCId69;a0uteR2Ds_VmhpJy-!rRcNYwO)DRrbvWy
z0UUdPqZdSX4L`)14g%PtR?gU8A~v#eF=782gp3ycd3djF&LYFz?qaBVkl8K<27*(m
z;vN?vcm!a{=1CH3ZbCj@V&zt$D`)g@d;^C(K?s3QBX#=uX&}+u>P@J#z_7@peKI-8Ms=Vl
z)zQ<#7Bi+ZA&F{FJHNaX>+$n7At$bqFI|L9cylHBDz02Qsp6|*1L@u@;`FUs%B-&X
zRpsR&_d7Gn4P_$kiSUL&rRM#H-KCU;1?&(y?5%chLCo0ye19v`Qn%aKhxZU*+s}w+*SIM|0%#XVx$1*T(MTnm0Z0sx=as>a4TZ@x
zooIIo`Ytf^$Kda(y^!$@^?UrOq!+Zucp)|$#lWo$E3|QX`s;lCcD)|v6t)MoZ5C&{
zBee4chlfI(-=C)0~}_C^G;`b%4{FT49Q`eC-oqR{D&MSL;aQGMp{^5C18u
zcygRmJ5ddd6-o0$g($V%mg-fci!-
zL9d%CUlDGDwc`5)m&B|r`D6KuWR7L5Dy<6@l{_9|ndC3eO$PNJ9>y+gl$Mr;R5ya=
zqGgr6+{FzI2Gu$fszN&XVl)!lnSGt^M&0b0UX$$c20?V9k!lnd=g+WeCRK)<@+tW8
zV{S6*C}(v0vD=nuaa1d3k+{uRA=U|g5MHNdo`)c~;ncllGZ+TZBjbaM&H3N=$nf8s
zu{r^pdcWh!9mqh)UkoLoKID~F!I8NoDhBJf4%Q>s1hv>XayxS($A*eLc%e8=9~=OS
z34Abb&8sy4Rue=_>+NDgfms^*zkNFpA&|V|k~yFa&!;mZ2PE8oaeG&JlEMfbFQATT
zzlOJ|H-cXX@d8bK>sG!EayGAzz!c7|#-sS5;$r@p(~~lvl)Uh0$85Iw851FUay}$c)|pUHe*Y3wG-kaC4|8L9v6HM?7InFTX$;QwFo!x@qhMZgvpf
zVZ;2zAVlYJXPZ&okpHT*x_1P1aQ!%T>6c;qVpNwrSjQ>))`vHu2XQH5UEO!~SdCruU%x#4Q=7Q;Mr#
z;TgUxjf&(+-V~^Cc*#XQYj8h9fPhKOxlKs3rBHgw2Uq!lV_~ko7(+?U+31CSR3(cu
zC(SMhryV%ki@UkC+1!ARF2gfKi>)m!w&cq#-$maHC_^i#)2tqFqrR!NFOYPCn}&tx
zVYqbln2UtVwLnPv`0OUXn|nL_wcG^uVWScVSbP|uWn_Y)N+it_`PUH)z&<_Rx_-(o
zBqZdUvPon~m4T+OivVC^zKh3D1skfim)6B(f8zk7N@
z{~Q%ypiziFB*?HZmv6n(&!0N^D{NgosK#58mt?RMG;k1kRj@r^_oS;6BgTv0zH_^8
z>UrRYOq~*M)@SUWiqein5tXB(v9DB;$Ml|>o16DizjON+^pNkfG4Ux{vIUFWW_RTL
zip}enD*WUgkn-T%c&%@QPZSoZAvJC6bc|3P;NO{+8-9%y(uPJCROR}cjLLeB4i*z>
z5->Bj?T(P%y4CWe#$hpvnI3p(MsQ-|R87f>7cIzmu;FV$R(iWFJA~F)i_puyLptG{
z_kJ;Plt70l0!%QdefhnXau{bIi@D%1td{-lbXcc1iHXt6&u#ozu8R^ZF1~&mXFi!~
zR2=7s_kL(N0CqYm*993Q9mKE*PFDYKLvYo&wutB!`|4S7*m-Vab;p+kcLZNX8LmSH
z^9YiM4Ek_G>xQW{eGu`HMkwe$f;ZIHuiii0aDHnB=xx|_CBWS0RSjOPQy@VgBqX>h
zrfW;nO40w8b%?~s12DZbg;$op4WtGaesTphe`m~=WWzThila}CJd>dsXvQi7(V33q
zqYMYApwDh>IB59X>}ffM+kf<>iuSltcuz7f)%b$0`<_55?_Gn3&0u+PqlA@83?eC}
z{{pmWL13)WnP7LlXE8hcp0$FRy(s5+!S@YF5VT{xZd$CpMzhT##Ka$^$!oy;-*vF<
z#qV{rzh#gW-&=ygU>qAOz2-YQs&osuw5z;@j{1|?=GE__jg7u6_O_N7IBuf4s1LSN
zpr#3~%r2Uv^Ib;zKfbQsqYS9yN>MV;0Oeb~m+UY|o<=sLmv(CX&B
zKNP;3VpMQH+7s7~Z0N8~ji1OsFhH}qx2_px|L{4h$Ujg3_L5oAc-Y~6=_~@d4>!3z
zVP<%l+(ZIV0m^Z_dUA)VlF;w6uyW@9eV&Emd#X8xbZ`9o;FOyD4ozDo#|^x=hA83@
zRaFdO1~@685&irB&bspd)i(8oN#tpi0)F4|a|(P?pWxa~=#q|&
z-?ZZ{-Wz)4h6Okajf6|qs}s>44(~k<*X5$B$CC-(ud4bh&Q$4aQzBGf9i4b@;BUs2
z{G+;Je26*;CUhA=HnIKb>KZ9If1^LGtGd`{b7yxh!6#^$(1#Ylf^lklyZ5nN?C$8r
z<&#C5i3xMHM4l(OALS?|qpkW4o*9sVdoBR0>D!|%pZzOcD{NCiBF94f-}LsI+ieer
zkVa&i;d^y}}%=E23D6i*ZGj*RVxEEJ?99A0dcOk3+{
z_etFMv@oJL9{NG(KP-rwf)487E*&UZp>gfyD}rqp3A4j4!iW?j(vvB16|?x|Kkuky
z4ez+J8yC7;)8kW(8^6@nij$KgZuTQr;)D@Lm;bunImei)T};*ZZV83uN!%sV(S_c)
zG+p_iy&%1V2a5-u$p4HF>n@SXk;Fd#sR`!8iIc^;m>b^Y3Hxfa?ExEI2}h?+cKRP6
zs!vKhf|mt%a3d=5LazqjLm$(8w39kx2Sax_TH!KPz|5;Z0Z%F!Cy_k-uL=N^i)+iJ9znXjhAt|?5Vv`8}Ht4B%%G>{6dI-XQ3vK=n
zp0-fUc%dY}%1uDCsRuV-i({i>-+Ld^!Sfu*?&lJ^-nw%u>2U24F>$z;eEm&mM*P3<
zEQkM*+pr?Un{4q1RQex1y`|j#Z5M$R|>}pdEL7L>y9HWQs%}FgaUtAY5$gNN@
zg6g$Ez_16=bHicdZ@cz85wLMj45cYT*SYZ#`@q!SWV++qZ8_rnb;PItlJWoM#BKYMhgF
z){E%0UjXxkYFYPp+hv2X&f#JV$6Yg#!GgQEXI8i-CDYSmZVv4%v71PI)p~t`o1ppR
zFvpmy^EV7MjA$ya2Y!h`CsHMU;k_eP7Mm~FVt2`Ss9lmjTI`VA3(E#TQ5tD7@HQA-
zS!mR~jMAluw36eeF`&DCAAH-?8tHyG#|Q#s$&`Z~=uel_(V@oC>%(7vpHKkc!P8uk
z#m9Bbi*Nkkys+zuS8Gkh*@csFqT@@I>s2RGBgInCOUsA7lM5>a=LrI@I`le#;f6T4
z-k#=4hEw%yEi?msfgldHJzzrUSenkkQpTyWmhL!!Tod8yktj8qeW-4CJqe*{hzV8v*Og{I
zHVIge+6%*aQsX!Rjv&y=p_{Z+5j(ZU2kSEr`c`V4RFKF-(3Yd4qwPnfSe^)!>$cVi
z`ME>?aixCwA$d)s+r>IyVNR(=FUGpQuy@iHlbt0nz*!z;)>j1Sp>F}kiZfVW=0
zZ{m-=#U$ILlw0H6GDSBjadxN^aeuJ>Q~qx~^Nz4(a+v%~FU%Xm53cO_31vlIi
z7CyrKf!b`pU#a_!Q1o(c0kL97{iXL2JZI(q;N+HF?Sngy7lZ9-O-xLHKeuiM*`gWu
zRf|!K|00|fY*P(l0=ypAHr9CTl<$(;3II_(J-G;!5s)pHZ`2*;;(HYfS2W!^i@vQ;GQMy-(G6Af{|8zN9~Y>vaGC&;5^|J
z5lM4jh{tY6!Xpb{jg7Cl;-0K?HtZipCj_YpR9SZB5A&5EKK`;zIjC4-FLptj<)JOIRCovR6_
z_d=ga1p)_~8ZOD^VG3)w&fxg5-_DrHQ$>lwfL_6?QWrm6^;0f70ey{Qj&4w_h1aNN
zVW)r%=PuSLMwUR+ki$mlSVBU=vm>q3(W=T%BALY{ZFD2E77OB*ESM8gEi{hUURfHE
z*_=DT0Sy5M
z+ywYqX3r#EK4c4gBm@sU(A=ojoi?F7;|D@NG;XuB+g0@z;wk>8MW-mX*JSHJa?m?%&xe>9h=QS5M>kQ9~@dNXp&GGWP5PwwJjH|1we0fEnJ$?_$U
zN&=Fi!}6v>0Ue=?bUvRVRGQqx=+B9K1-k)c3$>!5%Eln_b
zpv~Xqzf)WwAJKq^Jh<+2RJP!zE;QRrpW_upLF^*5
zzP@&ADTo?a*a6cW?%aU}jrE}moOJ8UWg_p34k3C%t;LPz27@omj2av33>PgeWi2=}
zaazzP&XE^z=g@+?TI_RBTw0K)&L$^F1KqyG6<$^YWu>K@LJv~*tpWTrzaJBIdh(=q
z-H6rDhwjV%8Y5T%!QR_5yfWE;eMA}}Vg?Ssg2ae>%nkp&{oV^4-_TY@`t~=C3yFDy
zRo~tYUk%(DY5doHy*b6-TP
z`G!Amb=TX-YT$k(VDB0@M7yliHes%p{Cag4mv3t;`)n^}Z8X}kU8LiR!qfiP$Wq|m
zGT<0)a=g3yL@!{C?sD|dfq7njpcp>wtu(P=|9g*X@v*w1Kz{^;hqnu>_eIOi76R^I
z0+v)#_MoG_w)dAB_S*(3=HA`K%RaA42sjAz>N9XO-_Ks7boZv&UXQ<40oR7_^jHdP
z9WP2s22Jm-wcayNK=9`A5E)Q|nc}m~h;JW%IO(+hL;k%!v8t&+m%F%3ISLBdz1Lbn
rr;h;}@&=-yQ_yI6E*nm_{0e1|Zu6{1-oD!M<+$e4s

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png
new file mode 100644
index 0000000000000000000000000000000000000000..770141ad54cba4236f846e5af59aff2116c7f0c2
GIT binary patch
literal 26234
zcmZs?Wl$Vl7d48zh2R7T5ZocSySv)}!GpV7@Zb(X26tz$;1Jy1-CYNlJJ0*w`|G>A
zYNTtrx_VBZbJpH#tsSYNB#n+jgaQQxg)S>2p#}v7eFype2MGc4Ze;Wq2l4^!q9!c{
zRXy?L7;*q-DXJ(61yvV^`f36XIYxGr(RG1>!ua>!3p#}XgBS|R0#jB(RKpW+o(xxQInv2a90h5oND5t9Sx4smty;
z^_AE4DE`B0k1gQcm+O_u~^HB*KrPY3c5$^K8K!s*AnO@^?ZL!>2^9-
zcT3j((fLK#e=P^RpT@K|mcen5(gn6~Tkh~_Mk5r^@h9SxQ_AKuH?PralmmD@6?Jo@
zF&k3gGaJNHO2-b_q!^`~IJBFXcvD~~r_nKSSd7)a{1Vl@AY%>CSY5uE~rHQ
zJfN?;b=mciipSJhy9@GKUuo2W%ovxwVH&yNhs}qD$%mV1X|g|}IMD^tadNZNif0=L
z;M37*O6fPte$=POMHD>SR<`902RPsK$+x$ft+LO*9(>cE3G
zHJVMG`gK1-1)J?Mxn>HaJ<19O;O@TiUERpDtO)w1G8_K9%kM-dnoBF!tRPT!tP~Hw
zSIhI|)$Qyrad-QR8tACtBxSPpXriGw$Q)Bo89mEyLvM1jQMEl
z$iK)gnd?E)*_T*ZAXz|dSI^eUZU7lKZ0M601-A8UaT3P)>gezN(er0a;YSgRa+9kW
zc^3V>eAQj4daqk*%?(RC=GQbM|GIir*B;}QT)!9hpBk^^$^uV?W}~T!c#P?n!VL9>
zF~rfiI(4SRe)kn>Hc$I$&WnZ~$A?OsI$HXm5I)HK)BiCLO=mq@)Nq*lFAw(c50_p3
zz=*5YMeAYFjZKa0&NtaJp=g#Pk!5^8{35U01F08d$M=Rwp%l#(56J&W(I`{1-el40
z3%+4VXX|OO>g$Gvy?dr)cR2t`oth0N5ucO!KboAPK2IK%x$zb6s|k01hc-88aRgX9
z51erMF0smHQ#U4i?;z{8IOY+NcfcYf|F>WD?LSJR_*Kxi3@1^K)+Etn?ud$NYqDUH
z#|(nQQ7+}mX;lh^-@eOr^sLV)2->zkH`~m`m*mjf{kHFW2CFs7X=>u_?_DQSX@0Wj
zVj;=R&GC8nD${L9om0Q$RQ&UuT^|=;uHoNqoV=~3YiJZs$DfGqP
z566KtQTQyWl2Lea@S3Un3>xtza%l;aR-)Aau
z1matD*i?HR4@9y|oZdJ4qldz$4Ycq%)^41?bCnY)B+Z^~%n$YtM$?Q=9Sykb)@b#c
z?Nj{p9%jr(WYjo~e~ErDPV+4|Oo^P#RoQ?_bHQ1qpu-J%&5F=zz;Ub7E&@mIuR4=H
zZ{2Eym4?aGl)vB;`Ek9*z0Q}52Ve)>^GP__i_G99pKjMcQy0{3%|xl9MEu!*x}m$8=rmYQP=_J>TKw&w*eA-{cAG%1JHh`<|YJdg57zSLPv
zbt^?!ud;D{BQb6dpmsRkWzQ;Tz32_L%**)N>d#i^buC#h=0@RDGXA3#`
zUq8BJg!HzB+4m#je>FBVNI}mDlD%XK9`(*7`qhqYo5?6
zre?-i@U!oF5oLBVRg(owbJ>VqY>I%rn)h2UOto;X70*NJ$x
zV6T2paE|eT$6wcDMQD)iyqv}Bd$^zf+d22G1oR^N2BS5*I(?usl1(@a
zRXn-4H*eAJ1)sMlXQaVRk4?Y(u^|}B?RdK5C@#0adf6oE#zLhOxt+l{hnyGCF-Il(
zXBx%SMWdSh-yCC}$jZ<#I3#ioht=75np-Z$AO8IK{O*kEy=$vwE@@DH)F028p|uSb
z(*-0lAAZ$W0dcJEWx3e`UWs3{S)6vm(AjMc6qf7VqUewSDPmgz
zZ;Jf41MiQ!nCk5CC^#Tqtplg#%Oz$Ga86g;2UDEjeL4w{-!hi2@#*$(_!)dkrCn`M
z?|!bA@wRAG@Atx`Pas9$QA3Y#5U2_WAQNWZ9f)as{=(}kQExV!zo@_(Ix65H2hOKa
z%(B|AGN@AvizBdiX+$UDN|uPk9-b6_GyC0T@N|Rs_v3ugNYm>}{LMZ?X`IaI~hSSTECjm?%7E4J!WCh0nP|=^m3w+%Me||+}8G3uzbhyhd55rTZ^xbUmX-;O;9O->?Iix@Lpg%tx
zR}Z!>*c-`S&AAM^oO8I|k>rwuV$$&mOk}A66?A!#ev0_fAEn=cO|9@P39LhKu03?M
z-KWt5ObwIsDVF!d@N2U>&~$STz4BLYknTGi~6DZIAHNMhNV_q3MnEw~J+
zt40FvuE(>P&a^tU@vfKC>Jt@W#W^MOre_Ns;bxOLeG|Kq?BTK6vR)yc9A;xyD0Bi-
zVeL;h!)lrqbZUk1%!X}*B#GARY{sNs-%9A*k9zV2#hya$E?W;tZEQTd8xA@70WA6*
zKU2JFQy97|_QhbM^J+TZ^?q2BSi^3E$1*M(_=4BUee+-ul-^(AD@g$Q>_7E$$yA{P
zULhG6QTCE6wd#(9J35$J%owCyKyLRJqzwW#HCex;5HgQ#-j03YCA}ABDE_Bj@U370
zUzyag-Eq5D?)0L`z1ylLO!|RTa8DG1L^ayY)nLj~dY#96x&GhpT;Y;{mV;rMoLX*t
zTN88e$<0Yc3hcT2|Mu%IY`)FMh2Q3hxNOtybozd|Ltu3hdY7IQf?<25zkaWe;1j0iBf`YgN5D;l-+xwm&@@+N9Nt-=B9g8
z6#WvD-Q(4E6Vp$P?sDJyp|{1JiC@78=pZ`_2gGiM!Xv7bv#w85b(WK)H`mf+8+gaI
z%cAjqsPE_LoHnV$sH^);ef&TS@iMj9ncejDszXYg&|eCVf8#Lc1bOVZ%W}+UH(?&-9_ASRoGHrzdLwmqHR8c3|kGGhRraK|rJXw(U|3qN0pdp&eW-Td4id9R?r
zXu_j1;%RMgpy~d4I2lTZLICn(6(4
z+sq%5xRwbH_{=(8w*sC}weU?3g8Av(9@Tak>*bm@URyzkd*PQ|&4vZB_u(
z0*#*f26HnJf25`?DdroK#nA{Jg{gS|DEhc;brPrd*Q$hm$N<#<8V1y2#dMnP?*iH7
z{(LLjAGb(jiAWWYbY4B+q;Kd`Ic`q;Xch0dY0hRl^tB0v{j>i4CK;V+LU0fftH&PcDd?7?Zln<_
zh0Ng7&83+t8~h64ZJc|m@VW>n*Yg!k1dOAa$s7v=nUn9<(N0L88yz+$#8_sFm1lkG
z_17^=siH%lV)Vw(!Y63*njEgSdh{$9htsd^iFE>AuiJcA^ExCsmQZv27K1Y~Y=#Jx
zvs)4V7#Er1IFj)0^82oeN}-XN4C^nshWf3yxn3|rh=^vJC8#j(_*XdZgeT_JV9XV#
z#68G$f}@G~rBZ8j>|fT%rbQPZg(Yf{79rpcGs
zYT@IO7;UWqdHh&rp#uA!FS}!ebhZA5LT!T21FSr3sx^
zRKgso+EK!iV8Y2aIc#>a`!1<0x0n=|rxa|~Ui2M(Bwb@KKZ?bO7YlTLbT&7Y)KIOo
z9_IMOFe6QVrg?8dLP_;YER?m|^xR63_e?N2|CW{4NnjQ5`rZ}_KN$VKTt84}DU>se
zb-sGB-lkv5Z4sS*VBO6>{)dar1ibD+V)v6ycIKOwmX+YLGO+YBxz>ri46}S{<$^Nj
zhQIy|J}s6E#&_>KtBit0!9-Awby
zhe!ZLE|s!7XAg7G%=R)_P1?^27=gZv0}p%BQX#B
zVx%RjoirH+(f1*7L>ycO+r^_|vNh(au_ev8I1$5a*
zow^&4$bI(TDorst<)2V+T7ct$4g
z$X}tzU>>utMQ|{m5Y{^s%a`;B0b(25%arOz%9tQv7Qz)Wd#X1AO*~9U67qafbmU*k
z;KRwx8gP`&q7Om2Uw`r%CFDBjZ*U}Dq}x{cWpR7H5?-Y>!wZl~*JktGev$I?_TWo{
zS>0uiaWu$bQ7P=_s!T{|R*?d>5_zBOj0FF%hHO49wgCBL-Zo51CJDd4&5hf9x#o>X
zlWmg|uJ3oTeT=ues2c`5qvF?xhLI0RRQ%;eubTtpy+A0?G2%RLbQKUZN!TC&OEi(e
zF&K^W95CY0B|Ds0RJ}xtwj71_-08uRlC~SoMesFFNN?<-U_(My>f<%(T8gWRq5c<~
zhU9M?P9f18%BX3ZD-KslJQY0Te|&z6vecy)zeMADRzPJx_W+=JAJ@wZ^&X2w-z$F(Ach%#
zN$|RMg@qyzg}6fdbfF4nQrPDp+7AJv{SNJ9s>O-2!y+!_#XJhH69VHat%MvFkKT7j
zCT>u#V5@ym!nwucwoBiYZFeQa&Kd{}(+L6mCk@?4qK=2^`N+S=#&?|4mSr#veBO6z
zQnwu?i=u~-pJ|@wL~3`-*L<`2+)xC7{&^i_{#QW`8|_|N#q6my7BNIYT;5wNQZXB-
z2GYxS2`HF0mJpQm{rL_4*?8dYxKml^>D$!e)CGixn)`ckSGEN%+o=;moN6*?tzTeX
zd79vF^n<`Y$oc8+baAm{ME2=8ce>Z+BY{%-%z>5XzD!6PorQn!ZAvXAyvAVJ(yv_L
zyoHFYlgOcKU%h8bUA+IH^S+gyi6OX2O4b&NQ+0t1zBL&~4
zj4p0e^t*;28_G|;S&3w`2NvRvwvWfPJb>3N-ZJ`HgDzk2dx
z1O&WJOKTk(Pi=DAET}x6H*C`X^8@-nmw|(bBu6|N&UnCDumcZ%mm6A}7$hq%8WGF9
zxnTt{f)j@5
z&^ybRcjX*ox}DgH?(oYw0tbq{VBh!K*lM1wTIdOsHmY^Fx9-b$B1Okhlb!y4HJr!t
zeS^+ePCs02=aU2+2w(mQLN%k$1$FgoguDMOLiJPY_$r_|VIoo~fg!Er4<&
zMG{A5sdW3R$h_$N4q40fxJ1s#!by#50}fF4;7jrCWxhaTS6rzaULga-VUizm;09+p
zTO1=-!efyw&N1TudOi4N*(YLn3`P|)U%jrC3^?lx`+@RvU*fwl`k&p%S|@@h@{Hy1yH4>RgHP;Ps#n5I{3j|>7HemCfAwXn
zSE&#f|6PJpp{so<0*_-}M{4I=#n+SK4~Gf>DD-<2AJDp`M7)&OQZ;R@vc%0l#0+8TC$Bw6v7Z
zO`=d?S2g@mR8|QvVoIe%@ZGMW2Jz92?ncim&G`{$st)B6dO&Z@)5%T|T0n$Yx5n`>
z`7|Fl@%2D`<*Xp~b8PH|FWIWuOex7*Mac|Y0HoS!&pexdc9X+sFc
znw&0>w#7n(4U#5f6~tQDfK#hlAx^#LBG{``{_{PO%^ix|Oy&<`*_-6k7j09@?>I6~
zpV;nOV&9R&Xl#kU+ZyN9di-3hKmMaaj&hq6#wjqRB(%ob%mxpd?napm==EXE8+VwmH*b0
z31@`K_Le%0a)z_iR0@;!L=G-W$d_J%zdyFfT?x_@Zs8tqd&6zE`ZCdr8&jDKE!27E
zsDL*V0c--nry(Z8PM#e3OC?g!reE9HhUUT$J>gdhXjxaV(t94_OMus&JA25)yFK81
z;i|aCXg;@-69Qf;@aa4*_+OR4fE9ZcEPIrY*H;@YRA9JviHh;uSk_ZXXhT8?JQwxqIpF!s+bbd3s^`ncQa0>|?B
z_pb=ZD5Qu7d1uQkyXcRIotX3R(UZwPUujhQ3&$iz3LLuLns^fuBq0-x)O{kWweTY_
z=w>(0uh5~(|KLurRhqfrVDS?mp(pEqK*J`N{s7R6Ji_b8u(CyQ*6x(?-+lpPr|Xv#T(mxra&oy#
z4q;=$pG)Sk=GGv<$&}BP**SXgcwWV`eM9Tn`E=lz9(R2b#x1dYJX^vsioufbL_bM<
zEwW5E2V0cgBU6cYcsy&V5aemjZZs}}DK(sr$#FvfUrBrFo>v?1x@`4X&W4ZOK2ONJ{
z>#F=_*-q&Y&xxdi$?q0Tqx8k1y?8;WTH{#rsaoAqzb5!lX(HfgNDrmvvcqbpv6~<_
zIt}2xY(~Z2puFjyitT-$wH(y6X|=@@D$TMIj(v!ZurVWgA#^38#i?g0?+gCk0Y*%K
z$1tq=)5u7Kyg3l*=f?v4Yc>|II*~1CgODe!oyGOYn{$K3&W|(2*nWgCXy+G6)B;Hh
z3!6CFz`7F9%GhqE)7gk-+^?gLUDErj!|F8qqIN)S?FH=q-?;kw!+uRd$l_UGro32m
zbCT!kWMsVsY^MF7sdKQ1sqR=P
zK8%jzz=QA8ZAEh{-<3T#xn!kvC7xJwPVFG}Hyi{{F1e7do{^;7ES%cS*BmFglO~R@ZyCbJqTVZE
z{lul$s0}5Rz^+|-ez>Gz`w`ZNEFZVqrIcgqDoW12AC%jTEd_nuCKB|jJq2x1t=ISm
zO{4E1VkX@OiPF?eApRWsc)pWC&D9+X1+is)>649!Qx3`z6m&hH@n4fXK!L?ul
zj2+>ELq!a@EymJWDaBq89d`AG(pb9AHX2sNTmt*EL!xgPNHTt20hq*Oi?xd)>cnN<
zPit0I8cI=Tzx1Gd&o{otlp=5?>zWm!;D{8P`8R0JwpMMb
z<{+`-2|_=oggQV(QI3LAiO50o{og4A!tH$Au16|u82*>*6=`EC!LL9l@er=DbkZgs
zjNCb0m4zCk&041-AoA|u=xF&`sd_@br1|auI@g5GmqCiwE0MzJcQf+OTYAa}2IvyU
z5L1CkRBiWPw^M~4%Ds%0U;txSh!JhgWSp?fa3YmmCAsO5k`w~M2t^`B(~}CiN^@+7!;M!WOF$LbM7f!yx;zomdMhv})?;t-?ZJ{w
z4@)!OUKRSrJu{ZX7j{kWo!GWYc
z6Ns<{FDcseBe_Ar3KMEVs1Z&SpJ`+(Z-k@qt!ZimZ@B9t?&v*;kW{_Q8FWh7dHRS*
z`g&=QG!B?d@aWyQxfiNtUooz{TST7B%H@53ME*G-BbW4ukFH#c_E%Os>X@YT*=n0|)!3H-
z98c}FObSUke&BJA!pw17>;k|lgnNtw+ErYZPFu!7^R-f=3h<^FiOZ3S%+APJ2}tI0
z%~Leb@gIQ0HW!gUa0mL{lm%*rV+Gl>5};&oxt}l0Cv$00AP`pA>hiOS#2~I@a%fKk
zZtn*5WD6U0b~jwMpDIP+)IO&?oxsu~sk-NA#%=jLCWPCC(m6mIw=R_FFFpnfiA`aW
z3JhuSt0Nxdpx`pw9$udrX^6%-KdB@3pVnxz$&>Z}Losj9G9OJ__Ib}UVR%F#`m`XC
z$D|&l090ij!6(P4I-;QR6w=ZbkiVDfmN)%Vkaj~;(S5yRGhc3Z_m4f!
zMf!_=-8h2`D6=zU@Y5J?%Ag=11Tg|;4Hw&cP{-?Fxt=ffV5BxrJem8VuE{%3G$$B3
zRP3+b5>q7;zDD{hIZM}#obhW9OS|G!^JE-XoOYfse8p$uDyWfHX-+F-u+YOR>Pdoi
zKzVqN0IAD6;ha7S!bprY{s0Wv)PUm+PB|O~z^h!o4UY;sJA^$K_1Z}h;ehkVC;@UI
z20l~3eX^%@9so$3ioEC`{$hh7tLH+<=;1_CcaUruCOStni;+COIjF-O
z-5rQ+jF3vAR*aD@v&j>KA5SO#?ig5AVl@NGi23{&gF9MzB2C9RyGuZSC4Uc5vN+%N
zWRq+GK;Gw5ufQQT;Ef?N=bXSFs686GjJ|wrzSz&y^>wZ?r$DtQ6e8tJuK8yg0q^jg
zTB5<^;d1XiDBsYm5cdrtSj;Pec9mLVXfW37@?{c@(#l#VcPioP6;P7k;e6g(z_>oR
zk!q+(#q@Ilk$B4dDitY%iH#+XlrSq5f%eOM5(|L}&kxV-Ft
zmD4FN+q^!+66P9Bi1oVkcI|rk)jamRnz2(-P{OPWX^em$4*RS{2*52BW5?cbQ1JWU
z*P(3wN%I`mhgq)t;L00IzJ}*ahZUy{f_$a_G}mTF)`()|OzQoSH13=q3PgS&JAz4o
z(eC+YlaT5m(*<$x(Z>27;$JM@-?Kxny!$^uy{E;WDIz~Ko;BcnPPMA``XHJ|`Qfgk
z-B(tAS1XpulR)v7b=t26o|2VP<9}39Or&YBVj;U|v+vDuiM9lVfbsgn*|K`5GPRdp
zOq=ok!v{=zPlYsrd}U-S$;q7q!T?T<2s`j{FGXAetBBV%`~xH6r|)82f!8-%w^0p|
zmG9P}4-zEyj8|wM&o-%EcnXFFiW#4OlGfzVN5Ngg*(3H36UDHZN};xuW6?Q{yaHkU
zhf>c)Z*xe#Q2hEx4p(YPaYV|KW?4IT^uxOO;ZKZ}L$T&oaEwS?pW--UHq7|t-UtrB
zeOn)bi9BhjNLMd{C`66s(}v_z?3wNy$o)$^9b(99#`vK7|J-_p+iM#Cw|bQ&_J7M<
zU-cMV0gV(S^cCTh!3~y^OTRt4i}9=Unm{2Kd0UOxY8!Q#>Jr^jlxN##=LmyBx7&6$
zM?riN-^viqO_PY#LcD=PO}sd^f3AC8#w&9^a6@J?V=NHR2(Y$7BVals7~i}wyE1Re
zAGmsA5bTV@{|%k}>1VcrSfcub4~jmBbSxDDyia46L5E4oLUpFi*k>(IhJy|V2Q(9)`o;HXV->>d}*7|9A-c7;e*LeT-EMZyH!wQv^G>P8K19CoYC-W`(LoiefT%c^3huu
zBXlGw_Z9J$`b+};qRV+eIa7k-tvAc1q{`|rYd
zvE0bDFLgZAj$0&d1L=3yn|`|#!d{UDO~X)N_CJ+_1Wr;4l$F410>YwRovoZqD&Kqt
zPru7POd%v&!Ev3DY=%Xq0Foqavf-z|tlr40lVC=E_q&062Is1Ne4`~7u^yM);h67V
zp~D=?OB}MbD`SVuD*PS@N+=d-mC%W%f_X4ZZx*wP9@BHV9$e
zWeTKXigX(u_Kz)d>TEr~rCehvuqZoa&3Gd)e9D21A^3U*ePL&VOp=TIFe7zITKzB*
z(y0yWcV>wACa|K0F}Vw1Z}i$16Rt+L<6lI0;57G|-2XC}XM3^lz}m7wQx$K0fS#fE0+?%koS;#LRsI3L#MNoZ*rH@-^>PDRkT$;QW>7)O}
zn(nF!&7A>lZUr}7wG5w7sy4@o>!ifcYIA6=4~37py1PXwo$HO0MN_r>VyoX
z`oVLM*yc;H_Twq^ilv%w?{=#6x|a`KgZ--3L`rxljZbgDZj)xq=pPh(ThYpy7)
z9hrN?e9N>?(+7v_rzP<;71Wo4hB!VSn$P(b0Y8#;wKe&4n9RzdA&SzENIIDgnLi5m
z?9?U$YppJf3DB*rbV=D|OO4S6+X3&_;dXd^?}I(YHHO&3wKW_soi4(%bW0p*-$2$`e+&fXQ#xe#(T-;-G6v(iqCsSJ1;%otMr@e(S-;=0>O%4?NSe^
z95aWmpO~(+gpoO(JIJOjHC@jmTrc5u&v#GLYL^LB;Tj2rkKc4*ki{^{eg&G;G`&%R
zbUJNY1@aJJ#DXpBKiGAHj$rTkEQGDG&885ilFw8L1UB7|z9P>B8;fHRq)n{>1Kv$u
zSQ^CFOzE*`;{=ZeW5_JMD$|(sEp(@T3`EccL)ku%rr53=wkk*hU`M(Jv|GZ=?~H^)%!eZCyXbUC7+B!_PGo=
z<}>B@S>=MU?jV{{?pF9xhCIc@>DmhX_Hojavs2}^%gMz3`nNV&jDJhI)eqB{NXYjU
z)Yiy!ddmT%8=lQ3u%GFZF$3&2+GWGgNb|qz7Ck6(K#K`(#eC|M)^kvV=a3&CPC
zkVctwx3MP};n-6*Z`UKkoJ2nHTUj)z;K~3$a^%)(+vS9r+tb;sa&(CdExXaGGC|6_
zF(aG3Y`gg8z@kmuX^SO`^Nh`k&dd#UG|+g`tTI6#YC}|ads+Wv4gOZKdOYJT?Y#ez
za3S!}|8W~JbuH8hr31MtNdpc55r8sBwhQR)Z7Q>WvBG%u7NHC`RCL2+It$_4^T!Y9;4-cfdwp
zjV}8#S-EjCK^$Q3TJI}n$_~I#+t_{*$h=9Y8tS1czl`Uf$}H4?P}H@S@iDCFmktCP
z5z<6_NWKsu@pLw}ev=-~ukq)?9UbK}#J|4l1D=-?BJp%rO6j_U*mA+gB6XYP-~H5!
z6|T!DuFF)e+>WL;O3vr+;(T+%x^Vz<_kpp2N2U4Txq(%gL6liL|X%za&ir
zRHc;G^n&x*&SnUm+4kce2IMU(bs*+LI-}*Gqm)
zEWYl>oxec*-FGk2_l#T9nkf*i$gaf>H4FpGDEJxd$M^M3x>ux?tbKEAB(!)$!#(R}
z6=Z!r8?;9ZaWvG-dTbJsSSv$X2=shfnyr(l7h=(gxgJ-V9q@BWT(>wNod!VmM!&=N
z?Y^)ljffS_o}DiCdX0G-|gXgKd>pDys9iJbO#BJ+Qqi4loWuw7T
z8Hl1^@sMWJ#Oi;0<#!1X!Yy_;tVm_@tI}^onevC213Mo!d=@?Kjy|0RJY%V7#|`wT
zh;G{~USvXbK&<*l6;-cN*?}luHt~T0_J`ZNHC-C5FA(pQ@f)hQwcosB<7M6!;0Udy
z(_)-RNHeQ5Ne=a7!UMOoa}iK+rXIX}f)Yc-RZ5l{No2aP8O?pN-5C0AS?RQXpqP1=
zgP?`CwbH!dJIlS_ym|Hn^m{IINCLplE!{TS%^slS7&hByUyh&5pL;
zc_2A5b@QakVv^KXEX>yG&E?N|9s-_+X%xum+g@XkVtJ{H$@Yl-5$#Ctsft_n!fcnGe{Ht0Y%M5d)TnerG8HBSEHZoSWX-7QhPfDT{U>H_@i5o~}6o+<7^-J%bvxcB9Yo}>a&P&gk}
z&^90Lzk1P^AW$+ui|;62P}==PX;qg@bPjq;aYxmYu;Ldqi)Th>F09?5*IZN+)_nKN
zHy8>1czE4?_YMC=(#wyHDv$_Is%G=jlY~CWIQ(d4;
z-^0D`@Ik?D9|_$1OJU=jPv%>^2~5#{^>Z$G>X;N+bU|C6Jfq?(@w0O=l9lI7-~Kjo
z0ZKV?9-rM#VP4Ud#bK*yX1X7ZQBL)A+C3xpJRcJR6$+THxIYnex8$knQA#r#
z(GIs(VwyD`k=#Y)eUy$egN^fC>I;Wqc4_L3Pxm1fQuv&>O32mXJTln+G3rMG=hSE^oX1&{3m
znBPQ`qvpCLtXn3M_@`z@`3Bu8O;*~?Z_Qs}2@r=QPB=^l&~7gh1kD!oi(HM@8m!Wt
zB+OD9m8cPYLWf23^UZuDsP`t4Xs#5Vxzc9tEhywrvj08xL{b`G8IzOhBf`SLV)dR%
zU}o|A9M}fN|EyTrymGXB9qns2Kq>g7^?KD8r(ir+r9KF^40c@1_IT
z5t|%KdLidn_65_`e%4~#mbDz;G_PMps+9=q?KgFwGG1dAEnt`LLY2Y9ZnoS9bs#o@nx0fO25V!k@O
zXzHWRYijVZex>~7DY`G3##6Ve(;9-lX}2^LG9u5?VQbA&gLpwXw*=W)yiUqW_8^UF
zNCc>PS10HbSwf~J+Nb<)8r83VAd1jN2$NSqCZ`=e#Ie)pvhlr_ki=+;i2z_EavDxH
zLEdmUh7mH~p;4F@f&Y=X9h!LS37fYn;>FoW@8~R$#6{qUJ`$=z3B&L8d(WbKx(4Z5
zn_dg#-Kp1Fe?O>=_l|)O=3MZw(fHTdP!xBo2T4g%p5CYm^r20V%Qg$6fU8-4SDvB@
z5hLYpwJgTO)n^PByTp&=
zwrc~m&+u_3B19&8o)VuJ#q+cciuyuP@u?I~zC#mfdxJGoLeD`Ta*s7=u#1CQ;*2eE
zy-785Pu84YPZw((X1h;%5Yg<8PL8RdYT^q72$F|0ND4JW2NW85
zOs_t(=lMRNXaxujiKR{u4*UTz*i=MY2+<
zrRwyUBpv;X9-M1N9>2&tMvM^bh093M-M)XINDS-Mef@>c{~=pXw3SJ@UK<#I0$kWn
z4hWP)0EG)oWw*Je5YAc}Z2K9Yvyzj}L3+&6Af0z0-WiVfqyB5t1S50wp`p;hu~+N`
z@7|Ee=vZ1Tp)uI$G~aZ2bByGtieK-olg3{oGQz<)Fe0^3f2Kbd%Gd_0hVBi$bboTZ(91fvwlX`T@QX2>5$8fQqa+N@l0*6K*
zt30`VTz#WYYowU8lc&?fd`eGtzfm4nQk#h-gSbzEoY_RgL^D0zN|o06ETBaCJ}+J$
zLFIgkBDM~ewxke4vOB1?S*WzW4MC#OI)xcPK*(N{I_Z1OMszkFobNR0K-y+R3~1}X$=M_Sb0e`C)LcsS+JsWt8d3+^IhD8L0-K`1M~-_Si2
zY?u-{?CVLxAE<}tzAdIG22<|#8|}*<3}-1ER>*cv&#dJFM7P(`x|q=>3q`EO(5{w-
z!Tt@KJ%NLyo?kN|zAPg*c+xv|ekBcTSR@gTg;j`sW1F2+!XBHX8|mMR6o$`Epi``A
z_X9ewsIch}hlF5c_5{+yq$|T{od>UN=TIT?O@P{fqs@$(02HkJImL^|NPvue|(*~BD
z7eRQS8`7g`=aj)c^^R=(4Nq&U=hI1Bj^jh%4gsfgVdE!q5uV?%F-Qx?U(G~u9_n=<
zqlH-x_6ZM|o+T$nBH$YreqT~c4@1NY$FeU#JDSP!^NVUoqeF_)qGW-#H0A5_cN`Z_|k9!|TB;m`jWQR~pA?4sf^*4~Ks>@;`!J+FMF
zZkO6LjH%Y?fiP~(oy7{h+Na!=X_h%&3y(#RE<56?+*wFrZ{7YWn((LYZlf4SZ@D>;
z$>#jW^w{4TfvAeT<#PE$kQs
zwh8eApE;O<#q!>-Mxi?nyaO?jx;}&R?57BV;h=+>5!dPBLc?s{YV?0teG%{!@qd4^
zET9yl<+%}kynMn3BqOf`RCX8Je}dnQu4Rr2J5qjzW!WsiL*SP4Zw(Ml@rZ_xQ;=09
z6T7=gDp?XRe$C_IQO;0ck-%dd;&-`^X5!n^rFGiF9U<103@I=xQ#&CaXpnRw;8wu(
z6c~h|9{84kup%{-v&(2^P{BUAYxo=}*_u3Akzd#@dHwbFV#Yn!K+xnO$l&^L64(&x
zlsx={(KE(M*91SMQuQDTlpd@^B=#k#%hnyh90
zF5*>pg|&gE^-QXB$17(Yhqko=X=Iay485H#9-W>9pT~)rYe<}K``hKu=__dP13leAu&~at{V@arP=q7B(w?X#$QfF+5)L7X@B^%^!5GF)B(rRRPLnzr
zMc<3bIwVIzHJdQL@N^e{^`hP-hF3N_5#mHa#3Z$K{uSyOK!(YoQg#TbmTE)ixUp6B
z_A#6|EISv)K&wsm9OP~0qZW+=QG}w{3xF4W57#p$xT
z9035&YpMp%nL=5cTY{&X1CCx%;{&J;ETo0+E>FqfKTNNAyx2K*^1w>PfQnJEnV-3A^?LitBS*c
zwoU2c!MGnxGTJOY8g=z{t7jxA&5|7JrXuk+1R5+~96XnKDOJXy4f2|`xD`O!=QvC^
ztkQUf?!nll>=wtRGM~Y``-ml3WfDNEB4yEKKU-c=I$+PkB-8rQaPbRTK6w{jQ((h@
z)m7N%J}X;3nI|EcL3?5a+EBF?BBrE48nlOsV~7>4@WF=%QdaeUvztt7*^tCV`2{8a
z;Yg}!>ItM-sv)?^$Fl}a$MTV?1;>fTd4R3zr0on5VX}q9uP>I{29FNu
zS?0(stFs0iu22NvF2z5Ga1K6AG_=NXOS3MdXEJEC#NUXj4gUc{XYQ`n`Uh9p&{e{q
zcu!$O8wkMRe0$Z;74dK7-(8nt5b3yD8Kp-T_rg^%$|r)P;#abz=azb5e@zr>e~@fI
zWIoFn=BcO`ol~)v?D^HH7@xdlIwM>|wb%LfI)^{_gZ1*RcV^!AdG7nVuj@B_E^R3Md+lPb$Hg@YHZ7_g1#@j*
z(N9Q^JGx&uGqaTg%eBzE`J)2)c20wKQX!XIv`x2}NHIe4ov?4IYQ>pbK2J+Bx
z=J-SV!mCEDmg6n-PG|RKr|sB*#q8d~0}PyJJCKAQMtWEqOY|C1v>Vm=U`IQWhkLd-
z&B)$v;^wNSvgr&OV;Nx!=B%WFFosgR3ChNa=bpE!&(_Z-ZJF*_8O+zd+_WA
z3(*>XK)G^Fzo$u#?TlJK%rS@X?>6S_~MU}VA0^yK`UkpT0_^X
zXt%@#F{d|Uhu<(VV?+pjAVm5hrW4E%vXoXD{AYHwVs*eos45jc
zeI;s_gl((M{Gn4)@k;i$g>tMubUp43p|im=1c-&I8&KC-}ly?xW#=
zS>;4OMwiVwag5R5u|r5{WRI;pAHxQh7qJ>%qxpAn_!o<}AMqkpi|h9_lA1_AcfM^+
za4=%|e6YC@n&E}MgDiY`PGgagKd8396+$xwhV0oy9-k-0@KVK
zxTtrnlKGsvFKkwfuPQ$|T5gXqmAg-KUx!C+PiF-s3%QJVN)s{;ig;XU6|~KwHY4tS
zvnGfxhK6z(b#{ktjozBlpm*L!bu5J55G_;)&n%j8z9WT!0_1?Q&L0>-XD&LZ?(q-}
z0Hr~;2<-h;$KBr57Be?1O<;6-Vfr;nyh|rR$fZ2{ZM+8e$9}UmgUuo8qe6)J;jIzK*88+pPm)`t4FZ
z;kF0O3F48nl({<2;Y!yzWu1rE{?66oXWfOdEY}fp0+B0?p0`&jmsOKD(w3}otlBg{
zv>Npka+SnyDqgHah*Taox}9S(27}+dI#!LJx)$APG6H5mm%5kJwsATMjdm>v1yPSp
zQT#xDyLFjU-i1hzGcZ}UFM-e2L{x8;dK(A=?8}KNazHZ(+e@_IQ)dp{qdPK9RPz*)
zUQOEw#nn4(PyJf-ydDn^2m;KO-q|bNlJ?`P!!F8!(SRn9)?peQ$9KIt<);)
zgr1Z5JLyzjv|ZIZ7XK)h+xaGz#%ooA2;p2(S6wuD8!uP<o`Mgs%RDPg;eY#`5hlKz9UFEg;nDcBV%d+A1*k?;A0Br;|*BF;?Nr;zqODR1UjAAMN-)P
zO$&NJRiB$MNuD@%9R?o6&1mm>g%oUbVNkEWw;fj$e1i6I&NeHu&3CssI_LY`R~y3&
zKR?mlzD^QKH)!Nv1gj*;n(0jfD=`(}kph1tc??KB}5TdzlkOR0*Y
zxAG8I#^0{SjjKLiri~ZxZsSQ&yuWrxQ}V`3+pbscq`K|9WFbo_?Yy$c$r~|R{kmN6
zq^+%kB2qttY_UC2T}u?P0iqT$pt3L$Hyd)|R;JbOwJv|0b%
zWh{p|!C;E0sn93b#NmUp-35AN^b<|wbBnD)ca(u8$}93LgQavIB5^nf!c(O2m^#)P
z1sI)xP(%+sNP*vF#fxdn#_s2<k8}F7OLSG1`0(4B`bbKl6OG{LHaJ&GV4UHu|?jZ|4O6%7OU%u2XLeQw}gE
zjLjxkH8UL#f9Q~>TCnM&AX?C^u`Fh~5)Z&c7rK*%xV$;rnEql
zJWqSkD#Zs0_-d;A_wZ@%>VCuVyL^qk$M`=}EqTq(qIQpX#;DvbV>OXFWdPlUHOlWh@+R^X#+=9bd=!Jjv$by$XM#dc#KZA;0vC>B
zgn6aI$yM|(X$UIu7QT|5;{YdVHcYG&oAjPxah7szx9v0$kK*UX`Eki+ACzXbhXf~b
zAWQH?sr{+JO}0YPzTA7Jly4v=c!3V-NqHVol%-hpP9hLnL!^`@xJt3E6qu`)naw!?
z&P(U#dC@cWF(#6Oo;0r;cJQcF3a^0h&PzWMzd+AqzC&XELaE>&y5MLOY&#IK*NFhU
zuW!u#4XrRJ!5A>&?((*6fk!n8KpkYZ)$-SpF#`;q#PtER$s-J0#!=zl=TlC-Z&L(f
zJvG>`)8}Kw~5JNVudNYs-yF349{@tNMW%cP#*OvW=Ux$x})JjvQytq
zc()-7kp)D*`1BNk$K~pb`S1Wx!OH5cK+%x2K{OX`%zUDl$_JKIO2~ebpz6})P`qt8
zxd;tz;Zt$#hJ%~q?L&n7c;pvjADXEuyP!}K5h1Z4Lx~`nxa$fn;iq)+1|d7|m+C)!
zp4ywK>&w;lymdGtJeA1jd>kcr*^i9LY7!D7SJ8Mz2E)t2F>?!vVJi8I^1AO95NO2D
z2pCT>a(|;=QIs}->p5yV!U>r~?&YcFp!P6R^A>o*4WByH$-*6dLOgc8*5rP9H2dPw
zo)OnVmgG0I&Ls2_THn8?EP*!tBwS%N2T}OfkH553v6^9{2J&~V3&O{^vRDX6RzP|w
z3e=H{o~G&|?9hyc%Fojyp=UIbAwQm;N9u-6kx-x7|6~7{**wO=^IqyMMfy7FLW6|D
z3{fdl687BHqDl@?5?;q;K_a-+b6PNg3^S_7NUGO*0P4!8iQU^4VNGOlO!~e?NP^P_
zuQV>Ir9N}2bDAjIb27UP3Z+CijNqbgA@D%9&}l_{8bv04AM7o~tbQ#M(_3NEC<
z_#&MSquod?qw?7cGpfd0RY-f#<6|hH!;seyNAO6-44IX#RFGV0lWQWildyqS6`<+F
zO6w%@xP>#F8XyOjZyLc8P)^SAETALVlj~sz57?9qq;G`&KI|ZdfF*_wu)@9*>pQ;|
zsI(&fDs_0XbPY=pHpMG8cw$4!>sSQRL>*?TjaNx`JT%i4rtvS$HD(+5m2>Tv-!PN}
zaxTcZPG8WB*#BLnfA(-Y=y^o^KoS!n)J0n=l*ID*v>5@ZUN9Wa3?Q06%pFO`J>Ind
zKAPMQj4LAQXQ|4qzV%pl`Aq+M!t7D@0Dw%P_AkGXdVM9pj!DL`HW47L!?$=eORQnh
z&r4l?Ezq$0AC8#3rT6kFdm@Axg!+NeR;Y2&^Hx2~JBH!sqt?tnOi8E$V_-2##i)s8
z(U`JY_XHKkCtnOyy>eqF{0~CtoVZ&qKGWqUJRHeRnTheI{&7JNuSAz;Sn~Y>BxhR(EC&abIJ_{;dHNc|y%vk8w#lRIA~150T!Cq^$%j<2m%t0gkhKZ))FC{Ho>4Ko)jdLL`rT*xR;2*7Q0Hu2Y
zdeXd}13X%jsRO*DqrOs^6$XXSMXq;uYH+|W3_@yvCHTW0;xSxsL7Uvq$XepJMkMDh
z?x9(~K!x`F=C@tfJM}U{@fcLW1{EH+!7ur0hlCYp+RFVj>@i$O)Q&}*uuvuQ`TEmr
zg&hsYdC-9M;wuVKpXZMtVU)_B8%O765d#5jTo57?H}=`R83SZv2LW7
z+dRexRG(&cJ(8lO4s~X$`QinO-Muf2ygcG{rk%@gzHxL%D7CW?O);#Ev(2hnd@LRj=c{!e;S{V#7~4+f2D9
zMKGe+c0&OB#Z|J%*){~bHy5R05#WKK$`H)_Cg%FHy(X@DF+1l@^XKRIGg8XcpGG@N
zKAkMMsoW0mBHP_W{LDB#Rut9oXu7*H&)2(7X((glMup1i+Lzg$x2{CoUEaSTj1jn%rZ0tW
z2;C`1@!%kQUbWLj*%V(eUVu7-Dy-G-1pYQ-^^d2XM8LUJ^br|S1H*ctwz2=xBf=1z
z@922nfSpAyt21o;Ywg*GU)=_6{)aPA;&E?Axai*peTb7$MxC3B7G&Iuhy{|eg9w)`
z28ASjL-{vo#~T9`-Gmv=io?=`Z+>vvYt24wSYP=}^6%_~rz3xesX{qF^tK+_)Ui7fdkvPJSf3
z^;dSSid{q~a-y~{-@f)kEBK`=B-iT>^xW!n`~@2Oh5aO})tq?!@JMcSdFk
z*J$@?KbPHiiGqALh$r;8^UG;|{AWJMXehaC%s+kXvl=B^u6(}DbTstsTOYS3Uo+ft
z4&aeLjbKbj>P%u+-wtLxCq;Xx%372~brOD<0y@{SXdvGV6a6>e^bOPMKS`+f;?BQA
z17!*Yc`j!v-idg;8{C2FzkmCLBYX~Tb{hSkIuHW)9yuyxr_aE#$doszUxr(n(KUt$
z`KUmzJ))b)KK>8vQ0wwK%?Kt1%>5#H;7BQuE{aw{h2QNi^G_JQ>bqnSj`j`9xbiw4
zx$QrAiv=V9`j<4?5w0V)>-IBSPd+1+<9=TFbKXkDr=1bB^bmO#mTF3z8OgbS9jieF
zPLG<(qRNf+Yh{*W)=_5g0^c=To-?d@`rEEATJBK9KG4
zP_%XVCB_g;cAb{v3hImdpRYoh4ZpCL1}li!Wp)#|=r!btKmOC%e&MwY;GO?EP~-rj51`9F(qdwI
zL>qS}$bRUs{iFg2R3+gK=94lS_lzk^Qr+(VD}L(#;fnqzpjCmmY0?GIFuDQJ4mjmF
zo%VG}K}O9ZjsIA2Yq2yQ!tgGc@m_^PXs(ty!S&q+LF08JeMjc4X=Z2r
z`C$|2rbn(O1ikj>_z~LoA61aSoLWE=07~TR73MP6LfP@h0HT;n5?5))3vpZHfr~bY
zxY{X=;xrV$ybGcPB1KUYiza(8F-IyB0w|8NP?6g)sus@LM6vJW!meY8of*Cyxv!3r
zs6hLQ2c{Rf-Kk%<;0mVrEDuMhCre8ya5
z=e@v>c#Q-
zI#(g3z{9P@a}-h9prRaZ1_jQ{;c)&rXY%2@oyD3``P3IZ&a6V@qavI06+!(;g3mdt
z0o(Wv@%6N>4IwPf=ek-(Czt%kmI8{!_$|%rSq|ncs&<8IShhm6R203U!}i_R4|#
zFdoW^?X^2)bGllQ&_c7@EeY~hWG#q&U`i?&(m1V(GpF|0j$
zR7|25IiQi^CKWO(D;jkKbZcl7oh;-LmJwqUVjJDx!6Zo
zDnJdE-gAWe06Ht%dYMM*I6~w~>D`Toc-$7xe$%z3cH`$NY)TQ`i4q+ayN&+u{LE#5
zlKHx@%ZWm;z$RAgUX|)~1z0pWm^L6HijeYIdrQh}7NWk-Ee9^~tN}w(8HGMmCE*WV+hSQW0-FIwEA2DJt|&2ly7F
zz}H|%vpTK`eaTS{BB$MNnZE$+EX&K!6E74253A8pIHbAF4%YLHqlwO3ovTR61l%ur
zzpL#NxpSA4=NLEJBtzud1L60G?KObguD+INO+FWU30ZKxW&>z$0hKH%1@(H_UGl&#
zpt#dJ{1{WIu@t_~Vk(fPPsznGGuf#Pt3Vs(fiqM4XuZcS(L1|@@f}oCxsbim_C%p6j6cE{DQI&gW;#bvpJIQvWxF0(fSPr&oz;sN+k*#yRn
zu>w7vZC*1fTv2y^isfLi*vS6++kve7h=y$rH|(I_@4NovlD*HNdIN6u7aO&}HM~|_
z^SK+&lMCX^?{J2G$V>nlH+R+%DurmPG96e)5u%nM;?mUbe())W5V3v0#N;psS#XA*
zR<90(&I>j99Ct~!W~#oq{JcJgv)ihWB{3q{^LC-92p&UuZM2uFz8!o;9I%dK~1od}bMSXs^
z{p4YPBVu;_NZmR+be9y7W2NZliiWA|>5wt=)*IAv&v}6)yZzy;-#~U;$mR8IpC)-^
zH{Q+;TtMn~PE%Yl%kzoc(@rf`nFIzvuKD<8IUhMSR(j{FvW;*6M6(ZIbK2a{m{fD3
zXr*y(z9Pp9x>%+qKol$>9M(4DIeamVV&N^(Mh$w2cB
zpCS{@`2Zw3#ERg@O1dAX$)bsK007eMdwxloL(1u7ycRJ;
zPhZI5V%|u;EIyw+E!V`Qb^xgUQaLfUW9qW$}|m
zmx0-QZgG(+ayGDYPo^NGe8~CAp!c%&t}4B6JglLC7pi!hZ0c<8t>U#~A#_SQQm_7&
zr#@A)=^MqDH#MuI)2n?c%Uc
zg_3gr_#mIasGKgpO^*GWePzBtX7c^*L(Hd&LPA40L>%SSt?dkruhe_hqy&2x|2D@T
zDOEx?RSBxk$s1hTc7v-1Drrr6V}SMq?X!akmo6-z{O&~FSou@ez8N&^UoI2>>ISnCSvS~MT
zuUFw=K)~~2DtA9Fx})Vqa~{SOJ^K1(s`j-be1R=kt%s0ZS4+U*YLI9yL*DDzOXj)p
z@%}wZe%Ci2f1(4tAdYs`=U6st2~r{!4S4`4qfV;A4$snRmjGWZu-ooi4aP^^DC@{&mH~^Bi3QeBVIZ
z#B<>c2(8^PBg2Ab*N%R1h;tq@3@l8E@!cNzC;Tz8E;k=zU+M1xmep#yYa9u(e+axu
zFq#yd(QdsCgcD3*gFk!eYWHHIRUe1kv$Kg6Q$h&6`e*!tdP6Rg->0n=j8$9A=UT`T
zX=M!9rN72ef6w?bT-ot2T`;{~{Yh>NWltjL;DijVFqa6kmKc94Wr&|O9Zaz4SeP8q
zz7HA_$+(+_xDTZ^S|L1L>g7pQ_gP>4sRc4i;vBgD94TR)oC03UzQcP{zp{ud11zc3
z3)IdIGx5OtJ?;jtas^Q@l~naB^2sZ%fEF^WF<9@oo3=!m$E;%={O+3G>kjFx$lwVf
zX(^hre)BMK=tVE`7Ed;Ae@XC?zxHBD?9-BxWRfN{Fc-{*
zsN}K`@$%1kQoZ*j4=3hmav60#k#~DxIk(Dfw3C(zU2KY?H`h2W$qE5eTlGeG<5{k_
z^8)XekUZG+@Z&{~$x!N`S+bpplJCHfevG)EGEUbr*=^#~pkt(X9bRsX9QAQn_|Oy%
zEV}OOkrnh?5r7wNG8}|O+_u<)?&lw74z_iRy#9M&Z=28YP!`wbd!iy2y-=EFQac!{
z8ZF(9a~n0upoEikZIv~|^#z(-oC8Kt!G>K0QIv9t>iT^Tj)4BV?=<^o%?KF}J7-#auJ=l%k|Fr^>Q6=>+#GPD214kowcsOA4>XZn8-
kh5tWVx@9Qtcf><|%`2q$^PyJY`(hr*O1^tjB5vUOUm9okM*si-

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png
new file mode 100644
index 0000000000000000000000000000000000000000..8532d279bc5ec58c419b2cb5ef4c50fe81a8dafb
GIT binary patch
literal 18628
zcmZsiWmw!?w6<~A;!p-HP@uRJin|X^aWC#RxVw9?!QI`xIK_**ySsk#o^yVFKV~M$
zmE=k$J8Q3XKhFwRRFFhRAx43MftkPg1&_;+ae)AzNdAzNFYDZPRf!ZP*oG3
zk02{>X2SBqP*An8sIP|bkac8xDNQFRD2zY!lN_3r8
zpVRfu6?DR>jkAqzLHmLKIf_V0`S4&e+pSWo$=OsUH6>fwP%x5!8HMla!Vq%Q`5D69
z+E#xkss83)F#C$j>0&QBfNxm0#h&7F&KH$#Ya)xcHJL#Jp-P90Nw;lRBAWP!x54g$
zMvjoI#qz&vK8&LCJS*SzF3>@;k`eecE02|*)nr&oxR?7ofSDUp)u&8J1&
zo^LIPB2!KH^j&9*feT#L8(q3X@IIS7K7+DvNup0{?Jlzi_)I!EJ7OQ^D=iMjduukl
zVEIDdv*pHryxG20bt`qIkrIZGVcUxZ;4YZLo(O94eZ4|lkjJGAc+PU$aB&-my?DMm
zIhn7}+?*HemKbXwe$pLen0;;3EpGU
zYbjZO+y9%PGYRJJ3qI*|^nE{~O=VM~|7KT8NK40cE}zaZ@^;~?Z}BHj=3iM=^{wyl
zX75b5>~bjS57(BI4d08HaA>Rw79~ZwvJ?zlf%
zC))^6cB0scW^z9C*2X!`km|3fzQ
zU0u|Cx-a4nW2&@25SeO!G*jeqBgUfy
z=(+hg%#Yp6B3O%bIWD27bv|O#IA1bb<9}G)`9v+16VlW9uwFjtDO5V1+?33uGRSFu
z*;KC5Tt&CKUDm*D^J$VZr{Vfwvf9S|tZ_kyUTMDDZnXqKSPXRDdeB(Wyk2&Jf=jnq
zB%fUbHr^2Mo@*hWi@r*r@J48MUQ*7D*LTmqUAJ9SG-sLL`(%3T-xUSm*FsCCK3{uS
zU*PJxK4$Q5pCILR9=<#OCmWrIk~jYKhs8{R?LY)xl~g<>lXwKKtv~1=A>GaX#6PQG
z@mxe>$hfiH{u9pB-OwyO>!wq=+^Cx`5q--G;0#f-P?~|f{~EAHjiBdVl&rd;kLU8S
z4DM`CU{tQh-Ek`l9s}I@J1kmi2s%ltX8l1+ASAv+0?X0&?ptO4hi4MIw(+$3mZzKj
zQpXsyI+Ion^R=GN*HH#bDaZrY9pivZ8KR)oI1ykHUHnUzDT9)fu}*f^o6hlE>D_aF
ztU#HJ*=&(KQzYFIpZj%*ksy79|49ep&y%;4YNzwvQk6E0cjYzS^MU2YKU5os7^DIf
z7f@iyEoj`Ir;84AH=Xz~WIu|m-b$5=l>7akSuhmU4<_~P!J{%Me8G_<+*OfZA2dTT
z)qmwmWm9xU60sMhBy(u8Jv4)=#b7W1d^r+mxh_6U)=Q@f5!=_#adO}R*shoJ_B(G(
zP&r*U=<3`t9M)MngDdMD(_C$wM+fS<6VeDS~^9o6$FyG*6jfe27mp8hQacB;edps{X%eS0F_If!kt5{vdM01qN
zRNrecBs?r8jbjC?ykFU|!VNk=;D;ROH}n`q9rRM=Vn>Ia0Tr!c=?sY#=f+xA$PD*`
z2olSvU;yi4N>~*t#d2vgmHN#J{nHiA#h-#5A1^7Cd=T$6`Rs8um6hg$#(bYl8!~>l
zfirllnoeemtLdSHG&=%W^y@tut6u7$Csm@vP!w@MYL*tW
z1xn&hor_H_<@D6cx1peYBKBXZ)!+}Oz0tEl;P1oziHvGJ%NGn%-M%2?JN~3kG90)K
z@B?02&(30KfI~^RUQx)%n2;jEg{5@{Np`gsOzFh=0tt_zye1SLS=x
ze6hG~J8GiC#B}IjJ!Xq{hKTxMEs+!f4}?HU+|`YGGrRAmopu`now2=Qb5Ok0(h1+~
z7yipZdc*FL$uB(%{6#Xp$?QFBaF=NeOO!$Gt%Wep;352BvCI3%!)_w**yFh(jol@y
zSu8w(@^YueVz%h0hWHUGk(|2emHONB@m-~Ez50Szv&~A84Bp;g`Xg)}6d8`4%R|+gtp_=yfbpO+x8(9)
zUT&EvbQ`aE7hsW`2l_xSuONWwf!_|lM#<`WcZB$Qt-~TQgHZy-6Hd=(pql`yKL}md
zS|s1s>EJIOkTYJEDg+h*V^B6Y0`H$EIzq%ZiKySiGy5w~UuFon!meJaVg-&PaNUOo
zl3t95Vw8*nEI<0+`Sk+yi@J~#3>mBDk@36eTP8O=&
zA_=~wu8BC)-rwKYxdu8c+f7LF
zC2mJEg)*pvUnu*BA&oZzbr`kwp#xTdc09<6)CF1;5HwbUVT$C@IpsDj(}
zBeGiANFuEh9=)owX1ysMMfWP{+f9iqn6Z^U^Ysa}WLvw*IV}a}q6$FOF9B9Y_D9*F(5pIn@tWfBsuj4Jd_)mR^Is|0_@#y_GT{yNvgweGx;25
z)JnDF7wVLF8+_kF?wCBAPTS(qFackpxg&%>y)I=GPo2z_mXoyIU#whM&X*OEG%2#s
z&CYFm=SgvzeB&t7dE)7wu63=vrSQLPY@y#Y*p$DqjY#@B_gy-UysJty|20BDXKrse
zO(m7_vQDE?>#ONUDcBlvrHzc{PLIQeZd`ncQ_p=kZMHzE|g6T3#cqX
z@h&7ZB7}~jb?!&?-A{A0EeBm|H`}T#bG=;4YLuyd{dOTxy1|aCEVE(pl0DNLO6Ifp
zMLt~)&*T1diStvvym@Ti$L=gJ8T`Lf@d_^)@7C6WzNcE}zjg2DkjnfIU#N@sw}*A7
zXku>HyW`H!EglC@zzq3NIvYyli>{lPNajJwX4^I9n|(Wkj{bnUgW)Z$CTmlfRmiia
z^v~!Du?+)n5^8nfFh5_4wmGmW<+ZOt@*{`Y?z1k08O?GM`9i)uGZn@roV+%-{%xoKhmOEQ%j#d7Y
zrziMPLCdp_W{_x`&7Q
z60I?$KU#~knaU;Is&t#@T`s0o1clr6;$)oWN|gM&Z87b)iOdFWct{(_3+b|dx*X3f
znT}>IeUbTm=QQ-y?&ICtBVAWjXeB{vCrk^Idqx-`x#5DcZ{_)cAVaY7}*kL%^=UO@_gtwU8Bm3Sl$o0kbtf8YsXiqYM
z`dLt76~h9@G#)1~zooiZ=Xs{dhUDSg^TMJ@;@UmVuwLb0!sGM(-ToXT`Hd~=!6=+=
z?8y}E6}cFm5C*T&UQ?B!5P8Q@TO^#E8>>2q&Hw@u29tCaKC2OXl)3?UM|jwN
z4HNF!MF6wzY2jP5gg(9(CGRK`fs&XvN@gY5V*e$DzkJ-GbB5a-FWBWIt{Suu35AjU
zpuhR~_@=;(Ta6MAj}1K_RTU}{jB@lu%nh?EPgmA?89=PPxmZiW?r5*7=lOPLFR3O8
zZ!#!{B`Cb;uy!!Yixp5Sij1Dy4bZw%IB=;
z6qQK68!rh^f^U-k-DK5V<>B+Z%xSe697(WxY1q%vJF0NCdePmTLj$`-w4T9Z93q>=
z8x78li5H?wScg>iv&HgG+V6|oOu8Mr9uG%n^Od^gUuEjeCUezQXs_OVGrsrACuNHS
z1CYk75q|Sge>|3&0p$zooEDf;ne_$GyNx=TwA<#;Nw`#TidPel0I6)I^xmO$ZO-R;
z$hz~D`WKFS<45NaWcp4Z%+KF@&`Eh!$MUl>4Pzce-W^1~Q-xqI2sqO4AnPGu67K>S
zmBoU|!mZofF7|1{g5OW7cXXOgmzaN;q9YXQlJYhzz;RF;E-|FA@C@@rl173vPecp<
zs?Y$H1H+N8mx{A3yQM<QBeIy(ku((&B8L`f0=H<(hu85mStl2I#1{`zvvP<;qWD8=ewm@S^1
zT7_!}XMI0w4j*mLECw!tF#mQvint%2F0u21#fEY=5Vj=ipxBD2<#`#v_ni-G#ilqu
znY=C$G*WE|0W@mNqs5Sd@SGr*)Fl!BDe5-b6$aF--`zzlezQFC6D!?J@A_p@@NHKj
z_I*G;i%kvZt1x@iTMQ{LoiE$F-;=nW9}HVpZw`h@_>czb{^V?bG?M(qO8ewDtq!RJ
zG9|W0)L^)7`82*Im-AI=Q#6Z!kw+;0cExAjJs|SIThp*^j372t0vM0C?77&G?LKI8x!vj2D|HH6DRU4FCcI}mT8kR@
ziPyOtw|fyI&DUhb&*hR>LnJ`|Fa>o~O-Y^VOhyu9U{jz+ps~jnrmTBkpV;);~V+Z2Nb-Uo8psY
zxUKg6@EJ`!nXgI|pmreoqjW3uLyB`vVOan|bGWrYtJ&7{!6APw1dXL0{Z%N*?i<^-ghUuB7w5A=m?B_3BCN>RI4z*SHf=
ztmRRR{3Qsgt3MR;g_zU&Fma^h;g4l<_r`tr%q?>Mi;2;5L81pRC=VERiqpH3I8wDB
zw8CZMl~-`;yphRM
z@7?M7a2;;6;CTxS3VnY&Yu>OVGw;?|hty+U)!p}HK$>8^iHC{aB>qe`mmy#O9Rv=Y{Pezj_Y}aU_Q-mf`ayVGsxlNKz{-*&
z@p}20!@bm&G#hDzWgUlVyxH@?He2qqKGl==N>inwsn7xP&XCp1QRsqttnVMGn>SwD
z%y)$+2xPnshnjY@`d6`)!Q)gk|4n2~KNCqyfvej*WM!3DG
zHWkVS3cN2i`@DI0PXy9w?)`X2oI>{TW7hJziGJ-At5z8V9myUjWHof!EWaLRaJiJN
z!$x(|adf(UVJS|_Fyf%|rqd7d+&mZbJAfcnu@$I4bpKihJ@vhx3V~6cHkdBq(|b4r
z72R&;8v@p^y>S$xUPf5(@6U*rYW2VL>9YKX`n#iu@wgPCn7x*(bhSIVMF(F)=PQ$A
z{8&Tn(ny9wHT2yz5BLojA;I*=S@n0+t`NKKvmYL}CF?hXUBK-1u5cV$Oa3I}Z(_BF
z>99MQ+K
z1veIQguT51Lfyfr1au!C|1mkw08?aV(G-vq2jLVdFYAO6(*d{4eh>_EZ@rSc|XM!E?m|v
z3cJ7go7MO>&49d_gxj*94!VcE(dwTnpwOmLyLo2gD=-RY1Cp%g*u3p$?02!|OP>6=
zJk+-9JX&dWDsFm%B;+bfL!S+q$Vs5;k_Fa~^n)o!9oV^K7=L$@Gg{5>82Q&AD*W1>SM8kWW1mlKu_ghh^j5Go9F+8@T
zfcte24rTcOjt+(%yB?YE&YO{NJw~Xh8wA+gElcOq!{(=ud#};k3`PuC?(&aDq6G~q
z56b+7jd4M)=@6;3>Hr%7@nBNJ@sMgIMysl|)#v~r7qSYPh@k>-
z1|ttqkj@bGIKW88Oo>9(y2xT8IknAlqJkJ>iz8y6F4#j!80NXKq0d7-l0f27sRz0@
z{Z6m3@UfDUKR^@(<)$4+g0j>PtBKNMeoS+~cQ3{>hzba
zAxuITlfQZTvv|BEp4ybJdzEEC@d_n9qF<@e
zO5m!!HLpAWEAP(9H4$SJ$oqKgtXGslD<00g~GkL04L
zLcw0YqFq8v1k<4iB8H0UAQ}A%m7#wnN>rCYWGtUy{;JfGJ3GcL{}UB^lS-niWqG&w
z@YG1th!TE%OeK+-ifV&MVkcmxm#CNX75wvApny661wodQ)p#H(ZV>qs4HA0}mbo0r
z{&@GRT0!q^UbUR^;aZ)Vm0H{Ozas*~DN2Ra@9BB-!1}&)_iD>V%V%50(hU{B?cO;S
zFWk;~PAB?QFxhe#R4y7W#a3(GWKyL4TV>5$w{Q^Vn}Ex41Jet+oOxjJp^%Qn#SwdP
z0X9ibBbhCsVumiF!&YPiyAJ@~0)0sLc4nQG$f_YJND>xC_
zm{bLgYn0~im9E=cJ)h&68!w)V+ju-Kf_+QUaQLr8L5LW3zNEk6Z
zyrF228E#gJ(kkQ+lb*l}8n1?1k0hmS8sz}ucV6vlpHoaDe^-78TkQalGyHHnE*R4b
zs&_gVIolq5l62KY9sW8fNC@u8ue9bEq$tQDEF$xMt!2=<#n!b95@acHP(;P2FSvk%
z-3fM{>g|zk!R|s4Pr~J0CqKcd^nL6_ClTm_R4U`q#CMTZrBwu&`&tINPLt>SWzI_m
z{g~>6>Rb_s40M#_pZT^aK@>*a@35=)HY;lh1Ce(gEOZx~6c}H>L#qAKGX#=(J0u)?
zkfP_qX>t>_YZ|-hyp;a}jSpR*YaT9k-2y5cf)W}H2h4+vP+Yywse3J5MKsB4whX!X
z_MaFk(}9i(8y(3>ROy-9;3j&_Sj|49G)U=<^#Ar!hQF?Ls
zrhLcn=d*7o?OP;A4JxPV$KAo4QuC*Zj!4RrR(k-PDcGHMQ?qAE609EgcQT2cYQTOn6SH(lCjdpXXMm?Rnhr@sgcXkvit(R5}b4*
zwc5@VTRJ>i&1}z~HP0Xnq
z8biuyDMj`v`~agHA=cZ3E9-h7tSQ*8%2~NG)A1R+^%i}xM
zMuO*!q0_nit*Ea0L{AApqWOzPqhb*Dr?DA91`HR;=Cu0t-Hr#Bg$=-*QCg!_V~G@N
zFuipaMaU{r>4orXFp7xRo``)t|BmvN9Ldmu@%wuB%XtuGW<7$;1FV%(EfT?~5Ua^3
zqa6Mv+lb8s|GF7F!Wg`DI=R?)>qEt6i6H6=Y#)CmrDF(;oS}m=)aA;$^fBqBrikKp
z8O8mUif*~yd;(ZJt+P2%=XSp~@eYY*^?iAT1-4&J{AjQ%MnUvP*X8qQPoWOz
z^?oP{%V0N=)~GKTNJ~M%5BhD+7MzT^=m_u`!%%$%YGWyF!silxMpB71l@Rs3)q@yn
zFJ5+6?4qXy>)m7rQ{Rt#{I@5gCQH>Rlq8K9+&)%Fo+P^uCYKIn->m8AVe?SZ*bh3E
z<$xY9Rdcx@%lisV4@^D7#Lr;78_%sic#o`FU6B1cx>)jyzT!vh$cg*B3gjbhLV@!uopsx)vi+u+#
zn5PT!3w$g2o|xYl>Uv~<)sx;}KG))gSHaSq2Lz+E-LrjcVVj?9+@37BO~p*&&W2k@
zn6G~drwJH9kY5h6{^JlyuP+`%cjg!xXCX#Wzw%jl+h1{D1c&w?n~2|^ND|;TJi;(&
zDSDXDkw0QIa=i~JH)7;gz(v?wmC-#U4|gp%iFj@ow@ZZvQ^hU}MM
z)`8to!5&(5qtp}v8ekCCWP2hauJv(jlzWLjngh(Xo
zdbZs#;lC<>RJn{@!j@>u;i!Gym7MlA!F
zbL5Zor*?X^a(c2Uu6^pAvCK`YtdMBp6GC<)gINB15Ft<(oexM9MNk)2h=HbB
z6?{#81EU$d1H?`jktL(_!z;V6g_=g_H!k%w{u*H~erZZ$*PEtkD$eG&F>
z2uw8J9M9fp`43-|CweY<;3=qTM1@*IGq^s9PxIRT72_<7>53DxEnw~JHlsnUhGIGjJIZ-iCo^Q9f~@^ntP(F9#xX$JhrUtAbQ-y%R5veD(T<7UBOd{eP|&cDC43K&zu|M;?FP`GZnH8
z%M3Q|*Hr9EJl=L&X@(IBjs@7Rt34B1W>D`IcOU}#+=gf`G)?9gposr)j()d~M-Qrt
z*GgV6iJ*_yrUFP&u$cDh^j}Z&R_4^7hp~0cV(K-dOC5oaQx$%peFbPRF|E**pr2jW
zGY7CtlpebMi&BfhS>R}kPV-_8JRD#w*zR@#aIGMx<<^xhb#x>=
z@E(dGZJi8-c=t+R5`YKvYE`Ewc#MQCIDomOX1i=Fz_(E`N(wRw|uHBmP@^Q|t0(u~Hj4-%DX6lJW2%
z`ElLeG|sp?bQlxp?_h1y>bUoQcQG=?r>hS1fW53W`~8({Rg4NhMqqz=DNBVXQJrD}R<9b?hqpbX?Zu_$qF0vk_
zq_3k1AZxQis{%Jhb&pVmFjKfU{jRIs^b_cazO~!)fr*r5f`?W!_#v8UQ*%Oku)Ht-
zHiiH_Wb&bzYJ~tTia<8)y*?S!Qd_ip$JBsl%zNqD)FX&|==F;6ja&ueZ2)#QAFq&c
zbkAI{&P<8h#xM|l$YW+=>bh2)=Tp2fb!nudA~;F(J|BXIEOi^uJ^rS#YlDHM8~2|+
zp`DTS)MavdrqCpA230|X;FI{$&-K!57zul@=3+3vA#P2}?i^O*AQ-A!By+@}_G@nA
zLDrz##0^Z8w+k|{-_JrLa&jF5gh|RHr+8D;yL2L&$
zm@Mwv)jT7>9ib~2pmRWcR@7N<%E*MIOGoAr#lu7v~sgoxASM(r_Kh<7{y@1{I^X7DKe9WD
ze_7%9O2|D^eXusEA=Q0C=lU6E88e|<6~zXuvP8W{tkTp
ziScuqD?-PQX59Gkn=@JgKQpk452*8P2?MG*Xj+3@L7?jA41UYm~!=Mrtn!+FZcs0ZSK1(vGmr+7e~>!n6!Ka9*iG0ZO&UUV?}4{kE~Tw
zLm3}__fH3x{$u<24gLqx+;SOwOXtw;eTxo39N69Yl5aQvP6%#yc_)<~l1-2%-JPjA
zzkSu`QBD?c7-zF79N(-BwKK;ViDhAIk>E8vJebbvVwvQrORin+_RWr|=H8#eTatVO
zuWq^R)0nD+3@yx^C8N@17?*FEE_YZTvGL>cs4}lIifQI1{`kxs=j4V-CXjao#nT&+
z|AXhi_0Of@bEdB!&WU%}CvH6*{z#o*ja-pFjv<{3y-p5YurG@O!~^s)vG+GoGOccj
z;P2~GX)r7HY9IoJbL$>JjOMe{J#~jMA&eEr?bs?-`{U@{HyQQ|@b%=|&Pam1`}n7Gwor)qu)WCZW+
z@m~t)foV`U5eL%NLJ+-?s<PP3v+{+Gn-Oek>XshAEk={U{puUvqer=H
z0r_N7vvBqh@8{e3KTNa=;3?^7mP7=iTx)fVx=As2~S~RJx!uXwv;9ZXIxa2Sf5c6o26ghiZ@f0>6#3&t4
zQy|33HdJD~Sd+_}`h6vx?*rm7oUWxFL0_!f!{mNWRT@Q{^355?dkl5ss10w3cPg`R
zDpnv}+lhUdL>fXmo@uS0C^s;Sz)I(I3VHWUy<|HuPE3nS>b%rx@xgVMN@TAU6OWKK
z_siJ<_$FSYxlYke*cR(3q@eEOMKRU+IGjyV`L=EKOP0i=pi7gBZtO%(2Pn-~YHRS9
zlXf8?h~UAKs*IAi4nf>k$+SuyjIqMT>lESW2ry<@iKf_JBJwEUIXEN_6Fca9Ug4IR
zcHwVe^n_FFZ69s{@S~@%zW#{0YRP-V-&OFbq|oz9$#`a-CFbz0g#7P5BytmQx+C
zbZ8}h?!{ckZP*7V!!YqGX%V0BG*_Bf1u>kREIk?Y20RfXi#2^((xSA9CSp&S`c`<|
zVRj1*a%+qF%Gd9*k7Z*3n10U{4K1S>xEL;%_0^xbSqpp$c;d_P_5Irt$`?>=h9a03
z#Og6c)G7|{og7YItTncv8TppCI3mjO6BO4vUf&Q{yQ?{&gsFZwjC{>t-}JiP>3Q1$
zipc}>xhF6sdvI(t9Jy5@5=qqIE#v6#|5M$v`iwh>6SxUcPSjit3gXca!3RlywF{^E
zGlt@!qGE(-2%OW{Om&v(OxJdRd_GH1SVcbfOV_-cbZw|co!IzW_Rq_W`l`W0&oNQ6
zYW|cWM+q-47PUEJ!h=G?v9lh+x@T;xnPX3@5-IgfDm>eZhl~`)v@{81;vj+B(N~R~J(u!mn>qKgUl2
zgXY8lyC+j$UiXV^iZdR)`rN7f)T7pS@8_s%(u=P9<&$(yWMd$|F6%EDDRq|`a>_WV5NPzAX5f1~f&R*y5h*9!L_~rCQStg1^NGvj#?F_Z?`a>39wr(nMO1#0
zC;!Te`9ywP6(LWD1V)L+Wb!0k5J}<=vQH+>K9p%xQy`qL9amEEW&3tTH0*qZIP}#B
zfTNNWhPbswkNX*R^xvdpL{OBWfbr%?)t@f~BN+4cl6QuHbQ@Hs^cp@Bl~{pESJ5S8
zB;2-Gdf&>FIFsmifS46H@vJRISW6rnShZaadA
z-VxiRMIo3yAjYqN&m3jSg%L#|zibf#!;p;!UG}+l{8{@xAmQ;}(3jqjrMu1BBNckP
zY>%>*a+(`FaS8q@4$qiV-USO1Hm}p)wa3Wp8gVX{d=kHE0(ZCUi1M%TMnj|dCCDeR
zlxiET)UEVKD#Fl&!$X+x5?C=!-)Cg+8qjv#QiRG@3=D7$v67g+?JzlY)*Zq}Q9MRD
zR}ABf
zl-`R;{hLySb}t_7t14jC8ba}AzY-!;BMa4dUffmx0|{+0?AG*Fs
zA*kHLG#!@QY$dYP_t#n1sOUupqtIBc3aumc$QjT>R*}{|W~Fv%EsMv@EO`+0(bL0JqJI7(YJa+pwR{=2tG8nV&;@zd;_k232t|iLTq6ao80$
zD_k-MMe-TuhZw^B-upXd**2MQvdfKnNnA33z=%_qi&3va%#W92S-kz+QIwvKU5rg0
zWiZeDRd{ek_L|f!p4a
z5AK~RMKl^P2pc@4Lq!~P>PG|WBdocUSLGL~D{=RX`JGSLV*R+*2`v8!o1ykSmE
zm3Ckj`Cw>C6yhOKe615Z_LpFca|O`T^Gz^T5$eLF;?u~6fA}zU$Fdkwlz)Jk;rFDI
z1AVWpbPkK-=li3bE<97h(Z^ha8ou0ti-rDMMm!Mt=N;A%#CN9WVXE_kY|kTuc|2fH
zW=A}{;qR16Evv(#a3raqt>^%@OZ+RYux~!kM`l&VLkiEc?Lhs9k>c#K97*H}JYlGM
z8u6I>pbx=v+c0J|UG&EItDsRNQK}r}?_*s&@={nQ$nk$I*QR4w8CfN19p^=xlK7E3u
zi3BPd5~y}R7(Yay7T6LTzfKFw?Ux2M8_>2ZzTeX76P9aEC7#NlGx31Rn?(4}Bi5B+^@3>R_ex
z71KAGtxLO&TLbFNCPI+6PoNuqS>&mXDD&zCU5q@T^Yxx0lW|RBzyFaHJ`5o?hNL$x
zzSd8o{Y3y!YUVKru3?fPG27sh`$Uz5%k~n;2z@f%?xx!{w*^g{^BR~c@>}TVFp|MF
z)5T&d)i~521{4Hvx!GbbW{^LBp|Cd6Q`gPJkMjiwiLfnJB
z`6Lu(9mdtnAR>m8>ZuLrb##<4okvh=?sRJTme!k4IF6Fg_fK^atXLFRTz4B(G~)^1I5kXHJVHL
zU-hn&_c1Q&(dJIas#jZTjX6E9(U#t@!e0elI8)C^jB^7=xA9E3IJ5wi@LCKn0VTWX!Q*7-uY19>+I>65DR@dhVR>1%auC;D+g)uqb&hTLN`ICnXx;1#eUwf190nCYp#(-V)4>Kg
z&@JW+Jrlgp{B+A^G3?N8H3}Z1y&#`@lE`K&md_}X5H6t<1sRcF0c=R_#!71TA{FgB
zJ)+ZX5927b2sjMcH3nqxT=Ht}@M6Stw!()p;T^ze69~8K#%?;ottZ2ZA|sL>a+F
z!u&Uo@{Jf)JyU25?sh}o^KDkhDfES~k#2skZO7dTI?HS1d~
z)ygdkVsUm@5H!mr?+pm4nip&Kc+erOU{gGQ9&fUEvcJ};PwI@tQx!`%9+JgKuq-fmJ6??iZsu1A8+5G
zLODiFMzSPgwA0|{t9wx*A}Sb(YescO>IxC&xe5MJ6pT)HgKf$=i0?ONa+U`7+os#P
zDa#Y7X>d>9@oY(O1J1tjrD(4QQ$PyuQd&eZQvX(XO*xTanlxdS)n?Ss)D<^tH!l?EmcG%~m3%w^{i_TTc8V(Yv
zMLEG}K9hiUf5uJT7rnJI#a*|)-iCPI%hgGCvmk^h*qazu1MA;TUNec5J?#yX+Mjyu
z-ytUWhu%=K5O!OrbvWmsW@wiyjEFQYi8;(iA{L49B?G;GO(N_TC&{2WV7m=*nus4I
z1D_pYAdbN0emQ}7q&fKM30?2u$dSmZUndZ=gn&gO9O3$n?M{T@5J`W_-%zo>bS{#{
z-77HReRn5zHI&So(VMT_WmDMW1rI8whawmHI)Y2NYeC^KLIW|tJ^m_Bp3dwYBP%f1
zppsAve?F_z(RDp6mgj%Pv%pT>YNH8ymk}3N7!HnGrX#Tc*pA4DF^|A|^37
zDz-BX=D{d_HgB1}3^>B9K*M+XsnER?9
zrzVtJ-AY2Fyub9!*rhk~-Fj3=>}(#!ykN#|1@-tq_6@F>AH_k^wdpHU)QZx>Om7_K
zt9w##h>{E!X?YuCjkY?4r)oUu5HlY_bJg788@D#iIs!dCmS$WamvZrA<3Zlb>jAAz
zVo?J*$ZGI_H`^byeR)-<-L;=JRAPTtC`7tT574rST}ujg!{&~;!6q(xUMOa=D;
zrA*2^@ya@DbWEY+ZaA=sa_Apfor?WBGG;w=hLmh_N(LlpU0J@b~pQUn)A9dUtTReaGDb@ac^NHsz->fCXkwHuX`$TVDa1jFT1fmqzn-Z!pHIeHrf(aYl
z?jL@nvT(NL#^fU0rO5Y5^}JiA=NS8^7m+ygsf6X{G~eD+n;1`)Zf$AL+a?$dxP=Aj
zOtuTM*2TZ|uA>2Ty7!>DxCfpQOr(C?vpf^uhh~SE&W_WdB&-jrkE{pv39=tR>HX}>
zT@~1htT6#i(15_SAkguB-Ie(E!9C<{u>WURW`4ul{HqD6ZnNu*y`2rEgLQQ=M<%|G
z>j?H(t@bH%FC#rtEAylsP5k{_$T^~lUUYF?^p|Z1dVv_ew%L=6(0waZM9>b9
ztMU&&tq#C*pKK6Gl2#!wN^-4ZiGk(M_E#6!E{MSH;DdGelVNZ%7`SK_sLj;b3FZr}
znlabXK<-LQS2xN6{-{R)kpw9dZw158OR=B~k|FhzuYhH!?<}wl*}r;&5(SqWg9)nn9+;`R7zxp8k
zNTm;+owO=@x_E*Gg8NF!GS+sZt284oy?n=?RPrGPBUG}2IP_#glRnHy{XV3OD9fR{
z$v(ByE~hcfPs!Q|PHQc5-anz$&|+G5dj$2}PC)mCTJlj$0|lz?n7YwE0!eS7%jVa9
ze!OHh0$d8L@Ll5td~n7nKrl&_S02Up`0-C$)b*+7VRx&?D&H(%$caGROCt(^hLbYtXyL24i_;B^OF8Ez
zZvi0qC_rj^?nB&6gjbVGo4e=&2SqeN6!^-PI;(|}B85GvQ@9?c!|Z3IL_t-
zBebbD4g+62a!7pk?IVF8(&@}-ujqmN?1ISk9#>DvMU34=7Zut
zf)`70DAV?Pi}6yibME&1BalJa${%ECNfaS3!iG5WfX^D{*f}M#Y}0FY=l<=pL*Xf|
qi~NW8&Qg6}3i+L-SQ@iKOsY_6d9yFcW)z%
zJomYGeta``ejKSfR&`F*-fOMBPo$QH5R$UeesVW}#!4mzsjP0sy=z)Yp(EHDV{OvUX4H6QM%Nvla
z4%qBy1>2u=2O)hrethU$-J~psl|a<3-ndgZ%#sJRs8dm`OP#ecF4HT~eX2L=E57wZ^YVb*_|t{N#i$(#F^l}et9zfG?R1~rbo=bs
z_V%>^J3B)q5E20JmO|9?4G1*NqQ(FM+2E330RRi#XmTJ>Jx?$ZAd&OmRGXh^=0!|u
zRpEa5g}L!(u&?s5%|hgo3kbY_=b0o!eRf%vx>c6t%Rl@jrYn@^!^2RTsI|n@X8Zhm
zy5hw+hw^6P5}~8u2K%6g;}cD*;|YkH2Fa?3kMYBd_KDymB@t=Vo_dw1}*nflkB_BU66e&N*
z9T$X6YPFLrsStL4=OyZK_v`9YHF&-TJBR)n9@B}+-5MG%Wfo1iX8h&p;f|eFm;;qP
zE`qw!_W*I5yZ-s(A|g{6Dv3qH_98kFHBI8Vc`8yt7*pQNw|&Dt@Z(}719uoL8?ZCK1tPOoZqRlLfO1HW$LmQ`gy4(
z*5kcreoE#nBu4aI(LzMm;EWn{$+oN_yrH57t>oivm(=xNb-EKXBa3P};%f@_
zx?BSTg>dLNx-P~gVhQUH75sNCG9MB2KMwLEPNy;gWa5JxABLlOMgBy$y>{t48jlpS
zyo|5tdHCti;rl?wtloi?nk{4$%d%b41GOEu-dR+CS#jQ#oE?3@mJ`09t<+6(VIwnS
ze6x{Ffs3Tc*M3p6w*GZ8VERn(drsd~v|f}TA?r8-eN5B|Eha%voX&R!h9~33VgvypFM!zQNCLjS7%Pn#{QRE2N@hs(>4^64WO-Dpn_b>aTNddK=
z#vl-a_*gWn;h+u0hlc`+4GLJ3J%T{f)LUp7sHN*1KqJi2O63skKs0MAPOHIuN&Us)
zq?P11o@ysz4nY}Tz8tFD{eBs7iJF$k0w=H@c^x#sA}krw{2BB2!omEd$po_9`X9q!4%Sh&`u#HJc$z;T&@{~ax*mDlB2&5h+ofU4Fc
zY49E23sfdtq58sU#md1Am-+4v{&&7GFb0=ZHXd$Y%=FuD2512F-#-dx}K
z?uQ}6;&vuKVUE5NXD|{AkSJVRY5k$ZrF-ROIa=JMnR*L;L;Qn3%&7wLVr~^7FifNH
zSpvql9C*`q`}fJ1AxRNUJXJd6sr7+3#B#+_Jh(ve_NFaJ-qMu6dsRvVrjP43ZrZTX
z-E=VjI(fi;zW(y<*RR5$6S%N0>AI%yY8aUUJ{C>-?W&8jj&<90w~w+%gjV|ox(Ph>
z=|_D{7j1!s1zEk$PL$!GX(J+hgr`(VqI*NJ)aa9B_A6@P
z!TqE(D)HdTy0hNg@))BU=!#)Cniia_`Gm~%T^KoTS4HA(^P>(XXh2@08{J+_My~>I
zdt1G?Fj&+T?R(`zzUIW#n~CzJR?-pNk3?>bJXbO1o5ML-kt7av=SfBEeD)}I$Y*!|C)gKyR0Z@niZBL1EhK5^xIx@dOz>;c;E9Ot2UM)0G?REX=X>-q@f$Xgo8^ns2!)Xi
z+$gB>E0x!wknt?YN$i^h{Eeq=(X%nb*3i`}0x1pv^4bTB!$^CEUw_Bb4*U8WZVKxz
z52eyXDus<)><34L2xHxbXn)L#^FzfudWWoQ)~~^djCRQI2A7c5(9ke7HM&%qwwujU
zX6sL88LfP*f!t&-Ile{CNip5v#SBk=kolCse*m)iZjAMnj`V{t&EIx@BbKP}o(P@%e5jZc+>?-+
zI_FFUA&nRLC1N+*s-3&b5WE6*F~y$kxE9#{Le69f+|B0M=EoqH$z3qv&(!dw|Iy~k
z9Oi0Z$H7>|7Ea(IO;B|Sv&A?esJ+!0)DNC_ZJCzDQvI3y(>fCNI!S31c_V=?Vr!ym
z7*0s8k6DqA{|#S!PuZPGXfOO@$=mX|K5muPa1mbAd)#u-6H+|73BorUzNF43p?h?V
z$f>3slrxXxqR4=^;yEOBi#T_%D%%~8#^ZBXrBx0UrFISL=C*Z2_p8-1``|qagNQ-o5lwvt
zO~flEd!A{Nk}7JNsMkgpGL=*cEOk65w)U3F&eg?n#M(_Mib1sjwg+BqvsGGM@RvoC
zG{7Nee;2Y(P`Rl=TEPofwyXZuk*AoaM?c<2uelu8#eLF5BKemK)wJU5o_ef6F}0i=
znc@1)xeLwyuR{aY_c7X)>lsU@X0pF<9M6gtZZ`z=tw7;Qj(wKPuaXmwzX{s}fDcks
zPfthab1N&c6pSybpgRL+!{>h{b9XgHyLzqJiv5sUW;-Hp2%?a7sXpJW(P1wb@3p2$
zcuOUjYM>Q+TWrkCZ5(*dmRvaApXze>y0w9YvxEOC5%AK#=JF%aM_hZA8a1FRD0~?-
z@4y(B@}d_?@d_MgbU06^OlL4tnvW+NN05wjJfSI|)0}RX&8??DV5~q-@zO+;M!h!s
z@bc)!*E})l%$qb~J$JO9I-gd@mF6uOJZ8OlU(dBZOnb=CwVrpVc+TdlO<1G-E2Z7zDn+NyE$TdKQE8K;Ee!-t4YPLdeaPC
zO_;>f$#|O`nXk<_a=z6@LI`Z($@^4Hn%yqtjd&hx+x2ERQ3BR07tyB!9g^Xao{Xj+
z-gG{wo^;Jfi<9rdAF)(ceUT_kp17wE3|9T7sKDFVUk25tHPP>`KiyKgOFjp17Rh
zTP{51=26W$yA`kcol?z0e%qWe5GZ1(@$CeRH{|8R{tF$&se}~r
zmdn1dgBsTjUE$3P^D!ke4c{d=7J=~n_KWByHu`uvMI=sO3QNIH>xokr%hfxIbyGDUuv!#WyiJ}P!)coq_$B>bJi*x0VokjoL_
zeeaDDt|39SmMx`%SBK0gE9_fXl@;aDE>3~UN4#-aV7XblkQS&W9Y%w|qM`eF1&ys@
z8|^};FpVtop~`w3X(#xNi`t+4Il2E@UR}Mcc|+1`wyAL|W#n@i_f~$Mk%*s-^{V0T
zAKrPGS1r=Li>4Y^;?!b@Pipj(7e7i!c;Mu8WxJGln$$i^R;}o|
zqWGhv(Jbtn(+AP)X<*e18!(UU&m}<&WQCMGx^im#x!UOA{I*Hk#^XDMr$#%2Io96>
zepnEm*vIW8@y0oRoU7OgBmB9{`Ek6(x;q+0@-6;IdTwrH8*1AmWSfBW$0c4}f3yxoPj^Rap?qRl9khXM+RLG1Rgc8Wte}sa6X~zpFqT
z;;_+XQ<~LxORrZsKk!E*cfVY!B_1EVrY8rMJ_TGsU(gp_bGKb%;0OnP{^k%>>3Co~
zKf^G#T8YUmaT7EDB<3~!y$wBMq*AUn==e*j)~qYo-0jaZ|DHCLiv?e0ORxX#XeFj%
z%Zi(%a&D7n{^E)%1-{a?iKWMp|Cyj^ZbWdhy~e;TFAO=~3Jo%iD1OxDu~iWY(Um!h
zAY7-XS8!eaT2#1DMXEqnmRery>OC%y>d
zcM>^wC+2nUro42Y-3o3o2c6HqN#mQ3H>Riv;eHp#R(^{L>?yG7o;TTcF$x{;_}uqT
zTLWT1nO=RI;O!jmANO?%;JV&SsauEot#3*c`TNGWZuf&W(_|I>89c7LjiUr1l_VcR
z`#08SZ%*A5xWe(?_qU95ht5rY_M{JrfkqMGc)yr-3P#+~OuP#~$|*IC|I9`;-qAwv
zI>#u|F!c$`XJLU-?0ShZ=`YE_D`%U_p|JcWVoatMt*ZlH|JD|&&?qxf{;#oMpZR#+
z023h$h(``b(pv{8jP_aGcb3`qAf<+UE`2g%CjFQBi>t$s+|!t^L$2&OjfjfI3wY)>_!_E
zgFB8=t{69vmHp*&9R+)=g)K-A9NF(MN=-(PcMNK&ES=ze5;5Hu{)E-9nfWpeI$Wdg^R9E
zgk^Jnn>W)5Q^~<)8+{TC^g51ry?*fF!CN2DH-P{oOK%=L!Mi!nY*Z&c0|Rpt^F_ph
zb+Ek|oJdgwf{Gt_37aFt^e&gL+U6iLOr;zx*i?w%mWk
zpOCyiX$__9m`Zt`S79izFPF3#SKGuB(`Iq0imL`(Obz0SL`-xXy1~#Oz59X*ZM%PN6nMCnnwKly<1Jk_!Y0qx{*S76{X9@rNv-_&rT#Z2$Bmlq*A*Gk3
zR?p@(kIMsu)}{dheVPXo{$Cs1d_^exC8)yh3P&qj{DaAg$bocP^e4ST;arad65LC;QQx^{*@a#>kghHW}emBl)Sz=^t
znXV`WnmOgO!Y->Z85z_o#i)r$>^DvWyRkHt2Y;{T&35O+<8)p`3GL*!8@klb8ANu6
z0H+%ujA1BPVRF8h0V{Wiz}AQJ5fRt*&*i*ddMrsPD6FrbGas`c1mggm(^xjF&6n9sWW1p=_7}yyW|S$yq(g4N
zTpiNCtCdsvQ)ApMaZ2Wg%l%1I
zQBl$6e&*x|H7@IcxTDi*nU|HAU%nu36F?)t6-%Qwz|)39PB~d!{!FX3yR>5i2MteAMgSmYw!g%9PnYw1&-=SqZ&`6cn)5IW9K>uCA^Ihli)i#2AQG
zt&Ci3@acm;A#Qj-Ofd@x2^IG;a(@^yjA;FF?Cu$8&a@0B!jBE)MM0%YRbq~2Xgy}`
zWx4FP5JjaDMz&VOSN!Qu!ybzlL+%-%Eph)on&tzxnZV4EJOdgUO5G{EB~W|$6){N8
z9eBSR1K5+q*y`7mSu=a(>rzth@hY*kIE#|2e}TIlndO(0%jlGTvKpOnz2n;(iQUok
z(7&3}ZGR*IKr#RNlVAa1Ve5rzTWG(vmsh_&EftGRWWPKEzbz0?)g*i;liTxS92~f7lVQTsE;P+s%4jrI=RH?V{
zme)GGwpw53IOJZ9mI_s57&_`H&m-=QHq>zOq5FmN<@@l2{k}4@NJeE_C6e-Cv}L-6
zBj;*7571R)D?!qR8EE@`GIN4(A^nv|rGt2aAQ2Uvw2BY~lUt{2?cqZBA~~g!euskyWk6wz_&CRWOmf591Ur*0!B3Cxz3ga2#G82i87}S0Imd1-0IrfaR
z_rLE!=(kvac`mGGwQTx%e3&XxP+xl$Q
zi@m`RZ-jZfbo@Z?8~Lh-tU465c|4
zO*Kk!ta9!R@yWmL@qJb5^cGoIXK{~A3HQS*w|ya)TKf-&ODout@E_(Yn2om-d)8ec
z9l4cF$;PLN4E1d-C^RF`XW<%rKRNgIXbuj6D2q0?6M_f?Gb({re}4#Bn}^8j)CwhE
z9T8{Ff2d1w5+^I{FNuB%_x578?$Yh(KE4DBa)b4*~Zv=O=%AF@l0j6cEKp+rmz=r)((FFhic*dkw{(Baf!UV<{LGC#U
z9@vt-giSD6qM-)fB7$ctLZ2s61&c9u?}lslk-DNP(R^(KVBFC`#&a;3O8y-Wzc8}s
z8Rw~>AQP<}H6!r88S0Ay80z`{H6%&$s?p{HmEH@i`gAAeU*NNW1;a+0Fl2LiNjb~5
zo^T5uBy*2sWsqgvvzMAQ2eB0F7rr3iWxkuK*AP)S__{Qk_g(os+HppeOcnHk`(7uj
z*5~e{_Do^HdEvZD^s!+Oi}Pis#&7nWKo2}S8V3n?|LRyq^516Ljke;cmWAyQNF2GT
z21B?w_J*BwT!5=^6hiN_(}+`J)&2wH?b`}FfqSD*PIGm&w_5tfEW{DYbX^Q6R@fNw
zSP-W~P10`?pLm2oM0&x77!G8$e}t00N!S3R_QOcY-~3z|arr}5T_&aIthA&ss-bXV
z=bixL1MKsrMantD`0P3?MK;`3x}<{Rt;`CgH7IKbf#zF
zHsj)8uSM)i#*0FNGKHf`p+5*aE56XSZw#e~s6*{o`4nKw&;^7lnL4?2?$<&%WPg9I
z4{Z~`{}oB9)L9Q%gm+aYV*u|oz?XI7WbIE^j>c$bAt~w(zPf=K8*!Z27#&%LCsKpT
zl~P#=D=Sr6eoYia)Eawa#MFtRN%N1`G-DQ~JO3+#y$>B}HF$MtOfg9T8L4yIl%v~#
ztTTuw>??G6mRQ{u1X4=nVkKge>*6u$J(M2<1qSWPv_76D`>%B=h%zYD0Th=+$tAY9aqQZjwKAvNwS9M9|4VJ3lS>J?ij#^e7Frm>Rg8v
zYQv$@6Cj|NdZ9s$+~
z7jSF~l*3D@)+oK>%Yi#?U5lA9F_SB`S1E^QOohhR8XDb0Ljc+#
zHaVlv2CC8>@gS;B-6E)Mkv-6=YLH)%;;hHSY7NoA8XZUe`c>iMRjf}s&$QLbZORtp
zICXlYRAH^Oq+c~Hi$>m^XNPAR)~}GnCkL2EJWRv#pkTM3Bl74kL3$|FVx2zPxm467QTSs<>trAQC3uv3;%Fo+Sac2
zGqenE5E}XNErlP|NX!xY6pYBl+32;qZoM{K*YdH-0AT<-mnhcA>dCO(7i%&fm9sIe
z%`zL!R{uD%NYPUEOupmvt{-2K0FYKzNvk${>k+Zw=3KJ?Vnpu`Ngn=z=xoKBG|}5j
zad&trA#pLy-$_G=Px7+=l*+hNsX{wkKWHgOAJdU)xz8LnX?6A2WQNm9!MiY^>`iW+
z>1FFjR_2^zz6LUw3Hw2MYWsE@i6ESaACRhQ_Q(gb?VxKIk%)urzqI5Iejh%P&oxxo
zSqk(9jcPq$p)CfAWjzakfpIUN0mr2993Vg~^ts&hZ*(~^ADj}sf7$HA1T>&D5nJ+e
zYR9Dg#@@fE?kej4DCsR>_gXdra?((|<*0|{hhE|r=#{h!f
zQ|3+@`uN|gOA#%?!aqu1h2`$E%)q)&gAc%9FKS;j*yJ|uKGQRxf)$KB-w>RTknkD4
z#?j~LK)wF=s*E;`j}KKd`&;Ct489SHrD>2&Mn(n^!HA2QaL2pZ2l8HnqlQ1JWbnThiV;7HOJip%n!ec{5^W=&Q`W@KGFd4MEbq#^
zX^0b5MriZ`JF4{q5ao}@U=P!4ZkVpBDKTJSZU=2sL#;2IaD>OtRxo2}p!OxEoyK6F
z!96Lns7Xq(PP
z3l;0EIXPqaF98&r+4X|h^X8KtgymqR@d1g!d5$ldg2^hHRCf8AvrR|lO5`(_^Y
zxDKBvrP{*C6a+Ea3ag4!E!)XO8ES$AGxzHs#;*2n%3D^Tu<$a40K%5#iUIccnrD1d
zogaN810o`pe$rV6E1$bkab-%D(XUFhaEG&@&_v%buAKx=a#ea02Drb_QHVME>gh!$
zpiqQT$gxxJukVbmV;H4y+>kQsbjF^yWM}-FvB7pi2sT|0Zm5V$M)Yyzjp3c|N;!lx
zjO;tg5>%5+25z5y#H)%%mS@JO+i!kPBT5&b0n9s|eRc+ls;Wp=_<@l3Ukpk3+!hAW
zzzP{64j;*nv(lrK^V7N@D>IK+v$Kl5fE9Uk6RK8E9w&AD7epiJoV(M99f$$TEY6<6mQv5ua8Qb=i6;vg+m*CG(33ivE5hv)$N{xW7OWG4gw?^
zFkZWkdvMjD;TN%nOw++WPF2&2#i6;C#hfeE#FA&1F?_9Ua7Kq(bNDqDIUy;Q>if6Pz|-JmI!O#sGoQef4i)BegDbxePfO3(tK#_s;xRL`Zj}y1o%M4`ze^%^
z?P;Yo5gQHt=5W20XNy@?(|5>~AA#v&CO{dAsKW}J6)fnfZTXa%hN#`=>}nqRkv1f!
zsKoDMFyqT&#MuAi5&AApbtPGgW>VEsZ(&i>;R6c`zij%+=?sVbABOD(;~_ZRt|Xq%
z2~+9VUtei?0e$SA%rAvbRplB$&{NI69N+kddSTTz&N1%5v@K$I>4K7gPZ6jf8A4k_
z_tQrT2=sGY0X=>4q_V3hR7@7(d&Nk%Muu&(&@XlvFXg(^`6}7H>Qi~}u5)u_yUQBg
zE$V%h#iTi0>W{@s@+*A|6Nl#i}KC&J~v!5<^>Z}YGN+Ui-3nHUc=
zcL8u!ZOfw{UCiSR>M0R3d5kH0=V_P2X8_BkZGlMYX_oOP)c^W*)i_V3e0av|w3GAR
zuWAtON3ya*n`leIl^spG@+TTYHh3cbcHTYn^Cum_2JuOl^$rYJ55aA3mr_^{9kAq9
zuaz}jnOrQWAKg^gr{wTg?q$27PL_lJ&$8=BHQ5jbQF>0IDCg+-bBK9|``?CX`cn1^{cA5aF5A
z+-!6uibG{M^SQ5b3C|=NKP3xY1;*0ws%&igOmAUVW+k<}X3QFWdwxVeiaIAfa~ddZ
zo>xDkF$1FeJy!5oFK$*DZu538ImpUhDo;u%co65c8-#vR=%aD8DI2hQ#0%xFV|IT2
zJuA^0^u2LAj5ky=GvUR5CymiB<5b>!F}~BM_jq496EG~;1SB^cE`Gn17C1wHHzeED
zIzHvgRg%Boq{Ge2`D{8BmWD3sT9|)9N3)#zrwreKKK+c#KqJOMU+ULxn-uC@#7f8u
ztv?vV>HWCHKbTvl&r&tHOT^ngYc}&{G4mI`n?+0hxA%T`MoTwqflE_wBuOvJ6~M^P^}lt
zW!>(KVU*;l36kJ5l@buXGwQIYH)AMbk4%|_Am*0Gr{=7wT)GuV-*rTfJ<}6J9#M^Mhd;nZQrH=me8C8r^W0C!`j!2r96Dy6jE
z_WjD6%3~Jz?>heuOr7NR7^_18Q7aJVo1~KzH<aFbcT}C2XD6*H6
zIFj+Y#RTXB@fZOC6*^i>GiS#;&a#xI3P;S|8kzfjUsG@t1iTgg
zNAUnsV&(VI2aB)9u4M@lsqS5MMTWjRo2&8Q5nPS`ZoU!`PZ&;wrJ%KfM|rR8H`@6D
zefxdotm^O5+}EM?&0$+wC;j+PL!w-_@UdbX3hWdk%2+ol8onz0-Mtsb7TRQ+HMHUpQ
zQtQ>Ud*E7#z#DL!$ps{^m7Fl2NH|)u2}u
zqTYO45~nIH5>#%C-NRu#R~7~wSXylG$?2hODQ)PVSybdW_iVWP(#wpOuAT>LW(Gnr
zOxrOx)iwG!$B%oRj59zI?pC|EY9`WM(ZBVMdzi$0ltlxkDzEp_PX%U6;AmcGD98eW
zf*HaSSHyT23RHSG3fpZ&L%!I+xQt7cON6&0Q7j8ow{F$m%ld__E{v1v=kt*3GI9wz
zhVczB#`DJu&sjIH%*4_~3(gAtvT-WW3pr-X0A1oKu>h+E{TSGvF%%1N@iN;GTH)Z<
zAHiqQ(NXdX+1cG$nL^9k!}vmm6lOc-SWaLeOo*!|HX=v}ZO?{wLEE4!SB*g(st9&K
zsY-eSQ+FdX6eP?1^KI5*X_w5a^CS6@rqnI7>WgXJSgdxw{V0W$B+v3V6t_>bQ5xi%
z5v2_&`@x%NvrRL1+f6&>ume;{){<#sJ85^XpLR^Uzqt5=(;}J0E&xv39BSE`V`HP%
zy0Rb}<5Us|L=Wo0&~iPyHK#gKSzUd!CzGVz+UVm<&PDCqIj0o_%0W%6!Oy8^Qb)m#
zL?b5s<=f1Dznv@^@_r&N#qP(xY(~qXf@Ym2hU?W|jJSg&{VGU{Zyy7;l8n3uB6%x;Fop
z;b7wuwSYJzyO`#JA6Tsl}x)0?4&E_UVI*)&r2h<%Z
zXA#Aob#~=JbTh2G2D(wd5I#H2<$Q*}%p#p}KB5&HOA3k7e5e@&*-NRDJ8`SlJhOx&
x2=O!53-CyvB7uhv_bknT|+JUCHkA}O2TB~
z_A~%+3!tm11`NsD#D_IkcWE-Uoz-`uqw6Tun*PmaTl?%jVT9(va;tFjD)Rmb8(0Yy{Kjq_tyFB%HyhV-<`kwHsP9v
z`mOMM)ji}RkIj~V=bKDt3tQ{G_Uy4Pn+NV)C(7us41zqApEf)0t4CIHwD+GO+F54-
zfG4jWUH||-0G`v7-Vy>`ps3;=NV@xM7C@9A?m
z3Y5#2RcVaLtL>8+m!ZBkbl+5&Or%|{S8BkIyK=?Q1|;W`LwbrGmo10il(TW{F)|%W
zb3=yAXo8rW|v57*d`E(=d1
z5zBY%_B$25e1r!_87s#oVH|n{|oEOL^TYza`V;=!wA0Mqrb}ya!QA_5A1FU+a6;n?1fm!
zF;Ns5_|%PrFcjX|)M>rvc^?4ybY!lEJRBpiaYl}E<6Ha_qa?wB!;~I+Vsm@-6&Ko?
zLm+~JtD|Ow9RG1Me8Xa+Z|l$3ikR*{L5A6BD19s{7ub62hv@{?Z=#s>Qu?chLAyIP
zk=}ck6Sw1}y~Y~{>PAm`Zr1F~5^PilB9y8=mZ*
z#&hBu!eH(?Jx}$)xt!P&y(CrZ${||>%AG3A=5gwmE9MCqDWk0~5^I&6RBwQsQ?
z%1XlxQ|Joeek*n*Gr~R-HQU0!x?8)ZFhximzR5*&+x+-Xa~VSd`0hw~FOX-k*Q38uwX!}U?2#O851>}hzoy+S7n0fLs~^J?
zdCg4{6ssy)ZOe6g3dc#ZG9ul&4jrv(qa`5Q@%zf#pJ+!@oXim^JSZS2w(L)iVt5CM
zsy5<0)$%eGfiA4_EAHglU1uCBzGto)`HphkamL=Zm?{BjkR>Ntx3`+&Ao!{WsuGsw
z)d{6tO*Y`+Zo44EdD3P>s(6B7?UYd$flv(Bm$95eO
z!!S=-$2(_Ajb!R6E_SGob5s&)&_SJeUlg@yf$zS(9Bi;pA)oF#B2jP)u&8yBzAFSMR93aqD!1^o{H5wam3M*Dw-VAz<$xm@%5u&lY(udr&U|G(ppbXI
zo~i->JY*wyckT36xVk%8N0xHjL2M88#R9H(OT~TjDTwwq#6e1{dT;wR=!+e`e#k89AQ`IHXhW^N(se{K+C_
zTC8c@U3yVu`w6bOu2?2;WAbg7mz+vveI3Zqp=n~S#U^k({x{zS+y=k*)7++en#Z?$
zA@roTJ4#E9#i4q=tM$n)eFwTcCuFhP4MPV$V&@(8(k4_9+2^tGCR0S+ru9>-alp(X
z#FDFE%-B0`iYf+ocvR8L@~w7tY&o2oYaz?=p3Zn;cb^{HecD%^19GlWHK|wXwygZ^
zQ~YEQv2+Z+v-ZjTgm~Tl<7@?`Ft*fkNUq>vRFb$GCWcWu+!InA1^~R_iRtZYhMoRl
zV^{~KQ?|f2s)D0)L(JSj_B(8mhh~nMGToSE#0DbsIMQ&{b(aevRHfX!hGFWl;z@_^
zmFPw?a}9a$PD;J}aqye_#EEcrCT1v9Jk
z-|9h``d-~2d?|fmt)2{#M88AWjv*QsT9o2$K$M@}e!8DEDZ7ihbi(SUFI3zAzN-$^
z1>~54hkli%cGt!zyq54f<{bbjz%1m@g=*}4fLqC5lCo3E!1I?uad+KjpVU8^sIn}S
zz)BNOr(KAryev~y_}Y~I^7!{J-QnxI(XH#*L+(}~@8IJpNPEo7?J2%4wH9*b2E*&(y+L(3##lY{
zqsf8M%P}sib>AIE)1H%70%L`Q?|ManiXDc2TIcvh83FG?Dj)GA96V
zVwu(twAJX8)yarFmTryyNHmn$J^BYXu`zFGS*l-=OI&a6J1RZxxsT!S5UQ^lZOcLp
z{gNSe+cSt~OR9i#;_^B*M(7|}&%zS0GL|NfI^QbNKL
z#qb0n$L{W8J(eU9p}ljZ)Rze=+}I3LN8t4)D>!g-D1h~Z3DJqL8MqN;N`1H+VRw|j
zzrdeFOU3zL;$U@jwFmnx$+4NMi+sWpLn{P$*TJ>LZ8hc77l@LH-@g`niq_xdC`U%T
z9uAG>c(ikn%TNU5yxDq;9-2vW$=oTk-5KF$lqS}+sRhutoV?RQ29sXMe1r0x0~Gl%
z;D)gH8l;lwg=31V5TtUd)M^)|Y1dLQ5Y?5MUHZ6E(WjLsgu?OmU|c#p%esO~9zcfLx{z)Ck$PqNO<^8L(Rtx`22
z?vU(9OxlWng7?sG$|=v1&^p4jJm^^Z%61abvrv5MRZuVL1#xGdPd`{Fmel!>o>YzT
z8t@3(M&Wk8AQfw)J{s+!63ESNv7}InkaD2&(;*hXt2wqZNepJPW)po3q()Mlky0xb
zJDhmgquEjY))gIz_*8vGA}9?0-wru02uJ8NuA-R}PM78`${d
zUW@0HdaXWwzm^%FY*pR(REBC17cjHxY>$oL1h9Pq3~c4hX$G`ywSA}*s$JSS_s
z<$>-ROA@x+GRjWBz^1hD*zuq{;Vn3+zw;l!tLqcVu`oh_%wb;B3HCx^n*nw%%3*NU
zpd4;}5QKTFXIcu13=NswddoM6fk2+6=HL=kXX$4qj(gl|J0fGheEo7yuvU=W!5IjV
zU29=SaKy}skKS9^Z!){%_N!d(4fTp#?Ff6lLm5)e21AH_eU9d}Emr%FQcuq16-a`b
z2G!Q-dBBr==HQha
zVPzdP8x(dHFsCEZ>z7v`=LW)exGnU4-O+8Y5R1^HZZ}En7L&Yef(bInZkTxQyGJj-
zjkoB6jZa=2N9Z0RXTl=$3^F-+v#P~ULu~7>drXQ%*z2q0ZU(yB(qd8&Ze7K&$Bl$#
z$MJQjW9M+_e!D{62dPIld3DF;T9DiEwjeB4SHF6BwK%=iwS+?e)#^4)SkR$rmeXg#
ziLVrxG<=d$*X$_$Y(ukbEpl{ep?YkR6n?YXD0m=b2Da)P2Hp*&>j
z3X|Tgz4r^qT(4VGZmw{Lk`7i5j;5hMKI#Ydif6d*wau;6=@}!{R6}oFE4wQwV;|6!
z8vY=^d%lfp$7entgMN$IIhe}ZT4UVdb0Dr*wR~Qb3152=%}NXVXPF+0V^=TnVcOO?
z;Q4;6$HeSpk}
z{ytIPUjD00hSEAj(Orc8g5j2{bH>tdxwO%k=
zHsm8s8Rtv0OvD}}8IDe@K`J>gCwcD$K`?!Cl)XzNMFLM<6+fXD$h6F_ULUB(iZ-Fs
z3kuk$A1u_&vB@Aq3Hmv^Gxa-8OW;&q1$#bfE~g!3za=L$Ln7NvbI%Bwv|dR){b=Dc
zTQPZVLDsSZ(N>tqSxbbpnP64_ydpuCEN5oZc;Zzl$DA1Z$Wk$M=<1g1(9@9jNc-b-
z+JMCI{Ny*m9REKC7<-%2(Mwy8006T>{8U6WjpQ5(
zNcJ?m+u-91E;CAMO8=h;(U5X9|Zjq^8
zV1FODDKnp`AfZkvsjmuFA2y}&ykypu=?H;5(h1xls&GAXzY7LmUY+k6hzUOfkk6?y
z$iLN(?$%-vO=@pq1^`&u(qa23cs9~8Ds!?n6jU$kOpZ@Y3-4Ww%MQ5)c;)ySb@-Pm
z7Ui=1Ut*H~ntB@f)>bdOZ7H}M)rTYAPQtzIKYDLU*^OSPbGuMSOgXQP&QH|8@)~
zHU+A59!PqLI;wo$H=WbHKBX!7mnc7IX21;BgJSpn#-xWVO6O(?kzHDH#tevpklnKw
z5r|5q`uOkFJD{O_^W$aSxW9ZlPt(RyxhOrr2e|p;5!Xh9`7Xv0=q83kT46V>iqMfI
znK5Me`0*qByM?-*0_6A|JaklOdh&a+*ucgfRy1>+-DrF%U>W9ZIg9A=*ENeFNhCEj
zWO@+Q`jW{s1`lOKtxH3C?qKw3fxW}Nz#-Y?s|7~Xwm4@EO`k3zvsxf7y$;2+R=rsH
z#cMPMN0LR%Ffq2xPG-T~baDnQbvc#Bwe5fJ36O1Wt$3tWYPWeMW9B4W
zoe8;;*FF|wyR%jHvqM-$2fM!#9%Pz*7VuM3uF*n&R>G885*sR{G5y$YWs0D7D|zCh
zQ(evtu|bEvc-Jr-SF5z?b$rnlPG&bJGI9iC^=Fz(MyW#B6cttNP@h{$JlVFa+M_7g
z9KML@D3Uw+Y`diMF}Vev&#L?nj>K+R^>ShM8BRAKC~k7S6?NAu(q6cleKp{;iw%A<
zc^0#?c`d-??_}D|!6G98p~BY1{MEs0+hZMW
zIUOcrvjlGf%sP=+mQEa=>>t^a;q26Bz*Gcx!NO`yP85W{#MSYZTIePc-K8nEk?s8!
zo$VTM2NL4@!|=)pN^q%ka1O;E6sbm2Rem}lXvXQ%0V8&j9y%aO%7S(&6AJIuJye2*
zZD_3C&7egHN3akEbH?7IDH6weiFI|OJoE85`!S=%lPU=~%)SU>ZNqgv&_)J{v`TK;x-=hb5
z{&}mzuKN<4CC-)5A$YyRjSWas7&@=9CvXNPNmzCG2PQ)D7%TO`QI#wKx``bo>>kNo
zJWAiyV#V_8uNO={x6EHh^mq!n{d#c6{Bf3cqUjJ)D{N|B4i_6zRz*{geD826Xxq33
zgE33M^mX>0z&PcsdU&dFxi&egqHm>*kG3oA<(DxrUqSm5Ag?@M#_}cQsipMd+C>h
zSy9~WS~xkXeK<>ap}w@|MkuFTiHRr~cgT`hHJJ^HoIYmi>?k$VfVy+Nc66bho=^_a
zkUDh4vJ||gW)Ni;5YTkGtx7e=+K1P^W#$QEwY><4HQk{KxB1MgbZ!qT!C|nzOJ*t3
zzCRz^g)GE|?P4rxYoUZp-0$pC;c^;AeTqyJ&75Jx?L~7+sHKWOj0O&Hg@vA2bVeF*
zU0_9z6l?5eqa(DFl=rf7a&sM9-Mqag9g~zR{?6gNAfUIlBo3w=zUR6+Qq1`%#COh1
z8_ErfJlcbmmX`X^dnpvf2#t>jIZpp`iPJLOB^=PJ>Fiuyhg^qGJtka$Ro5Zmz5Q%}
zj(N670Hs(XZb{y#ez90GJApF0DF5Q49(ZH)^u8`A6yY`lPgLqO1GO=J48mz|PA%@U
zz&+Ejpp{^JIt%u*a(G~yQ(KQwc2RtW+|CwMd23IA;}o0oXihcR-eG>@#`mywch4~*
z5$yJ9YFoNa*%dduOKfhcFVmh(!se1glu|xI>D~6TF(WlT$Bl}8SlxT
zHt|EYBi*WHNom@4Ci!-A%^m&)$R&4TahA2O@2nJKd7>bU+@B;We$f
zlmpCJt!H%boE%OJ7JI!6koPctZfO5COT^=Q_wLO!IO=RrXl~*))2!>*3&p%TbB+@A
z^Xhf!!)W(>IU!s8^wh{weONdIrT5m7?o2h@?CV4YUNl8oeepis^U9Kvr}yGe>R)U7
z6CUpD4J(iRme6j2=`Hrqmsd8Ls(nz3ocNvRxNALb-;#M5TLu65sPwHqxdm~Psd}ec
zzmi2X6AULW8t5z(*59vZ7d-78wv?e&%JHxp?v?vi5ms{_^rm<=qK$w$!t@A%lgxZl=@vx7;}y<#$MM+nJ8u0n7o
zzqyQoGck8J%p7!vE?#bJmu}5K?ooQVepy85Re{E~&&z%>V`qMbfSMnslfCm_pQFDI
zi5UFn^BB}u&VJPh0oUckwVNtU){hTAi`mEzUDR=3p}h2ZTG(lbDyykk5ifR686LOr
znr$%R!k@M_nqpFH!e**jun*PvgXefm6qgw5*QgF9_rfIc<`
zZ(gkeOd9KKG0+5b)rAbetfKp0S{p&-qFUtWv{TT3d;0m4)}8ocU0uLVq`!
z_0^*FC|}@ZT1Dl~B9)m|&G>&P0=?Eu4Gu$3oqP3S(Vhc9wtV-6mAXhP!WabyZvX4D
z(SM!b{U2*b>V(F_EFC73v8#Vh{M(bkpp<6_d6ePK~o=>
zJZn!heG}eezva`@vVD>sLqOJN%Iab1juSrBY?Gka^i;7R8aSzmKmO@z7}c!Svdv#j
z)9{zXYksQ^&k4Gf-5na$*nXgwB4orTI+R~Albix9mT)ZB)-|i1o4sB8GzwwC8Fv{<
z+c~Jq1qSn!e)I&P#s3_poU@DYZc*S#`~4vd&p^dmLG3_{vn{*FR-;51jV-}H*gCK8
zzxD|1T`%_@p;^j}mSxym$r=L`{!&sTm(plkrCSi6t?&NR%n3k~UjP
z8C|Vi0eGdOms<*94_4vKk19?=QcF}fp(41G2b*gujbG0IUVRZd2JCD}1s$r|L%8V#
zu|I6=R1x;Oq~3V+T-Efz3Nog*Fmrj2`r-PDYQ0kMAQN3fVUtxP)PlS@a{YZ*We^J0
zSU7K24ml*HQp|OzINAys(Ei-L3X_SC#piJFqwYV-7^-0H*0}o)#s^}`$KzkaMcewj
zUnc%6{x!EFuAo2IOEjL{QTX4@Ri2JTk!I-fe*emP|Ld}9QCVd=Wcp;K6hkB1uNJSR
z|9>gM?i|Qxm&J*R3Y)tr)~0#&HO_vA@;?Z$ibE=5M(2u2zhr25u4py>TE)g|4UoO8
ziJy_zNQc@3`8_?_xf$sK1!kI
zVG-b}yB$O4N+l^%w&GiNwvs~R=vIBh-_Iygz{t}Xd?O7c3Z(W4jOUwz!L3LXDo8$+
z_DMV2TZcnutNY48inDd2r#`}KpwV-h6ppiXv2MI;EwK`?^uv$4)kCT@;b`2C+c|Fo
zZAE(F)4AxBwCJ@-&TK*vPH`#NdUtDkT&IV`99R8@STX^T-)Vuf5ONlFuAJQ$q_!dQ
zm5swby^1=eL1}pjR$l<+RyvDb^&+}9^0HaVM7fU`6%uxghSFW;tQh+ub3embn|EN#
zA){670h_|sHGSDnnqLz6{I`x5F9?cXB%o_UIk~;-3EeFnjFK}qq?g+P01lJCy#OBP
z1!FC9pAUMrCLoaPH<-OoWl-2n>UjX5AUakM<@tfmDsE>4opW@v?2#Rk;sP0s60Uvi
z3{#hRAU;6VS(tjhe4YPm$QjM}OQul%-o77w^8HTS3Zs@rt6L?y;(p)aJ6dPY9BZ?Q
zRK*i4vJwU^1$@m1I~RXku^4nZFQ|GYXI>30N)Py1W?u9#eXJ<(9dio_Yk1i6{cBzex$6|-440RH;OJKbC#mR~Eauv0KU+%^P=$+ay@Sf>-CiL-+paeS
z85=U61$pl0+uAfGXzYaq)~_#F`HS?jm_iqw=qvRbdBC0gi|Ir|!spHwTd71mvN{;L5pTE_N-K54d
zn*G64Mo9Gb+GM)kY$7eezQI6*5v$U;K{G5G|Y{Kq6x_ohp{W9N#aW
zp$&baOUhfemF=juRsAp)iP4bW{W2~CN|8K_nb6Tr`{6ICm46kF%2!S8dsE5a%RSxy
z!_Tu%w)gsXzTRY~?}6FQ#&=Z1mzdNf25KYn!BNga9U@Tb!kd>D4fcK>|T_T*)%2bg9$enLZo
zdy_qt_?;UU?ksMW7HELxVyCYeuXZ$e#a|LSM95{vRXo1PRMqGoot8;%EQYOwUkc|<
zbtc>uILk(pPAot619h;^nW}HX!-bt@M>Cm#`T6|P=3bPA_eYDUJs}~P+An6{l{2c}
zST(Lxc(A}60DNdmPoJu
z6a_ACa&(}jT0v#EKP%9r(LOd`x*atk)$*rt!Q{zo)phh!b2nv*@nRqb7Kb^_>{Oge
zlG?Mxohp+quTCEpBc(W;k*FqBDUKj8YMk4t@pV6OeSjmJl}Cx~D)OticcWpfu%dF%
zA7^9sI^V`c`>1O@m?M;O^Seoa{
z$Mk^5W@;{v$tJcsnRJmK)w{Em)Ju<=jraT{n^auaOmzHWfEFPm?Ou;0ze9it&MukO
z86v{_qr%f)trpmFh2DYEliVY8%z6>W%H&~K`xF_9QBCKq?!jN^ftIu)q3pOX1?#WG;%O>F7
zt`gNuV@dUd@+a$;)S=E7KHs*wQ73R=LH+dM9jUwRw#!Nl9XFltr{{gDIB<@yvpha6
zzOowoBg
z#|Qp~RX2;S@mN?MsdQqk2g47}l3O-|P@9b`Ji`b0a1LtZ{nX9%f#3^56I#nb`MM0<
z=;y%Vj>F=?ho!5zUC>I4eS$3R8P=~=xp
zm;it|EG=a=>H%#mD#ikB1aUV*Hs$>#;D6bR6&4}ONBg6&$;GC_6y?>MwDzrUI&!q3|Knz@u!uZ^
zF^$ZObeMF$ML)vHn)ISKIaQ%X!!Cc_m23k3L#tu~OaiqoneTln782*GN|SVVQ!a98
z-5d=-Nv4#U>oAY5^k#afYqhI9^!#>`sXBP&q{mOIH+}&9{zd{3x@{4#jO
z`07p_u;{EId?us5HkLPWC@xF7KM`la&S
z+k(8DcX0>~<^mV~3@gQ620WI$fXYRSah08!ysf;`bb4M;cYO?_dh~wJ){RL-pAD|?
z>AM_OnhMEb1Sq@e9-iivt$0z|Rn>=DDOWMvV-S0cZqtUT($NvpUb~L|f>hw8ik9
z?MEjByQEN0M=w$fQXI#mh2Z-+=phT~@4g|t%<3cncq~DS(dE(tb|o6MM?vOY5@ub^
zb!}yO9`&amUNVE(TV#oc7CNw6So|8tF>m96AVubnsQbI)a#cqXId
zpU>LW`kCqZam3f7Mj`z~@X;G*^(VM#O;nNwO-Cp)bo~lo*
zgAY0_%NgQyrC9g6?Pwh4-TyW$u>XGHOz))(CFu3QO%AdKu9thnKhu_mgBqQ(>04@w
zN}TomMFdkXL7&^2-A8q{c0)q89imPdEI*43*k*DK{z4)}tWyX-jQQ+yMfIVnOb>cy
zvdHKvPwQkRNA)T;@MCiIyYsTt%5vX}(lP05Z$A32Hbpz;UXY+shMLFEh3?_}o2$QP
z{d#s_61n1|vsx;O3L?%#x=Y8TF%x5V$?KC$pa0ozwP7A;pj&qh-iiI1Y(2K>82Yt;
z=sfhQ_uwtUk7RCPoS|#GsuYx4!QT_dBS#39u=#vY{bNnt@V!O+3k_fy+?kGXz_ruS
z86_%(aB`8Hmetj6t&n)xzZxZlx-=xFscJ@97)^0jn8W>U^$0B%o3(Q*5C+C>eFf?X
zDiP>Jgv}Zl=?wvZ_;T0O-~we5tDRERKibAOtDfIOWUR5Ce4Jr2Bc4`q72vVx22dh9OWdR{#gXgW=sm|Lm;>1Y5dQ%~P-r6sThnkfbeFIsUb+_~2tkmED`yUzRMvEDw2Wpskk7z@1stpV(3hMT{vD)V6h__F>BM8h)#Q`!U?RF+&VJDdEB048hEJv%ya=~3r@
zqxm&WPA1wReG6R}Uixf~SC??f>?PJpI!jZ0nnfR~WF&Mn9-Qftck4=6;yb#cjbF3w
z_O4-ZDseF1)?)UAK{Uel>Ok@%3g
zHn^~)siE(y`F$yEWU6#ZLVNUK$_fePn$_r~lbt{i-$xyGAVRRbw3b1vx4jO_yxY@o
zFDX{7v+0)3jQH=avzJzbw)^-Z3&Oo=-a#lUXx`2T&!w>DT=<-6%fY~uAQ`sjUu|mf
z^hGj9M#4K`9>WKO
zcf!edx>cNl<0~%*@|(!xF5QOp}Fxo>^NOFCsoQ;^z|yRAI6u
z9pLfjya^V?)9pg=1-=B6R5D|qDnJ<=I^1@bYABy~{&l~{V38|<`X1L>mN%@nuK=lVw
zy-x^}9SP%_XpZT5zMF*)ZuMC$Z?5>%XVLls^=P$GR{hcYo3ya{>_~;jQ+$piMX%f}
zS!tMZqs*Wk#2I@;_!Vu=LOyYHhU_#TQ*b=1u~*2E(wyhA&!)Ky
z0t;;KeqHFTG05&s6iH%?1D4Uc;PkG3o%nNmf=D>|Owy=|XEH6;GdwuofIi&rxpFx0
z^(gj^9!omxx1ytGa%f)GAG1c0KCk!uIvI|K#d^?I<6z|Z!}%v=oEQyfp@|{4sL^Ea
zkyUxACI&W!r+yAJ$k#ii%Tv)m5XVcTH7dVa%!{n~`-p(=BmRHiQNMHGNo(Wnab
z;;Bnt^3k|zonzjYEr?adJsLk6$e^JdDZ#y8S
zomU7IunoTBXARxijv@gXNr#OImcHHtEV_sG#a_6plN^)^O
zqv7d*QrFQOLS(wp3B@K(eH#C^@<0~nO%SjZWVA;(_aW}$2GSUY*IMz6Uh(Zw9H254
z(1#AV!vQ$Cdy;{c``K2#yUeB$J8`YSdyRHBmIkVZ`*!l0eEpZl<|-m7n712`VfCFs
zCYHdmw2TSsENy~|;8CyK7Ix-{pL=uSJ??&>{D4_i>jcwTiOP#!Tpj4^T!XhNj&oxz
zLVKmZ{&Uo>6ZMaTu;WY1QqypTPV{yAxcGQ@f3F4Qz%QoJdS
zd>!!Wj==w}KJ-$jknajNxs#0&o-cQEN%NmXqd@5o_;<7n5%K
zi}d+NGbCFl|2aH29&n?51+1FIcBk*6*(mxYG5vZ;SR4A*6q?0UITm*C=7q&nBewe1
zNS4>bF0KLp7s6rfc*tjkua;LYllHsOzguZUbd*-*_?IA#HAs7>NRq8~>%4d`>SXZU
zTGxAE;}?24IFR&bo9^Z!3uKllIF#P}=(UjRd%3zkpEs?qu^8-%nXPwFKcn#<3@nSr
zpTxr0S3}YT1#vf8{g>o38eUs|lI+o^d9RXuH+z-;3((TB{jRW&sxa+VSrk1CGRYpi
zlK&^!H05+vj5u~3-NnBqjmO5tPq3)ad{hxM2vaI;-OD`(?^OMUa2Do&fCEk792^&u
zI!b46C1-L}B*?wQf?RJ!Y_tfN^(D_+2uFNWiRZXZxRBje*ZsTP2{o^-N`MTn4PW-T
z(xpPqnRR3KC*5skg@RuC*l*OwOJ4v8)ctGNW}Zd&J^rnrl%_R86qhV%p^Yd@;4|{q
z(5+H*j{TZ;bh~UtOqKw&EFs6_V!qhDm}{}>L63ae_T_(J%tJyjLRA06jK*xLCxVxZ
z`4?L8UTq30A~y+z0b0c#18?PV7eV%^zk1ZQGLj1c0G&}?88;VO-06sB?rF6WEnc=B
zO`G1oZV-~qb`oEc_ZVZIwGLvjbB3xGS6&4s*lmtX-KkedR>LdjDS|Jjji%p({XE3!
zfc?H~GBX$(eH7!YxI@;+hmC&TJ7v9`p=4Sqs`OW7zf;(>Fc2)9Q2hDmv?2UJlE(bc
zUf_N;SB!v~F;SnzMoG0+J0zuM@2cs?&AjI-yQ_6t#d-T1!bu6it>3um=_R66(Z2Fp
z?j_i2SiW-hj@jJe8zib@-~M?oOVHd>u~Aj7FfdzkZsn=ZadrSgifa>uJl_7sZD}^5
zQmTYzc|}VK79)fQ!uLIU%8a{h#gD_cNH-p8r*^r>&(3Ynj7ZS2jJ2LJ7aim&}&fxCsJiDZqP!#{)^
z6N$(76l?1CBE#yNvi5&p7<@=eVUqZTl`UFhjdR{D6WzleB|`9a`}=c7As`Z+ggOXz
zD@(rrCb@HO31;veRP`dqx9oZUv778{1gVIxYOtyJ`P94A&)*c(`s)pxAz>v=X)BCoopfou
zD!R!^XHTBJuqfva9g^(T`F=r=S|`64c^drPaw?1gxLmH}EhsuGn$1-;`~I?B162%c
zWg}o>ogsR)0stUuXkGsM#NmT3$CIbe|6(Q1fAdV@Z|a%M(69+5Pt7RW$pBp~Bh5PX
HXVL!+&ziqx

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png
new file mode 100644
index 0000000000000000000000000000000000000000..64cfbd439f3d472bec33c8ed2b67db065434dfe1
GIT binary patch
literal 2004
zcma)-`9Bkk1IOvf5sfF&oS8i4VHh25bLE&hCwnAWvnX>PQ8KwAw-|CxU%8it+(xq;
zNjyZp4b#_l=ipYZz!>A4ftrx-u70oYgYM{LlzB)iLK7YA=FQYUtu)l424SRGmyHneD
zGCX7q#LVyYvx8`NgzpTT{aWC2TVcYhHqwxZUHs8ndkd1bfxHbN#&3dIY9!3JBh~1*)@#u
zX#K>xT^hX|yg#Q{G*A7Z_v1nF@fm)D(T&&XXO-8s!%29}{=Z)QdPMf@W2J8GJi3%CxD<%Z74Ch8qtB53vuePEIM1`r*bRK+PVPImB9Va?szc~of!uP?lR9R
zIi%IKM!VhO6NxycA*VUHJ$&e{8x>?I8}*r;!Wr;cP0hcWaMULjxIY`DV8ktB8FfS)
zfAX$imhjc|{{d@)=NJr8N6bHHk=5iDA7{Q=jQxDzKtEX6ayF?;&!
zh6LI0N%qiIGP}4jTDd-nkOg+>zG!su?+mAf(5+^NbwW2nyE_FjJ9pId_a=9);>XLj
zgw>pl?d
zq8ZruWMBDqLXW9E=XTiP-hzj2yCy#sZa}$N6X7L_fDR
zlJ7h6GjS0mvn73q*j=?gCA4evKt4Xr=;lY@qUQ=Xia1$`77lum>O2wZXX|c?gr(XD
zbrwXKw|3TSUhr?+RE}Uu$>#aDYICjKss^{UC*H>7Jnpthlhhh0Zow)f>p0>Ss)QV@
zxd2a$=tx;h)h`}Rq8)J>K~oaV%}X3w6-B;(VbE^Rx)9>3^&JAKk<3?m{*
zU5*I#fNI(3aSHqK<7*mjNs!{125z`85hrcuszLosku4U}ts3|HU`!^(%6XfI7mJkP
z34xUqi8oJtJaR^2Xa~;g>UHIb)M`VFJS%9b5;t;PaKz5|xu#r{Z#f-T*)v$B6HLCHO8
z;+u+0!Rumz`h@ODZl2pVuE#+=%VJcPYvc{~ARrc}Kq@q+_TXuVL9;
z+V3l~P*g^=PojYI)o1nW0{6rYq)+Lr>+%L^{k$(e6oaCt#NUndLDlbK
zWFTkXD#*gPoD68(y)X71V8B$BF?qyMCB;fu9$wU!!-m8|he?4MQj}n=|CM;~_E^~~
z@-Ab;A8T&Z)j$RZbK*WRtT2%@qVK2u8BNSU&FOAPo7o_Ex>XaknFRB0MW95THn
zF7*KyRBJ={-p2f-V69{X*2kk}rgnU_XVTSHCa)H%&G;e)Tj+&Zks2m@0(o@CJ*No&
z+A7oR_r|Zp#B&tqe`VF{etP4XP)!`!k!!&@BL3@cz4>k?8#*zOITa;ESLBZ6Ml2$p
zP&@54r0;f3bD^%;H|>stb$&bLpUTiprOrFL3qtX5r-bZ)-yY|jjh
zeVHu$Kzq^XL+4OukI!?z
zzjMBv=RNTOW;1)w+H2PS=XG6+?s6lU~#6P;E!CJj-v}PT*
zu3_hg{7Q4;_%%Uw3i=zNd;~@yj>!EN#6hU}p7$S7;vO@xwJWbNX4Q
zfM;=G0XvA3GZ0V}vc&!)5xd8j`~}^%K8Wpm4GRIe)>}CVcCKHrYK6+Ff*16D%>@16
zgD=9?4=(Ko?kRM!HGS~#{L6R;MOM%V*-+2?C}|TgG
zi^bYQ-h)Y_99tZ|z88D7VV42Pom6|xpUma1_^#2QJEZcD_fGh*Wcz0+wT6C&`$_tD
zx+B&~t9iz-0jRdpI37qJFZU-NSc3tv0BfCeI&`aKe+*iv1|%wSAlov`S)oGU*O
zz5H=xR{n*}Ui2}DadC!&a@XztF+CFK`Mw~jpp5P{9#vk+&#D-5>OtibMZXe((Yo6v_7AkZ(nA;
z)?|$^;GSevIuBT0VXQE~0KxsYORT@jbh>8PxPv;n>
z*lV7<+wHO4Ab_6BuEvv&z2d5fTBhKbE^Al%r@}KJun?XSYb1`9HZAeWGd;`<)e!Lwa%Rqwp9tK!{sVg5^zkNCq+^RO9S+F;YyR1yzZbs)X
z=6mZg;K8QTp*Bt4^>)O3??Zra>o%}t=&lMbfD1RyOVk8hZ2Y0QYW?Aq>-ii^n2Yd8
zfga)U_R@ENTSa$c|J!#X`uVse5%2ULgdo?#DRy2fwbm3ca6-oo7TQC?RGnIl@)VG6);JXkUfOJZ`5$dH^qvuGV`W
zce`Y6y1Q;E-tLqIU+J}Bd#q5Q9yR8s*9IaYik-{On{S)_4fXdFwgdaNXOJKT&ILCk!-qVoRNg?U!r3aZCm;f#7w;t}2D?6Q>?&
zGC)~fOc?Wg!mTjK@TDJMLA_@3&$mfaysDXpr;>mrH${W-NnJoY#EM&}9ya+RmkTL9
zh#uDUU@PkFa7fbaNR-WWZF`^feJ7=t<8gDtWj0;X)xyp3p*pmq{$UTu+4tF;k^&8OY|NNRXv%hD#!kV)&tyX0#{9vzn;86+HY)%1
z`s7EkFkOX#g5{$(7^;PFH~SLmk?^YFOz3kU$drMdB-cm1Ha)NSp`Do`-)b(_`mds_
zTad{;sl2Y)f%ocFroHk}Kq2YGJ~-3Ct*yQ^8+631Nu#XkRnX?hL~dnFpAT%ohR=%@
zOOgnzfN=X2r9nmO&+?aY`ZOkk-AV4eqsJ_HQ)?wZtTcM<%=xJjIE={bss;4qQXwu2
zt$v9CCkZ18xm9sy2fAlQ1MLCDiK#lO2v1=Y)@i5vz-m|y0x_{z9O|39qe1LBK^+sU
zEALw|u*zORcqCUgVWb{(zh*vwEz6XsQ9;hmWWoV2T2h#iLJSt-wrHmZ-!N*u!3RAt
z?bX=H?C8bIoSn~&7f1!wobLF&jhu+UmW&(*_0>67*0u&6dzF>qj_mdSWFch#;e1zg
zZ7w*o(A(Dkk{WnoQgc=z9w#@4%kwT&qSp(}qzl(a*bWO?q9k%~RDC>^3KN9oJ|oOi~<=l_tXbPQ9{M
z&_~0PoS9}HK6lgQ+zC;kVnu!T;|VuBaR~WFiPx!>Ggv`}eIBMNGA<{Eu+r3T%{2Ho
zLx7t=+QQrqU7tSe^LdfB-}%DbMGqcKS?>DmU6wA}!v3^g8gb7J5OINSF~W_RKt2GP)`fyq{goNWb+ZZsJvG;p7&M6BZWW;)J~>3Hzi4#sOAjf^x21Chs!0
z;n@|Q*H+ZQT1CbUI-6%Uk>10;vf*mGx0u%@f!KHN8?DwWw_Q4Zxc^O(_C4PH{cqXh
zV`MqJ0YMjriN{lG`mK6e4B2?ySGz3uUMn9TPzZZ${@en`oB{aVS1nDVUAf^-D>;1X
zuYYF8cFly~WP^9zq82#54$!16sX?Mbt_Xft@G=VN;0}Ztc%1uD{(KwW=x!&x6O0H;
z1h?NW8NQ#?tQJ?@7Cb>jMU9>4=SNoL6j%J^-Y4vp9;Y-v_LfTK&kk_JMimbc@wPC1
zq=_!$PQc^9UMzUju?852CP28{f$?tw!JSAd+(R4w8)1w7Dfs?l#MgN(ML!hcp7$~A
zw+!8O*jJTOCt2EbGrZZNrsK3LK5@$z{-xkezu;nQ%i`=LQ=PiGcQQ*<+r`8ON%+ee5(WJ*k@sA!-6yyel#6`_0L2KigH9j~;
ziBO^DmBhZW!q%E+Juv-{;RUC}rw#7VKY<4EJmX4Ggi|5|p1VmAnTdLfv93iCt4xx;
zue3M+N~7Pp@LV^8ka8eu%Y|N4r}WUGBF%S4iy4iJsy9(P4VT-hJiTHumDqr9
zaLe~&#mvDRm!(KYGeK5RUXSM=bZ0-e#gWPAon@}+eWfL41<9MB9DYC8jLI5?7wBcE
zjWR=c)m{(CSf|GF7YDipj71q0b$paDw??Ur52ukY2uX>UmmeT=WiGGCq17q~X=Wxl
z+X!R)8sH{4sbkOj&Q-p30K6^4^Btd%lho0sOknDhI{|@%**o@v!Dm(06_1~>TDm|;
zyMUxMbpbYWg#swj7p%s}|5C8twPx
zVmo=ZP6_nB^40P_idOdI7q_$yu1o-H*m!Ox6=5_vZ9|$UKWPp~Koe}$9{&@d`=UMFU6Fb|m1HEW>d
zDrmOZTWWeSF2xkGUWPd~+Y4C4Jd~0@-`oA*yrE0Su6oU8$6Ic$5vi-DDyoq%y0fA6
z<^AFFc}1zx!dlM_w80aB{tHualf-kntvcRwjFR&7GmGKT?fwEg3V62q?9ip=u12BB
z3#vVr@yKB#*?7g_`8g8>nE7}VtD{k8aYcxR19MG<<51EUj&r;+=qmZ@!e!j+Qdj{6
zGepX>c~`HEPFZVCWwMrE_fVVnV66DBUpnD{&b9TeU+OyD&_tOu{TBP1upYP!eo@o_99I~1f6-o#bCs-7pRGI9B_(dA0V&*jT!Raj^tjH8
zIzc|wm~eMj&3Oa*Xe9X4byPndK}F-TF60?u%}kv)Nb>H*$AkIbtIErUY@69N7e?C(
zT_pngw>3~?4jbC9;Ax<9AdDgBn(N{F(e2XiHuZiq;r1t4L-Dy0(v8>lC*D0zAPEjZjy(`zR#pos6R*W}-MOhm&=c5e<>SPQpbSA;H{6ipEL&{P|;p4I)C
zBDiYI20B$_wOnAz5)@5*+}S$X6CfCbt86~{GT0O`7XGrz_8iCof_?$5rW?EJiQrQQh&(8o>&uvFUk1h9(jm+3%akr$Y8t
z|6!Njt>0-GS%Jo1ryqC-bs)dtvvebI`=|HRZhVjwZrW#Vk9O&Il&Qrk8d`my5!SKK
z5T9Em-Gs`0;|P53*usnxgbAXbgvC~oHjYc{Rt&vxF<$Leun
z+vxV4#=d|o`v*`^bhiwTFG?IyO_-&}y<-P%Or?t4@!im-(*8mw;(8F^fnefH<~NU6a8UP>Y~9Crf@>?9M7S5u^biH|
z#$yZ1(cOM_9@dC}WUh{`x-kMEr=()8!s`rYa)cw=w4iqOC0fjV-|T13&z*)c-!#J|
zx6e>E%in>X9nQN(?VMHFj9Q9T>QjXA%VpZS1m$5~=;=4QNbheXa)9@>jU+5^sPK)D
zzF0#ze1P;=UZ#gzC&EqVmBM_lHKyH#eMAw3+?Y1}h@y9+)Gb+I?&
z8&d)VWe|!PdgHolY(O*r4v*)InmQH9X&k3T6<74SoWH*rUSVIL>VFO0Snum*%
zYHiA@uoi@a%#$xg%&ePzkWmjk!Sr~pOb1mUbcsCclaClyEE7=;0cdR|O&xdmA8pn|Z$`yk%
zDC6=J8B#xoX-Ul@UA1j)!1|2E;`NyRlYFkna&$zy-B`5uC?}`Q+XOlbKLfYPl6xJ$
z*t{lvKXR$O3`d`wS>;fYVTei7lhn7GN$Qy(ye#_M*P9ltEI74Jinrm6On8FV9hktT
zFOMmi{+$t-OQ%D^4R24E%dyx!*THB9T_!i|Ji)fav36hrz&W(B>~$xez>s=4M8$lQ
zGE~Oi|Hb%HCNvqFgN}zd;5l>2#C_^}B9?72nk*l~FTQU)AwFz3)Z?qwRvaDZ$dEd`
zeXK+HI}$xE{D`Ho7}5UvS%c1yqP<_MLhE!gO4hcn=5P-!
zQ_NT9F1t|>E3HU>SB4z27*1UH_hC_m{kf)~m-)QMbuk)^J5r&PG}oN1tG#Y*RgPrX
zNIjj47yd{^xW%xMrY9<&Gt|$dB33;k##qzJJ|iIdYY}0LCrQK1CY1tMr?2dOY+8I<
zC0(#%Q0^Li8g1Sbo!O>>M4~AaziC2(Rr$%p)Z4R2k*7Ep45|;x
zMEJVHwPM?tL$oWmv6l|y>k>ScAbcNi!*L2w_!>oQnFzZTC@YNoDGl%7i;ks
zyxJbfAAUB=RiFsp2Y+wcdy^CnOw<0i<>pH5FT1l7iknlD#Esy&@9FaJ<8GiJ{kC4(
za{DI1_&U4AgIC+x<6y44$pOH%oY~AFESJgUOx|R!Kl@YCB3)C=sM#}lCd68t-ikU;
zr!AdDvJB!RY}m)hpHPTIxal^^XG8`BR>v8wHFb=-a&-Oa_)09qm=f339BdwWkTJEF|
z5n$+XOvhiLaZFa+mraAOS|4ynMhg|*8Wog5_M$8Y{bRlMLHe|?#-pS##f@C4%Oj_XfB;e%WMPDHOaaf38z+2CAd4gT5|L*92omVZj)GSqkv
zm<^=}Os|x*&1a9{^}uvr0W1s|J*DoO8s+}prLXVHFbzREiz;l;o%kdw5;C4BUWjWl{ufuh&v|k3;xsxPzrbSg2dxwp>e^V{>4wvk5`YA$?L2i$fv}DZN
z4=X78Im+)$%S;$5w}E~Ej>Zu{&ifOC{(y+XasRQ!^-9~D+AK@k3OvcIpZDH**ACzJ
zNrPSwBrH}fkUHB~o;a1fk>iswn`tGJT;}$1A6_rF
zXo)@2Qc5hG;&bVADLOE$5DTH~fD)U=6~+Tu%Ve4w`%$YuMhDIrVVqH#T>UsdM_b)&
z%2cF%pRv4%`Q32zkuZBlV}COEoGqIj-m%=Sr|WcIm+A1
zq)w@oZ&R{vIcy4_aVWaZ8IN-Su!YiuQPJS70J
zM8%nW(M)J&MR5%WV!udjSQQMj4)a5Ea6s}l>1wbN8*q))5!&!?0$-rDU=mTFLs&T1
z6~Wj$@r*i36D57WO|A78V{lc_2ddWT3-Yb{K>Y3O5S7Hw^$Z@Ur
zrTbNPg%^dl%QY3w1%M)Cc+2BB#-9(}D{$tik%Y%A?fe(k?
zBUx9iN^(crF(<*l(Gk=qCBYn3%IuA&f+tU;x9yJlf+RZ?{CQgYnaCIW_Newt?>jn_
zr}zZ`(tAFO;(_*iRe!S59b)&&14(P1sEKws+rJ6Ga#!B~=)3m`nqIGoH=i#hdr5-=6!3UNtXZ{b3|4drOXk!K?<_ATRD~F2;oCI;KswlioVpawSop+o;@;V
zPpF9{z?1s~M93M>{9T>mT-B~H}^JyR?Cj#i>gd3+y1E5c?FQ^(J$jU;lV?zaLG`$cWIJ^Bc`@XY0Hrt3ZyOsQwd>%Flh|=*seGKFYe^ma2Wz7cBTT(!Qil$|>$H(LVUllV
zJ;_eTow#2Ki@%gfv*+97JvP~$E!I`Mm^(137dJQL8(2BAcVK7XNaA;li_gP3L>_=Z
zjbt%ry!t*tg4FY=E>2$X`@=$hedvk-eN{+)7ik_?e4po)EMs?g*u5eO?nm%m6Sq#3
z!FEG_VEUQZb~gW;q9~kBqkk=b24eX!KRkYZ8|qx~o9ww<`<0l3es=N2W@)9vSJGn`
zCfvWs!3en)ulaE~6U&Ut6RSrZn`{?ISD=0M6mAKY9rJofJla+jwa1Kzif&zX9_D#Q
z@`=ON2`a8KvV5TQP%F74#)Sb%Zn&exM*_J?5;|UZz4S3*;H@7U*-G96or!Apm3D)HqP@pD
z|J;$rDBd8PkdU+fhm6LK^!I9<^gXp8&?cVDplS`r
zS2`UDR|zm>eHM}LAF@U7u6A(8LTOg1!*F&}+j`Ao(v~`}Wi;Uw4p}+wc>5<$k+VCW
zsc1-<{z93r#G>Aon2LXOb7eN7`S3EAA&*qp5H53WmgOxrhM6__o6Km(B+`){2p`FH
z6?oT^)}DlVt=c{JQ6dYst+Z_3=fAGXlw0e|UbpB>5ONi8@UBX3*EA*2@P#Map>Lh@
z5Yvj%f32NqN4_J_z@4U}-!hrva|7CQCiP?qO>-z`c*V$^3ySb6eVCYUOOsQstB0J&
zdpUEaTm!%aBrDhql2xW#E~MC-WA4w-Ry~2VSJEU#=x|orxTlA)W=g*WgQNL4h(`+r
z9e-laAOn2RN||*q-0%?=!Js@u$X1diEV&3DTGjI~#%F)29&=^V
z?%%@@sHc9H>L~}g$G)%kMiYMU9$JOqG~-D;r2vrhlNWIqy*JW8<#L>3q&Iwa3rA_Y
z-9hA^8+HE64|fI56)d)3p$WDYHk%hfTQajP_bmvKJbN%H<~+VKR@k1
z8o;e6Ft~!1h=Si2e60*Wmh_2>su9(Fiih~%$%n-y#qon<_Dyvl)ujia3@#~dnFtf~
zG@g#vX1QYVg1!0q_+(|V@tCZaY!LxDj!oZOYqs`NlOV=A5Ih!FU)pT!$S#Ptt^i$s
zLK{_hfVzFh6#z(mCE)+sH2oMsgiP_#s11M%&~hBZ3Ea=n5~RJKgmOX#kQE1*QM1;N
z$GPv#8NWXL#!=@g$|*)LWN*T3ziDI~AR1_Izl9ZJhG*}rDrZPR#+#tSGG-)rAOh#!
zC%}Jm#I&ouzSAez_tt(=tz4fy{gIUgc~fGktnYPlN8{<+0;3=~*oB}CZNwIU%UY9l
z%MHldyjGWB;tOxv7VB>xlH&LbN*Fnn{K`pdC~
zBN!75+~jQs)my%{M4WBB;925Ms04UG?81?Jv*N@uX4NNvgu^-}LtJ_HX1
zR0@KLrmeS;ZYR{K^ex|+tm&j*c-KZqYbsuwo$Qc6RE9LP+mv8yZ`Gt3zKRqt@Il14
zYhNz9>=Hb!W^9T^At7xjgMFz!2F^kdVZ&?191R1OEh2%6x;M&#@$Zw#*Y#+PPb
zauz5<2D5UiWA1r`ngj=7`YTT*l1w<)N-u^-=WFLj2TeTnclh_#JYw_rMTTZKYAt)^
z_P-X%ZI2qS_3!qgY5qUaBtk64--H3WL%PfEtXkI(Xk<$V%>F<=RtTLq^mtgh$`%*K
zKqy@2=$mbZi*>DDmsFd%aVHx8HWOvvhWg)@TaE`<0Gtf#xsdsY?9e69ppJYDs%00b
zjgm}F!97%8*PR9jJx-SL)BrP{SHTFB;JCYm+g%M#TXr*(qMO29FGWZ$Kku0xXbDbV
z%r)i}IG4ma3Wx4!S1uS)tZljp{I()ND-hkCW@pj3fux&9I3CV1l&wixI2Upn2(a%$
z2qZjVeU)zyWGvU>+RM%B1;C|S!4S4TTO%os{H=75`uN4A=`?@~io#oIgPZt82ZvcL
z&OtRFoYzfp>_hD-txhvf?bqJepNii=XmYtIV*o-S#Ha(OL(C`pUb@shT0XSD|mcs83ev3xnl2e^c6L^AwK
zPMm&jnMVu;G=QK1bB%XI;TjEMzET9Xw(RFW!9Z{hYfMV;$Cnhb{4HWb8`SE~a~0W-
z*W6t4`D#~d+E$);NZhNw?uac_f+bOHFK+-YO*2iVWVCRql_`1CP*?oU5t)zEH;nG{
z9~%0zb|XIppf59{`Y^vJha8}!Ty$V}(>5(<4K(uYgro{cZZ{g=lh2+Biuh_6VB;fb
zk){MlWgKNW6=s56zE+sr(;(8xVle+7T}j&!;it<$>VtV6sHngj-dfZ3EnPG@AI8qP
z5gC<*O&lgzz3qshHgq(SC>u07_ix@E~Djko7!
zC8xm$8|4Oj@Irb68xDwqv^xTf)9<-3L_5C02~BZc08g_PlX*T;(3zqG_LIP820RCCY(v14gd!Hgep-G8!>M
zSSXMeF+-a%-`GKo#TR3!&#W2+zQ>Ng1#hf-W;s>Z`M9`XH&gCy=*j^471|_x<@`(E
z7$hv3;0Uuv-)|l(P`D#$d4aklmp*yT*MTGwTrBO+>-*f}|5)9L`p_wUK}LtIWh)*c
z8t)mfVSR=V2MGmc3i!%@dr`YvR2!b+5A};Yaqpm#Vs}DfBp59cEO>^z=BMZfblKd~
zgG9JbnX@IRfj+o9`m-QG=Z~ZUu@F)TN_b|#xdfJE$!_{RO5X%tErrNr$#4LwD&yiD
z+Rx?&R}13nHQ?owhzu?=>lO<@>JmD{Nh}z>b6@OopVulX1E6B{i72DS&57m_@28{K
z0XV#T^}zB|QE*7nmlFBl$Nibj@>?~vX7+_e1e1oUEaj2@FHA^LdNy9yHH;z+vbtIF
zOK!$E9{{?10RVE=&FH5S&QG2>Gom9kc5@Pd(7+vw9E#2Q4Z!vJ^E@cbN;oVg*Rc5<
z&Dl~$Ym^|)wMF8R?l0OiHN~F_ot;yuN~gJ}boS5DvK4U7Jz=i=d$2dwwT6uVd$;u@
z8r0oUN#o%5$X@*gD0FM3C0NjLf!H>#)r)*z{oOW&g_E}CjXJYwfT$^7Tdx;Un@<@~
zq{0*Tejx*j%=$fVU4#npMF-r_wmxLb#L}dA1fNpoWQa6RJjB<-CXBSSeLueub
zMok4j~4FDb4&E`pspExC)v3Dm4LYNHDHl6?|
z4(Vm>2A7=B>|Vd`MAW3{e5KyE$xC+A{P9)EOHoZe(V8Ql+NB)>(hVe|fl;o{A!hxr
zg9)P-_B(PuDW6e~>2)q>OP^~5;wm%uJ7%L)d~~j2aLXPr->i3+U2vFxH_t5Nzv2j_
zOqoCD_k!OSHpLRRf)eVk8?UMF_G|z&=yzWP{tu&Hj$4xcOmQR6s3Wv}N(hz!)Y*&3
zb9LUw>^)rOt1SgdTDVNyDbNs#KH|v`3I{x&ehY$|M8^BF7_dr5>w>R|`YiQ99>hQ8
zS^gqCtjQHL0jDJdzcW5)Ke%20!ngwJCUqKZKz_r6v~XI$)$i80lkfcqvypgnaxi0aL3M}WPsQ(3sp3~H-
z-tgBHH-1T5V$*+V=Cb$WRLJHMX|j;Bg(8$FudTv$QcKd17^gIwJ*95FV)-x6v1qe0
zpCf!$Xw_q@hi9
zRGo1BR5aB2eudhQ{lSi2RI!u1h7|h@35zJKsA_^kK#=WnzP)dB!$GUezF;0ylX=1|
zgIQKlzyOUdSITiN9rxGnDrp4uJ&nbCRDt+Fr7c|tr!1vBf)#NcKmcz%7zV?QD>*M=
zvY2Rjm@{^+M{=$k!D+zS2N$vm4=APd2KSWS8OlmL75eWYZ4rfYxG^WN8BxuJ&v#kI
zlh)vavoMcf-??`MwXDA~85ic;7lEl$ES)sh{V+X%sA|nV%9v4QrM*GFiS=xpcHPDs
z1XtbD8^{b_X4$K|dl}4N0wN}zZJekiU}!+t`T6R37ilQTA*zJAF$mtqWR=P9Mp+p;
zS6@~T5|%(vFMAGsxCk8)w1rDr&aXthDj;mY3HH;xwC)EUbdsxJ*uVPaW%72x
z2b~~edrcl85^|`pbcy!07QQf=lPUd>RD7#+!idH|vo(A0pOZ`K*hZExww{^|)3fvx
zDU2}Uh`JM}?0vo;H5St!88Vx4i;|k-)P)~88u*>mj77@a<+ZE?+QzE3SQl6{ysxeA
z%b8PtW*q=)RWxF$FCroeJt~jyh&`daI(6&y8P!
zU+bQWXp+xCtFU`7h~~Q0(0D1cQ;ajdEtrt+=54V4UaMU)z0}mX+{7(u)Go7BIOks6
z<4~SGM=sH2xqDL@TrV)VI|syoDcfnk;BqgPWJ&ak)27w;U7p?#Ynoe!)Mqg=@W;jAzb)ra9;{8EyUe%wRqX
z)UmZg!H^MB!Rnf|Zu7zO%gG(3=rM=P{7emabV8J^_EJK@YbUlHS0F2^MLvP$u9r=Y
zzVa6tu6Y2aQLXb3M^?AkZJsz}X;647*vem*2r4Lcn0TU`!
z_Z3kDzaAiGFbw38Q=0GK8(>WYZ#=~=@M&(QB;xvR7XYN4`OZ{R#RC6A%V_&Irm0O%
znE#SEIYN|M_fJR@Cb}KPNZ1x%*XLT(`{L5Kr1)3ewKPq+w_256G6@-`IIk&?+~fm#
zDFjJ&QwWsT2+2{cdXs)>>oEgI0^48tuq?7-O=F1a%}w<0CwKN78v?RRzaQIc@k33w
zdmFKl0@%?VDLYie_Q6SgCG~ZXb&auUiEA{Dyi0Wk3JtgfP|oA^`z)Df+Lp&Q3)5N|
zUq@f9qFii-GU}#FRZQ0pnrl>_WlCwJ_xBB*vwW(l*DQ1$pvbojsGiiZOSB?kY8}#S
z%SDQtta{(v`ZO(M&nVxi!f$;Ui5G;sehTO->KeoDkVp4?iti@f60Iz<3L@{e6k)oZ
zR_W?JgK0VI6vAKm^pG>=hqI~RKqms8&kc$o>lm}m9ON%MltoZ-ig)lod35f>J�&
z7a}_FPLnfy1WCxNlvhF!$|8wb=j^P8!Likg-?Dz+?6|&Bz*ej_sbAM-i$48Zo1GzD
zf}YisE%6wlfAsCqf0A2IpN4ap#joCZMN~$hj@|5Rgq~K%oE^Yq>248mCaO}ez~ZCN
zg}D*=cv#?Xoo&CkyNJ=++C^k@CnYocdEQCr?Byvk%X|;A9FF^tbe95m#EU!rz=p&x
zPc4a0fL@=`;05fq;UaO+1$)Pm>O=UjIQva9W30Qhki(eop$oZ-D{^fN%0&f`Q!LO#
z<&K~xX?yFhqA(Jx0TZJL(|^|2#$W6HT-K8{{X07BaTZW~`io<-V+G8Xl}Sq{sPG7T@*Wjl3i2z>uy+S2|5N$#URH=x~3
z9Bcb`fNUZgkWJXVVX5D2k*_ss7C4jqFICbr$(x*)QQiEt;Cb*HSuDH_#g1=72uTq?
zw5+8VokGT&pI82`W{6Qz{ccw(?7Ym$;Ds9nTFjr9F!A1ELQZu#0~XBXj6v!%96Hyp
z*b_Tht{lll*0O;JiI&TZgQ9B*hUpHl)5gA8Cq3NJG_cNkni%gU)%pve7TvqFi!Y)x
zt3=ALfapH_*w)isHs%+iPSC}Fm-Jm%T;CB*%M0c*tQvD+S)>pbUqxXtY}PMu_jAt$
zyO2{<-3LX#HCjS=?=2QGAH_C-Bkprms4hI*J-ub^gIaA!V>1(dOrOFm$9)<6g9@)(
zDb*;i7YLrF*T()qn0FBVnG&KA(mnwBO8`xBGKlK7xJ_y%DoC;D;
zx~tD}jDs7_1Pg)PIE&&EFjX#D3f(h{E#i8wZAn8GpM4l9YUR_k-<@b#sEM|p3+n+k
zREIKC8Ql_R7}09~V)031=7&c35^%DlbFz=5fa{_!(Z-t_Be8iZ=H4k)3jSq8J`W&t
zNRJp$SyZLAx=72w*&GqWs}i!46!tuczW@{Zy+Kas1r)dJhIhN=5nf2mPNikfXo`1a
z$h?ws13=+*AM3ue3oKG1Yy_YEJLY9MspS$u2*!aq2G{C5KPco5Slahx?caIK1Qd)^
zn$u_)JY>jv?kRu$is-A(!ulg)iRXS<3Yg|~h
zWt{P|u$*PsaY=$Pp8>ZUy6}9zm@;8Z|DC`Ewd^T(5=5jbM8MO7*@$0&_(NaYTLvX=
zfx;rY)NXFwxiWDvES%g+8Kep*`ZmqSE!&^FmP*?DUcJOO%0~tT+vz4L{#
zJ`GWKS~m=+UbJOV8FKN?!>@t>j^lqWksYzte0k2K!2<@sh8H}lQY)B-74~(Vr9gQP
z^Ua7<<)oPJ-Y?#Ab*-ngv8r>3o;O^EDBfOn@uadTOI2eA%Gqn92t!SR3QPDig=ZA&
zdrW!F{WR~t$Izxi@|fibHwhXinmVZQw#U*ukRKt6X5n{5ievZsniDGY3G$tHOjh^J
z>z|FHsv1ek25--#^42;A@y;wsPXe;s#O>xj#&>nq>3r*RzqygI+Z4;JD;{A$nt|4mLayeUgaSd
zo1@vI!fHSDU`|H`%s<*4T~#5wH1gE#PrfKK8GP8dNAXwzG*q+&(Y|;RjwyvIOE{63
zUDsvCwUh~;&RQa~*?(>X1&=o;qxK1&%99?PHZ>LOO#-n*iL&@vP_(4pN0O+%G@`ES
zDU4X9w5}rP<}-N>Y3o$ahPu@E@BF=pC2loHa~YRgoCb{3;4(vZMfb^XkQPNt?pVj7$9KNN?U9yqX)quSKBtpwZ*S(x
zxJKIn~KZ?hx$_K=7jxb-mFfQ$-0DhW{
zcq)O3Do6hxvY{8X@^e>a04MU8bv;-3fj_qKR8HcrLW#x+p@{-`ga7`n)qhy(e}Mdd
zw!KEwJ@nk%J1>26P6&u*NXv-wsF|k)v`|tvmnldL&m}^fuTCU>gR%d!Gzu}F|AXzd
zPqS%0^z!Lx_L_@*jIwI?tMJ%^9fTrw??p$BeUe;vm*iyUkbCbu
z-&j&_JLf%GCPQQKM-Uk4IdrK|*W6GcJ$J(F%76j?(T)dgOif|NwLP)ejxFyMWR>t}
z^<%YlX^;Cj7qCe*y!O)qe0u)sT<_|QyA)!#s+`t#1|TP5%d^4Fyw^aV*eknYhW42Y
z;Y(1RmR!eI5qVH%)^UClJ&FMx)xK_}4X6ogze75BxW+lEufDN7yfuD)`2cShAx#G4
z2`_Yj{S*}?GClU<0R!{!6x`92o*ptm&NLUAS1wj*gyx*?US)8Xi1k5=4g
zZmcjdKSX&Ei#-OpkXd_CMLYR+66y79>3QH4>$zh>tjr63qaCeeHU`&wjg>#aJ#jeA
z$b7o09_jsP=I-VFOdqjpp%c;475H$O!Ry$&hu!;3GT8Q$FwJ`OSp4-0>`={yojic_
zqwhl^s_!CXJdWwapU-yG?$xtvl$uY}R9A8!*}-P4e%uKf=&1!Rus$;1fTc{y#ti$k
z)VJ4s>EnKRlwW;4kdBsFsk3G<7%Uo|3-3fs2?=VJ86AL&!`O#@G(5l5L$#)g?s;`H
zGdq_H?881D%H@-yj5~J3qCL-9X$8e8yAtVDxbaDWmZ7Ov%pfYz@`DCCq}&tPmq-j*
z%xBlTCD45Z#Y^W8g|*iMW5!+n#V3EbmdCg9)x~ZF#OvyCGH1
zhniBNGv%LwjcR|tZe%M}#Y3VAp2q>w8K2|?y$`l;X&z|f~U)5R}*{U
z-OD!12umjPifE^k_)W7OGeQDv`s`o3TRqVxZinCH+$eX5U7-@TU$D?}|8*hYBn;36
z3SZcaP_OT79$)<3hrV7F^nbfy{U6uQ1$+hOeHo$jMIPa04B>$53n2uEA?m~_{}Lkp
ix3@g~!yDdv*T^#|y}^7g2>gox&|7IGsd5Q@zyAS9!}oOn

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index 458bc46173..39dc1b16be 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -143,7 +143,7 @@ Select a security recommendation you would like create an exception for, and the
 
 ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png)
 
-Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. 
+Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab.
 
 ### Exception scope
 
@@ -151,16 +151,32 @@ Exceptions can either be created for selected device groups, or for all device g
 
 #### Exception by device group
 
-Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.”
+Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.”
+
+![Showing device group dropdown.](images/tvm-exception-device-group-500.png)
+
+##### Filtered
 
 If you have filtered by device group, just your filtered device groups will appear as options.
 
-If your organization has more than 20 device groups, select Edit next to the filtered device.
+![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png)
 
-A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. 
+##### Large number of device groups
+
+If your organization has more than 20 device groups, select **Edit** next to the filtered device group option.
+
+![Showing how to edit large numbers of groups.](images/tvm-exception-edit-groups.png)
+
+A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all.
+
+![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png)
 
 #### Global exceptions
 
+If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects all current and future device groups in your organization. The recommendation state will change from “active” to “full exception.”
+
+![Showing global exception option.](images/tvm-exception-global.png)
+
 Some things to keep in mind:
 
 - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired.
@@ -209,6 +225,8 @@ The exposed devices (after exceptions) column shows the remaining devices that a
 
 The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change.
 
+![Showing the columns in the table.](images/tvm-after-exceptions-table.png)
+
 ## Report inaccuracy
 
 You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated security recommendation information.

From b966630f283298d169ca1a6caacc13a9a8fc0f02 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 22 Sep 2020 14:09:51 +0500
Subject: [PATCH 023/384] Update policy-csp-servicecontrolmanager.md

---
 .../client-management/mdm/policy-csp-servicecontrolmanager.md  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 762c801e6c..b220e10a02 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -78,6 +78,9 @@ If you enable this policy setting, built-in system services hosted in svchost.ex
 
 This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code.  
 
+> [!IMPORTANT]
+> Enabling of this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software).
+
 If you disable or do not configure this policy setting, the stricter security settings will not be applied.
 
 

From f5086843d177647664ff6ac8763cd49e2cda619c Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Fri, 2 Oct 2020 07:43:23 +0500
Subject: [PATCH 024/384] Update hello-hybrid-key-whfb-provision.md

---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md      | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 73e002c7c2..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -57,9 +57,6 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 > **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
-> [!NOTE]
-> Microsoft is actively investigating ways to reduce the synchronization latency and delays.  
-
 


 
 


From afbbff26634cb58c8469dbe02ce5d33fff8b5847 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 4 Oct 2020 11:37:19 +0500
Subject: [PATCH 025/384] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 5a790c046a..f9fef4f777 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 



From 92ee7782db94206cd8742cbe64a1bb44bc55c14d Mon Sep 17 00:00:00 2001
From: brbrahm <43386070+brbrahm@users.noreply.github.com>
Date: Wed, 7 Oct 2020 10:41:50 -0700
Subject: [PATCH 026/384] WMI and GP alternative for deploying WDAC multi
 policy

Recommend customers use MDM bridge WMI provider
---
 ...e-windows-defender-application-control-policies.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index bf44f8cd81..99abb1a572 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -85,17 +85,18 @@ When merging, the policy type and ID of the leftmost/first policy specified is u
 
 ## Deploying multiple policies
 
-In order to deploy multiple WDAC policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by MEM Intune's Custom OMA-URI feature. You cannot use the "Deploy Windows Defender Application Control" group policy setting to deploy multiple CI policies.
+In order to deploy multiple WDAC policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by MEM Intune's Custom OMA-URI feature.
+
+Note that WMI and GP do not currently support multiple policies. Instead customers should use the [ApplicationControl CSP via the MDM Bridge WMI Provider.](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance)
 
 ### Deploying multiple policies locally
 
 In order to deploy policies locally using the new multiple policy format you will need to:
 
-1. Ensure policies are copied to the right location
-   - Policies must be copied to this directory: C:\Windows\System32\CodeIntegrity\CiPolicies\Active
-2. Binary policy files must have the correct name which takes the format {PolicyGUID}.cip
-   - Ensure that the name of the binary policy file is exactly the same as the PolicyID in the policy
+1. Ensure binary policy files have the correct naming format of {PolicyGUID}.cip
+   - Ensure that the name of the binary policy file is exactly the same as the PolicyID GUID in the policy
    - For example, if the policy XML had the ID as `{A6D7FBBF-9F6B-4072-BF37-693741E1D745}` then the correct name for the binary policy file would be {A6D7FBBF-9F6B-4072-BF37-693741E1D745}.cip
+2. Copy binary policies to C:\Windows\System32\CodeIntegrity\CiPolicies\Active
 3. Reboot the system
 
 ### Deploying multiple policies via ApplicationControl CSP

From 76f4587c63bcc9439470052d829c6ac7f2b0b6fa Mon Sep 17 00:00:00 2001
From: brbrahm <43386070+brbrahm@users.noreply.github.com>
Date: Wed, 7 Oct 2020 10:47:43 -0700
Subject: [PATCH 027/384] Add warning for MDM WMI Bridge

---
 ...multiple-windows-defender-application-control-policies.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index 99abb1a572..c3b796cf52 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -87,8 +87,6 @@ When merging, the policy type and ID of the leftmost/first policy specified is u
 
 In order to deploy multiple WDAC policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by MEM Intune's Custom OMA-URI feature.
 
-Note that WMI and GP do not currently support multiple policies. Instead customers should use the [ApplicationControl CSP via the MDM Bridge WMI Provider.](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance)
-
 ### Deploying multiple policies locally
 
 In order to deploy policies locally using the new multiple policy format you will need to:
@@ -102,3 +100,6 @@ In order to deploy policies locally using the new multiple policy format you wil
 ### Deploying multiple policies via ApplicationControl CSP
 
 Multiple WDAC policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment. Refer to [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) for more information on deploying multiple policies, optionally using MEM Intune's Custom OMA-URI capability.
+
+> [!NOTE]
+> WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format WDAC policies.
\ No newline at end of file

From 6b71ec0122e682dbce5ea84f33ef3c75373c7206 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 9 Oct 2020 14:55:30 -0700
Subject: [PATCH 028/384] updated text

---
 .../images/tvm-selected-device-groups.png     | Bin 0 -> 6812 bytes
 .../tvm-security-recommendation.md            |  40 +++++++++++-------
 2 files changed, 25 insertions(+), 15 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png
new file mode 100644
index 0000000000000000000000000000000000000000..d4f3f506e5c535c50454f5026d49cb40fd13282f
GIT binary patch
literal 6812
zcmchc^;?utw}uf!Qa})CK?Fn)aHt_gkuHg$OBgyFItB?rP^5&B7%7pKl9HD07&@f8
zW9XE#{k}io{B+KBku&hlp1s$4p8HvEsJfc`ZDM+292}h6iV8BCI5;=7z|T^Ix4>6p
zV(xkHjmSws-xUXktmWV5jaY6n2Jj$(o1&^L!4feMwJ_^bPHJi#9C~p@nHMmxr0r>M
zBkhqt4cJ+_1ngS(Hx@3INJ1o)>{G`6;WEa}k;3n}mIhx}dij-0k#)VJs;w$X^234z
z!_`n~$LDDLn;M^=Q`{lbQdxBhIU!%FWgWT^H8!(z?)U8S#>G}$O5O1U#>Bp;97_uq!;
z>S~#o%xoO-@bDCumA&nMdh-Rv{agaIEFvPJTEX2`ouccVjS-b3k@XkN{}!BaUj&Ui
zJ~2_eHlpk7;v$SpE-B#;gyutKvE5dtQ}g59e1=#hS-o+huCA^GL0f*u$zQ%UmPFFZXg0Kgo?d?iLTYMyI>IEovNA!~
z@opC9??~y)n1{1W4=$%f3r*`I<O(~vQ5aMi(6~Nmgw{I5?O$A@|C5zYAnTu-2
z#=br5w07H>qN_7`)wJCGK4jOzqoboGPNoEZ&s0W#`Epl~{x(i#W~PkHrINv)BY8%%gJCc?S={(EO>b+y!QT9-3c=@!|cB{qiLZFh#L%BXKQGqa_o?c2~gvwK4CkDQ#>
z7rz|Y*xC7g<@(dfR>@l%8{f^%MMQ~_rqN}xvu{mR;mOO(bEtlGu)+T^Vnr
zG0lKhX?q_^B|_sDDd}_E-(E^iOf}1awCRLp4@INVoyp>!^hPE+I&Hi4@iEcSjhV_q
zy2SSO_Q>O{(5fo$u=-dI&pFFI9_8Vj7c47_g%+HN?MWc?&7S3(qZ6zQ7}=r
zDj%#aE-aXz)~IE_Odr9W+nOqtovih{qJP}kd3b!7;d62y=koI4RSt~nzQ06(A}X79
zziqGK&Qzsy5Q3a(Dc;mC%eu%!fsOJ{#co4K^uq~SMwOPPnJcwZC@RAFk_%Y0Fi
zZAlZZdrX3axn*ZHEbL%|CoAHIvelwdsGzz!NmRCq*`HzC@rlW?vwXGe#rOCY=e$bS(vqD(`sG9gf=?+kW~R>PV4s_006Opo)7xt~Ia-h;#T==b
z+cGi|Yn|d7_gE{Xv8(IT=2+3e#`oa6)YQe;P1V!W(_#JV{>GrUmsojH#GW^eU)l;
zyd_#&?FCWy4A|La_UlLsA`tc3V=1-jU0BvNfwbKBUZ<=%+2Ro9xL0lv92Q0bZ;!~M
z(N$3)Lgo(E0*&v@qKc_*PStAPHt`vWp6-JN*SLL1xvqZSiBM96Q_RQJ8bKY!y{H-ZosqJ
zmm*uBLq#is3o7r&j~^Yqb@&u(yuvo
zjpOqtdG!h-MsQ$aP!Q+qb5df~jLgua+cBOVuq$h6Z!Koyjr7zhw75JaiYO%id^U;5
zM|x80#>6-|JEuj((^R;+PEb-x8#z2-_B(`-k&%V$|8kt}isN|@LZb44Ol@g-IXWgL
zP$y4zK<5Q$n2yTmcLoJby}h>?3=Oxox1yCYc|PeEjk)eGDgOO!b=$6-xXLIpHdg53
zczb!Os+8v|gOR#=!^X(23xpLn;FsehSb6ho+;6#TwPbpuN4&go+T6M^iHTu}i406)
zZY<*BiF~7l%LaB_-LnSoz}d~r_=@@*lis;gKUnYY|I$}iTlT$vi4ykrRP9lCv*&NSEiL_IXM68zjoHUON*ye>ALCf$ZyWiN2UA;KeX{mKy2*0?;9#>XiTR6SjIE;WV*;}Gqv(4mq!6_|gT0o+3}<9y
zBbr1ao@<$IQlWRNhIzZ7|h*HWl-;CpNn6Azo
zpw-gSDlRKo=!o83TiCFxoMV#mOG=lITG-m^**KYLZnwtK%>9y||76AoAr!y3I8p7c
z97fL`A?mX9w205JEkh9nfkKP4+GZquyzExD5>|Frf{lW?Dn$G|5Q6e@dmjKvwI;tC3QB$07Z{IfBy~w=M8wH7~Xz^f|^><-CgL}Gdw4EcXkLQx~FHBbh6T8o4%^5
z>XelB`D$M>Lj-2L+OZRB*K<@R_&xo*lZS`ZjPk+lX#@!gNnl_gtw?{xfcvtGDBo`p
za$P9&r7s}RgXWX$8wn?a%D}PgKjtaN^FGnvryms-mNBW8SwYkb{jyD0P2mr=PVpYy
zGu|A`Bq_C$B!6v_yY40ivlGIh%pLB3`9*;Z;8QXglbE2s+>3XV5ppkq0B#=fc6WC_
z<|{I+2cG&+o{UNmehVPs(Jx(1&8Fak)#BoE%e8(pcV4%bA!P8+smxrlpAf>177M4@
zv?oh8GsuGoImCb>8>Lv;Zh%~R+PCKubJhlVBRoTYb`;IcS)X<1#l<)!~CioIsn4cdGy!ysZi_QhP3is=G^y4i68H(~AqJ_vSYUPbd(7RCM%>=gfS3TU%QjZ`)>OQc@&+
z0FO;LR0RhIFD*}}y(D;4TU)#N1f{^{<#SSS00poNup1{WE$w|sh;Zd}SC>+m0nhei
z#VVh_cR0Z8n1s(CMn>0sJz*Dr`IC~9
zbASAh1{!N+6*9{r1xUCLP=sPlid=sW8oW6MUQN|pNo)Fz*y_s4z3usjA+x~Sor{a}
z4eKL;zHZHwQvn-xaCE$#S{3u9C4yo7^n$$Y==Vi6=!ASPA9g^qEx9N&(7&Lo(dSd9
z&Tei?K_@y;TDYTwYVvHszz+++!xQE9kK%ca7yL)_bK@15g>qq^Fab9tM(d?O3mi0F
z>{3xtHSZYL=+#;f0ons3b>pdD(|hD2xq>VM#KgqJ^Ik=MxAC91cH@lzy4!&LCzP`TOCfmDGqPsjb
zruBZOWc0&x9>!wTEU3<>0s{Xku04{8U066S6vd$dP9OLX$XFnz+3`PvZ~kI$&x7cr
z^>Gv|2XAe{I2wMEvd`h+q`>BGcftyET#tLAaKdTNWP<9TpgXfLgg>AWdlutF
zI7vy#x9dti6liw}0$Kp*TqsdiJ(=}yZ)>{+IPT3G-o-Y_;3CB0bZOf#8O+PeZ84a}
z#9==`UoQdf2oF-rmd_q4w=*@Mbai)kM_~bsF;Kd?+QAV$SCbF{f%NI=GauiJBlzD-
z{N7(Jb+xrlo}Q1`+0nJN5`#lSogE!4oHkbJG!Ykz_JwZ@U25s!Lo$;8GPI__;P>r`
zKjW{#i4C88&(sPH&(z6P&xN@gB=e)gu~ZySkv+7mtgPduK2T@p;@TQJcE>+uW=>S7
zJ$pV)>Sb!V_HXK(HhDSMf)+rI034+h8cVJX^~jd@JG%uTUjwFvesfS)WQn^
zb*HS7DD3FuvD2~PsS9zDc^xE`>U*wOcLd|2X7<0l^HBaKzwfzeXIB?;j>#rchV=zk
zZcXAZVPO&Rv08Z+2&8fEi;VK{OuMpbogM9jqsqlG)7n%nmA7|=A`tfKTA!LEp3sS&
zp72P|SHHP+3)KxYPuMV>ohx$4Y7NNcnE%8;ny-(Gt810Vwn5$Lj=z#J2WlW!OLf{v
zwWLHd)Y!aR5Uu?GchBh1=%eiAW#+Uj0bkMxk1?xS0@*ivzv(P#UoVSxlc??
zyfN}hS{fHvcF#^Sh=)e?)yZ
z1R)TJ#Ic@#ZMaudV6ppT%;HFbNgZ;2V?zn>((F{J>3^mN#i(J9TTd7k=H@_eP8UKn?`zi9icy|fB=k2q^5js0Jf9(1cBL^Hmaos
zdj!od^}l|GgZqJC5YQpWa5TJ0*(D`|KU37Q1=x173|4U>Be&P5ssx~=B{}&ylVZJ~
zYsI*_oZbR&0_kiijBgaU&f4s3yVF1i2J?t@K^JH{_5e}IZe*a@)0U%=?o^LZ(zlew2bWy~R|hYWI29jf=Pq7Rb@JIjUtd#Q{ka?Lu9cix
zcyDiAa7OG29L6Qo*vLRgHq$@n0t_wCs!!19ECqRP3r1l?BqZ?VF3;2bZaya$kF3g^
zkASX0ivQKQzmxol`u_bsjMQ~_Vxl;IRnOB`ZmtTwFuG8gf5E?_qwg@dXNY$1<}Q0
zXX;%<#BE?jV6qqbX1bc;s1O%Wt<_EZJIu`T;OK_3uc-|U4Tm@EfXjLWXw
zO;@`w#s-s|U3?W{6rt$yob|O%pt_hu(20nN@poW~`ozjRdBKk2nCMr27QXFvwPWot
z{cFifsI9d%c*1pM??lKRWCgbC%T@9amk=_hkktBmGu}eTPLyxsDQ
zeL|9~)=n;U*{~0dUz{2FH|yG-GHQNF^H46*!6g+O_4-5}4P;{zZXb;;C74>+3sF>d7}*fmrQ{l8TA*U<#Ig7ZpXWm95%3d2uagv&*yle9aGp^2c0UO_h9Ed}oTrX??Bfczd#=rzgX>#^Z_c
zITYwKwynfcZmi(L2ZBwg!&8Z)bRAtV2}ueLyLX3)$(RqV#75Z`mHIsDzU25XcW$Yx
zLxEh~B69=+^YP9@w3wq^U85uz&Yho}KqM&NUJnVVLjJ4vtkDWyU=%ezDZY2qHdn(p
zl)EybOC#Vs$oA~|QXqY^EO-3I`SEu5(qk=JAv?F^-2xfb`J$n0_#3mnlxd%i?wW|8
zAUqNpo~Eg(rhXFpj+}w?ggb&kbGI236crl*vaSzVKi#fcCAA!mT$%0ad;rFT5pqFb
z{=nClXg#cD9v2r!$|M#JrcWyX%-uFedz~1Qlaj!zmCX|gfp*HywywK!SQEVr`ImIO
z8Yr4D$;dc6Qd=M`?RI^tTX{G-7zLVlOcfEhIYr
zfY2XCy}X=nP#&|lwAx&F@VR$efhbtO%2!&yBu#iil%Z5?~Y&e_FNVR)5xXi
zkzMG;w}9gP{Wqm<>zWSv1!t$ISE@7ozBxs6zyZ_2@yK0&l;OJck98La1AhG45f1ly
zav&A^-O&*EXQlT6#|JVdJC~iED|#f^>|G#t?NLmRBzYoMQ&S!HWr)Fy7){*N4Aa(b
zJ$9U|jQL`rKmpthTxxIr19J>;L=Yz5ylJavyTWvhc~S^i^~^QA!{b5v=csTjmS_4e
z9+F?1_n=gx49jG|7!C}FEJ2NO_|$J){T195pnmWFq3lpl*g-F#?tWYGJFD9JaPhGQ+~Ro6_74#Mp1|A;m>`gW
zjI1oy`0n-T8YqbFW=$=j*SptJ3H?ZNcN`^(oAXk^mDc|s_elQN`!Sb%0pDj^&2g^&
Q-EP8BlvR@{lztufKl~JZ-v9sr

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index afd2f918cb..2a5e336617 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -134,11 +134,9 @@ If you want to check how the ticket shows up in Intune, see [Use Intune to remed
 
 ## File for exception
 
-As an alternative to a remediation request, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md)
+As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups.
 
-If your organization has device groups, you will now be able to scope the exception to specific groups. If you have global administrator permission (called Microsoft Defender ATP administrator), then you can choose to set the exception for all current and future device groups.  
-
-When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception (by device group)**.
+When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group).
 
 ### How to create an exception
 
@@ -146,7 +144,7 @@ Select a security recommendation you would like create an exception for, and the
 
 ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png)
 
-Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab.
+Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab.
 
 ### Exception scope
 
@@ -154,13 +152,19 @@ Exceptions can either be created for selected device groups, or for all device g
 
 #### Exception by device group
 
-Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.”
+Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups.
 
 ![Showing device group dropdown.](images/tvm-exception-device-group-500.png)
 
 ##### Filtered
 
-If you have filtered by device group, just your filtered device groups will appear as options.
+If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options.
+
+Button to filter by device group on any of the threat and vulnerability management pages: 
+
+![Showing selected device groups filter.](images/tvm-selected-device-groups.png)
+
+Exception view with filtered device groups:
 
 ![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png)
 
@@ -176,13 +180,13 @@ A flyout will appear where you can search and choose device groups you want incl
 
 #### Global exceptions
 
-If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects all current and future device groups in your organization. The recommendation state will change from “active” to “full exception.”
+If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.”
 
 ![Showing global exception option.](images/tvm-exception-global.png)
 
 Some things to keep in mind:
 
-- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired.
+- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire.
 - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires.
 
 ### Justification
@@ -192,21 +196,27 @@ Select your justification for the exception you need to file instead of remediat
 The following list details the justifications behind the exception options:
 
 - **Third party control** - A third party product or software already addresses this recommendation
-        - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced
+        - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced
 - **Alternate mitigation** - An internal tool already addresses this recommendation
-        - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced
+        - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced
 - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
 - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
 
+### View all exceptions
+
+Navigate to the **Exceptions** tab in the **Remediation** page.
+
+![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png)
+
+Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception.
+
 ### How to cancel an exception
 
 To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception.
 
-![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png)
-
 #### Cancel the exception for a specific device group
 
-If the exception is per device group, then you will need to select a specific device group to cancel the exception for.  
+If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. 
 
 ![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png)
 
@@ -214,7 +224,7 @@ A flyout will appear for the device group, and you can select **Cancel exception
 
 #### Cancel a global exception
 
-If it is a global exception, select an exception from the list and then select Cancel exception from the flyout.
+If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout.
 
 ![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png)
 

From aae02c543a8b17fb9fb47edf4989936f2b929499 Mon Sep 17 00:00:00 2001
From: Thomas Garrity <31856350+poortom1004@users.noreply.github.com>
Date: Mon, 19 Oct 2020 10:59:00 -0500
Subject: [PATCH 029/384] Update active-directory-security-groups.md

---
 .../access-control/active-directory-security-groups.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index 61198672fc..5e7db538d0 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -3368,9 +3368,9 @@ This security group has not changed since Windows Server 2008.
 
 ### Server Operators
 
-Members in the Server Operators group can administer domain servers. This group exists only on domain controllers. By default, the group has no members. Members of the Server Operators group can sign in to a server interactively, create and delete network shared resources, start and stop services, back up and restore files, format the hard disk drive of the computer, and shut down the computer. This group cannot be renamed, deleted, or moved.
+Members in the Server Operators group can administer domain controllers. This group exists only on domain controllers. By default, the group has no members. Members of the Server Operators group can sign in to a server interactively, create and delete network shared resources, start and stop services, back up and restore files, format the hard disk drive of the computer, and shut down the computer. This group cannot be renamed, deleted, or moved.
 
-By default, this built-in group has no members, and it has access to server configuration options on domain controllers. Its membership is controlled by the service administrator groups, Administrators and Domain Admins, in the domain, and the Enterprise Admins group. Members in this group cannot change any administrative group memberships. This is considered a service administrator account because its members have physical access to domain controllers, they can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. Note the default user rights in the following table.
+By default, this built-in group has no members, and it has access to server configuration options on domain controllers. Its membership is controlled by the service administrator groups Administrators and Domain Admins in the domain, and the Enterprise Admins group in the forest root domain. Members in this group cannot change any administrative group memberships. This is considered a service administrator account because its members have physical access to domain controllers, they can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. Note the default user rights in the following table.
 
 The Server Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 

From bdce156a229f89854ec66ed766bcda89d05904e3 Mon Sep 17 00:00:00 2001
From: Jordan Geurten 
Date: Mon, 19 Oct 2020 15:27:54 -0700
Subject: [PATCH 030/384] Added mfc40.dll to recommended block list

---
 .../microsoft-recommended-block-rules.md                        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 06d6ee7d8f..4561b40720 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -158,6 +158,7 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
   
    
   
+   
    
    
    
@@ -896,6 +897,7 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
   
    
    
+  
    
    
    

From 0b0786fd866118df010ca7b23b25b1ab7de04736 Mon Sep 17 00:00:00 2001
From: Jordan Geurten 
Date: Tue, 20 Oct 2020 14:32:35 -0700
Subject: [PATCH 031/384] Added contributor to the acknowledgements section

---
 .../microsoft-recommended-block-rules.md                         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 4561b40720..620cfbcd0b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -88,6 +88,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 |Lasse Trolle Borup | Langkjaer Cyber Defence |
 |Jimmy Bayne | @bohops |
 |Philip Tsukerman | @PhilipTsukerman |
+|Brock Mammen| |
 
 

 

From b74a41aa5209232bd45c956b875674094acf337a Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Tue, 20 Oct 2020 17:01:00 -0700
Subject: [PATCH 032/384] added content

---
 .../mdm/policy-csp-admx-bits.md               | 119 ++++++++++++++++++
 1 file changed, 119 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-bits.md

diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
new file mode 100644
index 0000000000..96a81a6e58
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -0,0 +1,119 @@
+---
+title: Policy CSP - ADMX_Bits
+description: Policy CSP - ADMX_Bits
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/20/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Bits
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_Bits policies  
+
+

+  

+    ADMX_Bits/IncludeCmdLine
+  

+

+
+
+

+
+
+**ADMX_AuditSettings/IncludeCmdLine**  
+
+
+

+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
+
+If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
+
+If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.  
+
+Default is Not configured.
+
+> [!NOTE]
+> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Include command line in process creation events*
+-   GP name: *IncludeCmdLine*
+-   GP path: *System/Audit Process Creation*
+-   GP ADMX file name: *AuditSettings.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 1e194317db2d5aad0b1adab0e47401829a98bfa6 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 21 Oct 2020 22:04:44 +0500
Subject: [PATCH 033/384] Updated login user example

The login format was not properly mentioned in the document. Updated this info.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1656
---
 windows/client-management/connect-to-remote-aadj-pc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index f25c37dce5..13ee43e312 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -63,7 +63,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
   4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
      > [!TIP]
-     > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+     > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
 
      > [!Note]
      > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).

From ffff4cf5772e245a48ab0043bf6b2ffcdf4839c8 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Wed, 21 Oct 2020 10:32:48 -0700
Subject: [PATCH 034/384] Added policies

---
 .../mdm/policy-csp-admx-bits.md               | 41 ++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index 96a81a6e58..c4a92baec1 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -23,7 +23,46 @@ manager: dansimp
 
 

   

-    ADMX_Bits/IncludeCmdLine
+    ADMX_Bits/BITS_DisableBranchCache
+  

+  

+    ADMX_Bits/BITS_DisablePeercachingClient
+  

+  

+    ADMX_Bits/BITS_DisablePeercachingServer
+  

+  

+    ADMX_Bits/BITS_EnablePeercaching
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthServedForPeers
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthV2_Maintenance
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthV2_Work
+  

+  

+    ADMX_Bits/BITS_MaxCacheSize
+  

+  

+    ADMX_Bits/BITS_MaxContentAge
+  

+  

+    ADMX_Bits/BITS_MaxDownloadTime
+  

+  

+    ADMX_Bits/BITS_MaxFilesPerJob
+  

+  

+    ADMX_Bits/BITS_MaxJobsPerMachine
+  

+  

+    ADMX_Bits/BITS_MaxJobsPerUser
+  

+  

+    ADMX_Bits/BITS_MaxRangesPerFile
   

 

 

From 914da70c866aad5a2172c8c1899caf37fc38cb54 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Wed, 21 Oct 2020 15:03:38 -0700
Subject: [PATCH 035/384] Added ADMX_Bits policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |  14 +
 .../policy-configuration-service-provider.md  |  48 +
 .../mdm/policy-csp-admx-bits.md               | 965 +++++++++++++++++-
 4 files changed, 1017 insertions(+), 11 deletions(-)

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index adc08ab268..23d7fa91f2 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -174,6 +174,7 @@
 #### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md)
 #### [ADMX_AppCompat](policy-csp-admx-appcompat.md)
 #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md)
+#### [ADMX_Bits](policy-csp-admx-bits.md)
 #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md)
 #### [ADMX_COM](policy-csp-admx-com.md)
 #### [ADMX_Cpls](policy-csp-admx-cpls.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index a26052c419..e7d26b7d56 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -42,6 +42,20 @@ ms.date: 10/08/2020
 - [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord)
 - [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory)
 - [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline)
+- [ADMX_Bits/BITS_DisableBranchCache](./policy-csp-admx-bits.md#admx-bits-bits-disablebranchcache)
+- [ADMX_Bits/BITS_DisablePeercachingClient](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingclient)
+- [ADMX_Bits/BITS_DisablePeercachingServer](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingserver)
+- [ADMX_Bits/BITS_EnablePeercaching](./policy-csp-admx-bits.md#admx-bits-bits-enablepeercaching)
+- [ADMX_Bits/BITS_MaxBandwidthServedForPeers](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthservedforpeers)
+- [ADMX_Bits/BITS_MaxBandwidthV2_Maintenance](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-maintenance)
+- [ADMX_Bits/BITS_MaxBandwidthV2_Work](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-work)
+- [ADMX_Bits/BITS_MaxCacheSize](./policy-csp-admx-bits.md#admx-bits-bits-maxcachesize)
+- [ADMX_Bits/BITS_MaxContentAge](./policy-csp-admx-bits.md#admx-bits-bits-maxcontentage)
+- [ADMX_Bits/BITS_MaxDownloadTime](./policy-csp-admx-bits.md#admx-bits-bits-maxdownloadtime)
+- [ADMX_Bits/BITS_MaxFilesPerJob](./policy-csp-admx-bits.md#admx-bits-bits-maxfilesperjob)
+- [ADMX_Bits/BITS_MaxJobsPerMachine](./policy-csp-admx-bits.md#admx-bits-bits-maxjobspermachine)
+- [ADMX_Bits/BITS_MaxJobsPerUser](./policy-csp-admx-bits.md#admx-bits-bits-maxjobsperuser)
+- [ADMX_Bits/BITS_MaxRangesPerFile](./policy-csp-admx-bits.md#admx-bits-bits-maxrangesperfile)
 - [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile)
 - [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword)
 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index ec0aca468f..36abe447bb 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -245,6 +245,54 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
 
+### ADMX_Bits policies
+
+

+  

+    ADMX_Bits/BITS_DisableBranchCache
+  

+  

+    ADMX_Bits/BITS_DisablePeercachingClient
+  

+  

+    ADMX_Bits/BITS_DisablePeercachingServer
+  

+  

+    ADMX_Bits/BITS_EnablePeercaching
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthServedForPeers
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthV2_Maintenance
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthV2_Work
+  

+  

+    ADMX_Bits/BITS_MaxCacheSize
+  

+  

+    ADMX_Bits/BITS_MaxContentAge
+  

+  

+    ADMX_Bits/BITS_MaxDownloadTime
+  

+  

+    ADMX_Bits/BITS_MaxFilesPerJob
+  

+  

+    ADMX_Bits/BITS_MaxJobsPerMachine
+  

+  

+    ADMX_Bits/BITS_MaxJobsPerUser
+  

+  

+    ADMX_Bits/BITS_MaxRangesPerFile
+  

+

+
+
 ### ADMX_Cpls policies
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index c4a92baec1..b5f4b7b748 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -70,7 +70,7 @@ manager: dansimp
 

 
 
-**ADMX_AuditSettings/IncludeCmdLine**  
+**ADMX_Bits/BITS_DisableBranchCache**  
 
 
 
@@ -113,16 +113,86 @@ manager: dansimp
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
+Available in the latest Windows 10 Insider Preview Build. This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, BITS jobs on that computer can use Windows Branch Cache by default.
 
-If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
+If you enable this policy setting, the BITS client does not use Windows Branch Cache.
 
-If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.  
-
-Default is Not configured.
+If you disable or do not configure this policy setting, the BITS client uses Windows Branch Cache.
 
 > [!NOTE]
-> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data.
+> This policy setting does not affect the use of Windows Branch Cache by applications other than BITS. This policy setting does not apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely.
+      
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow the BITS client to use Windows Branch Cache*
+-   GP name: *BITS_DisableBranchCache*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_DisablePeercachingClient**  
+
+
+

 

+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computer will act as a BITS peer caching client. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).
+
+If you enable this policy setting, the computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server. However, the computer will still make files available to its peers.
+
+If you disable or do not configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to the origin server.
+
+> [!NOTE]
+> This policy setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
 
 
 > [!TIP]
@@ -134,10 +204,883 @@ Default is Not configured.
 
 
 ADMX Info:  
--   GP English name: *Include command line in process creation events*
--   GP name: *IncludeCmdLine*
--   GP path: *System/Audit Process Creation*
--   GP ADMX file name: *AuditSettings.admx*
+-   GP English name: *Do not allow the computer to act as a BITS Peercaching client*
+-   GP name: *BITS_DisablePeercachingClient*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_DisablePeercachingServer**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computer will act as a BITS peer caching server. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).
+
+If you enable this policy setting, the computer will no longer cache downloaded files and offer them to its peers. However, the computer will still download files from peers.
+
+If you disable or do not configure this policy setting, the computer will offer downloaded and cached files to its peers.
+
+> [!NOTE]
+> This setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow the computer to act as a BITS Peercaching server*
+-   GP name: *BITS_DisablePeercachingServer*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
+

+
+
+**ADMX_Bits/BITS_EnablePeercaching**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default, the files in a BITS job are downloaded only from the origin server specified by the job's owner.
+
+If BITS peer caching is enabled, BITS caches downloaded files and makes them available to other BITS peers. When transferring a download job, BITS first requests the files for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from the origin server.
+
+If you enable this policy setting, BITS downloads files from peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it is possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the "Allow BITS peer caching" policy setting must be enabled for the other two policy settings to have any effect.
+
+If you disable or do not configure this policy setting, the BITS peer caching feature will be disabled, and BITS will download files directly from the origin server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow BITS Peercaching*
+-   GP name: *BITS_EnablePeercaching*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxBandwidthServedForPeers**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server).
+
+To prevent any negative impact to a computer caused by serving other peers, by default BITS will use up to 30 percent of the bandwidth of the slowest active network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will use a maximum of 30 percent of 56 Kbps. 
+
+You can change the default behavior of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching.
+
+If you enable this policy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwidth used for peer caching.
+
+If you disable this policy setting or do not configure it, the default value of 30 percent of the slowest active network interface will be used.
+
+> [!NOTE] 
+> This setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum network bandwidth used for Peercaching*
+-   GP name: *BITS_MaxBandwidthServedForPeers*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxBandwidthV2_Maintenance**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that is used for background transfers.
+
+If you enable this policy setting, you can define a separate set of network bandwidth limits and set up a schedule for the maintenance period.
+
+You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 Kbps from 8:00 A.M. to 10:00 A.M. on a maintenance schedule.
+
+If you disable or do not configure this policy setting, the limits defined for work or non-work schedules will be used.
+
+> [!NOTE]
+> The bandwidth limits that are set for the maintenance period supersede any limits defined for work and other schedules.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers*
+-   GP name: *BITS_MaxBandwidthV2_Maintenance*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxBandwidthV2_Work**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and non-work days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and days that are not defined in a work schedule are considered non-work hours.
+
+If you enable this policy setting, you can set up a schedule for limiting network bandwidth during both work and non-work hours. After the work schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and low.
+
+You can specify a limit to use for background jobs during a work schedule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A.M. to 5:00 P.M. on Monday through Friday, and then set the limit to 512 Kbps for non-work hours.
+
+If you disable or do not configure this policy setting, BITS uses all available unused bandwidth for background job transfers.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers*
+-   GP name: *BITS_MaxBandwidthV2_Work*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxCacheSize**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache, as a percentage of the total system disk size. BITS will add files to the peer cache and make those files available to peers until the cache content reaches the specified cache size. By default, BITS will use 1 percent of the total system disk for the peercache.
+
+If you enable this policy setting, you can enter the percentage of disk space to be used for the BITS peer cache. You can enter a value between 1 percent and 80 percent.
+
+If you disable or do not configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size.
+
+> [!NOTE]
+> This policy setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the BITS Peercache size*
+-   GP name: *BITS_MaxCacheSize*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxContentAge**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space, by default BITS removes any files in the peer cache that have not been accessed in the past 90 days.
+
+If you enable this policy setting, you can specify in days the maximum age of files in the cache. You can enter a value between 1 and 120 days.
+
+If you disable or do not configure this policy setting, files that have not been accessed for the past 90 days will be removed from the peer cache.
+
+> [!NOTE]
+> This policy setting has no effect if the "Allow BITS Peercaching" policy setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the age of files in the BITS Peercache*
+-   GP name: *BITS_MaxContentAge*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxDownloadTime**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job.
+
+The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit, the job is placed in the error state.
+
+By default BITS uses a maximum download time of 90 days (7,776,000 seconds).
+
+If you enable this policy setting, you can set the maximum job download time to a specified number of seconds.
+
+If you disable or do not configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum BITS job download time*
+-   GP name: *BITS_MaxDownloadTime*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxFilesPerJob**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use this setting to raise or lower the maximum number of files a BITS jobs can contain.
+
+If you enable this policy setting, BITS will limit the maximum number of files a job can contain to the specified number.
+
+If you disable or do not configure this policy setting, BITS will use the default value of 200 for the maximum number of files a job can contain.
+
+> [!NOTE]
+> BITS Jobs created by services and the local administrator account do not count toward this limit.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum number of files allowed in a BITS job*
+-   GP name: *BITS_MaxFilesPerJob*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxJobsPerMachine**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the total number of jobs that can be created on the computer to 300 jobs. You can use this policy setting to raise or lower the maximum number of user BITS jobs.
+
+If you enable this policy setting, BITS will limit the maximum number of BITS jobs to the specified number.
+
+If you disable or do not configure this policy setting, BITS will use the default BITS job limit of 300 jobs.
+
+> [!NOTE]
+> BITS jobs created by services and the local administrator account do not count toward this limit.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum number of BITS jobs for this computer*
+-   GP name: *BITS_MaxJobsPerMachine*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxJobsPerUser**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs that can be created by a user to 60 jobs. You can use this setting to raise or lower the maximum number of BITS jobs a user can create.
+
+If you enable this policy setting, BITS will limit the maximum number of BITS jobs a user can create to the specified number.
+
+If you disable or do not configure this policy setting, BITS will use the default user BITS job limit of 300 jobs.
+
+> [!NOTE]
+> This limit must be lower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum number of BITS jobs for this computer" policy setting is not configured. BITS jobs created by services and the local administrator account do not count toward this limit.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum number of BITS jobs for each user*
+-   GP name: *BITS_MaxJobsPerUser*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+

+
+
+**ADMX_Bits/BITS_MaxRangesPerFile**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited to 500 ranges per file. You can use this setting to raise or lower the maximum number ranges per file.
+
+If you enable this policy setting, BITS will limit the maximum number of ranges that can be added to a file to the specified number.
+
+If you disable or do not configure this policy setting, BITS will limit ranges to 500 ranges per file.
+
+> [!NOTE]
+> BITS Jobs created by services and the local administrator account do not count toward this limit.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum number of ranges that can be added to the file in a BITS job*
+-   GP name: *BITS_MaxRangesPerFile*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
 
 
 

From 06bf32b6a8ef7fe0ba6acfda163a358a2fc6b397 Mon Sep 17 00:00:00 2001
From: Takeshi Katano 
Date: Thu, 22 Oct 2020 11:48:04 +0900
Subject: [PATCH 036/384] Incorrect WMI property names

SignatureFallbackOrder and SignatureDefinitionUpdateFileSharesSouce properties are for signature source order properties.
---
 ...atch-up-scans-microsoft-defender-antivirus.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index f176529dde..31c00d261d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -100,8 +100,10 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanParameters
+ScanScheduleDay
+ScanScheduleTime
+RandomizeScheduleTaskTimes
 ```
 
 See the following for more information and allowed parameters:
@@ -138,8 +140,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanOnlyIfIdleEnabled
 ```
 
 See the following for more information and allowed parameters:
@@ -173,8 +174,8 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+RemediationScheduleDay
+RemediationScheduleTime
 ```
 
 See the following for more information and allowed parameters:
@@ -210,8 +211,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanScheduleQuickScanTime
 ```
 
 See the following for more information and allowed parameters:

From f2752581be06136f47f7f01ee8d4248e356cad2e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 22 Oct 2020 15:25:54 +0500
Subject: [PATCH 037/384] Update mac-jamfpro-policies.md

---
 .../microsoft-defender-atp/mac-jamfpro-policies.md              | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index a56afd0ef7..9a095843cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -776,8 +776,6 @@ Follow the instructions on [Schedule scans with Microsoft Defender ATP for Mac](
 
 8. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
 
-    - Manifest File: Select **Upload Manifest File**. 
-
     **Options tab**
 Keep default values.
 
     **Limitations tab**
 Keep default values.

From 911ac4e7705d8f3d08b3a5b4dd140c5877a119bb Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 22 Oct 2020 15:45:14 +0500
Subject: [PATCH 038/384] Update endpoint-detection-response-mac-preview.md

---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 4d724bc3ca..ea1b4c4883 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+To get preview features available for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.

From 5dccbc972ae9732d954f3187eb3db54c65f94f69 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 22 Oct 2020 13:45:09 -0700
Subject: [PATCH 039/384] Added networkconnections ADMX-backed policies

---
 windows/client-management/mdm/TOC.md          |    1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   27 +
 .../policy-configuration-service-provider.md  |   86 +
 .../mdm/policy-csp-admx-networkconnections.md | 2199 +++++++++++++++++
 4 files changed, 2313 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-networkconnections.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 318c9478e2..3d854f3d2e 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -199,6 +199,7 @@
 #### [ADMX_nca](policy-csp-admx-nca.md)
 #### [ADMX_NCSI](policy-csp-admx-ncsi.md)
 #### [ADMX_Netlogon](policy-csp-admx-netlogon.md)
+#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md)
 #### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
 #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
 #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index e7d26b7d56..33601d8c10 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -186,6 +186,33 @@ ms.date: 10/08/2020
 - [ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-sysvolsharecompatibilitymode)
 - [ADMX_Netlogon/Netlogon_TryNextClosestSite](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-trynextclosestsite)
 - [ADMX_Netlogon/Netlogon_UseDynamicDns](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-usedynamicdns)
+- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
+- [ADMX_NetworkConnections/NC_AdvancedSettings](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-advancedsettings)
+- [ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-allowadvancedtcpipconfig)
+- [ADMX_NetworkConnections/NC_ChangeBindState](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-changebindstate)
+- [ADMX_NetworkConnections/NC_DeleteAllUserConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deletealluserconnection)
+- [ADMX_NetworkConnections/NC_DeleteConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deleteconnection)
+- [ADMX_NetworkConnections/NC_DialupPrefs](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-dialupprefs)
+- [ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-donotshowlocalonlyicon)
+- [ADMX_NetworkConnections/NC_EnableAdminProhibits](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-enableadminprohibits)
+- [ADMX_NetworkConnections/NC_ForceTunneling](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-forcetunneling)
+- [ADMX_NetworkConnections/NC_IpStateChecking](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-ipstatechecking)
+- [ADMX_NetworkConnections/NC_LanChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanchangeproperties)
+- [ADMX_NetworkConnections/NC_LanConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanconnect)
+- [ADMX_NetworkConnections/NC_LanProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanproperties)
+- [ADMX_NetworkConnections/NC_NewConnectionWizard](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-newconnectionwizard)
+- [ADMX_NetworkConnections/NC_PersonalFirewallConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-personalfirewallconfig)
+- [ADMX_NetworkConnections/NC_RasAllUserProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasalluserproperties)
+- [ADMX_NetworkConnections/NC_RasChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-raschangeproperties)
+- [ADMX_NetworkConnections/NC_RasConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasconnect)
+- [ADMX_NetworkConnections/NC_RasMyProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasmyproperties)
+- [ADMX_NetworkConnections/NC_RenameAllUserRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamealluserrasconnection)
+- [ADMX_NetworkConnections/NC_RenameConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renameconnection)
+- [ADMX_NetworkConnections/NC_RenameLanConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamelanconnection)
+- [ADMX_NetworkConnections/NC_RenameMyRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamemyrasconnection)
+- [ADMX_NetworkConnections/NC_ShowSharedAccessUI](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-showsharedaccessui)
+- [ADMX_NetworkConnections/NC_Statistics](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-statistics)
+- [ADMX_NetworkConnections/NC_StdDomainUserSetLocation](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-stddomainusersetlocation)
 - [ADMX_OfflineFiles/Pol_AlwaysPinSubFolders](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-alwayspinsubfolders)
 - [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-1)
 - [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-2)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 4b7f1c4669..f87ad5c5a8 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -769,6 +769,92 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 

 
+### ADMX_NetworkConnections policies  
+
+

+  

+    ADMX_NetworkConnections/NC_AddRemoveComponents
+  

+  

+    ADMX_NetworkConnections/NC_AdvancedSettings
+  

+  

+    ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig
+  

+  

+    ADMX_NetworkConnections/NC_ChangeBindState
+  

+  

+    ADMX_NetworkConnections/NC_DeleteAllUserConnection
+  

+  

+    ADMX_NetworkConnections/NC_DeleteConnection
+  

+  

+    ADMX_NetworkConnections/NC_DialupPrefs
+  

+  

+    ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon
+  

+  

+    ADMX_NetworkConnections/NC_EnableAdminProhibits
+  

+  

+    ADMX_NetworkConnections/NC_ForceTunneling
+  

+  

+    ADMX_NetworkConnections/NC_IpStateChecking
+  

+  

+    ADMX_NetworkConnections/NC_LanChangeProperties
+  

+  

+    ADMX_NetworkConnections/NC_LanConnect
+  

+  

+    ADMX_NetworkConnections/NC_LanProperties
+  

+  

+    ADMX_NetworkConnections/NC_NewConnectionWizard
+  

+  

+    ADMX_NetworkConnections/NC_PersonalFirewallConfig
+  

+  

+    ADMX_NetworkConnections/NC_RasAllUserProperties
+  

+  

+    ADMX_NetworkConnections/NC_RasChangeProperties
+  

+  

+    ADMX_NetworkConnections/NC_RasConnect
+  

+  

+    ADMX_NetworkConnections/NC_RasMyProperties
+  

+  

+    ADMX_NetworkConnections/NC_RenameAllUserRasConnection
+  

+  

+    ADMX_NetworkConnections/NC_RenameConnection
+  

+  

+    ADMX_NetworkConnections/NC_RenameLanConnection
+  

+  

+    ADMX_NetworkConnections/NC_RenameMyRasConnection
+  

+  

+    ADMX_NetworkConnections/NC_ShowSharedAccessUI
+  

+  

+    ADMX_NetworkConnections/NC_Statistics
+  

+  

+    ADMX_NetworkConnections/NC_StdDomainUserSetLocation
+  

+

+
 ### ADMX_OfflineFiles policies
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
new file mode 100644
index 0000000000..fc26c1d0f5
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -0,0 +1,2199 @@
+---
+title: Policy CSP - ADMX_NetworkConnections
+description: Policy CSP - ADMX_NetworkConnections
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/21/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_NetworkConnections
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_NetworkConnections policies  
+
+

+  

+    ADMX_NetworkConnections/NC_AddRemoveComponents
+  

+  

+    ADMX_NetworkConnections/NC_AdvancedSettings
+  

+  

+    ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig
+  

+  

+    ADMX_NetworkConnections/NC_ChangeBindState
+  

+  

+    ADMX_NetworkConnections/NC_DeleteAllUserConnection
+  

+  

+    ADMX_NetworkConnections/NC_DeleteConnection
+  

+  

+    ADMX_NetworkConnections/NC_DialupPrefs
+  

+  

+    ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon
+  

+  

+    ADMX_NetworkConnections/NC_EnableAdminProhibits
+  

+  

+    ADMX_NetworkConnections/NC_ForceTunneling
+  

+  

+    ADMX_NetworkConnections/NC_IpStateChecking
+  

+  

+    ADMX_NetworkConnections/NC_LanChangeProperties
+  

+  

+    ADMX_NetworkConnections/NC_LanConnect
+  

+  

+    ADMX_NetworkConnections/NC_LanProperties
+  

+  

+    ADMX_NetworkConnections/NC_NewConnectionWizard
+  

+  

+    ADMX_NetworkConnections/NC_PersonalFirewallConfig
+  

+  

+    ADMX_NetworkConnections/NC_RasAllUserProperties
+  

+  

+    ADMX_NetworkConnections/NC_RasChangeProperties
+  

+  

+    ADMX_NetworkConnections/NC_RasConnect
+  

+  

+    ADMX_NetworkConnections/NC_RasMyProperties
+  

+  

+    ADMX_NetworkConnections/NC_RenameAllUserRasConnection
+  

+  

+    ADMX_NetworkConnections/NC_RenameConnection
+  

+  

+    ADMX_NetworkConnections/NC_RenameLanConnection
+  

+  

+    ADMX_NetworkConnections/NC_RenameMyRasConnection
+  

+  

+    ADMX_NetworkConnections/NC_ShowSharedAccessUI
+  

+  

+    ADMX_NetworkConnections/NC_Statistics
+  

+  

+    ADMX_NetworkConnections/NC_StdDomainUserSetLocation
+  

+

+
+
+

+
+
+**ADMX_NetworkConnections/NC_AddRemoveComponents**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard.
+
+The Install button opens the dialog boxes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the button).
+
+The Install and Uninstall buttons appear in the properties dialog box for connections. These buttons are on the General tab for LAN connections and on the Networking tab for remote access connections.
+
+> [!NOTE]
+> When the "Prohibit access to properties of a LAN connection", "Ability to change properties of an all user remote access connection", or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the connection properties dialog box, the Install and Uninstall buttons for connections are blocked.
+>
+> Nonadministrators are already prohibited from adding and removing connection components, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit adding and removing components for a LAN or remote access connection*
+-   GP name: *NC_AddRemoveComponents*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_AdvancedSettings**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
+
+The Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced Settings item is disabled for administrators.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Advanced Settings item is enabled for administrators.
+
+> [!NOTE]
+> Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to the Advanced Settings item on the Advanced menu*
+-   GP name: *NC_AdvancedSettings*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can configure advanced TCP/IP settings.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box.
+
+This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users cannot gain access to the Advanced button for TCP/IP configuration.
+
+Changing this setting from Enabled to Not Configured does not enable the Advanced button until the user logs off.
+
+> [!NOTE]
+> Nonadministrators (excluding Network Configuration Operators) do not have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting.
+
+> [!TIP]
+> To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Properties. For remote access connections, click the Networking tab.  In the "Components checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advanced button.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit TCP/IP advanced configuration*
+-   GP name: *NC_AllowAdvancedTCPIPConfig*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_ChangeBindState**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component.
+
+> [!NOTE]
+> When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.
+>
+> Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit Enabling/Disabling components of a LAN connection*
+-   GP name: *NC_ChangeBindState*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_DeleteAllUserConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can delete all user remote access connections.
+
+To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
+
+If you enable this setting, all users can delete shared remote access connections. In addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection.
+
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.)
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you do not configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connections.
+
+When enabled, the "Prohibit deletion of remote access connections" setting takes precedence over this setting. Users (including administrators) cannot delete any remote access connections, and this setting is ignored.
+
+> [!NOTE]
+> LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.
+> 
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to delete all user remote access connections*
+-   GP name: *NC_DeleteAllUserConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_DeleteConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can delete remote access connections.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.)
+
+When enabled, this setting takes precedence over the "Ability to delete all user remote access connections" setting. Users cannot delete any remote access connections, and the "Ability to delete all user remote access connections" setting is ignored.
+
+> [!NOTE]
+> LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> 
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit deletion of remote access connections*
+-   GP name: *NC_DeleteConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_DialupPrefs**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.
+
+The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Remote Access Preferences item is disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to the Remote Access Preferences item on the Advanced menu*
+-   GP name: *NC_DialupPrefs*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether or not the "local access only" network icon will be shown.
+
+When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.
+
+If you disable this setting or do not configure it, the "local access only" icon will be used when a user is connected to a network with local access only.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not show the "local access only" network icon*
+-   GP name: *NC_DoNotShowLocalOnlyIcon*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_EnableAdminProhibits**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
+
+The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.
+
+By default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators.
+
+If you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators.
+
+If you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrators.
+
+> [!NOTE]
+> This setting is intended to be used in a situation in which the Group Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and Windows XP Professional computers.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Enable Windows 2000 Network Connections settings for Administrators*
+-   GP name: *NC_EnableAdminProhibits*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_ForceTunneling**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
+
+When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.
+
+If you enable this policy setting, all traffic between a remote client computer running DirectAccess and the Internet is routed through the internal network.
+
+If you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
+
+If you do not configure this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Route all traffic through the internal network*
+-   GP name: *NC_ForceTunneling*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_IpStateChecking**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
+
+If you enable this policy setting, this condition will not be reported as an error to the user.
+
+If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off notifications when a connection has only limited or no connectivity*
+-   GP name: *NC_IpStateChecking*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_LanChangeProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
+
+This setting determines whether the Properties button for components of a LAN connection is enabled.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections settings for Administrators" setting.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Properties button is enabled for administrators and Network Configuration Operators.
+
+The Local Area Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.
+
+> [!NOTE]
+> Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.
+>
+> When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the Properties button for LAN connection components.
+>
+> Network Configuration Operators only have permission to change TCP/IP properties. Properties for all other components are unavailable to these users.
+>
+> Nonadministrators are already prohibited from accessing properties of components for a LAN connection, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to properties of components of a LAN connection*
+-   GP name: *NC_LanChangeProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_LanConnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can enable/disable LAN connections.
+
+If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
+
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you do not configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections.
+
+> [!NOTE]
+> Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to Enable/Disable a LAN connection*
+-   GP name: *NC_LanConnect*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_LanProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can change the properties of a LAN connection.
+
+This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.
+
+> [!NOTE]
+> This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to users.
+>
+> Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to properties of a LAN connection*
+-   GP name: *NC_LanProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_NewConnectionWizard**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard.
+
+> [!NOTE]
+> Changing this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon does not appear or disappear in the Network Connections folder until the folder is refreshed.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to the New Connection Wizard*
+-   GP name: *NC_NewConnectionWizard*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_PersonalFirewallConfig**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
+
+Determines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.
+
+> [!IMPORTANT]
+> This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.
+
+The Internet Connection Firewall is a stateful packet filter for home and small office users to protect them from Internet network security threats.
+
+If you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled.
+
+If you enable the "Windows Firewall: Protect all network connections" policy setting, the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting has no effect on computers that are running Windows Firewall, which replaces Internet Connection Firewall when you install Windows XP Service Pack 2.
+
+If you disable this setting or do not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit use of Internet Connection Firewall on your DNS domain network*
+-   GP name: *NC_PersonalFirewallConfig*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_RasAllUserProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
+
+To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
+
+This setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box is available to users.
+
+If you enable this setting, a Properties menu item appears when any user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File menu.
+
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) cannot open the remote access connection properties dialog box.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you do not configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections.
+
+> [!NOTE]
+> This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users.
+> 
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to change properties of an all user remote access connection*
+-   GP name: *NC_RasAllUserProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_RasChangeProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
+
+This setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Properties button is enabled for all users.
+
+The Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.
+
+> [NOTE]
+> Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.
+>
+> When the "Ability to change properties of an all user remote access connection" or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to properties of components of a remote access connection*
+-   GP name: *NC_RasChangeProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_RasConnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can connect and disconnect remote access connections.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit connecting and disconnecting a remote access connection*
+-   GP name: *NC_RasConnect*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_RasMyProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view and change the properties of their private remote access connections.
+
+Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
+
+This setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box for a private connection is available to users.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private connection.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu.
+
+> [!NOTE]
+> This setting takes precedence over settings that manipulate the availability of features in the Remote Access Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a remote access connection will be available to users.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit changing properties of a private remote access connection*
+-   GP name: *NC_RasMyProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_RenameAllUserRasConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether nonadministrators can rename all-user remote access connections.
+
+To create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
+
+If you enable this setting, the Rename option is enabled for all-user remote access connections. Any user can rename all-user connections by clicking an icon representing the connection or by using the File menu.
+
+If you disable this setting, the Rename option is disabled for nonadministrators only.
+
+If you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections.
+
+> [!NOTE]
+> This setting does not apply to Administrators.
+
+When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting does not apply.
+
+This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to rename all user remote access connections*
+-   GP name: *NC_RenameAllUserRasConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_RenameConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting Determines whether users can rename LAN or all user remote access connections.
+
+If you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.
+
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option for LAN and all user remote access connections is disabled for all users (including Administrators and Network Configuration Operators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If this setting is not configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections.
+
+> [!NOTE]
+> When configured, this setting always takes precedence over the "Ability to rename LAN connections" and "Ability to rename all user remote access connections" settings.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to rename LAN connections or remote access connections available to all users*
+-   GP name: *NC_RenameConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_RenameLanConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether nonadministrators can rename a LAN connection.
+
+If you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.
+
+If you disable this setting, the Rename option is disabled for nonadministrators only.
+
+If you do not configure this setting, only Administrators and Network Configuration Operators can rename LAN connections
+
+> [!NOTE]
+> This setting does not apply to Administrators.
+
+When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting does not apply.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to rename LAN connections*
+-   GP name: *NC_RenameLanConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_RenameMyRasConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can rename their private remote access connections.
+
+Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option is disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.
+
+> [!NOTE]
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit renaming private remote access connections*
+-   GP name: *NC_RenameMyRasConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_ShowSharedAccessUI**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
+
+ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.
+
+If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.
+
+If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.)
+
+By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.
+
+> [!NOTE]
+> Internet Connection Sharing is only available when two or more network connections are present.
+
+When the "Prohibit access to properties of a LAN connection," "Ability to change properties of an all user remote access connection," or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Connection Properties dialog box, the Advanced tab for the connection is blocked.
+
+Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting.
+
+Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks" check box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
+-   GP name: *NC_ShowSharedAccessUI*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_Statistics**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view the status for an active connection.
+
+Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.
+
+If you enable this setting, the connection status taskbar icon and Status dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon in the taskbar from the Connection Properties dialog box.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the connection status taskbar icon and  Status dialog box are available to all users.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit viewing of status for an active connection*
+-   GP name: *NC_Statistics*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+
+**ADMX_NetworkConnections/NC_StdDomainUserSetLocation**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether to require domain users to elevate when setting a network's location.
+
+If you enable this policy setting, domain users must elevate when setting a network's location.
+
+If you disable or do not configure this policy setting, domain users can set a network's location without elevating.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Require domain users to elevate when setting a network's location*
+-   GP name: *NC_StdDomainUserSetLocation*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file

From 841672a23c709dd10c35597a823c84f33f44d3cb Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 22 Oct 2020 13:56:16 -0700
Subject: [PATCH 040/384] Fixed broken link

---
 .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 33601d8c10..d20b416f31 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -186,7 +186,7 @@ ms.date: 10/08/2020
 - [ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-sysvolsharecompatibilitymode)
 - [ADMX_Netlogon/Netlogon_TryNextClosestSite](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-trynextclosestsite)
 - [ADMX_Netlogon/Netlogon_UseDynamicDns](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-usedynamicdns)
-- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
+- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
 - [ADMX_NetworkConnections/NC_AdvancedSettings](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-advancedsettings)
 - [ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-allowadvancedtcpipconfig)
 - [ADMX_NetworkConnections/NC_ChangeBindState](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-changebindstate)

From ab9a8ce9ad2279b5a6209fb636f5431af770b32c Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 22 Oct 2020 15:15:51 -0700
Subject: [PATCH 041/384] Added ADMX_Sensors policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   5 +
 .../policy-configuration-service-provider.md  |  20 +
 .../mdm/policy-csp-admx-networkconnections.md |  54 +--
 .../mdm/policy-csp-admx-sensors.md            | 401 ++++++++++++++++++
 5 files changed, 454 insertions(+), 27 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-sensors.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 3d854f3d2e..d26fe35e20 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -207,6 +207,7 @@
 #### [ADMX_Scripts](policy-csp-admx-scripts.md)
 #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
 #### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md)
+#### [ADMX_Sensors](policy-csp-admx-sensors.md)
 #### [ADMX_Servicing](policy-csp-admx-servicing.md)
 #### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
 #### [ADMX_Sharing](policy-csp-admx-sharing.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index d20b416f31..0272022007 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -292,6 +292,11 @@ ms.date: 10/08/2020
 - [ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticsexecutionpolicy)
 - [ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticssecuritypolicy)
 - [ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain](/policy-csp-admx-securitycenter.md#admx-securitycenter-securitycenter-securitycenterindomain)
+- [ADMX_Sensors/DisableLocationScripting_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-1)
+- [ADMX_Sensors/DisableLocationScripting_2](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-2)
+- [ADMX_Sensors/DisableLocation_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocation-1)
+- [ADMX_Sensors/DisableSensors_1](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-1)
+- [ADMX_Sensors/DisableSensors_2](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-2)
 - [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing)
 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots)
 - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index f87ad5c5a8..a0c7d8db35 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1126,6 +1126,26 @@ The following diagram shows the Policy configuration service provider in tree fo
   

 
 
+### ADMX_Sensors policies  
+
+

+  

+    ADMX_Sensors/DisableLocationScripting_1
+  

+  

+    ADMX_Sensors/DisableLocationScripting_2
+  

+  

+    ADMX_Sensors/DisableLocation_1
+  

+  

+    ADMX_Sensors/DisableSensors_1
+  

+  

+    ADMX_Sensors/DisableSensors_2
+  

+

+
 ### ADMX_Servicing policies  
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index fc26c1d0f5..c9677897bc 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -153,7 +153,7 @@ manager: dansimp
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.
 
@@ -233,7 +233,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
 
 The Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.
 
@@ -309,7 +309,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can configure advanced TCP/IP settings.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can configure advanced TCP/IP settings.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.
 
@@ -390,7 +390,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.
 
@@ -466,7 +466,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can delete all user remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can delete all user remote access connections.
 
 To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -548,7 +548,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can delete remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can delete remote access connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.
 
@@ -628,7 +628,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.
 
 The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.
 
@@ -701,7 +701,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether or not the "local access only" network icon will be shown.
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether or not the "local access only" network icon will be shown.
 
 When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.
 
@@ -770,7 +770,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
 
 The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.
 
@@ -846,7 +846,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
 
 When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.
 
@@ -919,7 +919,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
 
 If you enable this policy setting, this condition will not be reported as an error to the user.
 
@@ -988,7 +988,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
 
 This setting determines whether the Properties button for components of a LAN connection is enabled.
 
@@ -1072,7 +1072,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can enable/disable LAN connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can enable/disable LAN connections.
 
 If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
 
@@ -1148,7 +1148,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can change the properties of a LAN connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can change the properties of a LAN connection.
 
 This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
 
@@ -1226,7 +1226,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.
 
@@ -1302,7 +1302,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
+Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
 
 Determines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.
 
@@ -1380,7 +1380,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
 
 To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -1462,7 +1462,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
 
 This setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.
 
@@ -1544,7 +1544,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can connect and disconnect remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can connect and disconnect remote access connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).
 
@@ -1615,7 +1615,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view and change the properties of their private remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view and change the properties of their private remote access connections.
 
 Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
 
@@ -1695,7 +1695,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether nonadministrators can rename all-user remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether nonadministrators can rename all-user remote access connections.
 
 To create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -1775,7 +1775,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting Determines whether users can rename LAN or all user remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting Determines whether users can rename LAN or all user remote access connections.
 
 If you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.
 
@@ -1853,7 +1853,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether nonadministrators can rename a LAN connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether nonadministrators can rename a LAN connection.
 
 If you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.
 
@@ -1929,7 +1929,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can rename their private remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can rename their private remote access connections.
 
 Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
 
@@ -2005,7 +2005,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
 
 ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.
 
@@ -2087,7 +2087,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view the status for an active connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view the status for an active connection.
 
 Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.
 
@@ -2160,7 +2160,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether to require domain users to elevate when setting a network's location.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether to require domain users to elevate when setting a network's location.
 
 If you enable this policy setting, domain users must elevate when setting a network's location.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
new file mode 100644
index 0000000000..00ff56dafe
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -0,0 +1,401 @@
+---
+title: Policy CSP - ADMX_Sensors
+description: Policy CSP - ADMX_Sensors
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Sensors
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_Sensors policies  
+
+

+  

+    ADMX_Sensors/DisableLocationScripting_1
+  

+  

+    ADMX_Sensors/DisableLocationScripting_2
+  

+  

+    ADMX_Sensors/DisableLocation_1
+  

+  

+    ADMX_Sensors/DisableSensors_1
+  

+  

+    ADMX_Sensors/DisableSensors_2
+  

+

+
+
+

+
+
+**ADMX_Sensors/DisableLocationScripting_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+
+If you enable this policy setting, scripts for the location feature will not run.
+
+If you disable or do not configure this policy setting, all location scripts will run.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off location scripting*
+-   GP name: *DisableLocationScripting_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+

+
+
+**ADMX_Sensors/DisableLocationScripting_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+
+If you enable this policy setting, scripts for the location feature will not run.
+
+If you disable or do not configure this policy setting, all location scripts will run.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off location scripting*
+-   GP name: *DisableLocationScripting_2*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+

+
+
+**ADMX_Sensors/DisableLocation_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the location feature for this computer.
+
+If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
+
+If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off location*
+-   GP name: *DisableLocation_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+

+
+
+**ADMX_Sensors/DisableSensors_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+
+If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off sensors*
+-   GP name: *DisableSensors_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+

+
+
+**ADMX_Sensors/DisableSensors_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+
+If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off sensors*
+-   GP name: *DisableSensors_2*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file

From 42792eaf7500734ca05573627ce8a259b7abee7a Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 22 Oct 2020 16:20:49 -0700
Subject: [PATCH 042/384] Added ADMX_WCM policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   3 +
 .../policy-configuration-service-provider.md  |  14 +
 .../mdm/policy-csp-admx-wcm.md                | 272 ++++++++++++++++++
 4 files changed, 290 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-wcm.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index d26fe35e20..e4d03174c6 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -219,6 +219,7 @@
 #### [ADMX_TPM](policy-csp-admx-tpm.md)
 #### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
 #### [ADMX_W32Time](policy-csp-admx-w32time.md)
+#### [ADMX_WCM](policy-csp-admx-wcm.md)
 #### [ADMX_WinCal](policy-csp-admx-wincal.md)
 #### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
 #### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 0272022007..36a06c412f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -480,6 +480,9 @@ ms.date: 10/08/2020
 - [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient)
 - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient)
 - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver)
+- [ADMX_WCM/WCM_DisablePowerManagement](./policy-csp-admx-wcm.md#admx-wcm-wcm-disablepowermanagement)
+- [ADMX_WCM/WCM_EnableSoftDisconnect](./policy-csp-admx-wcm.md#admx-wcm-wcm-enablesoftdisconnect)
+- [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections)
 - [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
 - [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
 - [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index a0c7d8db35..42782da458 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1750,6 +1750,20 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 

 
+### ADMX_WCM policies  
+
+

+  

+    ADMX_WCM/WCM_DisablePowerManagement
+  

+  

+    ADMX_WCM/WCM_EnableSoftDisconnect
+  

+  

+    ADMX_WCM/WCM_MinimizeConnections
+  

+

+
 ### ADMX_WinCal policies  
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
new file mode 100644
index 0000000000..0590f12265
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -0,0 +1,272 @@
+---
+title: Policy CSP - ADMX_WCM
+description: Policy CSP - ADMX_WCM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WCM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_WCM policies  
+
+

+  

+    ADMX_WCM/WCM_DisablePowerManagement
+  

+  

+    ADMX_WCM/WCM_EnableSoftDisconnect
+  

+  

+    ADMX_WCM/WCM_MinimizeConnections
+  

+

+
+
+

+
+
+**ADMX_WCM/WCM_DisablePowerManagement**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that power management is disabled when the machine enters connected standby mode.
+
+If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode.
+
+If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Disable power management in connected standby mode*
+-   GP name: *WCM_DisablePowerManagement*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+
+
+

+
+
+**ADMX_WCM/WCM_EnableSoftDisconnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows will soft-disconnect a computer from a network.
+
+If this policy setting is enabled or not configured, Windows will soft-disconnect a computer from a network when it determines that the computer should no longer be connected to a network.
+
+If this policy setting is disabled, Windows will disconnect a computer from a network immediately when it determines that the computer should no longer be connected to a network.
+
+When soft disconnect is enabled:
+
+- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
+- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.
+- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network.
+
+This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Enable Windows to soft-disconnect a computer from a network*
+-   GP name: *WCM_EnableSoftDisconnect*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+
+
+

+
+
+**ADMX_WCM/WCM_MinimizeConnections**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
+
+If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This was previously the Disabled state for this policy setting. This option was first available in Windows 8.
+
+If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This was previously the Enabled state for this policy setting. This option was first available in Windows 8.
+
+If this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703).
+
+If this policy setting is set to 3, the behavior is similar to 2. However, if there's an Ethernet connection, Windows won't allow users to connect to a WLAN manually. A WLAN can only be connected (automatically or manually) when there's no Ethernet connection.
+
+This policy setting is related to the "Enable Windows to soft-disconnect a computer from a network" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain*
+-   GP name: *WCM_MinimizeConnections*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 1aae76d28a3bd8cd9665fb4479a5849f64446938 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 23 Oct 2020 22:51:49 +0530
Subject: [PATCH 043/384] Rebrand-Update-4567381

Updated with new brandnames
---
 .../access-mssp-portal.md                     |  4 +-
 .../add-or-remove-machine-tags.md             |  6 +-
 .../advanced-features.md                      | 30 +++----
 ...nced-hunting-assignedipaddress-function.md |  2 +-
 .../advanced-hunting-best-practices.md        |  6 +-
 ...dvanced-hunting-devicealertevents-table.md |  4 +-
 .../advanced-hunting-deviceevents-table.md    |  4 +-
 ...hunting-devicefilecertificateinfo-table.md |  4 +-
 ...advanced-hunting-devicefileevents-table.md |  4 +-
 ...ced-hunting-deviceimageloadevents-table.md |  4 +-
 .../advanced-hunting-deviceinfo-table.md      |  6 +-
 ...dvanced-hunting-devicelogonevents-table.md |  4 +-
 ...anced-hunting-devicenetworkevents-table.md |  4 +-
 ...dvanced-hunting-devicenetworkinfo-table.md |  4 +-
 ...anced-hunting-deviceprocessevents-table.md |  4 +-
 ...nced-hunting-deviceregistryevents-table.md |  4 +-
 ...etvmsecureconfigurationassessment-table.md |  4 +-
 ...vmsecureconfigurationassessmentkb-table.md |  4 +-
 ...msoftwareinventoryvulnerabilities-table.md |  4 +-
 ...evicetvmsoftwarevulnerabilitieskb-table.md |  4 +-
 .../advanced-hunting-errors.md                |  4 +-
 .../advanced-hunting-extend-data.md           |  2 +-
 .../advanced-hunting-fileprofile-function.md  |  2 +-
 .../advanced-hunting-go-hunt.md               |  2 +-
 .../advanced-hunting-limits.md                |  4 +-
 ...ft-defender-atp-ios-privacy-information.md | 85 +++++++++++++++++++
 26 files changed, 147 insertions(+), 62 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md b/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
index b6e3f60ba0..ccf8b5f19e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
index 0fb5352742..94849b6b18 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 ## API description
 
@@ -38,7 +38,7 @@ Adds or remove tag to a specific [Machine](machine.md).
 
 ## Permissions
 
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |    Permission    |    Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
index 938309f9f2..725daf0761 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
@@ -17,18 +17,18 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure advanced features in Microsoft Defender ATP
+# Configure advanced features in Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
 
-Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Microsoft Defender ATP with.
+Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Defender for Endpoint with.
 
 Use the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
 
@@ -88,7 +88,7 @@ To use this feature, devices must be running Windows 10 version 1709 or later. T
 For more information, see [Manage indicators](manage-indicators.md).
 
 >[!NOTE]
->Network protection leverages reputation services that process requests in locations that might be outside of the location you have selected for your Microsoft Defender ATP data.
+>Network protection leverages reputation services that process requests in locations that might be outside of the location you have selected for your Defender for Endpoint data.
 
 ## Show user details
 
@@ -116,9 +116,9 @@ The integration with Azure Advanced Threat Protection allows you to pivot direct
 
 ## Microsoft Secure Score
 
-Forwards Microsoft Defender ATP signals to Microsoft Secure Score in the Microsoft 365 security center. Turning on this feature gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data.
+Forwards Defender for Endpoint signals to Microsoft Secure Score in the Microsoft 365 security center. Turning on this feature gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data.
 
-### Enable the Microsoft Defender ATP integration from the Azure ATP portal
+### Enable the Defender for Endpoint integration from the Azure ATP portal
 
 To receive contextual device integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal.
 
@@ -139,18 +139,18 @@ When you turn this feature on, you'll be able to incorporate data from Office 36
 >[!NOTE]
 >You'll need to have the appropriate license to enable this feature. 
 
-To receive contextual device integration in Office 365 Threat Intelligence, you'll need to enable the Microsoft Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
+To receive contextual device integration in Office 365 Threat Intelligence, you'll need to enable the Defender for Endpoint settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
 
 ## Microsoft Threat Experts
 
-Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability. Experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Microsoft Defender ATP portal's alerts dashboard and via email if you configure it.
+Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability. Experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Defender for Endpoint portal's alerts dashboard and via email if you configure it.
 
 >[!NOTE]
->The Microsoft Threat Experts capability in Microsoft Defender ATP is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
+>The Microsoft Threat Experts capability in Defender for Endpoint is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
 
 ## Microsoft Cloud App Security
 
-Enabling this setting forwards Microsoft Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data.
+Enabling this setting forwards Defender for Endpoint signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data.
 
 >[!NOTE]
 >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
@@ -161,10 +161,10 @@ Turning on this setting allows signals to be forwarded to Azure Information Prot
 
 ## Microsoft Intune connection
 
-Microsoft Defender ATP can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [turn on this feature](configure-conditional-access.md), you'll be able to share Microsoft Defender ATP device information with Intune, enhancing policy enforcement.
+Defender for Endpoint can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [turn on this feature](configure-conditional-access.md), you'll be able to share Defender for Endpoint device information with Intune, enhancing policy enforcement.
 
 >[!IMPORTANT]
->You'll need to enable the integration on both Intune and Microsoft Defender ATP to use this feature. For more information on specific steps, see [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md).
+>You'll need to enable the integration on both Intune and Defender for Endpoint to use this feature. For more information on specific steps, see [Configure Conditional Access in Defender for Endpoint](configure-conditional-access.md).
 
 This feature is only available if you have the following:
 
@@ -181,7 +181,7 @@ When you enable Intune integration, Intune will automatically create a classic C
 
 ## Preview features
 
-Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+Learn about new features in the Defender for Endpoint preview release and be among the first to try upcoming features by turning on the preview experience.
 
 You'll have access to upcoming features, which you can provide feedback on to help improve the overall experience before features are generally available.
 
@@ -189,7 +189,7 @@ You'll have access to upcoming features, which you can provide feedback on to he
 
 Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data.
 
-After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users.
+After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users.
 
 ## Enable advanced features
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
index f533aa5473..46e60648d1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
@@ -24,7 +24,7 @@ ms.date: 09/20/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Use the `AssignedIPAddresses()` function in your advanced hunting queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
index 89bace1c01..bd47d4a12b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
@@ -23,9 +23,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
 
 ## Optimize query performance
 
@@ -91,7 +91,7 @@ DeviceProcessEvents
 | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" 
 ```
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
index d8fa5a458c..51940745aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
@@ -25,9 +25,9 @@ ms.date: 01/22/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceAlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
index 191dcbcb0e..82be65bdc4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The miscellaneous device events or `DeviceEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Microsoft Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
index 427c9164c2..20c0ceb254 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
@@ -25,9 +25,9 @@ ms.date: 01/14/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceFileCertificateInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
index ca50907f7c..2a453a4169 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceFileEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
index 65b9b2927c..a00c2ef094 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceImageLoadEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
index 652be88f72..8c806a1b38 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about devices in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
 
@@ -38,7 +38,7 @@ For information on other tables in the advanced hunting schema, see [the advance
 | `DeviceId` | string | Unique identifier for the device in the service |
 | `DeviceName` | string | Fully qualified domain name (FQDN) of the device |
 | `ClientVersion` | string | Version of the endpoint agent or sensor running on the device |
-| `PublicIP` | string | Public IP address used by the onboarded device to connect to the Microsoft Defender ATP service. This could be the IP address of the device itself, a NAT device, or a proxy |
+| `PublicIP` | string | Public IP address used by the onboarded device to connect to the Defender for Endpoint service. This could be the IP address of the device itself, a NAT device, or a proxy |
 | `OSArchitecture` | string | Architecture of the operating system running on the device |
 | `OSPlatform` | string | Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7 |
 | `OSBuild` | string | Build version of the operating system running on the device |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
index fcdbc783c4..c04883052f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
index ba1a43141f..467888a9d3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceNetworkEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
index df10438741..48ae9ead1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceNetworkInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about networking configuration of devices, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
index ea24aafcd0..921304b30c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
index 5278fc3224..ec6f722e98 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceRegistryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
index 8b7ff40a50..52e32d5aee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
index 17aa063a7e..317e6e26c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
index 138d4d539a..d61956dee5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 
 [!include[Prerelease information](../../includes/prerelease.md)]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
index 7cd66a3115..0779d7d929 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
index ec16f7a73d..ab53ab3585 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 
 Advanced hunting displays errors to notify for syntax mistakes and whenever queries hit [predefined limits](advanced-hunting-limits.md). Refer to the table below for tips on how to resolve or avoid errors. 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
index a1cde2051e..60566f53f5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
@@ -24,7 +24,7 @@ ms.date: 10/10/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Advanced hunting](advanced-hunting-overview.md) relies on data coming from across your organization. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
index 4d6f6bd635..365f8ef6ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
@@ -22,7 +22,7 @@ ms.date: 09/20/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 The `FileProfile()` function is an enrichment function in [advanced hunting](advanced-hunting-overview.md) that adds the following data to files found by the query.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
index a2ad985d29..9b8aed20bc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 With the *go hunt* action, you can quickly investigate events and various entity types using powerful query-based [advanced hunting](advanced-hunting-overview.md) capabilities. This action automatically runs an advanced hunting query to find relevant information about the selected event or entity.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
index 84a36793d9..0516afc2f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 To keep the service performant and responsive, advanced hunting sets various limits for queries run manually and by [custom detection rules](custom-detection-rules.md). Refer to the following table to understand these limits.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
new file mode 100644
index 0000000000..9936fd17df
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -0,0 +1,85 @@
+---
+title: Microsoft Defender ATP for iOS privacy information
+ms.reviewer:
+description: Describes the policy information for Microsoft Defender ATP for iOS
+keywords: microsoft, defender, atp, ios, privacy, overview, installation, deploy, uninstallation, intune
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: conceptual
+---
+
+# Microsoft Defender ATP for iOS - Privacy information
+
+>[!NOTE]
+> Microsoft Defender ATP for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization does not see your browsing activity.
+
+Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP.
+
+Information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected and to support the service.
+
+## Required Data 
+
+Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps.

+Here's a list of the types of data being collected:
+
+### Web page or Network information
+
+- Connection information only when a malicious connection or web page is detected. 
+- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected.
+
+### Device and account information
+
+- Device information such as date & time, iOS version, CPU info, and Device identifier
+- Device identifier is one of the below: 
+    - Wi-Fi adapter MAC address 
+    - Randomly generated globally unique identifier (GUID) 
+- Tenant, Device and User information 
+    - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. 
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory 
+    - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. 
+    - User Principal Name – Email ID of the user 
+
+### Product and service usage data 
+
+The following information is collected only for Microsoft Defender ATP app installed on the device. 
+
+- App package info, including name, version, and app upgrade status. 
+- Actions performed in the app 
+- Crash report logs generated by iOS 
+- Memory usage data 
+
+## Optional Data 
+
+Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. 
+
+Optional diagnostic data includes: 
+
+- App, CPU, and network usage for Microsoft Defender ATP. 
+- Features configured by the admin. 
+
+Feedback Data is collected through in-app feedback provided by the user. 
+
+- The user’s email address, if they choose to provide it
+- Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
+
+[More on Privacy](https://aka.ms/mdatpiosprivacystatement)
+
+
+
+
+
+
+
+

From a481e4b6eb6b3ce2be7dabe559322781bd5f7de6 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Fri, 23 Oct 2020 15:45:58 -0700
Subject: [PATCH 044/384] Added ADMX_StartMenu policies

---
 windows/client-management/mdm/TOC.md          |    1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   67 +
 .../policy-configuration-service-provider.md  |  216 +-
 .../mdm/policy-csp-admx-startmenu.md          | 5011 +++++++++++++++++
 4 files changed, 5290 insertions(+), 5 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-startmenu.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index e4d03174c6..26ce78b220 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -214,6 +214,7 @@
 #### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
 #### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
 #### [ADMX_Snmp](policy-csp-admx-snmp.md)
+#### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
 #### [ADMX_tcpip](policy-csp-admx-tcpip.md)
 #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
 #### [ADMX_TPM](policy-csp-admx-tpm.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 36a06c412f..96d7eb2a35 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -324,6 +324,73 @@ ms.date: 10/08/2020
 - [ADMX_Snmp/SNMP_Communities](./policy-csp-admx-snmp.md#admx-snmp-snmp-communities)
 - [ADMX_Snmp/SNMP_PermittedManagers](./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers)
 - [ADMX_Snmp/SNMP_Traps_Public](./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public)
+- [ADMX_StartMenu/AddSearchInternetLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-addsearchinternetlinkinstartmenu)
+- [ADMX_StartMenu/ClearRecentDocsOnExit](./policy-csp-admx-startmenu.md#admx-startmenu-clearrecentdocsonexit)
+- [ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-clearrecentprogfornewuserinstartmenu)
+- [ADMX_StartMenu/ClearTilesOnExit](./policy-csp-admx-startmenu.md#admx-startmenu-cleartilesonexit)
+- [ADMX_StartMenu/DesktopAppsFirstInAppsView](./policy-csp-admx-startmenu.md#admx-startmenu-desktopappsfirstinappsview)
+- [ADMX_StartMenu/DisableGlobalSearchOnAppsView](./policy-csp-admx-startmenu.md#admx-startmenu-disableglobalsearchonappsview)
+- [ADMX_StartMenu/ForceStartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-forcestartmenulogoff)
+- [ADMX_StartMenu/GoToDesktopOnSignIn](./policy-csp-admx-startmenu.md#admx-startmenu-gotodesktoponsignin)
+- [ADMX_StartMenu/GreyMSIAds](./policy-csp-admx-startmenu.md#admx-startmenu-greymsiads)
+- [ADMX_StartMenu/HidePowerOptions](./policy-csp-admx-startmenu.md#admx-startmenu-hidepoweroptions)
+- [ADMX_StartMenu/Intellimenus](./policy-csp-admx-startmenu.md#admx-startmenu-intellimenus)
+- [ADMX_StartMenu/LockTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-locktaskbar)
+- [ADMX_StartMenu/MemCheckBoxInRunDlg](./policy-csp-admx-startmenu.md#admx-startmenu-memcheckboxinrundlg)
+- [ADMX_StartMenu/NoAutoTrayNotify](./policy-csp-admx-startmenu.md#admx-startmenu-noautotraynotify)
+- [ADMX_StartMenu/NoBalloonTip](./policy-csp-admx-startmenu.md#admx-startmenu-noballoontip)
+- [ADMX_StartMenu/NoChangeStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nochangestartmenu)
+- [ADMX_StartMenu/NoClose](./policy-csp-admx-startmenu.md#admx-startmenu-noclose)
+- [ADMX_StartMenu/NoCommonGroups](./policy-csp-admx-startmenu.md#admx-startmenu-nocommongroups)
+- [ADMX_StartMenu/NoFavoritesMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nofavoritesmenu)
+- [ADMX_StartMenu/NoFind](./policy-csp-admx-startmenu.md#admx-startmenu-nofind)
+- [ADMX_StartMenu/NoGamesFolderOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nogamesfolderonstartmenu)
+- [ADMX_StartMenu/NoHelp](./policy-csp-admx-startmenu.md#admx-startmenu-nohelp)
+- [ADMX_StartMenu/NoInstrumentation](./policy-csp-admx-startmenu.md#admx-startmenu-noinstrumentation)
+- [ADMX_StartMenu/NoMoreProgramsList](./policy-csp-admx-startmenu.md#admx-startmenu-nomoreprogramslist)
+- [ADMX_StartMenu/NoNetAndDialupConnect](./policy-csp-admx-startmenu.md#admx-startmenu-nonetanddialupconnect)
+- [ADMX_StartMenu/NoPinnedPrograms](./policy-csp-admx-startmenu.md#admx-startmenu-nopinnedprograms)
+- [ADMX_StartMenu/NoRecentDocsMenu](./policy-csp-admx-startmenu.md#admx-startmenu-norecentdocsmenu)
+- [ADMX_StartMenu/NoResolveSearch](./policy-csp-admx-startmenu.md#admx-startmenu-noresolvesearch)
+- [ADMX_StartMenu/NoResolveTrack](./policy-csp-admx-startmenu.md#admx-startmenu-noresolvetrack)
+- [ADMX_StartMenu/NoRun](./policy-csp-admx-startmenu.md#admx-startmenu-norun)
+- [ADMX_StartMenu/NoSMConfigurePrograms](./policy-csp-admx-startmenu.md#admx-startmenu-nosmconfigureprograms)
+- [ADMX_StartMenu/NoSMMyDocuments](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmydocuments)
+- [ADMX_StartMenu/NoSMMyMusic](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmymusic)
+- [ADMX_StartMenu/NoSMMyNetworkPlaces](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmynetworkplaces)
+- [ADMX_StartMenu/NoSMMyPictures](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmypictures)
+- [ADMX_StartMenu/NoSearchCommInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchcomminstartmenu)
+- [ADMX_StartMenu/NoSearchComputerLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchcomputerlinkinstartmenu)
+- [ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearcheverywherelinkinstartmenu)
+- [ADMX_StartMenu/NoSearchFilesInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchfilesinstartmenu)
+- [ADMX_StartMenu/NoSearchInternetInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchinternetinstartmenu)
+- [ADMX_StartMenu/NoSearchProgramsInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchprogramsinstartmenu)
+- [ADMX_StartMenu/NoSetFolders](./policy-csp-admx-startmenu.md#admx-startmenu-nosetfolders)
+- [ADMX_StartMenu/NoSetTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-nosettaskbar)
+- [ADMX_StartMenu/NoStartMenuDownload](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenudownload)
+- [ADMX_StartMenu/NoStartMenuHomegroup](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenuhomegroup)
+- [ADMX_StartMenu/NoStartMenuRecordedTV](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenurecordedtv)
+- [ADMX_StartMenu/NoStartMenuSubFolders](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenusubfolders)
+- [ADMX_StartMenu/NoStartMenuVideos](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenuvideos)
+- [ADMX_StartMenu/NoStartPage](./policy-csp-admx-startmenu.md#admx-startmenu-nostartpage)
+- [ADMX_StartMenu/NoTaskBarClock](./policy-csp-admx-startmenu.md#admx-startmenu-notaskbarclock)
+- [ADMX_StartMenu/NoTaskGrouping](./policy-csp-admx-startmenu.md#admx-startmenu-notaskgrouping)
+- [ADMX_StartMenu/NoToolbarsOnTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-notoolbarsontaskbar)
+- [ADMX_StartMenu/NoTrayContextMenu](./policy-csp-admx-startmenu.md#admx-startmenu-notraycontextmenu)
+- [ADMX_StartMenu/NoTrayItemsDisplay](./policy-csp-admx-startmenu.md#admx-startmenu-notrayitemsdisplay)
+- [ADMX_StartMenu/NoUninstallFromStart](./policy-csp-admx-startmenu.md#admx-startmenu-nouninstallfromstart)
+- [ADMX_StartMenu/NoUserFolderOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nouserfolderonstartmenu)
+- [ADMX_StartMenu/NoUserNameOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nousernameonstartmenu)
+- [ADMX_StartMenu/NoWindowsUpdate](./policy-csp-admx-startmenu.md#admx-startmenu-nowindowsupdate)
+- [ADMX_StartMenu/PowerButtonAction](./policy-csp-admx-startmenu.md#admx-startmenu-powerbuttonaction)
+- [ADMX_StartMenu/QuickLaunchEnabled](./policy-csp-admx-startmenu.md#admx-startmenu-quicklaunchenabled)
+- [ADMX_StartMenu/RemoveUnDockPCButton](./policy-csp-admx-startmenu.md#admx-startmenu-removeundockpcbutton)
+- [ADMX_StartMenu/ShowAppsViewOnStart](./policy-csp-admx-startmenu.md#admx-startmenu-showappsviewonstart)
+- [ADMX_StartMenu/ShowRunAsDifferentUserInStart](./policy-csp-admx-startmenu.md#admx-startmenu-showrunasdifferentuserinstart)
+- [ADMX_StartMenu/ShowRunInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-showruninstartmenu)
+- [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
+- [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
+- [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
 - [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
 - [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
 - [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 42782da458..da0fe4b5c3 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1173,7 +1173,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 

 
-###  ADMX_ShellCommandPromptRegEditTools policies
+##  ADMX_ShellCommandPromptRegEditTools policies
 
 

   

@@ -1243,7 +1243,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   

 

 
-## ADMX_Snmp policies  
+### ADMX_Snmp policies  
 
 

   

@@ -1257,7 +1257,213 @@ The following diagram shows the Policy configuration service provider in tree fo
   

 

 
-## ADMX_tcpip policies  
+### ADMX_StartMenu policies  
+
+

+  

+    ADMX_StartMenu/AddSearchInternetLinkInStartMenu
+  

+  

+    ADMX_StartMenu/ClearRecentDocsOnExit
+  

+  

+    ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu
+  

+  

+    ADMX_StartMenu/ClearTilesOnExit
+  

+  

+    ADMX_StartMenu/DesktopAppsFirstInAppsView
+  

+  

+    ADMX_StartMenu/DisableGlobalSearchOnAppsView
+  

+  

+    ADMX_StartMenu/ForceStartMenuLogOff
+  

+  

+    ADMX_StartMenu/GoToDesktopOnSignIn
+  

+  

+    ADMX_StartMenu/GreyMSIAds
+  

+  

+    ADMX_StartMenu/HidePowerOptions
+  

+  

+    ADMX_StartMenu/Intellimenus
+  

+  

+    ADMX_StartMenu/LockTaskbar
+  

+  

+    ADMX_StartMenu/MemCheckBoxInRunDlg
+  

+  

+    ADMX_StartMenu/NoAutoTrayNotify
+  

+  

+    ADMX_StartMenu/NoBalloonTip
+  

+  

+    ADMX_StartMenu/NoChangeStartMenu
+  

+  

+    ADMX_StartMenu/NoClose
+  

+  

+    ADMX_StartMenu/NoCommonGroups
+  

+  

+    ADMX_StartMenu/NoFavoritesMenu
+  

+  

+    ADMX_StartMenu/NoFind
+  

+  

+    ADMX_StartMenu/NoGamesFolderOnStartMenu
+  

+  

+    ADMX_StartMenu/NoHelp
+  

+  

+    ADMX_StartMenu/NoInstrumentation
+  

+  

+    ADMX_StartMenu/NoMoreProgramsList
+  

+  

+    ADMX_StartMenu/NoNetAndDialupConnect
+  

+  

+    ADMX_StartMenu/NoPinnedPrograms
+  

+  

+    ADMX_StartMenu/NoRecentDocsMenu
+  

+  

+    ADMX_StartMenu/NoResolveSearch
+  

+  

+    ADMX_StartMenu/NoResolveTrack
+  

+  

+    ADMX_StartMenu/NoRun
+  

+  

+    ADMX_StartMenu/NoSMConfigurePrograms
+  

+  

+    ADMX_StartMenu/NoSMMyDocuments
+  

+  

+    ADMX_StartMenu/NoSMMyMusic
+  

+  

+    ADMX_StartMenu/NoSMMyNetworkPlaces
+  

+  

+    ADMX_StartMenu/NoSMMyPictures
+  

+  

+    ADMX_StartMenu/NoSearchCommInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchComputerLinkInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchFilesInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchInternetInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchProgramsInStartMenu
+  

+  

+    ADMX_StartMenu/NoSetFolders
+  

+  

+    ADMX_StartMenu/NoSetTaskbar
+  

+  

+    ADMX_StartMenu/NoStartMenuDownload
+  

+  

+    ADMX_StartMenu/NoStartMenuHomegroup
+  

+  

+    ADMX_StartMenu/NoStartMenuRecordedTV
+  

+  

+    ADMX_StartMenu/NoStartMenuSubFolders
+  

+  

+    ADMX_StartMenu/NoStartMenuVideos
+  

+  

+    ADMX_StartMenu/NoStartPage
+  

+  

+    ADMX_StartMenu/NoTaskBarClock
+  

+  

+    ADMX_StartMenu/NoTaskGrouping
+  

+  

+    ADMX_StartMenu/NoToolbarsOnTaskbar
+  

+  

+    ADMX_StartMenu/NoTrayContextMenu
+  

+  

+    ADMX_StartMenu/NoTrayItemsDisplay
+  

+  

+    ADMX_StartMenu/NoUninstallFromStart
+  

+  

+    ADMX_StartMenu/NoUserFolderOnStartMenu
+  

+  

+    ADMX_StartMenu/NoUserNameOnStartMenu
+  

+  

+    ADMX_StartMenu/NoWindowsUpdate
+  

+  

+    ADMX_StartMenu/PowerButtonAction
+  

+  

+    ADMX_StartMenu/QuickLaunchEnabled
+  

+  

+    ADMX_StartMenu/RemoveUnDockPCButton
+  

+  

+    ADMX_StartMenu/ShowAppsViewOnStart
+  

+  

+    ADMX_StartMenu/ShowRunAsDifferentUserInStart
+  

+  

+    ADMX_StartMenu/ShowRunInStartMenu
+  

+  

+    ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey
+  

+  

+    ADMX_StartMenu/StartMenuLogOff
+  

+  

+    ADMX_StartMenu/StartPinAppsWhenInstalled
+  

+

+
+### ADMX_tcpip policies  
 
 

   

@@ -1301,7 +1507,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   

 

 
-## ADMX_Thumbnails policies  
+### ADMX_Thumbnails policies  
 
 

   

@@ -1783,7 +1989,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   

 

 
-## ADMX_WindowsConnectNow policies  
+### ADMX_WindowsConnectNow policies  
 
 

   

diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
new file mode 100644
index 0000000000..d2005ff616
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -0,0 +1,5011 @@
+---
+title: Policy CSP - ADMX_StartMenu
+description: Policy CSP - ADMX_StartMenu
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/20/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_StartMenu
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_StartMenu policies  
+
+

+  

+    ADMX_StartMenu/AddSearchInternetLinkInStartMenu
+  

+  

+    ADMX_StartMenu/ClearRecentDocsOnExit
+  

+  

+    ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu
+  

+  

+    ADMX_StartMenu/ClearTilesOnExit
+  

+  

+    ADMX_StartMenu/DesktopAppsFirstInAppsView
+  

+  

+    ADMX_StartMenu/DisableGlobalSearchOnAppsView
+  

+  

+    ADMX_StartMenu/ForceStartMenuLogOff
+  

+  

+    ADMX_StartMenu/GoToDesktopOnSignIn
+  

+  

+    ADMX_StartMenu/GreyMSIAds
+  

+  

+    ADMX_StartMenu/HidePowerOptions
+  

+  

+    ADMX_StartMenu/Intellimenus
+  

+  

+    ADMX_StartMenu/LockTaskbar
+  

+  

+    ADMX_StartMenu/MemCheckBoxInRunDlg
+  

+  

+    ADMX_StartMenu/NoAutoTrayNotify
+  

+  

+    ADMX_StartMenu/NoBalloonTip
+  

+  

+    ADMX_StartMenu/NoChangeStartMenu
+  

+  

+    ADMX_StartMenu/NoClose
+  

+  

+    ADMX_StartMenu/NoCommonGroups
+  

+  

+    ADMX_StartMenu/NoFavoritesMenu
+  

+  

+    ADMX_StartMenu/NoFind
+  

+  

+    ADMX_StartMenu/NoGamesFolderOnStartMenu
+  

+  

+    ADMX_StartMenu/NoHelp
+  

+  

+    ADMX_StartMenu/NoInstrumentation
+  

+  

+    ADMX_StartMenu/NoMoreProgramsList
+  

+  

+    ADMX_StartMenu/NoNetAndDialupConnect
+  

+  

+    ADMX_StartMenu/NoPinnedPrograms
+  

+  

+    ADMX_StartMenu/NoRecentDocsMenu
+  

+  

+    ADMX_StartMenu/NoResolveSearch
+  

+  

+    ADMX_StartMenu/NoResolveTrack
+  

+  

+    ADMX_StartMenu/NoRun
+  

+  

+    ADMX_StartMenu/NoSMConfigurePrograms
+  

+  

+    ADMX_StartMenu/NoSMMyDocuments
+  

+  

+    ADMX_StartMenu/NoSMMyMusic
+  

+  

+    ADMX_StartMenu/NoSMMyNetworkPlaces
+  

+  

+    ADMX_StartMenu/NoSMMyPictures
+  

+  

+    ADMX_StartMenu/NoSearchCommInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchComputerLinkInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchFilesInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchInternetInStartMenu
+  

+  

+    ADMX_StartMenu/NoSearchProgramsInStartMenu
+  

+  

+    ADMX_StartMenu/NoSetFolders
+  

+  

+    ADMX_StartMenu/NoSetTaskbar
+  

+  

+    ADMX_StartMenu/NoStartMenuDownload
+  

+  

+    ADMX_StartMenu/NoStartMenuHomegroup
+  

+  

+    ADMX_StartMenu/NoStartMenuRecordedTV
+  

+  

+    ADMX_StartMenu/NoStartMenuSubFolders
+  

+  

+    ADMX_StartMenu/NoStartMenuVideos
+  

+  

+    ADMX_StartMenu/NoStartPage
+  

+  

+    ADMX_StartMenu/NoTaskBarClock
+  

+  

+    ADMX_StartMenu/NoTaskGrouping
+  

+  

+    ADMX_StartMenu/NoToolbarsOnTaskbar
+  

+  

+    ADMX_StartMenu/NoTrayContextMenu
+  

+  

+    ADMX_StartMenu/NoTrayItemsDisplay
+  

+  

+    ADMX_StartMenu/NoUninstallFromStart
+  

+  

+    ADMX_StartMenu/NoUserFolderOnStartMenu
+  

+  

+    ADMX_StartMenu/NoUserNameOnStartMenu
+  

+  

+    ADMX_StartMenu/NoWindowsUpdate
+  

+  

+    ADMX_StartMenu/PowerButtonAction
+  

+  

+    ADMX_StartMenu/QuickLaunchEnabled
+  

+  

+    ADMX_StartMenu/RemoveUnDockPCButton
+  

+  

+    ADMX_StartMenu/ShowAppsViewOnStart
+  

+  

+    ADMX_StartMenu/ShowRunAsDifferentUserInStart
+  

+  

+    ADMX_StartMenu/ShowRunInStartMenu
+  

+  

+    ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey
+  

+  

+    ADMX_StartMenu/StartMenuLogOff
+  

+  

+    ADMX_StartMenu/StartPinAppsWhenInstalled
+  

+

+
+
+

+
+
+**ADMX_StartMenu/AddSearchInternetLinkInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.
+
+If you disable this policy, there will not be a "Search the Internet" link when the user performs a search in the start menu search box.
+
+If you do not configure this policy (default), there will not be a "Search the Internet" link on the start menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Add Search Internet link to Start Menu*
+-   GP name: *AddSearchInternetLinkInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/ClearRecentDocsOnExit**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Clear history of recently opened documents on exit.
+
+If you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off.
+
+If you disable or do not configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the Jump Lists appear just as it did when the user logged off.
+
+> [!NOTE]
+> The system saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent folder.
+
+Also, see the "Remove Recent Items menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder. The system only uses this setting when neither of these related settings are selected.
+
+This setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do not keep history of recently opened documents" setting.
+
+This policy setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
+
+This policy also does not clear items that the user may have pinned to the Jump Lists, or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Clear history of recently opened documents on exit*
+-   GP name: *ClearRecentDocsOnExit*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.
+
+If you disable or do not configure this policy, the start menu recent programs list will be pre-populated with programs for each new user.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Clear the recent programs list for new users*
+-   GP name: *ClearRecentProgForNewUserInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/ClearTilesOnExit**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs on.
+
+If you disable or do not configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile.
+
+This setting does not prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Clear tile notifications during log on*
+-   GP name: *ClearTilesOnExit*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/DesktopAppsFirstInAppsView**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows desktop apps to be listed first in the Apps view in Start.
+
+If you enable this policy setting, desktop apps would be listed first when the apps are sorted by category in the Apps view. The other sorting options would continue to be available and the user could choose to change their default sorting options.
+
+If you disable or don't configure this policy setting, the desktop apps won't be listed first when the apps are sorted by category, and the user can configure this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *List desktop apps first in the Apps view*
+-   GP name: *DesktopAppsFirstInAppsView*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/DisableGlobalSearchOnAppsView**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.
+
+This policy setting is only applied when the Apps view is set as the default view for Start.
+
+If you enable this policy setting, searching from the Apps view will only search the list of installed apps.
+
+If you disable or don’t configure this policy setting, the user can configure this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Search just apps from the Apps view*
+-   GP name: *DisableGlobalSearchOnAppsView*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/ForceStartMenuLogOff**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy only applies to the classic version of the start menu and does not affect the new style start menu.
+
+Adds the "Log Off " item to the Start menu and prevents users from removing it.
+
+If you enable this setting, the Log Off  item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off  item from the Start Menu.
+
+If you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.
+
+This setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.
+
+Note: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.
+
+Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Add Logoff to the Start Menu*
+-   GP name: *ForceStartMenuLogOff*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/GoToDesktopOnSignIn**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to go to the desktop instead of the Start screen when they sign in.
+
+If you enable this policy setting, users will always go to the desktop when they sign in.
+
+If you disable this policy setting, users will always go to the Start screen when they sign in.
+
+If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Go to the desktop instead of Start when signing in*
+-   GP name: *GoToDesktopOnSignIn*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/GreyMSIAds**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Displays Start menu shortcuts to partially installed programs in gray text.
+
+This setting makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.
+
+Partially installed programs include those that a system administrator assigns using Windows Installer and those that users have configured for full installation upon first use.
+
+If you disable this setting or do not configure it, all Start menu shortcuts appear as black text.
+
+> [!NOTE]
+> Enabling this setting can make the Start menu slow to open.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Gray unavailable Windows Installer programs Start Menu shortcuts*
+-   GP name: *GreyMSIAds*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/HidePowerOptions**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from performing the following commands from the Windows security screen, the logon screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
+
+If you enable this policy setting, the shutdown, restart, sleep, and hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE, and from the logon screen.
+
+If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security and logon screens is also available.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
+-   GP name: *HidePowerOptions*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/Intellimenus**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Disables personalized menus.
+
+Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.
+
+If you enable this setting, the system does not personalize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users do not try to change the setting while a setting is in effect.
+
+> [!NOTE]
+> Personalized menus require user tracking. If you enable the "Turn off user tracking" setting, the system disables user tracking and personalized menus and ignores this setting.
+
+To Turn off personalized menus without specifying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the "Use Personalized Menus" option.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off personalized menus*
+-   GP name: *Intellimenus*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/LockTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar, which is used to switch between running applications.
+
+The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it is locked, it cannot be moved or resized.
+
+If you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties.
+
+If you disable this setting or do not configure it, the user can configure the taskbar position.
+
+> [!NOTE]
+> Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Lock the Taskbar*
+-   GP name: *LockTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/MemCheckBoxInRunDlg**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.
+
+All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously.
+
+Enabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Add "Run in Separate Memory Space" check box to Run dialog box*
+-   GP name: *MemCheckBoxInRunDlg*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoAutoTrayNotify**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the notification area, also called the "system tray."
+
+The notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron."
+
+If you enable this setting, the system notification area expands to show all of the notifications that use this area.
+
+If you disable this setting, the system notification area will always collapse notifications.
+
+If you do not configure it, the user can choose if they want notifications collapsed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off notification area cleanup*
+-   GP name: *NoAutoTrayNotify*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoBalloonTip**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Hides pop-up text on the Start menu and in the notification area.
+
+When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.
+
+If you enable this setting, some of this pop-up text is not displayed. The pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start menu, and "Where have my icons gone" in the notification area.
+
+If you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Balloon Tips on Start Menu items*
+-   GP name: *NoBalloonTip*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoChangeStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from changing their Start screen layout.
+
+If you enable this setting, you will prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps.
+
+If you disable or do not configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from customizing their Start Screen*
+-   GP name: *NoChangeStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoClose**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
+
+If you enable this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE.
+
+If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security screen is also available.
+
+> [!NOTE]
+> Third-party programs certified as compatible with Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support this policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
+-   GP name: *NoClose*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoCommonGroups**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes items in the All Users profile from the Programs menu on the Start menu.
+
+By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.
+
+To see the Program menu items in the All Users profile, on the system drive, go to ProgramData\Microsoft\Windows\Start Menu\Programs.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove common program groups from Start Menu*
+-   GP name: *NoCommonGroups*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoFavoritesMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents users from adding the Favorites menu to the Start menu or classic Start menu.
+
+If you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.
+
+If you disable or do not configure this setting, the Display Favorite item is available.
+
+> [!NOTE]
+> The Favorities menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize.  If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.
+> 
+> The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.
+>
+> This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Favorites menu from Start Menu*
+-   GP name: *NoFavoritesMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoFind**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu.
+
+If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F.
+
+Note: Enabling this policy setting also prevents the user from using the F3 key.
+
+In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder.
+
+This policy setting affects the specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to search.
+
+If you disable or do not configure this policy setting, the Search link is available from the Start menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Search link from Start Menu*
+-   GP name: *NoFind*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoGamesFolderOnStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu will not show a link to the Games folder.
+
+If you disable or do not configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Games link from Start Menu*
+-   GP name: *NoGamesFolderOnStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoHelp**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Help command from the Start menu.
+
+If you enable this policy setting, the Help command is removed from the Start menu.
+
+If you disable or do not configure this policy setting, the Help command is available from the Start menu.
+
+This policy setting only affects the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Help menu from Start Menu*
+-   GP name: *NoHelp*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoInstrumentation**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off user tracking.
+
+If you enable this policy setting, the system does not track the programs that the user runs, and does not display frequently used programs in the Start Menu.
+
+If you disable or do not configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu.
+
+Also, see these related policy settings: "Remove frequent programs liist from the Start Menu" and "Turn off personalized menus".
+
+This policy  setting does not prevent users from pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning programs to the Taskbar" policy settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off user tracking*
+-   GP name: *NoInstrumentation*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoMoreProgramsList**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu.
+
+Selecting "Collapse" will not display the app list next to the pinned tiles in Start. An "All apps" button will be displayed on Start to open the all apps list. This is equivalent to setting the "Show app list in Start" in Settings to Off.
+
+Selecting "Collapse and disable setting" will do the same as the collapse option and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On.
+
+Selecting "Remove and disable setting" will remove the all apps list from Start and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On. Select this option for compatibility with earlier versions of Windows.
+
+If you disable or do not configure this setting, the all apps list will be visible by default, and the user can change "Show app list in Start" in Settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove All Programs list from the Start menu*
+-   GP name: *NoMoreProgramsList*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoNetAndDialupConnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove Network Connections from the Start Menu.
+
+If you enable this policy setting, users are prevented from running Network Connections.
+
+Enabling this policy setting prevents the Network Connections folder from opening. This policy setting also removes Network Connections from Settings on the Start menu.
+
+Network Connections still appears in Control Panel and in File Explorer, but if users try to start it, a message appears explaining that a setting prevents the action.
+
+If you disable or do not configure this policy setting, Network Connections is available from the Start Menu.
+
+Also, see the "Disable programs on Settings menu" and "Disable Control Panel" policy settings and the policy settings in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Connections).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Network Connections from Start Menu*
+-   GP name: *NoNetAndDialupConnect*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoPinnedPrograms**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu.
+
+In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog. 
+
+If you disable this setting or do not configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove pinned programs list from the Start Menu*
+-   GP name: *NoPinnedPrograms*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoRecentDocsMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the Recent Items menu from the Start menu.  Removes the Documents menu from the classic Start menu.
+
+The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.
+
+If you enable this setting, the system saves document shortcuts but does not display the Recent Items menu in the Start Menu, and users cannot turn the menu on.
+
+If you later disable the setting, so that the Recent Items menu appears in the Start Menu, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu.
+
+When the setting is disabled, the Recent Items menu appears in the Start Menu, and users cannot remove it.
+
+If the setting is not configured, users can turn the Recent Items menu on and off.
+
+> [!NOTE]
+> This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do not keep history of recently opened documents" setting.
+
+This setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Recent Items menu from Start Menu*
+-   GP name: *NoRecentDocsMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoResolveSearch**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.
+
+If you enable this policy setting, the system does not conduct the final drive search. It just displays a message explaining that the file is not found.
+
+If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.
+
+> [!NOTE]
+> This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.
+
+Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policy settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not use the search-based method when resolving shell shortcuts*
+-   GP name: *NoResolveSearch*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoResolveTrack**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.
+
+If you enable this policy setting, the system does not try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path.
+
+If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.
+
+> [!NOTE]
+> This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.
+
+Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policy settings.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not use the tracking-based method when resolving shell shortcuts*
+-   GP name: *NoResolveTrack*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoRun**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
+
+If you enable this setting, the following changes occur:
+
+1. The Run command is removed from the Start menu.
+
+2. The New Task (Run) command is removed from Task Manager.
+
+3. The user will be blocked from entering the following into the Internet Explorer Address Bar:
+
+- A UNC path: `\\\`
+
+- Accessing local drives:  e.g., C:
+
+- Accessing local folders: e.g., `\`
+
+Also, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R.
+
+If you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar.
+
+> [!NOTE]
+> This setting affects the specified interface only. It does not prevent users from using other methods to run programs.
+>
+> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Run menu from Start Menu*
+-   GP name: *NoRun*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSMConfigurePrograms**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Default Programs link from the Start menu.
+
+If you enable this policy setting, the Default Programs link is removed from the Start menu.
+
+Clicking the Default Programs link from the Start menu opens the Default Programs control panel and provides administrators the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
+
+If you disable or do not configure this policy setting, the Default Programs link is available from the Start menu.
+
+> [!NOTE]
+> This policy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Default Programs link from the Start menu.*
+-   GP name: *NoSMConfigurePrograms*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSMMyDocuments**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Documents icon from the Start menu and its submenus.
+
+If you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the Documents folder.
+
+> [!NOTE]
+> To make changes to this policy setting effective, you must log off and then log on.
+
+If you disable or do not configure this policy setting, he Documents icon is available from the Start menu.
+
+Also, see the "Remove Documents icon on the desktop" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Documents icon from Start Menu*
+-   GP name: *NoSMMyDocuments*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSMMyMusic**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Music icon from Start Menu.
+
+If you enable this policy setting, the Music icon is no longer available from Start Menu.
+
+If you disable or do not configure this policy setting, the Music icon is available from Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Music icon from Start Menu*
+-   GP name: *NoSMMyMusic*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSMMyNetworkPlaces**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build.This policy setting allows you to remove the Network icon from Start Menu.
+
+If you enable this policy setting, the Network icon is no longer available from Start Menu.
+
+If you disable or do not configure this policy setting, the Network icon is available from Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Network icon from Start Menu*
+-   GP name: *NoSMMyNetworkPlaces*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSMMyPictures**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Pictures icon from Start Menu.
+
+If you enable this policy setting, the Pictures icon is no longer available from Start Menu.
+
+If you disable or do not configure this policy setting, the Pictures icon is available from Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Pictures icon from Start Menu*
+-   GP name: *NoSMMyPictures*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSearchCommInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu search box will not search for communications.
+
+If you disable or do not configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not search communications*
+-   GP name: *NoSearchCommInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSearchComputerLinkInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search box.
+
+If you disable or do not configure this policy, the "See all results" link will be shown when the user performs a search in the start menu search box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Search Computer link*
+-   GP name: *NoSearchComputerLinkInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+
+If you disable or do not configure this policy, a "See more results" link will be shown when the user performs a search in the start menu search box.  If a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove See More Results / Search Everywhere link*
+-   GP name: *NoSearchEverywhereLinkInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSearchFilesInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for files.
+
+If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel.  If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not search for files*
+-   GP name: *NoSearchFilesInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSearchInternetInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu search box will not search for internet history or favorites.
+
+If you disable or do not configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not search Internet*
+-   GP name: *NoSearchInternetInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSearchProgramsInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for programs or Control Panel items.
+
+If you disable or do not configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not search programs and Control Panel items*
+-   GP name: *NoSearchProgramsInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSetFolders**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove programs on Settings menu.
+
+If you enable this policy setting, the Control Panel, Printers, and Network and Connection folders are removed from Settings on the Start menu, and from Computer and File Explorer. It also prevents the programs represented by these folders (such as Control.exe) from running.
+
+However, users can still start Control Panel items by using other methods, such as right-clicking the desktop to start Display or right-clicking Computer to start System.
+
+If you disable or do not configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available on the Start menu, and from Computer and File Explorer.
+
+Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "Remove Network Connections from Start Menu" policy settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove programs on Settings menu*
+-   GP name: *NoSetFolders*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoSetTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.
+
+If you enable this policy setting, The user will be prevented from opening the Taskbar Properties dialog box.
+
+If the user right-clicks the taskbar and then clicks Properties, a message appears explaining that a setting prevents the action.
+
+If you disable or do not configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent changes to Taskbar and Start Menu Settings*
+-   GP name: *NoSetTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoStartMenuDownload**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Downloads link from the Start Menu.
+
+If you enable this policy setting, the Start Menu does not show a link to the Downloads folder.
+
+If you disable or do not configure this policy setting, the Downloads link is available from the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Downloads link from Start Menu*
+-   GP name: *NoStartMenuDownload*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoStartMenuHomegroup**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu.
+
+If you disable or do not configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Homegroup link from Start Menu*
+-   GP name: *NoStartMenuHomegroup*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoStartMenuRecordedTV**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Recorded TV link from the Start Menu.
+
+If you enable this policy setting, the Start Menu does not show a link to the Recorded TV library.
+
+If you disable or do not configure this policy setting, the Recorded TV link is available from the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Recorded TV link from Start Menu*
+-   GP name: *NoStartMenuRecordedTV*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoStartMenuSubFolders**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.
+
+This setting is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the folder still appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can use this setting to hide user-specific folders.
+
+Note that this setting hides all user-specific folders, not just those associated with redirected folders.
+
+If you enable this setting, no folders appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the directory but not on the Start menu.
+
+If you disable this setting or do not configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove user's folders from the Start Menu*
+-   GP name: *NoStartMenuSubFolders*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoStartMenuVideos**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Videos link from the Start Menu.
+
+If you enable this policy setting, the Start Menu does not show a link to the Videos library.
+
+If you disable or do not configure this policy setting, the Videos link is available from the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Videos link from Start Menu*
+-   GP name: *NoStartMenuVideos*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoStartPage**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the presentation of the Start menu.
+
+The classic Start menu in Windows 2000 Professional allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Documents, Pictures, Music, Computer, and Network. The new Start menu starts them directly.
+
+If you enable this setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons.
+
+If you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Start page.
+
+If you do not configure this setting, the default is the new style, and the user can change the view.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Force classic Start Menu*
+-   GP name: *NoStartPage*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoTaskBarClock**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents the clock in the system notification area from being displayed.
+
+If you enable this setting, the clock will not be displayed in the system notification area.
+
+If you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Clock from the system notification area*
+-   GP name: *NoTaskBarClock*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoTaskGrouping**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar buttons used to switch between running programs.
+
+Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.
+
+If you enable this setting, it prevents the taskbar from grouping items that share the same program name. By default, this setting is always enabled.
+
+If you disable or do not configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent grouping of taskbar items*
+-   GP name: *NoTaskGrouping*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoToolbarsOnTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar.
+
+The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the notification area, and the system clock. Toolbars include Quick Launch, Address, Links, Desktop, and other custom toolbars created by the user or by an application.
+
+If this setting is enabled, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock.
+
+If this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars" command appears in the context menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not display any custom toolbars in the taskbar*
+-   GP name: *NoToolbarsOnTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoTrayContextMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove access to the context menus for the taskbar.
+
+If you enable this policy setting, the menus that appear when you right-click the taskbar and items on the taskbar are hidden, such as the Start button, the clock, and the taskbar buttons.
+
+If you disable or do not configure this policy setting, the context menus for the taskbar are available.
+
+This policy setting does not prevent users from using other methods to issue the commands that appear on these menus.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove access to the context menus for the taskbar*
+-   GP name: *NoTrayContextMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoTrayItemsDisplay**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the notification area (previously called the "system tray") on the taskbar.
+
+The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.
+
+If this setting is enabled, the user’s entire notification area, including the notification icons, is hidden. The taskbar displays only the Start button, taskbar buttons, custom toolbars (if any), and the system clock.
+
+If this setting is disabled or is not configured, the notification area is shown in the user's taskbar.
+
+> [!NOTE]
+> Enabling this setting overrides the "Turn off notification area cleanup" setting, because if the notification area is hidden, there is no need to clean up the icons.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide the notification area*
+-   GP name: *NoTrayItemsDisplay*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoUninstallFromStart**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, users cannot uninstall apps from Start.
+
+If you disable this setting or do not configure it, users can access the uninstall command from Start.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from uninstalling applications from Start*
+-   GP name: *NoUninstallFromStart*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoUserFolderOnStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu will not show a link to the user's storage folder.
+
+If you disable or do not configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove user folder link from Start Menu*
+-   GP name: *NoUserFolderOnStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoUserNameOnStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.
+
+If you enable this policy setting, the user name label is removed from the Start Menu in Windows XP and Windows Server 2003.
+
+To remove the user name folder on Windows Vista, set the "Remove user folder link from Start Menu" policy setting.
+
+If you disable or do not configure this policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove user name from Start Menu*
+-   GP name: *NoUserNameOnStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/NoWindowsUpdate**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove links and access to Windows Update.
+
+If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.
+
+Enabling this policy setting blocks user access to the Windows Update Web site at http://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
+
+Windows Update, the online extension of Windows, offers software updates to keep a user’s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.
+
+If you disable or do not configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in Internet Explorer.
+
+Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove links and access to Windows Update*
+-   GP name: *NoWindowsUpdate*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/PowerButtonAction**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Set the default action of the power button on the Start menu.
+
+If you enable this setting, the Start Menu will set the power button to the chosen action, and not let the user change this action.
+
+If you set the button to either Sleep or Hibernate, and that state is not supported on a computer, then the button will fall back to Shut Down.
+
+If you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Change Start Menu power button*
+-   GP name: *PowerButtonAction*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/QuickLaunchEnabled**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.
+
+If you enable this policy setting, the QuickLaunch bar will be visible and cannot be turned off.
+
+If you disable this policy setting, the QuickLaunch bar will be hidden and cannot be turned on.
+
+If you do not configure this policy setting, then users will be able to turn the QuickLaunch bar on and off.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show QuickLaunch on Taskbar*
+-   GP name: *QuickLaunchEnabled*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/RemoveUnDockPCButton**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked.
+
+If you disable this setting or do not configure it, the "Undock PC" button remains on the simple Start menu, and your PC can be undocked.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the "Undock PC" button from the Start Menu*
+-   GP name: *RemoveUnDockPCButton*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/ShowAppsViewOnStart**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows the Apps view to be opened by default when the user goes to Start.
+
+If you enable this policy setting, the Apps view will appear whenever the user goes to Start. Users will still be able to switch between the Apps view and the Start screen.
+
+If you disable or don’t configure this policy setting, the Start screen will appear by default whenever the user goes to Start, and the user will be able to switch between the Apps view and the Start screen. Also, the user will be able to configure this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show the Apps view automatically when the user goes to Start*
+-   GP name: *ShowAppsViewOnStart*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/ShowRunAsDifferentUserInStart**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting shows or hides the "Run as different user" command on the Start application bar.
+
+If you enable this setting, users can access the "Run as different user" command from Start for applications which support this functionality.
+
+If you disable this setting or do not configure it, users cannot access the "Run as different user" command from Start for any applications.
+
+> [!NOTE]
+> This setting does not prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different user" command.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show "Run as different user" command on Start*
+-   GP name: *ShowRunAsDifferentUserInStart*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/ShowRunInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the Run command is added to the Start menu.
+
+If you disable or do not configure this setting, the Run command is not visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties.
+
+If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Add the Run command to the Start Menu*
+-   GP name: *ShowRunInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows the Start screen to appear on the display the user is using when they press the Windows logo key. This setting only applies to users who are using multiple displays.
+
+If you enable this policy setting, the Start screen will appear on the display the user is using when they press the Windows logo key.
+
+If you disable or don't configure this policy setting, the Start screen will always appear on the main display when the user presses the Windows logo key. Users will still be able to open Start on other displays by pressing the Start button on that display. Also, the user will be able to configure this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show Start on the display the user is using when they press the Windows logo key*
+-   GP name: *ShowStartOnDisplayWithForegroundOnWinKey*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/StartMenuLogOff**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to removes the "Log Off " item from the Start menu and prevents users from restoring it.
+
+If you enable this policy setting, the Log Off  item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off  item to the Start Menu.
+
+If you disable or do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item.
+
+This policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off.
+
+Tip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.
+
+See also: "Remove Logoff" policy setting in User Configuration\Administrative Templates\System\Logon/Logoff.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Logoff on the Start Menu*
+-   GP name: *StartMenuLogOff*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+
+**ADMX_StartMenu/StartPinAppsWhenInstalled**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Pin Apps to Start when installed*
+-   GP name: *StartPinAppsWhenInstalled*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 8cf15aeb58207dd7d8bd1159b86b3a585f279942 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Fri, 23 Oct 2020 16:09:02 -0700
Subject: [PATCH 045/384] Formatting

---
 .../mdm/policy-csp-admx-startmenu.md          | 23 +++++++++----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index d2005ff616..09955c429e 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -699,9 +699,9 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. This policy only applies to the classic version of the start menu and does not affect the new style start menu.
 
-Adds the "Log Off " item to the Start menu and prevents users from removing it.
+Adds the "Log Off ``" item to the Start menu and prevents users from removing it.
 
-If you enable this setting, the Log Off  item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off  item from the Start Menu.
+If you enable this setting, the Log Off `` item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off `` item from the Start Menu.
 
 If you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.
 
@@ -2072,7 +2072,7 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu.
 
-In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog. 
+In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog.
 
 If you disable this setting or do not configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
 
@@ -2376,11 +2376,11 @@ If you enable this setting, the following changes occur:
 
 3. The user will be blocked from entering the following into the Internet Explorer Address Bar:
 
-- A UNC path: `\\\`
+    - A UNC path: `\\\`
 
-- Accessing local drives:  e.g., C:
+    - Accessing local drives:  e.g., C:
 
-- Accessing local folders: e.g., `\`
+    - Accessing local folders: e.g., `\`
 
 Also, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R.
 
@@ -3012,7 +3012,7 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for files.
 
-If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel.  If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
 
 
 > [!TIP]
@@ -4340,7 +4340,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting al
 
 If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.
 
-Enabling this policy setting blocks user access to the Windows Update Web site at http://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
+Enabling this policy setting blocks user access to the Windows Update Web site at https://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
 
 Windows Update, the online extension of Windows, offers software updates to keep a user’s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.
 
@@ -4899,9 +4899,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to removes the "Log Off " item from the Start menu and prevents users from restoring it.
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to removes the "Log Off ``" item from the Start menu and prevents users from restoring it.
 
-If you enable this policy setting, the Log Off  item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off  item to the Start Menu.
+If you enable this policy setting, the Log Off `` item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off `` item to the Start Menu.
 
 If you disable or do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item.
 
@@ -5007,5 +5007,4 @@ Footnotes:
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 
-
-
+
\ No newline at end of file

From 6cf756296e063e53048024942dc01b9d67d2891e Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 23 Oct 2020 18:58:41 -0700
Subject: [PATCH 046/384] new section

---
 .../microsoft-defender-atp/tvm-exception.md   | 113 ++++++++++++++++++
 1 file changed, 113 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
index f8f6565174..76ce732c92 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
@@ -89,6 +89,119 @@ Select **Show exceptions** at the bottom of the **Top security recommendations**
 
 ![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png)
 
+## File for exception
+
+As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups.
+
+When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group).
+
+### How to create an exception
+
+Select a security recommendation you would like create an exception for, and then select **Exception options**.  
+
+![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png)
+
+Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab.
+
+### Exception scope
+
+Exceptions can either be created for selected device groups, or for all device groups past and present.  
+
+#### Exception by device group
+
+Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups.
+
+![Showing device group dropdown.](images/tvm-exception-device-group-500.png)
+
+##### Filtered
+
+If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options.
+
+Button to filter by device group on any of the threat and vulnerability management pages: 
+
+![Showing selected device groups filter.](images/tvm-selected-device-groups.png)
+
+Exception view with filtered device groups:
+
+![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png)
+
+##### Large number of device groups
+
+If your organization has more than 20 device groups, select **Edit** next to the filtered device group option.
+
+![Showing how to edit large numbers of groups.](images/tvm-exception-edit-groups.png)
+
+A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all.
+
+![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png)
+
+#### Global exceptions
+
+If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.”
+
+![Showing global exception option.](images/tvm-exception-global.png)
+
+Some things to keep in mind:
+
+- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire.
+- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires.
+
+### Justification
+
+Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
+
+The following list details the justifications behind the exception options:
+
+- **Third party control** - A third party product or software already addresses this recommendation
+        - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced
+- **Alternate mitigation** - An internal tool already addresses this recommendation
+        - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced
+- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
+- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
+
+### View all exceptions
+
+Navigate to the **Exceptions** tab in the **Remediation** page.
+
+![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png)
+
+Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception.
+
+### How to cancel an exception
+
+To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception.
+
+#### Cancel the exception for a specific device group
+
+If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. 
+
+![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png)
+
+A flyout will appear for the device group, and you can select **Cancel exception**.
+
+#### Cancel a global exception
+
+If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout.
+
+![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png)
+
+### View impact after exceptions are applied
+
+In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**.
+
+![Showing customize columns options.](images/tvm-after-exceptions.png)
+
+The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed.
+
+The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change.
+
+![Showing the columns in the table.](images/tvm-after-exceptions-table.png)
+If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Microsoft Secure Score for Devices, then that security recommendation is worth investigating.
+
+1. Select the recommendation and **Open software page**
+2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md)
+3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request.
+
 ## Related topics
 
 - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)

From 54bcb53231b5f88622d15add7b4b8e6807172a89 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 23 Oct 2020 19:29:11 -0700
Subject: [PATCH 047/384] updated exceptions

---
 .../microsoft-defender-atp/tvm-exception.md   | 96 ++++---------------
 1 file changed, 16 insertions(+), 80 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
index 76ce732c92..4421ece5a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
@@ -29,91 +29,27 @@ ms.topic: conceptual
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
-Sometimes, you may not be able to take the remediation steps suggested by a security recommendation. If that is the case, threat and vulnerability management gives you an avenue to create an exception.
-
-When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and no longer shows up in the security recommendations list.
-
-## Create an exception
-
-1. Go to the threat and vulnerability management navigation menu in the Microsoft Defender Security Center, and select [**Security recommendations**](tvm-security-recommendation.md).
-
-2. Select a security recommendation you would like to create an exception for, and then **Exception options**.
-![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png)
-
-3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
-
-    The following list details the justifications behind the exception options:
-
-    - **Third party control** - A third party product or software already addresses this recommendation
-        - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced
-    - **Alternate mitigation** - An internal tool already addresses this recommendation
-        - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced
-    - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
-    - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
-
-4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
-
-## View your exceptions
-
-When you file for an exception from the security recommendations page, you create an exception  for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md).
-
-The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status.  
-
-![Example of the exception page and filter options.](images/tvm-exception-filters.png)
-
-### Exception actions and statuses
-
-Once an exception exists, you can cancel it at any time by going to the exception in the **Remediation** page and selecting **Cancel exception**.
-
-The following statuses will be a part of an exception:
-
-- **Canceled** - The exception has been canceled and is no longer in effect  
-- **Expired** - The exception that you've filed is no longer in effect
-- **In effect** - The exception that you've filed is in progress
-
-### Exception impact on scores
-
-Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Microsoft Secure Score for Devices of your organization in the following manner:
-
-- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores.
-- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
-- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Microsoft Secure Score for Devices results out of the exception option that you made.
-
-The exception impact shows on both the Security recommendations page column and in the flyout pane.
-
-![Screenshot identifying the impact sections which list score impacts in the full page security recommendations table, and the flyout.](images/tvm-exception-impact.png)
-
-### View exceptions in other places
-
-Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. It will open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status.
-
-![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png)
-
-## File for exception
-
-As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups.
+As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. If your organization has device groups, you will now be able to scope the exception to specific device groups. Exceptions can either be created for selected device groups, or for all device groups past and present.  
 
 When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group).
 
-### How to create an exception
+## Permissions
 
-Select a security recommendation you would like create an exception for, and then select **Exception options**.  
+Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md).
+
+## Create an exception
+
+Select a security recommendation you would like create an exception for, and then select **Exception options** and fill out the form.  
 
 ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png)
 
-Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab.
-
-### Exception scope
-
-Exceptions can either be created for selected device groups, or for all device groups past and present.  
-
-#### Exception by device group
+### Exception by device group
 
 Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups.
 
 ![Showing device group dropdown.](images/tvm-exception-device-group-500.png)
 
-##### Filtered
+#### Filtered views
 
 If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options.
 
@@ -125,7 +61,7 @@ Exception view with filtered device groups:
 
 ![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png)
 
-##### Large number of device groups
+#### Large number of device groups
 
 If your organization has more than 20 device groups, select **Edit** next to the filtered device group option.
 
@@ -135,7 +71,7 @@ A flyout will appear where you can search and choose device groups you want incl
 
 ![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png)
 
-#### Global exceptions
+### Global exceptions
 
 If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.”
 
@@ -159,7 +95,7 @@ The following list details the justifications behind the exception options:
 - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
 - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
 
-### View all exceptions
+## View all exceptions
 
 Navigate to the **Exceptions** tab in the **Remediation** page.
 
@@ -167,11 +103,11 @@ Navigate to the **Exceptions** tab in the **Remediation** page.
 
 Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception.
 
-### How to cancel an exception
+## How to cancel an exception
 
 To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception.
 
-#### Cancel the exception for a specific device group
+### Cancel the exception for a specific device group
 
 If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. 
 
@@ -179,13 +115,13 @@ If the exception is per device group, then you will need to select the specific
 
 A flyout will appear for the device group, and you can select **Cancel exception**.
 
-#### Cancel a global exception
+### Cancel a global exception
 
 If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout.
 
 ![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png)
 
-### View impact after exceptions are applied
+## View impact after exceptions are applied
 
 In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**.
 

From d907ecdd8f30f39db98314e2a3681a70ffbc9275 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Sat, 24 Oct 2020 19:10:38 +0530
Subject: [PATCH 048/384] removed  REG_SZ  added  REG_DWORD

as per user report #8526 , i  removed **REG_SZ**   and added   **REG_DWORD**

https://user-images.githubusercontent.com/3296790/97083291-8a530200-162c-11eb-83e6-a4cc001a18d5.JPG
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 956ca7dc78..13846802f8 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1659,7 +1659,7 @@ You can turn off **Enhanced Notifications** as follows:
 
   -or-
 
-- Create a new REG_SZ registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**.
+- Create a new REG_DWORD registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**.
 
 
 ### 24.1 Windows Defender SmartScreen

From 3ea0d2cdb21afe1cc379b9fc4796add089ac9ee6 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:16 +0500
Subject: [PATCH 049/384] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index ea1b4c4883..0efdd31269 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-To get preview features available for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.

From 1c9db02d6135776326f9752bd11e86aae8bf186e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:29 +0500
Subject: [PATCH 050/384] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 0efdd31269..0643c6eff8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
 
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
->[!IMPORTANT]
+> [!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf

From 454fbba3d74acb35c7dd64c88415fd638ffa0b0d Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:49 +0500
Subject: [PATCH 051/384] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 0643c6eff8..5e45dab3cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -27,7 +27,7 @@ ms.topic: conceptual
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 > [!IMPORTANT]
->Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
+> Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf
 

From e575eb18bf8d24f8c11b4f3d9189732caa5a0edd Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 26 Oct 2020 14:27:10 -0700
Subject: [PATCH 052/384] Added ADMX_Taskbar policies

---
 windows/client-management/mdm/TOC.md          |    1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   22 +
 .../policy-configuration-service-provider.md  |   71 +
 .../mdm/policy-csp-admx-taskbar.md            | 1663 +++++++++++++++++
 4 files changed, 1757 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-taskbar.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 26ce78b220..0923cdc140 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -215,6 +215,7 @@
 #### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
 #### [ADMX_Snmp](policy-csp-admx-snmp.md)
 #### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
+#### [ADMX_Taskbar](policy-csp-admx-taskbar.md)
 #### [ADMX_tcpip](policy-csp-admx-tcpip.md)
 #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
 #### [ADMX_TPM](policy-csp-admx-tpm.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 96d7eb2a35..551346f46f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -391,6 +391,28 @@ ms.date: 10/08/2020
 - [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
 - [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
 - [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
+- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md.#admx-taskbar-disablenotificationcenter)
+- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md.#admx-taskbar-enablelegacyballoonnotifications)
+- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescahealth)
+- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescanetwork)
+- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescapower)
+- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescavolume)
+- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md.#admx-taskbar-noballoonfeatureadvertisements)
+- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningstoretotaskbar)
+- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningtodestinations)
+- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningtotaskbar)
+- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md.#admx-taskbar-noremotedestinations)
+- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md.#admx-taskbar-nosystraysystempromotion)
+- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-showwindowsstoreappsontaskbar)
+- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarlockall)
+- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoaddremovetoolbar)
+- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnodragtoolbar)
+- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnomultimon)
+- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnonotification)
+- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnopinnedlist)
+- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoredock)
+- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoresize)
+- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnothumbnail)
 - [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
 - [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
 - [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index da0fe4b5c3..521e66ecce 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1463,6 +1463,77 @@ The following diagram shows the Policy configuration service provider in tree fo
   

 

 
+### ADMX_Taskbar policies  
+
+

+  

+    ADMX_Taskbar/DisableNotificationCenter
+  

+  

+    ADMX_Taskbar/EnableLegacyBalloonNotifications
+  

+  

+    ADMX_Taskbar/HideSCAHealth
+  

+  

+    ADMX_Taskbar/HideSCANetwork
+  

+  

+    ADMX_Taskbar/HideSCAPower
+  

+  

+    ADMX_Taskbar/HideSCAVolume
+  

+  

+    ADMX_Taskbar/NoBalloonFeatureAdvertisements
+  

+  

+    ADMX_Taskbar/NoPinningStoreToTaskbar
+  

+  

+    ADMX_Taskbar/NoPinningToDestinations
+  

+  

+    ADMX_Taskbar/NoPinningToTaskbar
+  

+  

+    ADMX_Taskbar/NoRemoteDestinations
+  

+  

+    ADMX_Taskbar/NoSystraySystemPromotion
+  

+  

+    ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar
+  

+  

+    ADMX_Taskbar/TaskbarLockAll
+  

+  

+    ADMX_Taskbar/TaskbarNoAddRemoveToolbar
+  

+  

+    ADMX_Taskbar/TaskbarNoDragToolbar
+  

+  

+    ADMX_Taskbar/TaskbarNoMultimon
+  

+  

+    ADMX_Taskbar/TaskbarNoNotification
+  

+  

+    ADMX_Taskbar/TaskbarNoPinnedList
+  

+  

+    ADMX_Taskbar/TaskbarNoRedock
+  

+  

+    ADMX_Taskbar/TaskbarNoResize
+  

+  

+    ADMX_Taskbar/TaskbarNoThumbnail
+  

+

+
 ### ADMX_tcpip policies  
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
new file mode 100644
index 0000000000..d7177153a7
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -0,0 +1,1663 @@
+---
+title: Policy CSP - ADMX_Taskbar
+description: Policy CSP - ADMX_Taskbar
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Taskbar
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_Taskbar policies  
+
+

+  

+    ADMX_Taskbar/DisableNotificationCenter
+  

+  

+    ADMX_Taskbar/EnableLegacyBalloonNotifications
+  

+  

+    ADMX_Taskbar/HideSCAHealth
+  

+  

+    ADMX_Taskbar/HideSCANetwork
+  

+  

+    ADMX_Taskbar/HideSCAPower
+  

+  

+    ADMX_Taskbar/HideSCAVolume
+  

+  

+    ADMX_Taskbar/NoBalloonFeatureAdvertisements
+  

+  

+    ADMX_Taskbar/NoPinningStoreToTaskbar
+  

+  

+    ADMX_Taskbar/NoPinningToDestinations
+  

+  

+    ADMX_Taskbar/NoPinningToTaskbar
+  

+  

+    ADMX_Taskbar/NoRemoteDestinations
+  

+  

+    ADMX_Taskbar/NoSystraySystemPromotion
+  

+  

+    ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar
+  

+  

+    ADMX_Taskbar/TaskbarLockAll
+  

+  

+    ADMX_Taskbar/TaskbarNoAddRemoveToolbar
+  

+  

+    ADMX_Taskbar/TaskbarNoDragToolbar
+  

+  

+    ADMX_Taskbar/TaskbarNoMultimon
+  

+  

+    ADMX_Taskbar/TaskbarNoNotification
+  

+  

+    ADMX_Taskbar/TaskbarNoPinnedList
+  

+  

+    ADMX_Taskbar/TaskbarNoRedock
+  

+  

+    ADMX_Taskbar/TaskbarNoResize
+  

+  

+    ADMX_Taskbar/TaskbarNoThumbnail
+  

+

+
+
+

+
+
+**ADMX_Taskbar/DisableNotificationCenter**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes Notifications and Action Center from the notification area on the taskbar.
+
+The notification area is located at the far right end of the taskbar and includes icons for current notifications and the system clock.
+
+If this setting is enabled, Notifications and Action Center is not displayed in the notification area. The user will be able to read notifications when they appear, but they won’t be able to review any notifications they miss.
+
+If you disable or do not configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar.
+
+A reboot is required for this policy setting to take effect.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Notifications and Action Center*
+-   GP name: *DisableNotificationCenter*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/EnableLegacyBalloonNotifications**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy disables the functionality that converts balloons to toast notifications.
+
+If you enable this policy setting, system and application notifications will render as balloons instead of toast notifications.
+
+Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications. 
+
+If you disable or don’t configure this policy setting, all notifications will appear as toast notifications.
+
+A reboot is required for this policy setting to take effect.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Disable showing balloon notifications as toasts.*
+-   GP name: *EnableLegacyBalloonNotifications*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/HideSCAHealth**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove Security and Maintenance from the system control area.
+
+If you enable this policy setting, the Security and Maintenance icon is not displayed in the system notification area.
+
+If you disable or do not configure this policy setting, the Security and Maintenance icon is displayed in the system notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the Security and Maintenance icon*
+-   GP name: *HideSCAHealth*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/HideSCANetwork**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the networking icon from the system control area.
+
+If you enable this policy setting, the networking icon is not displayed in the system notification area.
+
+If you disable or do not configure this policy setting, the networking icon is displayed in the system notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the networking icon*
+-   GP name: *HideSCANetwork*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/HideSCAPower**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the battery meter from the system control area.
+
+If you enable this policy setting, the battery meter is not displayed in the system notification area.
+
+If you disable or do not configure this policy setting, the battery meter is displayed in the system notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the battery meter*
+-   GP name: *HideSCAPower*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/HideSCAVolume**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the volume control icon from the system control area.
+
+If you enable this policy setting, the volume control icon is not displayed in the system notification area.
+
+If you disable or do not configure this policy setting, the volume control icon is displayed in the system notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the volume control icon*
+-   GP name: *HideSCAVolume*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/NoBalloonFeatureAdvertisements**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off feature advertisement balloon notifications.
+
+If you enable this policy setting, certain notification balloons that are marked as feature advertisements are not shown.
+
+If you disable do not configure this policy setting, feature advertisement balloons are shown.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off feature advertisement balloon notifications*
+-   GP name: *NoBalloonFeatureAdvertisements*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/NoPinningStoreToTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning the Store app to the Taskbar.
+
+If you enable this policy setting, users cannot pin the Store app to the Taskbar. If the Store app is already pinned to the Taskbar, it will be removed from the Taskbar on next login.
+
+If you disable or do not configure this policy setting, users can pin the Store app to the Taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow pinning Store app to the Taskbar*
+-   GP name: *NoPinningStoreToTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/NoPinningToDestinations**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning items in Jump Lists.
+
+If you enable this policy setting, users cannot pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also cannot unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show.
+
+If you disable or do not configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items is always present in this menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow pinning items in Jump Lists*
+-   GP name: *NoPinningToDestinations*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+
+**ADMX_Taskbar/NoPinningToTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning programs to the Taskbar.
+
+If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar.
+
+If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow pinning programs to the Taskbar*
+-   GP name: *NoPinningToTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/NoRemoteDestinations**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.
+
+The Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites and other relevant items for that program. This helps users more easily reopen their most important documents and other tasks.
+
+If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers are not tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections.
+
+If you disable or do not configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.  Note: This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not display or track items in Jump Lists from remote locations*
+-   GP name: *NoRemoteDestinations*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/NoSystraySystemPromotion**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.
+
+If you enable this policy setting, newly added notification icons are not temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel.
+
+If you disable or do not configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off automatic promotion of notification icons to the taskbar*
+-   GP name: *NoSystraySystemPromotion*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to see Windows Store apps on the taskbar.
+
+If you enable this policy setting, users will see Windows Store apps on the taskbar.
+
+If you disable this policy setting, users won’t see Windows Store apps on the taskbar.
+
+If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show Windows Store apps on the taskbar*
+-   GP name: *ShowWindowsStoreAppsOnTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarLockAll**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to lock all taskbar settings.
+
+If you enable this policy setting, the user cannot access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar.
+
+If you disable or do not configure this policy setting, the user will be able to set any taskbar setting that is not prevented by another policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Lock all taskbar settings*
+-   GP name: *TaskbarLockAll*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarNoAddRemoveToolbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from adding or removing toolbars.
+
+If you enable this policy setting, the user is not allowed to add or remove any toolbars to the taskbar. Applications are not able to add toolbars either.
+
+If you disable or do not configure this policy setting, the users and applications are able to add toolbars to the taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from adding or removing toolbars*
+-   GP name: *TaskbarNoAddRemoveToolbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarNoDragToolbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from rearranging toolbars.
+
+If you enable this policy setting, users are not able to drag or drop toolbars to the taskbar.
+
+If you disable or do not configure this policy setting, users are able to rearrange the toolbars on the taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from rearranging toolbars*
+-   GP name: *TaskbarNoDragToolbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarNoMultimon**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent taskbars from being displayed on more than one monitor.
+
+If you enable this policy setting, users are not able to show taskbars on more than one display. The multiple display section is not enabled in the taskbar properties dialog.
+
+If you disable or do not configure this policy setting, users can show taskbars on more than one display.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow taskbars on more than one display*
+-   GP name: *TaskbarNoMultimon*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarNoNotification**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off all notification balloons.
+
+If you enable this policy setting, no notification balloons are shown to the user.
+
+If you disable or do not configure this policy setting, notification balloons are shown to the user.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off all balloon notifications*
+-   GP name: *TaskbarNoNotification*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarNoPinnedList**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove pinned programs from the taskbar.
+
+If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users cannot pin programs to the Taskbar.
+
+If you disable or do not configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove pinned programs from the Taskbar*
+-   GP name: *TaskbarNoPinnedList*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarNoRedock**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from moving taskbar to another screen dock location.
+
+If you enable this policy setting, users are not able to drag their taskbar to another area of the monitor(s).
+
+If you disable or do not configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from moving taskbar to another screen dock location*
+-   GP name: *TaskbarNoRedock*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarNoResize**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from resizing the taskbar.
+
+If you enable this policy setting, users are not be able to resize their taskbar.
+
+If you disable or do not configure this policy setting, users are able to resize their taskbar unless prevented by another setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from resizing the taskbar*
+-   GP name: *TaskbarNoResize*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+

+
+
+**ADMX_Taskbar/TaskbarNoThumbnail**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off taskbar thumbnails.
+
+If you enable this policy setting, the taskbar thumbnails are not displayed and the system uses standard text for the tooltips.
+
+If you disable or do not configure this policy setting, the taskbar thumbnails are displayed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off taskbar thumbnails*
+-   GP name: *TaskbarNoThumbnail*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 0d1043e685158ced472fdc82e785e6de9a772e72 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 26 Oct 2020 15:47:31 -0700
Subject: [PATCH 053/384] Added ADMX_WindowsStore policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   5 +
 .../policy-configuration-service-provider.md  |  20 +
 .../mdm/policy-csp-admx-windowsstore.md       | 409 ++++++++++++++++++
 4 files changed, 435 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsstore.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 0923cdc140..c89e77b57a 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -227,6 +227,7 @@
 #### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
 #### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
 #### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
+#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
 #### [ADMX_WinInit](policy-csp-admx-wininit.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 551346f46f..f3656135e6 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -600,6 +600,11 @@ ms.date: 10/08/2020
 - [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
 - [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
 - [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
+- [ADMX_WindowsStore/DisableAutoDownloadWin8](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableautodownloadwin8)
+- [ADMX_WindowsStore/DisableOSUpgrade_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-1)
+- [ADMX_WindowsStore/DisableOSUpgrade_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-2)
+- [ADMX_WindowsStore/RemoveWindowsStore_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-1)
+- [ADMX_WindowsStore/RemoveWindowsStore_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-2)
 - [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
 - [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
 - [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 521e66ecce..c53e85e5e4 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2150,6 +2150,26 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 

 
+### ADMX_WindowsStore policies  
+
+

+  

+    ADMX_WindowsStore/DisableAutoDownloadWin8
+  

+  

+    ADMX_WindowsStore/DisableOSUpgrade_1
+  

+  

+    ADMX_WindowsStore/DisableOSUpgrade_2
+  

+  

+    ADMX_WindowsStore/RemoveWindowsStore_1
+  

+  

+    ADMX_WindowsStore/RemoveWindowsStore_2
+  

+

+
 ### ADMX_WinInit policies  
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
new file mode 100644
index 0000000000..0a790d7c01
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -0,0 +1,409 @@
+---
+title: Policy CSP - ADMX_WindowsStore
+description: Policy CSP - ADMX_WindowsStore
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsStore
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_WindowsStore policies  
+
+

+  

+    ADMX_WindowsStore/DisableAutoDownloadWin8
+  

+  

+    ADMX_WindowsStore/DisableOSUpgrade_1
+  

+  

+    ADMX_WindowsStore/DisableOSUpgrade_2
+  

+  

+    ADMX_WindowsStore/RemoveWindowsStore_1
+  

+  

+    ADMX_WindowsStore/RemoveWindowsStore_2
+  

+

+
+
+

+
+
+**ADMX_WindowsStore/DisableAutoDownloadWin8**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
+
+If you enable this setting, the automatic download of app updates is turned off.  If you disable this setting, the automatic download of app updates is turned on.
+
+If you don't configure this setting, the automatic download of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off Automatic Download of updates on Win8 machines*
+-   GP name: *DisableAutoDownloadWin8*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+

+
+

+
+
+**ADMX_WindowsStore/DisableOSUpgrade_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+
+If you enable this setting, the Store application will not offer updates to the latest version of Windows.
+
+If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP name: *DisableOSUpgrade_1*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+

+
+

+
+
+**ADMX_WindowsStore/DisableOSUpgrade_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+
+If you enable this setting, the Store application will not offer updates to the latest version of Windows.
+
+If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP name: *DisableOSUpgrade_2*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+

+
+

+
+
+**ADMX_WindowsStore/RemoveWindowsStore_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting denies or allows access to the Store application.
+
+If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
+
+If you disable or don't configure this setting, access to the Store application is allowed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the Store application*
+-   GP name: *RemoveWindowsStore_1*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+

+
+

+
+
+**ADMX_WindowsStore/RemoveWindowsStore_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting denies or allows access to the Store application.
+
+If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
+
+If you disable or don't configure this setting, access to the Store application is allowed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the Store application*
+-   GP name: *RemoveWindowsStore_2*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file

From 938ef3c9c1f456d9d228167626d3980173065dd7 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 26 Oct 2020 16:26:39 -0700
Subject: [PATCH 054/384] Added ADMX_PowerShellExecutionPolicy policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   4 +
 .../policy-configuration-service-provider.md  |  17 +
 ...licy-csp-admx-powershellexecutionpolicy.md | 351 ++++++++++++++++++
 .../mdm/policy-csp-admx-windowsstore.md       |  10 +-
 5 files changed, 378 insertions(+), 5 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index c89e77b57a..d650e72fad 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -203,6 +203,7 @@
 #### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
 #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
 #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
+#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md)
 #### [ADMX_Reliability](policy-csp-admx-reliability.md)
 #### [ADMX_Scripts](policy-csp-admx-scripts.md)
 #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index f3656135e6..86895847dc 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -272,6 +272,10 @@ ms.date: 10/08/2020
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-4)
+- [ADMX_PowerShellExecutionPolicy/EnableModuleLogging](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablemodulelogging)
+- [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
+- [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
+- [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
 - [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp)
 - [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
 - [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c53e85e5e4..bd728ec2e7 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1046,6 +1046,23 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 

 
+### ADMX_PowerShellExecutionPolicy policies  
+
+

+  

+    ADMX_PowerShellExecutionPolicy/EnableModuleLogging
+  

+  

+    ADMX_PowerShellExecutionPolicy/EnableScripts
+  

+  

+    ADMX_PowerShellExecutionPolicy/EnableTranscripting
+  

+  

+    ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath
+  

+

+
 ### ADMX_Reliability policies
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
new file mode 100644
index 0000000000..fc764bfaf5
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -0,0 +1,351 @@
+---
+title: Policy CSP - ADMX_PowerShellExecutionPolicy
+description: Policy CSP - ADMX_PowerShellExecutionPolicy
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PowerShellExecutionPolicy
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_PowerShellExecutionPolicy policies  
+
+

+  

+    ADMX_PowerShellExecutionPolicy/EnableModuleLogging
+  

+  

+    ADMX_PowerShellExecutionPolicy/EnableScripts
+  

+  

+    ADMX_PowerShellExecutionPolicy/EnableTranscripting
+  

+  

+    ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath
+  

+

+
+
+

+
+
+**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging for Windows PowerShell modules.
+
+If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
+
+If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.  If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
+
+To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn on Module Logging*
+-   GP name: *EnableModuleLogging*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+
+
+

+
+
+**ADMX_PowerShellExecutionPolicy/EnableScripts**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
+
+If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.  The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.
+
+The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from the Internet must be signed by a trusted publisher.  The "Allow all scripts" policy setting allows all scripts to run.
+
+If you disable this policy setting, no scripts are allowed to run.
+
+> [!NOTE]
+> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."  If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn on Script Execution*
+-   GP name: *EnableScripts*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+
+
+

+
+
+**ADMX_PowerShellExecutionPolicy/EnableTranscripting**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
+
+If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other  applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent  to calling the Start-Transcript cmdlet on each Windows PowerShell session.
+
+If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled  through the Start-Transcript cmdlet.
+
+If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users  from viewing the transcripts of other users or computers.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn on PowerShell Transcription*
+-   GP name: *EnableTranscripting*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+
+
+

+
+
+**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
+
+If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.
+
+If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set the default source path for Update-Help*
+-   GP name: *EnableUpdateHelpDefaultSourcePath*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index 0a790d7c01..7be8a731e7 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -86,7 +86,7 @@ manager: dansimp
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
 
 If you enable this setting, the automatic download of app updates is turned off.  If you disable this setting, the automatic download of app updates is turned on.
 
@@ -157,7 +157,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
 
 If you enable this setting, the Store application will not offer updates to the latest version of Windows.
 
@@ -228,7 +228,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
 
 If you enable this setting, the Store application will not offer updates to the latest version of Windows.
 
@@ -299,7 +299,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting denies or allows access to the Store application.
+Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
 
 If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
 
@@ -370,7 +370,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting denies or allows access to the Store application.
+Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
 
 If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
 

From 1409ea60e13dd1fb0e1886d1799bf8577bf27b7b Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Tue, 27 Oct 2020 10:58:10 -0700
Subject: [PATCH 055/384] Added ADMX_wlansvc policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   3 +
 .../policy-configuration-service-provider.md  |  14 +
 .../mdm/policy-csp-admx-wlansvc.md            | 260 ++++++++++++++++++
 4 files changed, 278 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-wlansvc.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index d650e72fad..2f06abcfc0 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -230,6 +230,7 @@
 #### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
 #### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
 #### [ADMX_WinInit](policy-csp-admx-wininit.md)
+#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
 #### [AppRuntime](policy-csp-appruntime.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 86895847dc..da688c9114 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -612,6 +612,9 @@ ms.date: 10/08/2020
 - [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
 - [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
 - [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
+- [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost)
+- [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced)
+- [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) 
 - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index bd728ec2e7..4f04904352 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2201,6 +2201,20 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 

 
+### ADMX_wlansvc policies  
+
+

+  

+    ADMX_wlansvc/SetCost
+  

+  

+    ADMX_wlansvc/SetPINEnforced
+  

+  

+    ADMX_wlansvc/SetPINPreferred
+  

+

+
 ### ApplicationDefaults policies
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
new file mode 100644
index 0000000000..0ca862b038
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -0,0 +1,260 @@
+---
+title: Policy CSP - ADMX_wlansvc
+description: Policy CSP - ADMX_wlansvc
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/27/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_wlansvc
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_wlansvc policies  
+
+

+  

+    ADMX_wlansvc/SetCost
+  

+  

+    ADMX_wlansvc/SetPINEnforced
+  

+  

+    ADMX_wlansvc/SetPINPreferred
+  

+

+
+
+

+
+
+**ADMX_wlansvc/SetCost**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
+
+If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:
+
+- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
+- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.  
+- Variable: This connection is costed on a per byte basis.  If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set Cost*
+-   GP name: *IncludeCmdLine*
+-   GP path: *Network\WLAN Service\WLAN Media Cost*
+-   GP ADMX file name: *wlansvc.admx*
+
+
+
+

+
+
+**ADMX_wlansvc/SetPINEnforced**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
+
+Conversely it means that Push Button is NOT allowed.
+
+If this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Require PIN pairing*
+-   GP name: *SetPINEnforced*
+-   GP path: *Network\Wireless Display*
+-   GP ADMX file name: *wlansvc.admx*
+
+
+
+

+
+
+**ADMX_wlansvc/SetPINPreferred**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
+
+When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method.
+
+If this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prefer PIN pairing*
+-   GP name: *SetPINPreferred*
+-   GP path: *Network\Wireless Display*
+-   GP ADMX file name: *wlansvc.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 9033fb04207f5cede43eb0dbb504ae95e393face Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 27 Oct 2020 23:31:07 +0530
Subject: [PATCH 056/384] Rebranding-4567381-Batch2

Rebranding
---
 .../advanced-hunting-overview.md              |  8 +--
 .../advanced-hunting-query-language.md        |  4 +-
 .../advanced-hunting-query-results.md         |  4 +-
 .../advanced-hunting-schema-reference.md      |  4 +-
 .../advanced-hunting-shared-queries.md        |  4 +-
 .../advanced-hunting-take-action.md           |  8 +--
 .../microsoft-defender-atp/alerts-queue.md    | 28 ++++----
 .../microsoft-defender-atp/alerts.md          |  4 +-
 .../android-configure.md                      | 24 +++----
 .../microsoft-defender-atp/android-intune.md  | 69 +++++++++----------
 .../microsoft-defender-atp/android-privacy.md | 13 ++--
 .../android-support-signin.md                 |  9 ++-
 .../microsoft-defender-atp/android-terms.md   | 10 +--
 .../microsoft-defender-atp/api-explorer.md    | 10 +--
 .../microsoft-defender-atp/api-hello-world.md | 14 ++--
 .../api-microsoft-flow.md                     |  6 +-
 .../api-portal-mapping.md                     | 24 +++----
 .../microsoft-defender-atp/api-power-bi.md    |  8 +--
 .../api-terms-of-use.md                       |  4 +-
 .../microsoft-defender-atp/apis-intro.md      | 24 +++----
 .../assign-portal-access.md                   |  8 +--
 .../attack-simulations.md                     | 14 ++--
 .../attack-surface-reduction-faq.md           | 16 ++---
 .../attack-surface-reduction.md               | 10 +--
 .../audit-windows-defender.md                 |  6 +-
 25 files changed, 164 insertions(+), 169 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
index 244c97c13f..e42dbf4cf3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. The flexible access to data enables unconstrained hunting for both known and potential threats.
 
@@ -37,7 +37,7 @@ Watch this video for a quick overview of advanced hunting and a short tutorial t
 You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and then respond to suspected breach activity, misconfigured machines, and other findings.
 
 >[!TIP]
->Use [advanced hunting in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview) to hunt for threats using data from Microsoft Defender ATP, Office 365 ATP, Microsoft Cloud App Security, and Azure ATP. [Turn on Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable)
+>Use [advanced hunting in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview) to hunt for threats using data from Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Cloud App Security, and Microsoft Defender for Identity. [Turn on Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable)
 
 ## Get started with advanced hunting
 
@@ -61,7 +61,7 @@ We recommend going through several steps to quickly get up and running with adva
 
 Advanced hunting data can be categorized into two distinct types, each consolidated differently.
 
-- **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to Microsoft Defender ATP.
+- **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to Defender for Endpoint.
 - **Entity data**—populates tables with consolidated information about users and devices. This data comes from both relatively static data sources and dynamic sources, such as Active Directory entries and event logs. To provide fresh data, tables are updated with any new information every 15 minutes, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity.
 
 ## Time zone
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
index bc86c4a7b6..76fd2bee7e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto operators and statements to construct queries that locate information in a specialized [schema](advanced-hunting-schema-reference.md). To understand these concepts better, run your first query.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
index 18ff2942b6..34db3e0745 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
@@ -23,9 +23,9 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 While you can construct your [advanced hunting](advanced-hunting-overview.md) queries to return very precise information, you can also work with the query results to gain further insight and investigate specific activities and indicators. You can take the following actions on your query results:
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
index 7f93ba99d5..a0988a90d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
@@ -24,9 +24,9 @@ ms.date: 01/14/2020
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
index 96880e0c7e..0daf0cbfda 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
@@ -23,9 +23,9 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 [Advanced hunting](advanced-hunting-overview.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
index 915cbfa44b..d535b139e2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
@@ -21,9 +21,9 @@ ms.date: 09/20/2020
 # Take action on advanced hunting query results
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 You can quickly contain threats or address compromised assets that you find in [advanced hunting](advanced-hunting-overview.md) using powerful and comprehensive action options. With these options, you can:
 
@@ -32,7 +32,7 @@ You can quickly contain threats or address compromised assets that you find in [
 
 ## Required permissions
 
-To be able to take action through advanced hunting, you need a role in Microsoft Defender ATP with [permissions to submit remediation actions on devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#permission-options). If you can't take action, contact a global administrator about getting the following permission:
+To be able to take action through advanced hunting, you need a role in Defender for Endpoint with [permissions to submit remediation actions on devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#permission-options). If you can't take action, contact a global administrator about getting the following permission:
 
 *Active remediation actions > Threat and vulnerability management - Remediation handling*
 
@@ -46,7 +46,7 @@ You can take the following actions on devices identified by the `DeviceId` colum
 - Initiate an automated investigation to check and remediate threats on the device and possibly other affected devices
 - Restrict app execution to only Microsoft-signed executable files, preventing subsequent threat activity through malware or other untrusted executables
 
-To learn more about how these response actions are performed through Microsoft Defender ATP, [read about response actions on devices](respond-machine-alerts.md).
+To learn more about how these response actions are performed through Defender for Endpoint, [read about response actions on devices](respond-machine-alerts.md).
 
 ## Quarantine files
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
index d5bccbc7fc..e403e8465c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
@@ -18,16 +18,16 @@ ms.topic: article
 ms.date: 03/27/2020
 ---
 
-# View and organize the Microsoft Defender Advanced Threat Protection Alerts queue
+# View and organize the Microsoft Defender for Endpoint Alerts queue
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-alertsq-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-alertsq-abovefoldlink) 
 
 The **Alerts queue** shows a list of alerts that were flagged from devices in your network. By default, the queue displays alerts seen in the last 30 days in a grouped view. The most recent alerts are showed at the top of the list helping you see the most recent alerts first.
 
@@ -61,15 +61,15 @@ Informational 
(Grey) | Alerts that might not be considered harmful to the n
 
 #### Understanding alert severity
 
-Microsoft Defender Antivirus (Microsoft Defender AV) and Microsoft Defender ATP alert severities are different because they represent different scopes.
+Microsoft Defender Antivirus (Microsoft Defender AV) and Defender for Endpoint alert severities are different because they represent different scopes.
 
 The Microsoft Defender AV threat severity represents the absolute severity of the detected threat (malware), and is assigned based on the potential risk to the individual device, if infected.
 
-The Microsoft Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the device but more importantly the potential risk to the organization.
+The Defender for Endpoint alert severity represents the severity of the detected behavior, the actual risk to the device but more importantly the potential risk to the organization.
 
 So, for example:
 
-- The severity of a Microsoft Defender ATP alert about a Microsoft Defender AV detected threat that was completely prevented and did not infect the device is categorized as "Informational" because there was no actual damage.
+- The severity of a Defender for Endpoint alert about a Microsoft Defender AV detected threat that was completely prevented and did not infect the device is categorized as "Informational" because there was no actual damage.
 - An alert about a commercial malware was detected while executing, but blocked and remediated by Microsoft Defender AV, is categorized as  "Low" because it may have caused some damage to the individual device but poses no organizational threat.
 - An alert about malware detected while executing which can pose a threat not only to the individual device but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High".
 - Suspicious behavioral alerts, which weren't blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations.
@@ -118,7 +118,7 @@ You can choose between showing alerts that are assigned to you or automation.
 
 ### Detection source
 
-Select the source that triggered the alert detection.  Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts-managed hunting service.
+Select the source that triggered the alert detection. Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts-managed hunting service.
 
 >[!NOTE]
 >The Antivirus filter will only appear if devices are using Microsoft Defender Antivirus as the default real-time protection antimalware product.
@@ -138,11 +138,11 @@ Use this filter to focus on alerts that are related to high profile threats. You
 
 ## Related topics
 
-- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
-- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
-- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
-- [Investigate devices in the Microsoft Defender ATP Devices list](investigate-machines.md)
-- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
-- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
-- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
+- [Manage Microsoft Defender for Endpoint alerts](manage-alerts.md)
+- [Investigate Microsoft Defender for Endpoint alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender for Endpoint alert](investigate-files.md)
+- [Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender for Endpoint alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender for Endpoint alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender for Endpoint](investigate-user.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
index 7a51bd90c7..eaa7c56c2f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 ## Methods
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
index 6edfd475aa..f9f5d899e6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
@@ -20,39 +20,39 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Configure Microsoft Defender ATP for Android features
+# Configure Defender for Endpoint for Android features
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
 
-## Conditional Access with Microsoft Defender ATP for Android  
-Microsoft Defender ATP for Android along with Microsoft Intune and Azure Active
+## Conditional Access with Defender for Endpoint for Android  
+Microsoft Defender for Endpoint for Android along with Microsoft Intune and Azure Active
 Directory enables enforcing Device compliance and Conditional Access policies
-based on device risk levels. Microsoft Defender ATP is a Mobile Threat Defense
+based on device risk levels. Defender for Endpoint is a Mobile Threat Defense
 (MTD) solution that you can deploy to leverage this capability via Intune.
 
-For more information about how to set up Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and
+For more information about how to set up Defender for Endpoint for Android and Conditional Access, see [Defender for Endpoint and
 Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
 
 
 ## Configure custom indicators  
 
 >[!NOTE]
-> Microsoft Defender ATP for Android only supports creating custom indicators for IP addresses and URLs/domains.
+> Defender for Endpoint for Android only supports creating custom indicators for IP addresses and URLs/domains.
 
-Microsoft Defender ATP for Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see [Manage indicators](manage-indicators.md).
+Defender for Endpoint for Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see [Manage indicators](manage-indicators.md).
 
 ## Configure web protection
-Microsoft Defender ATP for Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.
+Defender for Endpoint for Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.
 
 >[!NOTE]
-> Microsoft Defender ATP for Android would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. 
+> Defender for Endpoint for Android would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. 
 For more information, see [Configure web protection on devices that run Android](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-manage-android).
 
 
 ## Related topics
-- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
-- [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md)
+- [Overview of Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
+- [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](android-intune.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index b70734bf7c..ddba7d596d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -20,31 +20,31 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Deploy Microsoft Defender ATP for Android with Microsoft Intune 
+# Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+- [Defender for Endpoint](microsoft-defender-atp-android.md)
 
-This topic describes deploying Microsoft Defender ATP for Android on Intune
+This topic describes deploying Defender for Endpoint for Android on Intune
 Company Portal enrolled devices. For more information about Intune device enrollment, see  [Enroll your
 device](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-company-portal).
 
 
 > [!NOTE]
-> **Microsoft Defender ATP for Android is now available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx)** 

-> You can connect to Google Play from Intune to deploy Microsoft Defender ATP app across Device Administrator and Android Enterprise entrollment modes.
+> **Defender for Endpoint for Android is now available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx)** 

+> You can connect to Google Play from Intune to deploy Defender for Endpoint app across Device Administrator and Android Enterprise entrollment modes.
   Updates to the app are automatic via Google Play.
 
 ## Deploy on Device Administrator enrolled devices
 
-**Deploy Microsoft Defender ATP for Android on Intune Company Portal - Device
+**Deploy Defender for Endpoint for Android on Intune Company Portal - Device
 Administrator enrolled devices**
 
-This topic describes how to deploy Microsoft Defender ATP for Android on Intune Company Portal - Device Administrator enrolled devices. 
+This topic describes how to deploy Defender for Endpoint for Android on Intune Company Portal - Device Administrator enrolled devices. 
 
 ### Add as Android store app
 
@@ -60,13 +60,13 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
    - **Name** 
    - **Description**
    - **Publisher** as Microsoft.
-   - **Appstore URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Microsoft Defender ATP app Google Play Store URL) 
+   - **Appstore URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Defender for Endpoint app Google Play Store URL) 
 
    Other fields are optional. Select **Next**.
 
    ![Image of Microsoft Endpoint Manager Admin Center](images/mda-addappinfo.png)
 
-3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Microsoft Defender ATP for Android app. Click **Select** and then **Next**.
+3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Defender for Endpoint for Android app. Click **Select** and then **Next**.
 
     >[!NOTE]
     >The selected user group should consist of Intune enrolled users.
@@ -77,7 +77,7 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
 
 4. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
 
-    In a few moments, the Microsoft Defender ATP app would be created successfully, and a notification would show up at the top-right corner of the page.
+    In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page.
 
     ![Image of Microsoft Endpoint Manager Admin Center](images/86cbe56f88bb6e93e9c63303397fc24f.png)
 
@@ -92,21 +92,21 @@ completed successfully.
 
 ### Complete onboarding and check status
 
-1. Once Microsoft Defender ATP for Android has been installed on the device, you'll see the app icon.
+1. Once Defender for Endpoint for Android has been installed on the device, you'll see the app icon.
 
     ![Icon on mobile device](images/7cf9311ad676ec5142002a4d0c2323ca.jpg)
 
 2. Tap the Microsoft Defender ATP app icon and follow the on-screen instructions
-to complete onboarding the app. The details include end-user acceptance of Android permissions required by Microsoft Defender ATP for Android.
+to complete onboarding the app. The details include end-user acceptance of Android permissions required by Defender for Endpoint for Android.
 
 3. Upon successful onboarding, the device will start showing up on the Devices
 list in Microsoft Defender Security Center.
 
-    ![Image of device in Microsoft Defender ATP portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
+    ![Image of device in Defender for Endpoint portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
 
 ## Deploy on Android Enterprise enrolled devices
 
-Microsoft Defender ATP for Android supports Android Enterprise enrolled devices.
+Defender for Endpoint for Android supports Android Enterprise enrolled devices.
 
 For more information on the enrollment options supported by Intune, see 
 [Enrollment
@@ -116,10 +116,9 @@ Currently only Personal devices with Work Profile enrolled  are supported for de
 
 
 
-## Add Microsoft Defender ATP for Android as a Managed Google Play app
+## Add Microsoft Defender for Endpoint for Android as a Managed Google Play app
 
-Follow the steps below to add Microsoft
-Defender ATP app into your managed Google Play.
+Follow the steps below to add Microsoft Defender for Endpoint app into your managed Google Play.
 
 1. In [Microsoft Endpoint Manager admin
 center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
@@ -131,27 +130,26 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
 
 2. On your managed Google Play page that loads subsequently, go to the search
 box and lookup **Microsoft Defender.** Your search should display the Microsoft
-Defender ATP app in your Managed Google Play. Click on the Microsoft Defender
-ATP app from the Apps search result.
+Defender for Endpoint app in your Managed Google Play. Click on the Microsoft Defender for Endpoint app from the Apps search result.
 
     ![Image of Microsoft Endpoint Manager admin center](images/0f79cb37900b57c3e2bb0effad1c19cb.png)
 
 3. In the App description page that comes up next, you should be able to see app
-details on Microsoft Defender ATP. Review the information on the page and then
+details on Defender for Endpoint. Review the information on the page and then
 select **Approve**.
 
     > [!div class="mx-imgBorder"]
     > ![A screenshot of a Managed Google Play](images/07e6d4119f265037e3b80a20a73b856f.png)
 
 
-4. You should now be presented with the permissions that Microsoft Defender ATP
+4. You should now be presented with the permissions that Defender for Endpoint
 obtains for it to work. Review them and then select **Approve**.
 
-    ![A screenshot of Microsoft Defender ATP preview app approval](images/206b3d954f06cc58b3466fb7a0bd9f74.png)
+    ![A screenshot of Defender for Endpoint preview app approval](images/206b3d954f06cc58b3466fb7a0bd9f74.png)
 
 
 5. You'll be presented with the Approval settings page. The page confirms
-your preference to handle new app permissions that Microsoft Defender ATP for
+your preference to handle new app permissions that Defender for Endpoint for
 Android might ask. Review the choices and select your preferred option. Select
 **Done**.
 
@@ -162,8 +160,8 @@ permissions*
     > ![Image of notifications tab](images/ffecfdda1c4df14148f1526c22cc0236.png)
 
 
-6. After the permissions handling selection is made, select **Sync** to sync
-Microsoft Defender ATP to your apps list.
+6. After the permissions handling selection is made, select **Sync** to sync Microsoft 
+Defender for Endpoint to your apps list.
 
     > [!div class="mx-imgBorder"]
     > ![Image of sync page](images/34e6b9a0dae125d085c84593140180ed.png)
@@ -180,7 +178,7 @@ Defender ATP should be visible in the apps list.
     > ![Image of list of Android apps](images/fa4ac18a6333335db3775630b8e6b353.png)
 
 
-9. Microsoft Defender ATP supports App configuration policies for managed devices via Intune. This capability can be leveraged to autogrant applicable Android permission(s), so the end user does not need to accept these permission(s).
+9. Defender for Endpoint supports App configuration policies for managed devices via Intune. This capability can be leveraged to autogrant applicable Android permission(s), so the end user does not need to accept these permission(s).
 
     1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
 
@@ -213,7 +211,7 @@ Defender ATP should be visible in the apps list.
        > ![Image of create app configuration policy](images/android-auto-grant.png)
 
 
-    1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**.  The group selected here is usually the same group to which you would assign Microsoft Defender ATP Android app. 
+    1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**.  The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app. 
 
        > [!div class="mx-imgBorder"]
        > ![Image of create app configuration policy](images/android-select-group.png)
@@ -221,7 +219,7 @@ Defender ATP should be visible in the apps list.
 
      1. In the **Review + Create** page that comes up next, review all the information and then select **Create**. 

     
-        The app configuration policy for Microsoft Defender ATP auto-granting the storage permission is now assigned to the selected user group.
+        The app configuration policy for Defender for Endpoint auto-granting the storage permission is now assigned to the selected user group.
 
         > [!div class="mx-imgBorder"]
         > ![Image of create app configuration policy](images/android-review-create.png)
@@ -248,7 +246,7 @@ assignment.
 
 ## Complete onboarding and check status
 
-1. Confirm the installation status of Microsoft Defender ATP for Android by
+1. Confirm the installation status of Microsoft Defender for Endpoint for Android by
 clicking on the **Device Install Status**. Verify that the device is
 displayed here.
 
@@ -257,23 +255,22 @@ displayed here.
 
 
 2. On the device, you can confirm the same by going to the **work profile** and
-confirm that Microsoft Defender ATP is available.
+confirm that Defender for Endpoint is available.
 
     ![Image of app in mobile device](images/c2e647fc8fa31c4f2349c76f2497bc0e.png)
 
 3. When the app is installed, open the app and accept the permissions
 and then your onboarding should be successful.
 
-    ![Image of mobile device with Microsoft Defender ATP app](images/mda-devicesafe.png)
+    ![Image of mobile device with Microsoft Defender for Endpoint app](images/mda-devicesafe.png)
 
-4. At this stage the device is successfully onboarded onto Microsoft Defender
-ATP for Android. You can verify this on the [Microsoft Defender Security
+4. At this stage the device is successfully onboarded onto Defender for Endpoint for Android. You can verify this on the [Microsoft Defender Security
 Center](https://securitycenter.microsoft.com)
 by navigating to the **Devices** page.
 
-    ![Image of Microsoft Defender ATP portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
+    ![Image of Microsoft Defender for Endpoint portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
 
 
 ## Related topics
-- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
-- [Configure Microsoft Defender ATP for Android features](android-configure.md)
+- [Overview of Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
+- [Configure Microsoft Defender for Endpoint for Android features](android-configure.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
index 800e262876..66ec2fa838 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
@@ -17,23 +17,22 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-#  Microsoft Defender ATP for Android - Privacy information
+#  Microsoft Defender for Endpoint for Android - Privacy information
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
 
 
-Microsoft Defender ATP for Android collects information from your configured
-Android devices and stores it in the same tenant where you have Microsoft
-Defender ATP.
+Defender for Endpoint for Android collects information from your configured
+Android devices and stores it in the same tenant where you have Defender for Endpoint.
 
-Information is collected to help keep Microsoft Defender ATP for Android secure,
+Information is collected to help keep Defender for Endpoint for Android secure,
 up-to-date, performing as expected and to support the service.
 
 ## Required Data 
 
-Required data consists of data that is necessary to make Microsoft Defender ATP
+Required data consists of data that is necessary to make Defender for Endpoint
 for Android work as expected. This data is essential to the operation of the
 service and can include data related to the end user, organization, device, and
 apps. Here's a list of the types of data being collected:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
index d2d946c3fb..34959bf022 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
@@ -20,15 +20,14 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Troubleshooting issues on Microsoft Defender ATP for Android
+# Troubleshooting issues on Microsoft Defender for Endpoint for Android
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
--   [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for
-    Android](microsoft-defender-atp-android.md)
+-   [Defender for Endpoint](microsoft-defender-atp-android.md)
 
 During onboarding, you might encounter sign in issues after the app is installed on your device. 
 
@@ -77,7 +76,7 @@ Contact your administrator for help.
 
 -   **Xiaomi**
 
-Phishing and harmful web connection threats detected by Microsoft Defender ATP
+Phishing and harmful web connection threats detected by Defender for Endpoint
 for Android are not blocked on some Xiaomi devices. The following functionality does not work on these devices.
 
 ![Image of site reported unsafe](images/0c04975c74746a5cdb085e1d9386e713.png)
@@ -85,7 +84,7 @@ for Android are not blocked on some Xiaomi devices. The following functionality
 
 **Cause:**
 
-Xiaomi devices introduced a new permission that prevents Microsoft Defender ATP
+Xiaomi devices introduced a new permission that prevents Defender for Endpoint
 for Android app from displaying pop-up windows while running in the background.
 
 Xiaomi devices permission: "Display pop-up windows while running in the
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
index 0d6e8dcd1c..caf571c273 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
@@ -19,15 +19,15 @@ ms.topic: conceptual
 hideEdit: true
 ---
 
-# Microsoft Defender ATP for Android application license terms
+# Microsoft Defender for Endpoint for Android application license terms
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+- [Microsoft Defender for Endpoint](microsoft-defender-atp-android.md)
 
-## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER ATP
+## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER FOR ENDPOINT
 
 These license terms ("Terms") are an agreement between Microsoft Corporation (or
 based on where you live, one of its affiliates) and you. Please read them. They
@@ -54,7 +54,7 @@ DO NOT USE THE APPLICATION.**
     1.  **Installation and Use.** You may install and use any number of copies
         of this application on Android enabled device or devices which you own
         or control. You may use this application with your company's valid
-        subscription of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) or
+        subscription of Microsoft Defender for Endpoint or
         an online service that includes MDATP functionalities.
 
     2.  **Updates.** Updates or upgrades to MDATP may be required for full
@@ -139,7 +139,7 @@ DO NOT USE THE APPLICATION.**
     export laws and regulations that apply to the application. These laws
     include restrictions on destinations, end users and end use. For additional
     information,
-    see[www.microsoft.com/exporting](https://www.microsoft.com/exporting).
+    see�[www.microsoft.com/exporting](https://www.microsoft.com/exporting).
 
 7.  **SUPPORT SERVICES.** Because this application is "as is," we may not
     provide support services for it. If you have any issues or questions about
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
index 4985f37fda..c75879bafc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
@@ -25,11 +25,11 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-The Microsoft Defender ATP API Explorer is a tool that helps you explore various Microsoft Defender ATP APIs interactively. 
+The Microsoft Defender for Endpoint API Explorer is a tool that helps you explore various Defender for Endpoint APIs interactively. 
 
-The API Explorer makes it easy to construct and do API queries, test, and send requests for any available Microsoft Defender ATP API endpoint. Use the API Explorer to take actions or find data that might not yet be available through the user interface.
+The API Explorer makes it easy to construct and do API queries, test, and send requests for any available Defender for Endpoint API endpoint. Use the API Explorer to take actions or find data that might not yet be available through the user interface.
 
 The tool is useful during app development. It allows you to perform API queries that respect your user access settings, reducing the need to generate access tokens.
 
@@ -47,7 +47,7 @@ From the left navigation menu, select **Partners & APIs** > **API Explorer**.
 
 ## Supported APIs
 
-API Explorer supports all the APIs offered by Microsoft Defender ATP.
+API Explorer supports all the APIs offered by Defender for Endpoint.
   
 The list of supported APIs is available in the [APIs documentation](apis-intro.md). 
 
@@ -61,7 +61,7 @@ Some of the samples may require specifying a parameter in the URL, for example,
 ## FAQ
 
 **Do I need to have an API token to use the API Explorer?** 

-Credentials to access an API aren't needed. The API Explorer uses the Microsoft Defender ATP management portal token whenever it makes a request.
+Credentials to access an API aren't needed. The API Explorer uses the Defender for Endpoint management portal token whenever it makes a request.
 
 The logged-in user authentication credential is used to verify that the API Explorer is authorized to access data on your behalf.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
index a0330cfe3b..0dfd7bfce2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Microsoft Defender ATP API - Hello World 
+# Microsoft Defender for Endpoint API - Hello World 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## Get Alerts using a simple PowerShell script
@@ -47,7 +47,7 @@ For the Application registration stage, you must have a **Global administrator**
 
 3. In the registration form, choose a name for your application and then click **Register**.
 
-4. Allow your Application to access Microsoft Defender ATP and assign it **'Read all alerts'** permission:
+4. Allow your Application to access Defender for Endpoint and assign it **'Read all alerts'** permission:
 
    - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**.
 
@@ -177,6 +177,6 @@ You’re all done! You have just successfully:
 
 
 ## Related topic
-- [Microsoft Defender ATP APIs](exposed-apis-list.md)
-- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
-- [Access Microsoft Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
+- [Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
+- [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md)
+- [Access Microsoft Defender for Endpoint with user context](exposed-apis-create-app-nativeapp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
index 572437217f..95525bbf97 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 Automating security procedures is a standard requirement for every modern Security Operations Center. The lack of professional cyber defenders forces SOC to work in the most efficient way and automation is a must. Microsoft Power Automate supports different connectors that were built exactly for that. You can build an end-to-end procedure automation within a few minutes.
 
@@ -81,4 +81,4 @@ The Alert trigger provides only the Alert ID and the Machine ID. You can use the
 You can also create a **scheduled** flow that runs Advanced Hunting queries and much more!
 
 ## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
index d93239e1e8..2170d310c0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
@@ -17,28 +17,28 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Microsoft Defender ATP detections API fields
+# Microsoft Defender for Endpoint detections API fields
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
 
 Understand what data fields are exposed as part of the detections API and how they map to Microsoft Defender Security Center.
 
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
+>- [Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
 >- **Microsoft Defender ATP Detection** is composed from the suspicious event occurred on the Device and its related **Alert** details.
->- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
+>- The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 ## Detections API fields and portal mapping
 The following table lists the available fields exposed in the detections API payload. It shows examples for the populated values and a reference on how data is reflected on the portal.
 
-The ArcSight field column contains the default mapping between the Microsoft Defender ATP fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the  needs of your organization. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
+The ArcSight field column contains the default mapping between the Defender for Endpoint fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the  needs of your organization. For more information, see [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md).
 
 Field numbers match the numbers in the images below.
 
@@ -49,12 +49,12 @@ Field numbers match the numbers in the images below.
 > | 1                | AlertTitle                | name                | Microsoft Defender AV detected 'Mikatz' high-severity malware | Value available for every Detection.                                                                                                                                               |
 > | 2                | Severity                  | deviceSeverity      | High                                                                             | Value available for every Detection.                                                                                                                                               |
 > | 3                | Category                  | deviceEventCategory | Malware                                                               | Value available for every Detection.                                                                                                                                               |
-> | 4                | Detection source                    | sourceServiceName   | Antivirus                                                                 | Microsoft Defender Antivirus or   Microsoft Defender ATP. Value available for every Detection.                                                                                         |
+> | 4                | Detection source                    | sourceServiceName   | Antivirus                                                                 | Microsoft Defender Antivirus or  Defender for Endpoint. Value available for every Detection.                                                                                         |
 > | 5                | MachineName               | sourceHostName      | desktop-4a5ngd6                                                                           | Value available for every Detection.                                                                                                                                               |
 > | 6                | FileName                  | fileName            | Robocopy.exe                                                                       | Available for detections associated   with a file or process.                                                                                                                      |
 > | 7                | FilePath                  | filePath            | C:\Windows\System32\Robocopy.exe                                                   | Available for detections associated   with a file or process.                                                                                                                     |
-> | 8                | UserDomain                | sourceNtDomain      | CONTOSO                                                                            | The domain of the user context   running the activity, available for Microsoft Defender ATP behavioral based detections.                                                           |
-> | 9                | UserName                  | sourceUserName      | liz.bean                                                                           | The user context running the   activity, available for Microsoft Defender ATP behavioral based detections.                                                                           |
+> | 8                | UserDomain                | sourceNtDomain      | CONTOSO                                                                            | The domain of the user context   running the activity, available for Defender for Endpoint behavioral based detections.                                                           |
+> | 9                | UserName                  | sourceUserName      | liz.bean                                                                           | The user context running the   activity, available for Defender for Endpoint behavioral based detections.                                                                           |
 > | 10               | Sha1                      | fileHash            | 3da065e07b990034e9db7842167f70b63aa5329                                           | Available for detections associated   with a file or process.                                                                                                                      |
 > | 11               | Sha256                    | deviceCustomString6 | ebf54f745dc81e1958f75e4ca91dd0ab989fc9787bb6b0bf993e2f5                   | Available for Microsoft Defender AV detections.                                                                                                                                    |
 > | 12               | Md5                       | deviceCustomString5 | db979c04a99b96d370988325bb5a8b21                                                   | Available for Microsoft Defender AV detections.                                                                                                                                    |
@@ -97,7 +97,7 @@ Field numbers match the numbers in the images below.
 
 
 ## Related topics
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
+- [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md)
+- [Configure ArcSight to pull Microsoft Defender for Endpoint detections](configure-arcsight.md)
+- [Pull Microsoft Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md)
 - [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
index ae1fe49ed4..605b0f511a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
@@ -22,11 +22,11 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-In this section you will learn create a Power BI report on top of Microsoft Defender ATP APIs.
+In this section you will learn create a Power BI report on top of Defender for Endpoint APIs.
 
 The first example demonstrates how to connect Power BI to Advanced Hunting API and the second example demonstrates a connection to our OData APIs, such as Machine Actions or Alerts.
 
@@ -133,6 +133,6 @@ View the Microsoft Defender ATP Power BI report samples. For more information, s
 
 
 ## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Defender for Endpoint APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Using OData Queries](exposed-apis-odata-samples.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
index b5e6b4ffb6..9c8c96f2ea 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
@@ -16,14 +16,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Microsoft Defender ATP API license and terms of use
+# Microsoft Defender for Endpoint API license and terms of use
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 ## APIs
 
-Microsoft Defender ATP APIs are governed by [Microsoft API License and Terms of use](https://docs.microsoft.com/legal/microsoft-apis/terms-of-use).
+Defender for Endpoint APIs are governed by [Microsoft API License and Terms of use](https://docs.microsoft.com/legal/microsoft-apis/terms-of-use).
 
 ### Throttling limits
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index 34f925b4d8..5550264035 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -17,33 +17,33 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Access the Microsoft Defender Advanced Threat Protection APIs 
+# Access the Microsoft Defender for Endpoint APIs 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:** 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
-Watch this video for a quick overview of Microsoft Defender ATP's APIs. 
+Watch this video for a quick overview of Defender for Endpoint's APIs. 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application
 - Get an access token using this application
-- Use the token to access Microsoft Defender ATP API
+- Use the token to access Defender for Endpoint API
 
 
-You can access Microsoft Defender ATP API with **Application Context** or **User Context**.
+You can access Defender for Endpoint API with **Application Context** or **User Context**.
 
 - **Application Context: (Recommended)** 

     Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons.
 
-	Steps that need to be taken to access Microsoft Defender ATP API with application context:
+	Steps that need to be taken to access Defender for Endpoint API with application context:
 
   1. Create an AAD Web-Application.
   2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'. 
@@ -57,7 +57,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
 - **User Context:** 

     Used to perform actions in the API on behalf of a user.
 
-	Steps that needs to be taken to access Microsoft Defender ATP API with application context:
+	Steps that needs to be taken to access Defender for Endpoint API with application context:
   1. Create AAD Native-Application.
   2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
   3. Get token using the application with user credentials.
@@ -67,6 +67,6 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
 
 
 ## Related topics
-- [Microsoft Defender ATP APIs](exposed-apis-list.md)
-- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
-- [Access Microsoft Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
+- [Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
+- [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md)
+- [Access Microsoft Defender for Endpoint with user context](exposed-apis-create-app-nativeapp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
index 6c4428c439..a8bf456da1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
@@ -26,11 +26,11 @@ ms.date: 11/28/2018
 **Applies to:**
 - Azure Active Directory
 - Office 365
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
 
-Microsoft Defender ATP supports two ways to manage permissions:
+Defender for Endpoint supports two ways to manage permissions:
 
 - **Basic permissions management**: Set permissions to either full access or read-only.
 - **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to device groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac.md).
@@ -38,7 +38,7 @@ Microsoft Defender ATP supports two ways to manage permissions:
 > [!NOTE]
 > If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
 > 
-> - Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Microsoft Defender ATP administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Microsoft Defender ATP administrator role after switching to RBAC.  Only users assigned to the Microsoft Defender ATP administrator role can manage permissions using RBAC. 
+> - Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Defender for Endpoint administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC.  Only users assigned to the Defender for Endpoint administrator role can manage permissions using RBAC. 
 > - Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC.
 > - After switching to RBAC, you will not be able to switch back to using basic permissions management.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
index 47af31878c..74cc0538fb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
@@ -18,22 +18,22 @@ ms.topic: article
 ms.date: 11/20/2018
 ---
 
-# Experience Microsoft Defender ATP through simulated attacks 
+# Experience Microsoft Defender for Endpoint through simulated attacks 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
 
 >[!TIP]
->- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
->- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+>- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Defender for Endpoint?](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+>- Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 
-You might want to experience Microsoft Defender ATP before you onboard more than a few devices to the service. To do this, you can run controlled attack simulations on a few test devices. After running the simulated attacks, you can review how Microsoft Defender ATP surfaces malicious activity and explore how it enables an efficient response.
+You might want to experience Defender for Endpoint before you onboard more than a few devices to the service. To do this, you can run controlled attack simulations on a few test devices. After running the simulated attacks, you can review how Defender for Endpoint surfaces malicious activity and explore how it enables an efficient response.
 
 ## Before you begin
 
@@ -61,7 +61,7 @@ Read the walkthrough document provided with each attack scenario. Each document
 > Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test device.
 > 
 > 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink)
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
index 6005a0a536..b3a31baf6d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
@@ -23,7 +23,7 @@ ms.custom: asr
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Is attack surface reduction (ASR) part of Windows?
 
@@ -43,7 +43,7 @@ Yes. ASR is supported for Windows Enterprise E3 and above.
 
 All of the rules supported with E3 are also supported with E5.
 
-E5 also added greater integration with Microsoft Defender ATP. With E5, you can [use Microsoft Defender ATP to monitor and review analytics](https://docs.microsoft.com/microsoft-365/security/mtp/monitor-devices?view=o365-worldwide#monitor-and-manage-asr-rule-deployment-and-detections) on alerts in real-time, fine-tune rule exclusions, configure ASR rules, and view lists of event reports.
+E5 also added greater integration with Defender for Endpoint. With E5, you can [use Defender for Endpoint to monitor and review analytics](https://docs.microsoft.com/microsoft-365/security/mtp/monitor-devices?view=o365-worldwide#monitor-and-manage-asr-rule-deployment-and-detections) on alerts in real-time, fine-tune rule exclusions, configure ASR rules, and view lists of event reports.
 
 ## What are the currently supported ASR rules?
 
@@ -75,13 +75,13 @@ Larger organizations should consider rolling out ASR rules in "rings," by auditi
 
 Keep the rule in audit mode for about 30 days to get a good baseline for how the rule will operate once it goes live throughout your organization. During the audit period, you can identify any line-of-business applications that might get blocked by the rule, and configure the rule to exclude them.
 
-## I'm making the switch from a third-party security solution to Microsoft Defender ATP. Is there an "easy" way to export rules from another security solution to ASR?
+## I'm making the switch from a third-party security solution to Defender for Endpoint. Is there an "easy" way to export rules from another security solution to ASR?
 
-In most cases, it's easier and better to start with the baseline recommendations suggested by [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP) than to attempt to import rules from another security solution. Then, use tools such as audit mode, monitoring, and analytics to configure your new solution to suit your unique needs. 
+In most cases, it's easier and better to start with the baseline recommendations suggested by [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Defender for Endpoint) than to attempt to import rules from another security solution. Then, use tools such as audit mode, monitoring, and analytics to configure your new solution to suit your unique needs. 
 
-The default configuration for most ASR rules, combined with Microsoft Defender ATP's real-time protection, will protect against a large number of exploits and vulnerabilities.
+The default configuration for most ASR rules, combined with Defender for Endpoint's real-time protection, will protect against a large number of exploits and vulnerabilities.
 
-From within Microsoft Defender ATP, you can update your defenses with custom indicators, to allow and block certain software behaviors. ASR also allows for some customization of rules, in the form of file and folder exclusions. As a general rule, it is best to audit a rule for a period of time, and configure exclusions for any line-of-business applications that might get blocked.
+From within Defender for Endpoint, you can update your defenses with custom indicators, to allow and block certain software behaviors. ASR also allows for some customization of rules, in the form of file and folder exclusions. As a general rule, it is best to audit a rule for a period of time, and configure exclusions for any line-of-business applications that might get blocked.
 
 ## Does ASR support file or folder exclusions that include system variables and wildcards in the path?
 
@@ -95,9 +95,9 @@ It depends on the rule. Most ASR rules cover the behavior of Microsoft Office pr
 
 ASR uses Microsoft Defender Antivirus to block applications. It is not possible to configure ASR to use another security solution for blocking at this time.
 
-## I have an E5 license and enabled some ASR rules in conjunction with Microsoft Defender ATP. Is it possible for an ASR event to not show up at all in Microsoft Defender ATP's event timeline?
+## I have an E5 license and enabled some ASR rules in conjunction with Defender for Endpoint. Is it possible for an ASR event to not show up at all in Defender for Endpoint's event timeline?
 
-Whenever a notification is triggered locally by an ASR rule, a report on the event is also sent to the Microsoft Defender ATP portal. If you're having trouble finding the event, you can filter the events timeline using the search box. You can also view ASR events by visiting **Go to attack surface management**, from the **Configuration management** icon in the Security Center taskbar. The attack surface management page includes a tab for report detections, which includes a full list of ASR rule events reported to Microsoft Defender ATP.
+Whenever a notification is triggered locally by an ASR rule, a report on the event is also sent to the Defender for Endpoint portal. If you're having trouble finding the event, you can filter the events timeline using the search box. You can also view ASR events by visiting **Go to attack surface management**, from the **Configuration management** icon in the Security Center taskbar. The attack surface management page includes a tab for report detections, which includes a full list of ASR rule events reported to Defender for Endpoint.
 
 ## I applied a rule using GPO. Now when I try to check the indexing options for the rule in Microsoft Outlook, I get a message stating, 'Access denied'.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 87e15b62f3..d2c6d68716 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -24,7 +24,7 @@ ms.date: 10/08/2020
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Your attack surface is the total number of places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means offering attackers fewer ways to perform attacks.
 
@@ -50,13 +50,13 @@ You can set attack surface reduction rules for devices running any of the follow
 - Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
 - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
 
-To use the entire feature-set of attack surface reduction rules, you need a [Windows 10 Enterprise license](https://www.microsoft.com/licensing/product-licensing/windows10). With a [Windows E5 license](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses), you get advanced management capabilities including monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the [Microsoft 365 security center](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). These advanced capabilities aren't available with an E3 license, but you can still use Event Viewer to review attack surface reduction rule events.
+To use the entire feature-set of attack surface reduction rules, you need a [Windows 10 Enterprise license](https://www.microsoft.com/licensing/product-licensing/windows10). With a [Windows E5 license](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses), you get advanced management capabilities including monitoring, analytics, and workflows available in [Defender for Endpoint](microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the [Microsoft 365 security center](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). These advanced capabilities aren't available with an E3 license, but you can still use Event Viewer to review attack surface reduction rule events.
 
 ## Review attack surface reduction events in the Microsoft Defender Security Center
 
-Microsoft Defender ATP provides detailed reporting for events and blocks, as part of its alert investigation scenarios.
+Defender for Endpoint provides detailed reporting for events and blocks, as part of its alert investigation scenarios.
 
-You can query Microsoft Defender ATP data by using [advanced hunting](advanced-hunting-query-language.md). If you're running [audit mode](audit-windows-defender.md), you can use advanced hunting to understand how attack surface reduction rules could affect your environment.
+You can query Defender for Endpoint data by using [advanced hunting](advanced-hunting-query-language.md). If you're running [audit mode](audit-windows-defender.md), you can use advanced hunting to understand how attack surface reduction rules could affect your environment.
 
 Here is an example query:
 
@@ -87,7 +87,7 @@ This will create a custom view that filters events to only show the following, a
 |1121 | Event when rule fires in Block-mode |
 |1122 | Event when rule fires in Audit-mode |
 
-The "engine version" listed for attack surface reduction events in the event log, is generated by Microsoft Defender ATP, not by the operating system. Microsoft Defender ATP is integrated with Windows 10, so this feature works on all devices with Windows 10 installed.
+The "engine version" listed for attack surface reduction events in the event log, is generated by Defender for Endpoint, not by the operating system. Defender for Endpoint is integrated with Windows 10, so this feature works on all devices with Windows 10 installed.
 
 ## Attack surface reduction rules
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
index ee65565701..b442dcb82a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
@@ -15,14 +15,14 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test how Microsoft Defender ATP features work in audit mode
+# Test how Microsoft Defender for Endpoint features work in audit mode
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. Audit mode lets you see a record of what *would* have happened if you had enabled the feature.
 
@@ -32,7 +32,7 @@ The features won't block or prevent apps, scripts, or files from being modified.
 
 To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**.
 
-You can use Microsoft Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+You can use Defender for Endpoint to get greater details for each event, especially for investigating attack surface reduction rules. Using the Defender for Endpoint console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 This article provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.
 

From 7b04785a2d24606f6e63669e20cb07e800b7fcc4 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Tue, 27 Oct 2020 17:03:45 -0700
Subject: [PATCH 057/384] Added ADMX_TerminalServer policies

---
 .../mdm/policy-csp-admx-terminalserver.md     | 1036 +++++++++++++++++
 1 file changed, 1036 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-terminalserver.md

diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
new file mode 100644
index 0000000000..74a8c02c29
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -0,0 +1,1036 @@
+---
+title: Policy CSP - ADMX_TerminalServer
+description: Policy CSP - ADMX_TerminalServer
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/27/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TerminalServer
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_TerminalServer policies  
+
+

+  

+    ADMX_TerminalServer/TS_AUTO_RECONNECT
+  

+  

+    ADMX_TerminalServer/TS_CAMERA_REDIRECTION
+  

+  

+    ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_AUDIO
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_CLIPBOARD
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_COM
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_DEFAULT_M
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_LPT
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_PNP
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_PRINTER
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2
+  

+  

+    ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP
+  

+  

+    ADMX_TerminalServer/TS_COLORDEPTH
+  

+  

+    ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES
+  

+  

+    ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER
+  

+  

+    ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU
+  

+  

+    ADMX_TerminalServer/TS_EASY_PRINT
+  

+  

+    ADMX_TerminalServer/TS_EASY_PRINT_User
+  

+  

+    ADMX_TerminalServer/TS_EnableVirtualGraphics
+  

+  

+    ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE
+  

+  

+    ADMX_TerminalServer/TS_FORCIBLE_LOGOFF
+  

+  

+    ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+  

+  

+    ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
+  

+  

+    ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
+  

+  

+    ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY
+  

+  

+    ADMX_TerminalServer/TS_KEEP_ALIVE
+  

+  

+    ADMX_TerminalServer/TS_LICENSE_SECGROUP
+  

+  

+    ADMX_TerminalServer/TS_LICENSE_SERVERS
+  

+  

+    ADMX_TerminalServer/TS_LICENSE_TOOLTIP
+  

+  

+    ADMX_TerminalServer/TS_LICENSING_MODE
+  

+  

+    ADMX_TerminalServer/TS_MAXDISPLAYRES
+  

+  

+    ADMX_TerminalServer/TS_MAXMONITOR
+  

+  

+    ADMX_TerminalServer/TS_MAX_CON_POLICY
+  

+  

+    ADMX_TerminalServer/TS_NoDisconnectMenu
+  

+  

+    ADMX_TerminalServer/TS_NoSecurityMenu
+  

+  

+    ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
+  

+  

+    ADMX_TerminalServer/TS_PreventLicenseUpgrade
+  

+  

+    ADMX_TerminalServer/TS_RADC_DefaultConnection
+  

+  

+    ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration
+  

+  

+    ADMX_TerminalServer/TS_RemoteControl_1
+  

+  

+    ADMX_TerminalServer/TS_RemoteControl_2
+  

+  

+    ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics
+  

+  

+    ADMX_TerminalServer/TS_SD_ClustName
+  

+  

+    ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS
+  

+  

+    ADMX_TerminalServer/TS_SD_Loc
+  

+  

+    ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY
+  

+  

+    ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT
+  

+  

+    ADMX_TerminalServer/TS_SELECT_TRANSPORT
+  

+  

+    ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
+  

+  

+    ADMX_TerminalServer/TS_SERVER_AUTH
+  

+  

+    ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED
+  

+  

+    ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
+  

+  

+    ADMX_TerminalServer/TS_SERVER_COMPRESSOR
+  

+  

+    ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
+  

+  

+    ADMX_TerminalServer/TS_SERVER_LEGACY_RFX
+  

+  

+    ADMX_TerminalServer/TS_SERVER_PROFILE
+  

+  

+    ADMX_TerminalServer/TS_SERVER_VISEXP
+  

+  

+    ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER
+  

+  

+    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1
+  

+  

+    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
+  

+  

+    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1
+  

+  

+    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2
+  

+  

+    ADMX_TerminalServer/TS_SESSIONS_Limits_1
+  

+  

+    ADMX_TerminalServer/TS_SESSIONS_Limits_2
+  

+  

+    ADMX_TerminalServer/TS_SINGLE_SESSION
+  

+  

+    ADMX_TerminalServer/TS_SMART_CARD
+  

+  

+    ADMX_TerminalServer/TS_START_PROGRAM_1
+  

+  

+    ADMX_TerminalServer/TS_START_PROGRAM_2
+  

+  

+    ADMX_TerminalServer/TS_Session_End_On_Limit_1
+  

+  

+    ADMX_TerminalServer/TS_Session_End_On_Limit_2
+  

+  

+    ADMX_TerminalServer/TS_TEMP_DELETE
+  

+  

+    ADMX_TerminalServer/TS_TEMP_PER_SESSION
+  

+  

+    ADMX_TerminalServer/TS_TIME_ZONE
+  

+  

+    ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY
+  

+  

+    ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP
+  

+  

+    ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE
+  

+  

+    ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY
+  

+  

+    ADMX_TerminalServer/TS_USER_HOME
+  

+  

+    ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES
+  

+  

+    ADMX_TerminalServer/TS_USER_PROFILES
+  

+

+
+
+

+
+
+**ADMX_TerminalServer/TS_AUTO_RECONNECT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost.
+
+By default, a maximum  of twenty reconnection attempts are made at five second intervals.
+
+If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.
+
+If the status is set to Disabled, automatic reconnection of clients is prohibited.
+
+If the status is set to Not Configured, automatic reconnection is not specified at the  Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Automatic reconnection*
+-   GP name: *TS_AUTO_RECONNECT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CAMERA_REDIRECTION**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost.
+
+By default, a maximum  of twenty reconnection attempts are made at five second intervals.
+
+If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.
+
+If the status is set to Disabled, automatic reconnection of clients is prohibited.
+
+If the status is set to Not Configured, automatic reconnection is not specified at the  Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Automatic reconnection*
+-   GP name: *TS_CAMERA_REDIRECTION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.
+
+A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
+
+If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected.
+
+If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.
+
+If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.  
+
+> [!NOTE]
+> If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Server authentication certificate template*
+-   GP name: *TS_CERTIFICATE_TEMPLATE_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).
+
+If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
+
+If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow .rdp files from valid publishers and user's default .rdp settings*
+-   GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).
+
+If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
+
+If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow .rdp files from valid publishers and user's default .rdp settings*
+-   GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
+
+If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
+
+If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow .rdp files from unknown publishers*
+-   GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
+
+If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
+
+If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow .rdp files from unknown publishers*
+-   GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.
+
+Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.
+
+By default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.
+
+If you enable this policy setting, audio and video playback redirection is allowed.
+
+If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file.  If you do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow audio and video playback redirection*
+-   GP name: *TS_CLIENT_AUDIO*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.
+
+Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone.
+
+By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.
+
+If you enable this policy setting, audio recording redirection is allowed.
+
+If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC.
+
+If you do not configure this policy setting, Audio recording redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow audio recording redirection*
+-   GP name: *TS_CLIENT_AUDIO_CAPTURE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links.
+
+If you enable this policy setting, you must select one of the following:  High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection.
+
+The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer.
+
+For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.
+
+Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.
+
+If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit audio playback quality*
+-   GP name: *TS_CLIENT_AUDIO_QUALITY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 4bcb2f09de05e089822439e5af8ebc17b679c392 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Wed, 28 Oct 2020 10:51:10 +0530
Subject: [PATCH 058/384] Update-4594479

Updated linkid in the link: https://go.microsoft.com/fwlink/p/?linkid=2069559   to 2146631
---
 .../threat-protection/change-history-for-threat-protection.md   | 2 +-
 .../device-control/control-usb-devices-using-intune.md          | 2 +-
 .../enable-virtualization-based-protection-of-code-integrity.md | 2 +-
 .../security/threat-protection/device-guard/memory-integrity.md | 2 +-
 ...nes-for-virtualization-based-protection-of-code-integrity.md | 2 +-
 .../manage-protection-updates-microsoft-defender-antivirus.md   | 2 +-
 .../microsoft-defender-antivirus-in-windows-10.md               | 2 +-
 .../troubleshoot-microsoft-defender-antivirus-when-migrating.md | 2 +-
 .../microsoft-defender-application-guard/faq-md-app-guard.md    | 2 +-
 .../md-app-guard-overview.md                                    | 2 +-
 .../microsoft-defender-application-guard/reqs-md-app-guard.md   | 2 +-
 .../microsoft-defender-atp/tvm-assign-device-value.md           | 2 +-
 .../microsoft-defender-atp/tvm-end-of-support-software.md       | 2 +-
 .../threat-protection/microsoft-defender-atp/tvm-exception.md   | 2 +-
 .../microsoft-defender-atp/tvm-prerequisites.md                 | 2 +-
 15 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index af17bfed1e..d4391adcbe 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Change history for [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+title: Change history for [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 ms.reviewer: 
 ms.author: dansimp
 description: This topic lists new and updated topics in the WWindows Defender ATP content set.
diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
index add9bc1309..3c7fb12101 100644
--- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
+++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
@@ -15,7 +15,7 @@ audience: ITPro
 
 # How to control USB devices and other removable media using Microsoft Defender ATP
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Microsoft recommends [a layered approach to securing removable media](https://aka.ms/devicecontrolblog), and Microsoft Defender ATP provides multiple monitoring and control features to help prevent threats in unauthorized peripherals from compromising your devices:
 
diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index 35846937a0..4661467e5e 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -18,7 +18,7 @@ ms.reviewer:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10.
 Some applications, including device drivers, may be incompatible with HVCI.
diff --git a/windows/security/threat-protection/device-guard/memory-integrity.md b/windows/security/threat-protection/device-guard/memory-integrity.md
index 3ebdf7bf95..9fb8ce4166 100644
--- a/windows/security/threat-protection/device-guard/memory-integrity.md
+++ b/windows/security/threat-protection/device-guard/memory-integrity.md
@@ -18,7 +18,7 @@ manager: dansimp
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Memory integrity is a feature of Windows that ensures code running in the Windows kernel is securely designed and trustworthy. It uses hardware virtualization and Hyper-V to protect Windows kernel mode processes from the injection and execution of malicious or unverified code. The integrity of code that runs on Windows is validated by memory integrity, making Windows resistant to attacks from malicious software. Memory integrity is a powerful security boundary that helps to block many types of malware from running in Windows 10 and Windows Server 2016 environments.
 
diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index d594900ce7..5b41e23255 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -19,7 +19,7 @@ ms.author: dansimp
 
 **Applies to**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Computers must meet certain hardware, firmware, and software requirements in order to take advantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
index 2ac2800429..cb5f433122 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
@@ -22,7 +22,7 @@ ms.custom: nextgen
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
index e9bcff7d72..df6dcb310f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
@@ -23,7 +23,7 @@ ms.custom: nextgen
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Microsoft Defender Antivirus: Your next-generation protection
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
index 09535418a1..42ea33f88f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 You can find help here if you encounter issues while migrating from a third-party security solution to Microsoft Defender Antivirus.
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index b3bb7867ee..efc5e96416 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -16,7 +16,7 @@ ms.custom: asr
 
 # Frequently asked questions - Microsoft Defender Application Guard 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration.
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index 4acd29aa2d..4a6ef8896a 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -16,7 +16,7 @@ ms.custom: asr
 
 # Microsoft Defender Application Guard overview
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete.
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
index 5757f18c10..5b18d1b484 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
@@ -16,7 +16,7 @@ ms.custom: asr
 
 # System requirements for Microsoft Defender Application Guard
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
index 8dfec3f344..7e59c7cb67 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
@@ -25,7 +25,7 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
index 7d2f8da30c..aaab188cac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
index f8f6565174..dcd537fb96 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
index 9aba0d42d1..8ccaa9eb8d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
@@ -23,7 +23,7 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)

From d9ded8c49f0659b7791dbf72f144dec8682dd678 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 28 Oct 2020 20:11:03 +0500
Subject: [PATCH 059/384] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index f9fef4f777..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 



From de70a4890484fed0eceb72d76f5d69a4a50dd1be Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Wed, 28 Oct 2020 10:48:02 -0700
Subject: [PATCH 060/384] Added 20H2 Policy CSP DDF

---
 .../client-management/mdm/policy-ddf-file.md  | 746 +++++++++++++++++-
 1 file changed, 743 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 27c1aceaf0..88231009d5 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -10,7 +10,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 06/03/2020
+ms.date: 10/28/2020
 ---
 
 # Policy DDF file
@@ -20,6 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy*
 
 You can view various Policy DDF files by clicking the following links:
 
+- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
 - [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
 - [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
 - [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
@@ -32,7 +33,7 @@ You can view various Policy DDF files by clicking the following links:
 
 You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the DDF for Windows 10, version 2004.
+The XML below is the DDF for Windows 10, version 20H2.
 
 ```xml
 
@@ -8713,6 +8714,52 @@ Related policy:
           
         
       
+      
+        Multitasking
+        
+          
+            
+            
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          BrowserAltTabBlowout
+          
+            
+              
+              
+              
+              
+            
+            Configures the inclusion of Edge tabs into Alt-Tab.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+      
       
         Notifications
         
@@ -18919,6 +18966,55 @@ Related policy:
           
         
       
+      
+        Multitasking
+        
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          BrowserAltTabBlowout
+          
+            
+              
+            
+            1
+            Configures the inclusion of Edge tabs into Alt-Tab.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            phone
+            multitasking.admx
+            AltTabFilterDropdown
+            multitasking~AT~WindowsComponents~MULTITASKING
+            MultiTaskingAltTabFilter
+            LastWrite
+          
+        
+      
       
         Notifications
         
@@ -29757,6 +29853,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             
           
         
+        
+          DisableCloudOptimizedContent
+          
+            
+              
+              
+              
+              
+            
+            This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
         
           DoNotShowFeedbackNotifications
           
@@ -38353,6 +38473,60 @@ The options are:
           
         
       
+      
+        LocalUsersAndGroups
+        
+          
+            
+            
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          Configure
+          
+            
+              
+              
+              
+              
+            
+            This Setting allows an administrator to manage local groups on a Device.
+                            Possible settings:
+                            1. Update Group Membership: Update a group and add and/or remove members though the 'U' action.
+                            When using Update, existing group members that are not specified in the policy remain untouched.
+                            2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action.
+                            When using Replace, existing group membership is replaced by the list of members specified in
+                            the add member section. This option works in the same way as a Restricted Group and any group
+                            members that are not specified in the policy are removed.
+                            Caution: If the same group is configured with both Replace and Update, then Replace will win.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+      
       
         LockDown
         
@@ -38563,6 +38737,172 @@ The options are:
           
         
       
+      
+        MixedReality
+        
+          
+            
+            
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          AADGroupMembershipCacheValidityInDays
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          BrightnessButtonDisabled
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          FallbackDiagnostics
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          HeadTrackingMode
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          MicrophoneDisabled
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          VolumeButtonDisabled
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+      
       
         MSSecurityGuide
         
@@ -47384,6 +47724,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             
           
         
+        
+          DisableWUfBSafeguards
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
         
           EngagedRestartDeadline
           
@@ -48152,6 +48516,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             
           
         
+        
+          SetProxyBehaviorForUpdateDetection
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
         
           TargetReleaseVersion
           
@@ -61298,6 +61686,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             LowestValueMostSecure
           
         
+        
+          DisableCloudOptimizedContent
+          
+            
+              
+            
+            0
+            This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            CloudContent.admx
+            CloudContent~AT~WindowsComponents~CloudContent
+            DisableCloudOptimizedContent
+            HighestValueMostSecure
+          
+        
         
           DoNotShowFeedbackNotifications
           
@@ -70811,6 +71226,116 @@ The options are:
           
         
       
+      
+        LocalUsersAndGroups
+        
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          Configure
+          
+            
+              
+            
+            
+            This Setting allows an administrator to manage local groups on a Device.
+                            Possible settings:
+                            1. Update Group Membership: Update a group and add and/or remove members though the 'U' action.
+                            When using Update, existing group members that are not specified in the policy remain untouched.
+                            2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action.
+                            When using Replace, existing group membership is replaced by the list of members specified in
+                            the add member section. This option works in the same way as a Restricted Group and any group
+                            members that are not specified in the policy are removed.
+                            Caution: If the same group is configured with both Replace and Update, then Replace will win.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            phone
+            LastWrite
+            
+                          
+                            
+                              
+                            
+                          
+                          
+                            
+                                
+                                    
+                                      
+                                        Group Configuration Action
+                                      
+                                      
+                                        
+                                      
+                                    
+                                    
+                                      
+                                        Group Member to Add
+                                      
+                                      
+                                        
+                                      
+                                    
+                                    
+                                      
+                                        Group Member to Remove
+                                      
+                                      
+                                        
+                                      
+                                    
+                                    
+                                      
+                                        Group property to configure
+                                      
+                                      
+                                        
+                                        
+                                      
+                                    
+                                  
+                              
+                            
+                          
+                          
+                            
+                              
+                                
+                                  
+                              Local Group Configuration
+                            
+                                
+                              
+                            
+                          
+                      
+          
+        
+      
       
         LockDown
         
@@ -71027,6 +71552,170 @@ The options are:
           
         
       
+      
+        MixedReality
+        
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          AADGroupMembershipCacheValidityInDays
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            LastWrite
+          
+        
+        
+          BrightnessButtonDisabled
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            HighestValueMostSecure
+          
+        
+        
+          FallbackDiagnostics
+          
+            
+              
+            
+            2
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            LastWrite
+          
+        
+        
+          HeadTrackingMode
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            LastWrite
+          
+        
+        
+          MicrophoneDisabled
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            HighestValueMostSecure
+          
+        
+        
+          VolumeButtonDisabled
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            HighestValueMostSecure
+          
+        
+      
       
         MSSecurityGuide
         
@@ -80733,6 +81422,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             LastWrite
           
         
+        
+          DisableWUfBSafeguards
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            LastWrite
+          
+        
         
           EngagedRestartDeadline
           
@@ -81607,6 +82320,34 @@ If you disable or do not configure this policy setting, the wake setting as spec
             LastWrite
           
         
+        
+          SetProxyBehaviorForUpdateDetection
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            WindowsUpdate.admx
+            SetProxyBehaviorForUpdateDetection
+            WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat
+            CorpWuURL
+            LastWrite
+          
+        
         
           TargetReleaseVersion
           
@@ -83951,5 +84692,4 @@ Note: The first sign-in animation will not be shown on Server, so this policy wi
     
   
 
-
 ```

From e68165eaf4a0242b8cf9b266e1a16a5a7bbe564e Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 29 Oct 2020 00:33:28 +0530
Subject: [PATCH 061/384] updated-4567381-Batch3

rebranding
---
 .../basic-permissions.md                      |  4 +--
 .../behavioral-blocking-containment.md        | 18 +++++-----
 .../check-sensor-status.md                    | 20 +++++------
 .../client-behavioral-blocking.md             | 12 +++----
 .../collect-investigation-package.md          |  6 ++--
 .../microsoft-defender-atp/commercial-gov.md  | 14 ++++----
 .../microsoft-defender-atp/common-errors.md   |  2 +-
 .../microsoft-defender-atp/community.md       | 10 +++---
 .../conditional-access.md                     | 12 +++----
 .../configure-arcsight.md                     | 25 +++++++-------
 ...re-automated-investigations-remediation.md |  2 +-
 .../configure-conditional-access.md           | 10 +++---
 .../configure-email-notifications.md          | 14 ++++----
 .../configure-endpoints-gp.md                 | 14 ++++----
 .../configure-endpoints-mdm.md                | 20 +++++------
 .../configure-endpoints-non-windows.md        | 18 +++++-----
 .../configure-endpoints-sccm.md               | 18 +++++-----
 .../configure-endpoints-script.md             | 16 ++++-----
 .../configure-endpoints-vdi.md                | 16 ++++-----
 .../configure-endpoints.md                    |  6 ++--
 .../configure-machines-asr.md                 |  8 ++---
 .../configure-machines-onboarding.md          | 20 +++++------
 .../configure-machines-security-baseline.md   | 34 +++++++++----------
 .../configure-machines.md                     | 16 ++++-----
 .../configure-microsoft-threat-experts.md     | 14 ++++----
 25 files changed, 174 insertions(+), 175 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
index 82b023af7d..cd2daed39c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
@@ -24,9 +24,9 @@ ms.topic: article
 **Applies to:**
 
 - Azure Active Directory
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
 
 Refer to the instructions below to use basic permissions management. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
index b69250703a..98d7592f72 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
@@ -27,23 +27,23 @@ ms.collection:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Overview
 
-Today’s threat landscape is overrun by [fileless malware](https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats) and that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised devices. Traditional security solutions are not sufficient to stop such attacks; you need artificial intelligence (AI) and device learning (ML) backed capabilities, such as behavioral blocking and containment, included in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security). 
+Today’s threat landscape is overrun by [fileless malware](https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats) and that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised devices. Traditional security solutions are not sufficient to stop such attacks; you need artificial intelligence (AI) and device learning (ML) backed capabilities, such as behavioral blocking and containment, included in [Defender for Endpoint](https://docs.microsoft.com/windows/security). 
 
-Behavioral blocking and containment capabilities can help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. Next-generation protection, EDR, and Microsoft Defender ATP components and features work together in behavioral blocking and containment capabilities. 
+Behavioral blocking and containment capabilities can help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. Next-generation protection, EDR, and Defender for Endpoint components and features work together in behavioral blocking and containment capabilities. 
 
 :::image type="content" source="images/mdatp-next-gen-EDR-behavblockcontain.png" alt-text="Behavioral blocking and containment":::
 
-Behavioral blocking and containment capabilities work with multiple components and features of Microsoft Defender ATP to stop attacks immediately and prevent attacks from progressing.
+Behavioral blocking and containment capabilities work with multiple components and features of Defender for Endpoint to stop attacks immediately and prevent attacks from progressing.
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) (which includes Microsoft Defender Antivirus) can detect threats by analyzing behaviors, and stop threats that have started running.
 
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) receives security signals across your network, devices, and kernel behavior. As threats are detected, alerts are created. Multiple alerts of the same type are aggregated into incidents, which makes it easier for your security operations team to investigate and respond.
 
-- [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) has a wide range of optics across identities, email, data, and apps, in addition to the network, endpoint, and kernel behavior signals received through EDR. A component of [Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection), Microsoft Defender ATP processes and correlates these signals, raises detection alerts, and connects related alerts in incidents. 
+- [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) has a wide range of optics across identities, email, data, and apps, in addition to the network, endpoint, and kernel behavior signals received through EDR. A component of [Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection), Defender for Endpoint processes and correlates these signals, raises detection alerts, and connects related alerts in incidents. 
 
 With these capabilities, more threats can be prevented or blocked, even if they start running. Whenever suspicious behavior is detected, the threat is contained, alerts are created, and threats are stopped in their tracks. 
 
@@ -85,7 +85,7 @@ Below are two real-life examples of behavioral blocking and containment in actio
 
 As described in [In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks](https://www.microsoft.com/security/blog/2019/10/08/in-hot-pursuit-of-elusive-threats-ai-driven-behavior-based-blocking-stops-attacks-in-their-tracks), a credential theft attack against 100 organizations around the world was stopped by behavioral blocking and containment capabilities. Spear-phishing email messages that contained a lure document were sent to the targeted organizations. If a recipient opened the attachment, a related remote document was able to execute code on the user’s device and load Lokibot malware, which stole credentials, exfiltrated stolen data, and waited for further instructions from a command-and-control server. 
 
-Behavior-based device learning models in Microsoft Defender ATP caught and stopped the attacker’s techniques at two points in the attack chain:
+Behavior-based device learning models in Defender for Endpoint caught and stopped the attacker’s techniques at two points in the attack chain:
 - The first protection layer detected the exploit behavior. Device learning classifiers in the cloud correctly identified the threat as and immediately instructed the client device to block the attack.
 - The second protection layer, which helped stop cases where the attack got past the first layer, detected process hollowing, stopped that process, and removed the corresponding files (such as Lokibot). 
 
@@ -97,7 +97,7 @@ This example shows how behavior-based device learning models in the cloud add ne
 
 ### Example 2: NTLM relay - Juicy Potato malware variant
 
-As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Microsoft Defender ATP detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.
+As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Defender for Endpoint detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.
 
 :::image type="content" source="images/NTLMalertjuicypotato.png" alt-text="NTLM alert for Juicy Potato malware":::
 
@@ -113,7 +113,7 @@ This example shows that with behavioral blocking and containment capabilities, t
 
 ## Next steps
 
-- [Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+- [Learn more about Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 
 - [Configure your attack surface reduction rules](attack-surface-reduction.md)
 
@@ -121,4 +121,4 @@ This example shows that with behavioral blocking and containment capabilities, t
 
 - [See recent global threat activity](https://www.microsoft.com/wdsi/threats)
 
-- [Get an overview of Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
+- [Get an overview of Microsoft 365 Defender ](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
index 3e1124927b..bbff2e68b9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
@@ -18,32 +18,32 @@ ms.topic: article
 ms.date: 04/24/2018
 ---
 
-# Check sensor health state in Microsoft Defender ATP
+# Check sensor health state in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
 
-The **Devices with sensor issues** tile is found on the Security Operations dashboard. This tile provides information on the individual device’s ability to provide sensor data and communicate with the Microsoft Defender ATP service. It reports how many devices require attention and helps you identify problematic devices and take action to correct known issues.
+The **Devices with sensor issues** tile is found on the Security Operations dashboard. This tile provides information on the individual device’s ability to provide sensor data and communicate with the Defender for Endpoint service. It reports how many devices require attention and helps you identify problematic devices and take action to correct known issues.
 
 There are two status indicators on the tile that provide information on the number of devices that are not reporting properly to the service:
-- **Misconfigured** - These devices might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected.
-- **Inactive** - Devices that have stopped reporting to the Microsoft Defender ATP service for more than seven days in the past month.
+- **Misconfigured** - These devices might partially be reporting sensor data to the Defender for Endpoint service and might have configuration errors that need to be corrected.
+- **Inactive** - Devices that have stopped reporting to the Defender for Endpoint service for more than seven days in the past month.
 
 Clicking any of the groups directs you to **Devices list**, filtered according to your choice.
 
 ![Screenshot of Devices with sensor issues tile](images/atp-devices-with-sensor-issues-tile.png)
 
 On **Devices list**, you can filter the health state list by the following status:
-- **Active** - Devices that are actively reporting to the Microsoft Defender ATP service.
-- **Misconfigured** - These devices might partially be reporting sensor data to the Microsoft Defender ATP service but have configuration errors that need to be corrected. Misconfigured devices can have either one or a combination of the following issues:
+- **Active** - Devices that are actively reporting to the Defender for Endpoint service.
+- **Misconfigured** - These devices might partially be reporting sensor data to the Defender for Endpoint service but have configuration errors that need to be corrected. Misconfigured devices can have either one or a combination of the following issues:
   - **No sensor data** - Devices has stopped sending sensor data. Limited alerts can be triggered from the device.
   - **Impaired communications** - Ability to communicate with device is impaired. Sending files for deep analysis, blocking files, isolating device from network and other actions that require communication with the device may not work.
-- **Inactive** - Devices that have stopped reporting to the Microsoft Defender ATP service.
+- **Inactive** - Devices that have stopped reporting to the Defender for Endpoint service.
 
 You can also download the entire list in CSV format using the **Export** feature. For more information on filters, see [View and organize the Devices list](machines-view-overview.md).
 
@@ -55,4 +55,4 @@ You can also download the entire list in CSV format using the **Export** feature
 You can view the device details when you click on a misconfigured or inactive device.
 
 ## Related topic
-- [Fix unhealthy sensors in Microsoft Defender ATP](fix-unhealthy-sensors.md)
+- [Fix unhealthy sensors in Defender for Endpoint](fix-unhealthy-sensors.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
index 0af5e1bb5c..ef5d153836 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
@@ -27,11 +27,11 @@ ms.collection:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Overview
 
-Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in Microsoft Defender ATP. As suspicious behaviors are detected on devices (also referred to as clients or endpoints), artifacts (such as files or applications) are blocked, checked, and remediated automatically. 
+Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in Defender for Endpoint. As suspicious behaviors are detected on devices (also referred to as clients or endpoints), artifacts (such as files or applications) are blocked, checked, and remediated automatically. 
 
 :::image type="content" source="images/pre-execution-and-post-execution-detection-engines.png" alt-text="Cloud and client protection":::
 
@@ -72,11 +72,11 @@ Behavior-based detections are named according to the [MITRE ATT&CK Matrix for En
 
 ## Configuring client behavioral blocking
 
-If your organization is using Microsoft Defender ATP, client behavioral blocking is enabled by default. However, to benefit from all Microsoft Defender ATP capabilities, including [behavioral blocking and containment](behavioral-blocking-containment.md), make sure the following features and capabilities of Microsoft Defender ATP are enabled and configured:
+If your organization is using Defender for Endpoint, client behavioral blocking is enabled by default. However, to benefit from all Defender for Endpoint capabilities, including [behavioral blocking and containment](behavioral-blocking-containment.md), make sure the following features and capabilities of Defender for Endpoint are enabled and configured:
 
-- [Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
+- [Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
 
-- [Devices onboarded to Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
+- [Devices onboarded to Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
 
 - [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode)
 
@@ -92,4 +92,4 @@ If your organization is using Microsoft Defender ATP, client behavioral blocking
 
 - [(Blog) Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection/)
 
-- [Helpful Microsoft Defender ATP resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)
+- [Helpful Defender for Endpoint resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
index 86fb26842c..0d6949ea0b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 ## API description
 Collect investigation package from a device.
@@ -35,7 +35,7 @@ Collect investigation package from a device.
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
index d4c8c750c8..2b9b14ac6d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Microsoft Defender ATP for US Government GCC High customers
+# Microsoft Defender for Endpoint for US Government GCC High customers
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for US Government Community Cloud High (GCC High) customers, built in the US Azure Government environment, uses the same underlying technologies as Microsoft Defender ATP in Azure Commercial.
+Microsoft Defender for Endpoint for US Government Community Cloud High (GCC High) customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
 
 This offering is currently available to US Office 365 GCC High customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some key differences in the availability of capabilities for this offering.
 
@@ -40,7 +40,7 @@ The following OS versions are supported:
 - Windows Server, 2019 (with [KB4490481](https://support.microsoft.com/en-us/help/4490481))
 
 >[!NOTE]
->A patch must be deployed before device onboarding in order to configure Microsoft Defender ATP to the correct environment.
+>A patch must be deployed before device onboarding in order to configure Defender for Endpoint to the correct environment.
 
 The following OS versions are supported via Azure Security Center:
 - Windows Server 2008 R2 SP1
@@ -59,7 +59,7 @@ The following OS versions are not supported:
 - macOS
 - Linux
 
-The initial release of Microsoft Defender ATP will not have immediate parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government (GCC High) customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of August 2020:
+The initial release of Defender for Endpoint will not have immediate parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government (GCC High) customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of August 2020:
 
 ## Threat Analytics
 Not currently available.
@@ -91,7 +91,7 @@ Not currently available.
 Integrations with the following Microsoft products are not currently available:
 - Azure Advanced Threat Protection
 - Azure Information Protection
-- Office 365 Advanced Threat Protection
+- Defender for Office 365
 - Microsoft Cloud App Security
 - Skype for Business
 - Microsoft Intune (sharing of device information and enhanced policy enforcement)
@@ -105,7 +105,7 @@ You'll need to ensure that traffic from the following are allowed:
 Service location | DNS record
 :---|:---
 Common URLs for all locations (Global location) | ```crl.microsoft.com```
```ctldl.windowsupdate.com```
```notify.windows.com```
```settings-win.data.microsoft.com``` 

 NOTE: ```settings-win.data.microsoft.com``` is only needed on Windows 10 devices running version 1803 or earlier.
-Microsoft Defender ATP GCC High specific | ```us4-v20.events.data.microsoft.com``` 
```winatp-gw-usgt.microsoft.com```
```winatp-gw-usgv.microsoft.com```
```*.blob.core.usgovcloudapi.net``` 
+Defender for Endpoint GCC High specific | ```us4-v20.events.data.microsoft.com``` 
```winatp-gw-usgt.microsoft.com```
```winatp-gw-usgv.microsoft.com```
```*.blob.core.usgovcloudapi.net``` 
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
index d34460c4bf..500eccf845 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
@@ -21,7 +21,7 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-* The error codes listed in the following table may be returned by an operation on any of Microsoft Defender ATP APIs.
+* The error codes listed in the following table may be returned by an operation on any of Microsoft Defender for Endpoint APIs.
 * Note that in addition to the error code, every error response contains an error message which can help resolving the problem.
 * Note that the message is a free text that can be changed.
 * At the bottom of the page you can find response examples.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/community.md b/windows/security/threat-protection/microsoft-defender-atp/community.md
index 72fcf84f1e..f68dcdeab3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/community.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/community.md
@@ -19,17 +19,17 @@ ms.date: 04/24/2018
 ---
 
 
-# Access the Microsoft Defender ATP Community Center
+# Access the Microsoft Defender for Endpoint Community Center
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
-The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
+The Defender for Endpoint Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
 
 There are several spaces you can explore to learn about specific information:
 - Announcements 
@@ -38,8 +38,8 @@ There are several spaces you can explore to learn about specific information:
 
 
 There are several ways you can access the Community Center:
-- In the Microsoft Defender Security Center navigation pane, select **Community center**.  A new browser tab opens and takes you to the Microsoft Defender ATP Tech Community page. 
-- Access the community through the [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
+- In the Microsoft Defender Security Center navigation pane, select **Community center**.  A new browser tab opens and takes you to the Defender for Endpoint Tech Community page. 
+- Access the community through the [Microsoft Defender for Endpoint Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
 
 
 You can instantly view and read conversations that have been posted in the community. 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
index 37f919486e..a0ace30f14 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
@@ -23,11 +23,11 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
 
 Conditional Access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications.
 
@@ -37,7 +37,7 @@ With Conditional Access, you can control access to enterprise information based
 
 You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state. 
 
-The implementation of Conditional Access in Microsoft Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies. 
+The implementation of Conditional Access in Defender for Endpoint is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies. 
 
 The compliance policy is used with Conditional Access to allow only devices that fulfill one or more device compliance policy rules to access applications. 
 
@@ -67,15 +67,15 @@ When the risk is removed either through manual or automated remediation, the dev
 
 The following example sequence of events explains Conditional Access in action:
 
-1. A user opens a malicious file and Microsoft Defender ATP flags the device as high risk.
+1. A user opens a malicious file and Defender for Endpoint flags the device as high risk.
 2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat.
 3. Based on the policy created in Intune, the device is marked as not compliant. The assessment is then communicated to Azure AD by the Intune Conditional Access policy. In Azure AD, the corresponding policy is applied to block access to applications.
-4. The manual or automated investigation and remediation is completed and the threat is removed. Microsoft Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
+4. The manual or automated investigation and remediation is completed and the threat is removed. Defender for Endpoint sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
 5. Users can now access applications.
 
  
 ## Related topic
-- [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md)
+- [Configure Conditional Access in Microsoft Defender for Endpoint](configure-conditional-access.md)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
index af6feb07a8..aca0be0b19 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
@@ -17,25 +17,24 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure Micro Focus ArcSight to pull Microsoft Defender ATP detections
+# Configure Micro Focus ArcSight to pull Defender for Endpoint detections
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) 
 
-You'll need to install and configure some files and tools to use Micro Focus ArcSight so that it can pull Microsoft Defender ATP detections.
+You'll need to install and configure some files and tools to use Micro Focus ArcSight so that it can pull Defender for Endpoint detections.
 
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
+>- [Defender for Endpoint Alert](alerts.md) is composed from one or more detections
+>- [Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
 
 ## Before you begin
 
@@ -43,7 +42,7 @@ Configuring the Micro Focus ArcSight Connector tool requires several configurati
 
 This section guides you in getting the necessary information to set and use the required configuration files correctly.
 
-- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
+- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md).
 
 - Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
   - OAuth 2.0 Token refresh URL
@@ -116,7 +115,7 @@ The following steps assume that you have completed all the required steps in [Be
     Browse to the location of the wdatp-connector.properties file. The name must match the file provided in the .zip that you downloaded.
     
     Refresh Token
-    You can obtain a refresh token in two ways: by generating a refresh token from the SIEM settings page or using the restutil tool. 

 For more information on generating a refresh token from the Preferences setup , see Enable SIEM integration in Microsoft Defender ATP. 
 
Get your refresh token using the restutil tool: 
 a. Open a command prompt. Navigate to C:\folder_location\current\bin where folder_location represents the location where you installed the tool. 

 b. Type: arcsight restutil token -config from the bin directory.For example: arcsight restutil boxtoken -proxy proxy.location.hp.com:8080 A Web browser window will open. 
 
c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. 
 
d. A refresh token is shown in the command prompt. 

 e. Copy and paste it into the Refresh Token field.
+    You can obtain a refresh token in two ways: by generating a refresh token from the SIEM settings page or using the restutil tool. 

 For more information on generating a refresh token from the Preferences setup , see Enable SIEM integration in Defender for Endpoint. 
 
Get your refresh token using the restutil tool: 
 a. Open a command prompt. Navigate to C:\folder_location\current\bin where folder_location represents the location where you installed the tool. 

 b. Type: arcsight restutil token -config from the bin directory.For example: arcsight restutil boxtoken -proxy proxy.location.hp.com:8080 A Web browser window will open. 
 
c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. 
 
d. A refresh token is shown in the command prompt. 

 e. Copy and paste it into the Refresh Token field.
     
     
     
@@ -178,7 +177,7 @@ The following steps assume that you have completed all the required steps in [Be
 
 You can now run queries in the Micro Focus ArcSight console.
 
-Microsoft Defender ATP detections will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name.
+Defender for Endpoint detections will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name.
 
 
 ## Troubleshooting Micro Focus ArcSight connection
@@ -204,7 +203,7 @@ Microsoft Defender ATP detections will appear as discrete events, with "Microsof
 > Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear.
 
 ## Related topics
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
-- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
+- [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md)
+- [Configure Splunk to pull Defender for Endpoint detections](configure-splunk.md)
+- [Pull Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md)
 - [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
index 67bd1bd7dc..f8d91cd3e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
@@ -29,7 +29,7 @@ ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). 
+If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Defender for Endpoint), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). 
 
 To configure automated investigation and remediation, [turn on the features](#turn-on-automated-investigation-and-remediation), and then [set up device groups](#set-up-device-groups).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
index afca257675..206e5721b3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
@@ -17,12 +17,12 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure Conditional Access in Microsoft Defender ATP
+# Configure Conditional Access in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 This section guides you through all the steps you need to take to properly implement Conditional Access.
 
@@ -54,7 +54,7 @@ It's important to note the required roles to access these portals and implement
 
 Take the following steps to enable Conditional Access:
 - Step 1: Turn on the Microsoft Intune connection from Microsoft Defender Security Center
-- Step 2: Turn on the Microsoft Defender ATP integration in Intune
+- Step 2: Turn on the Defender for Endpoint integration in Intune
 - Step 3: Create the compliance policy in Intune
 - Step 4: Assign the policy 
 - Step 5: Create an Azure AD Conditional Access policy
@@ -66,7 +66,7 @@ Take the following steps to enable Conditional Access:
 3. Click **Save preferences**.
 
 
-### Step 2: Turn on the Microsoft Defender ATP integration in Intune
+### Step 2: Turn on the Defender for Endpoint integration in Intune
 1. Sign in to the [Azure portal](https://portal.azure.com).
 2. Select **Device compliance** > **Microsoft Defender ATP**.
 3. Set **Connect Windows 10.0.15063+ devices to Microsoft Defender Advanced Threat Protection** to **On**.
@@ -107,4 +107,4 @@ Take the following steps to enable Conditional Access:
 
 For more information, see [Enable Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
index ed52fc4d30..f7ccfe871b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
@@ -23,12 +23,12 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
 
-You can configure Microsoft Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
+You can configure Defender for Endpoint to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
 
 > [!NOTE]
 > Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications.
@@ -57,7 +57,7 @@ You can create rules that determine the devices and alert severities to send ema
     - **Include device information** - Includes the device name in the email alert body.
     
         >[!NOTE]
-        > This information might be processed by recipient mail servers that ar not in the geographic location you have selected for your Microsoft Defender ATP data.
+        > This information might be processed by recipient mail servers that ar not in the geographic location you have selected for your Defender for Endpoint data.
 
     - **Devices** - Choose whether to notify recipients for alerts on all devices (Global administrator role only) or on selected device groups. For more information, see [Create and manage device groups](machine-groups.md).
     - **Alert severity** - Choose the alert severity level.
@@ -92,9 +92,9 @@ This section lists various issues that you may encounter when using email notifi
 
 **Solution:** Make sure that the notifications are not blocked by email filters:
 
-1. Check that the Microsoft Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk.
-2. Check that your email security product is not blocking the email notifications from Microsoft Defender ATP.
-3. Check your email application rules that might be catching and moving your Microsoft Defender ATP email notifications.
+1. Check that the Defender for Endpoint email notifications are not sent to the Junk Email folder. Mark them as Not junk.
+2. Check that your email security product is not blocking the email notifications from Defender for Endpoint.
+3. Check your email application rules that might be catching and moving your Defender for Endpoint email notifications.
 
 ## Related topics
 - [Update data retention settings](data-retention-settings.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
index 700626f9c0..5360517315 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
@@ -27,12 +27,12 @@ ms.date: 04/24/2018
 
 - Group Policy
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
 
 
 > [!NOTE]
@@ -45,7 +45,7 @@ ms.date: 04/24/2018
 [![Image of the PDF showing the various deployment paths](images/onboard-gp.png)](images/onboard-gp.png#lightbox)
 
 
-Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
+Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint. 
 
 
 
@@ -76,9 +76,9 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
 9. Click **OK** and close any open GPMC windows.
 
 >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md).
 
-## Additional Microsoft Defender ATP configuration settings
+## Additional Defender for Endpoint configuration settings
 For each device, you can state whether samples can be collected from the device when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
 
 You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
@@ -234,5 +234,5 @@ With Group Policy there isn’t an option to monitor deployment of policies on t
 - [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
 - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
 - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP devices](run-detection-test.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint devices](run-detection-test.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
index 7afe88950a..0a97fbf1e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
@@ -25,13 +25,13 @@ ms.topic: article
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
 
-You can use mobile device management (MDM) solutions to configure devices. Microsoft Defender ATP supports MDMs by providing OMA-URIs to create policies to manage devices.
+You can use mobile device management (MDM) solutions to configure devices. Defender for Endpoint supports MDMs by providing OMA-URIs to create policies to manage devices.
 
-For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Defender for Endpoint CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
 ## Before you begin
 If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings will not be applied successfully. 
@@ -40,13 +40,13 @@ For more information on enabling MDM with Microsoft Intune, see [Device enrollme
 
 ## Onboard devices using Microsoft Intune
 
-[![Image of the PDF showing onboarding devices to Microsoft Defender ATP using Microsoft Intune](images/onboard-intune.png) ](images/onboard-intune-big.png#lightbox)
+[![Image of the PDF showing onboarding devices to Defender for Endpoint using Microsoft Intune](images/onboard-intune.png) ](images/onboard-intune-big.png#lightbox)
 
-Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
+Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint. 
 
 Follow the instructions from [Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
 
-For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Defender for Endpoint CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
 
 > [!NOTE]
@@ -55,7 +55,7 @@ For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedTh
 
 
 >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md).
 
 
 Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
@@ -98,5 +98,5 @@ For more information on Microsoft Intune policy settings see, [Windows 10 policy
 - [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
 - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
 - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
index 23aaa30171..ba65815551 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
@@ -26,21 +26,21 @@ ms.topic: article
 
 - macOS
 - Linux
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) 
 
-Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. 
+Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. 
 
-You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. For more information, see:
-- [Microsoft Defender ATP for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements)  
-- [Microsoft Defender ATP for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements).
+You'll need to know the exact Linux distros and macOS versions that are compatible with Defender for Endpoint for the integration to work. For more information, see:
+- [Microsoft Defender for Endpoint for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements)  
+- [Microsoft Defender for Endpoint for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements).
 
 ## Onboarding non-Windows devices
 You'll need to take the following steps to onboard non-Windows devices:
 1. Select your preferred method of onboarding:
 
-   - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
+   - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
    - For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**.   
        
      1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
@@ -56,7 +56,7 @@ You'll need to take the following steps to onboard non-Windows devices:
 
 ## Offboard non-Windows devices
 
-1. Follow the third-party's documentation to disconnect the third-party solution from Microsoft Defender ATP.
+1. Follow the third-party's documentation to disconnect the third-party solution from Microsoft Defender for Endpoint.
 
 2. Remove permissions for the third-party solution in your Azure AD tenant.
    1. Sign in to the [Azure portal](https://portal.azure.com).
@@ -69,4 +69,4 @@ You'll need to take the following steps to onboard non-Windows devices:
 - [Onboard Windows 10 devices](configure-endpoints.md)
 - [Onboard servers](configure-server-endpoints.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
-- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshooting Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
index 9bec35b806..38ec7959c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
@@ -25,11 +25,11 @@ ms.date: 02/07/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - Microsoft Endpoint Configuration Manager current branch
 - System Center 2012 R2 Configuration Manager
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
 
 ## Supported client operating systems
 
@@ -56,7 +56,7 @@ Starting in Configuration Manager version 2002, you can onboard the following op
 [![Image of the PDF showing the various deployment paths](images/onboard-config-mgr.png)](images/onboard-config-mgr.png#lightbox)
 
 
-Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
+Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender for Endpoint. 
 
 
 
@@ -77,10 +77,10 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
     a. Choose a predefined device collection to deploy the package to.
 
 > [!NOTE]
-> Microsoft Defender ATP doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
+> Defender for Endpoint doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
 
 >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md).
 >
 > Note that it is possible to create a detection rule on a Configuration Manager application to continuously check if a device has been onboarded. An application is a different type of object than a package and program.
 > If a device is not yet onboarded (due to pending OOBE completion or any other reason), Configuration Manager will retry to onboard the device until the rule detects the status change.
@@ -190,13 +190,13 @@ If you use Microsoft Endpoint Configuration Manager current branch, see [Create
 
 ## Monitor device configuration
 
-If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Microsoft Defender ATP dashboard in the Configuration Manager console. For more information, see [Microsoft Defender Advanced Threat Protection - Monitor](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
+If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Defender for Endpoint dashboard in the Configuration Manager console. For more information, see [Defender for Endpoint - Monitor](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
 
 If you're using System Center 2012 R2 Configuration Manager, monitoring consists of two parts:
 
 1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the devices in your network.
 
-2. Checking that the devices are compliant with the Microsoft Defender ATP service (this ensures the device can complete the onboarding process and can continue to report data to the service).
+2. Checking that the devices are compliant with the Defender for Endpoint service (this ensures the device can complete the onboarding process and can continue to report data to the service).
 
 ### Confirm the configuration package has been correctly deployed
 
@@ -208,7 +208,7 @@ If you're using System Center 2012 R2 Configuration Manager, monitoring consists
 
 4. Review the status indicators under **Completion Statistics** and **Content Status**.
 
-    If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
+    If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md).
 
     ![Configuration Manager showing successful deployment with no errors](images/sccm-deployment.png)
 
@@ -232,4 +232,4 @@ For more information, see [Introduction to compliance settings in System Center
 - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
 - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
 - [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
index 368587d25f..acfdb668c7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
@@ -25,14 +25,14 @@ ms.topic: article
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
 
-You can also manually onboard individual devices to Microsoft Defender ATP. You might want to do this first when testing the service before you commit to onboarding all devices in your network.
+You can also manually onboard individual devices to Defender for Endpoint. You might want to do this first when testing the service before you commit to onboarding all devices in your network.
 
 > [!IMPORTANT]
 > This script has been optimized for use on up to 10 devices.
@@ -44,7 +44,7 @@ You can also manually onboard individual devices to Microsoft Defender ATP. You
 [![Image of the PDF showing the various deployment paths](images/onboard-script.png)](images/onboard-script.png#lightbox)
 
 
-Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
+Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint. 
 
 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
@@ -72,11 +72,11 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
 
 5.  Press the **Enter** key or click **OK**.
 
-For information on how you can manually validate that the device is compliant and correctly reports sensor data see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
+For information on how you can manually validate that the device is compliant and correctly reports sensor data see, [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md).
 
 
 >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint endpoint](run-detection-test.md).
 
 ## Configure sample collection settings
 For each device, you can set a configuration value to state whether samples can be collected from the device when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
@@ -151,5 +151,5 @@ Monitoring can also be done directly on the portal, or by using the different de
 - [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
 - [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
 - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 03c9870858..bf5c5cb238 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -27,16 +27,16 @@ ms.date: 04/16/2020
 - Virtual desktop infrastructure (VDI) devices
 
 >[!WARNING]
-> Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However single session scenarios on Windows Virtual Desktop are fully supported.
+> Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However single session scenarios on Windows Virtual Desktop are fully supported.
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
 
 ## Onboard non-persistent virtual desktop infrastructure (VDI) devices
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Microsoft Defender ATP supports non-persistent VDI session onboarding. 
+Defender for Endpoint supports non-persistent VDI session onboarding. 
 
 >[!Note]
 >To onboard non-persistent VDI sessions, VDI devices must be on Windows 10.
@@ -45,10 +45,10 @@ Microsoft Defender ATP supports non-persistent VDI session onboarding.
 
 There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
 
-- Instant early onboarding of a short-lived sessions, which must be onboarded to Microsoft Defender ATP prior to the actual provisioning.
+- Instant early onboarding of a short-lived sessions, which must be onboarded to Defender for Endpoint prior to the actual provisioning.
 - The device name is typically reused for new sessions.
 
-VDI devices can appear in Microsoft Defender ATP portal as either:
+VDI devices can appear in Defender for Endpoint portal as either:
 
 - Single entry for each device.  
 Note that in this case, the *same* device name must be configured when the session is created, for example using an unattended answer file.
@@ -57,7 +57,7 @@ Note that in this case, the *same* device name must be configured when the sessi
 The following steps will guide you through onboarding VDI devices and will highlight steps for single and multiple entries.
 
 >[!WARNING]
-> For environments where there are low resource configurations, the VDI boot procedure might slow the Microsoft Defender ATP sensor onboarding. 
+> For environments where there are low resource configurations, the VDI boot procedure might slow the Defender for Endpoint sensor onboarding. 
 
 1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
@@ -126,7 +126,7 @@ For more information on DISM commands and offline servicing, please refer to the
 
 If offline servicing is not a viable option for your non-persistent VDI environment, the following steps should be taken to ensure consistency and sensor health:
 
-1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script).
+1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Defender for Endpoint sensor. For more information, see [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script).
 
 2. Ensure the sensor is stopped by running the command below in a CMD window:
 
@@ -153,4 +153,4 @@ If offline servicing is not a viable option for your non-persistent VDI environm
 - [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
 - [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
 - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
index e4fff50bcb..00ee7a17a2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
@@ -25,10 +25,10 @@ ms.topic: conceptual
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Microsoft 365 Endpoint data loss prevention (DLP)](/microsoft-365/compliance/endpoint-dlp-learn-about)
 
-Devices in your organization must be configured so that the Microsoft Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
+Devices in your organization must be configured so that the Defender for Endpoint service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
 
 The following deployment tools and methods are supported:
 
@@ -47,4 +47,4 @@ Topic | Description
 [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI devices.
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
index 34cad32cfc..17e8cb3039 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink).
+> Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink).
 
 [Attack surface reduction (ASR) rules](./attack-surface-reduction.md) identify and prevent typical malware exploits. They control when and how potentially malicious code can run. For example, they can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, and block processes that run from USB drives.
 
@@ -52,5 +52,5 @@ For more information about ASR rule deployment in Microsoft 365 security center,
 **Related topics**
 
 * [Ensure your devices are configured properly](configure-machines.md)
-* [Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
-* [Monitor compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
+* [Get devices onboarded to Microsoft Defender for Endpoint](configure-machines-onboarding.md)
+* [Monitor compliance to the Microsoft Defender for Endpoint security baseline](configure-machines-security-baseline.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
index 62caae5332..b207e1fb84 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Get devices onboarded to Microsoft Defender ATP
+# Get devices onboarded to Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
 Each onboarded device adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a device can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks.
 
@@ -35,17 +35,17 @@ Before you can track and manage onboarding of devices:
 
 ## Discover and track unprotected devices
 
-The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 devices that have actually onboarded to Microsoft Defender ATP against the total number of Intune-managed Windows 10 devices.
+The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 devices that have actually onboarded to Defender for Endpoint against the total number of Intune-managed Windows 10 devices.
 
 ![Device configuration management Onboarding card](images/secconmgmt_onboarding_card.png)

 *Card showing onboarded devices compared to the total number of Intune-managed Windows 10 device*
 
 >[!NOTE]
->If you used Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to your devices.
+>If you used Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Defender for Endpoint onboarding and assign that profile to your devices.
 
 ## Onboard more devices with Intune profiles
 
-Microsoft Defender ATP provides several convenient options for [onboarding Windows 10 devices](onboard-configure.md). For Intune-managed devices, however, you can leverage Intune profiles to conveniently deploy the Microsoft Defender ATP sensor to select devices, effectively onboarding these devices to the service.
+Defender for Endpoint provides several convenient options for [onboarding Windows 10 devices](onboard-configure.md). For Intune-managed devices, however, you can leverage Intune profiles to conveniently deploy the Defender for Endpoint sensor to select devices, effectively onboarding these devices to the service.
 
 From the **Onboarding** card, select **Onboard more devices** to create and assign a profile on Intune. The link takes you to the device compliance page on Intune, which provides a similar overview of your onboarding state.
 
@@ -53,21 +53,21 @@ From the **Onboarding** card, select **Onboard more devices** to create and assi
    *Microsoft Defender ATP device compliance page on Intune device management*
 
 >[!TIP]
->Alternatively, you can navigate to the Microsoft Defender ATP onboarding compliance page in the [Microsoft Azure portal](https://portal.azure.com/) from **All services > Intune > Device compliance > Microsoft Defender ATP**.
+>Alternatively, you can navigate to the Defender for Endpoint onboarding compliance page in the [Microsoft Azure portal](https://portal.azure.com/) from **All services > Intune > Device compliance > Microsoft Defender ATP**.
 
 >[!NOTE]
 > If you want to view the most up-to-date device data, click on **List of devices without ATP sensor**.
 
-From the device compliance page, create a configuration profile specifically for the deployment of the Microsoft Defender ATP sensor and assign that profile to the devices you want to onboard. To do this, you can either:
+From the device compliance page, create a configuration profile specifically for the deployment of the Defender for Endpoint sensor and assign that profile to the devices you want to onboard. To do this, you can either:
 
 - Select **Create a device configuration profile to configure ATP sensor** to start with a predefined device configuration profile.
 - Create the device configuration profile from scratch.
 
-For more information, [read about using Intune device configuration profiles to onboard devices to Microsoft Defender ATP](https://docs.microsoft.com/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
+For more information, [read about using Intune device configuration profiles to onboard devices to Defender for Endpoint](https://docs.microsoft.com/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
 
 ## Related topics
 - [Ensure your devices are configured properly](configure-machines.md)
-- [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
+- [Increase compliance to the Defender for Endpoint security baseline](configure-machines-security-baseline.md)
 - [Optimize ASR rule deployment and detections](configure-machines-asr.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
index 5540903d10..e110a3d518 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
@@ -17,17 +17,17 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Increase compliance to the Microsoft Defender ATP security baseline
+# Increase compliance to the Microsoft Defender for Endpoint security baseline
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
-Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Microsoft Defender ATP security baseline sets Microsoft Defender ATP security controls to provide optimal protection.
+Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Defender for Endpoint security baseline sets Defender for Endpoint security controls to provide optimal protection.
 
 To understand security baselines and how they are assigned on Intune using configuration profiles, [read this FAQ](https://docs.microsoft.com/intune/security-baselines#q--a).
 
@@ -36,22 +36,22 @@ Before you can deploy and track compliance to security baselines:
 - [Ensure you have the necessary permissions](configure-machines.md#obtain-required-permissions)
 
 ## Compare the Microsoft Defender ATP and the Windows Intune security baselines
-The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure devices running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Microsoft Defender Antivirus. In contrast, the Microsoft Defender ATP baseline provides settings that optimize all the security controls in the Microsoft Defender ATP stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see:
+The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure devices running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Microsoft Defender Antivirus. In contrast, the Defender for Endpoint baseline provides settings that optimize all the security controls in the Defender for Endpoint stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see:
 
 - [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
 - [Microsoft Defender ATP baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp)
 
-Ideally, devices onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls. To benefit from the latest data on risks and threats and to minimize conflicts as baselines evolve, always apply the latest versions of the baselines across all products as soon as they are released.
+Ideally, devices onboarded to Defender for Endpoint are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Defender for Endpoint security baseline layered on top to optimally configure the Defender for Endpoint security controls. To benefit from the latest data on risks and threats and to minimize conflicts as baselines evolve, always apply the latest versions of the baselines across all products as soon as they are released.
 
 >[!NOTE]
->The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machine (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
+>The Defender for Endpoint security baseline has been optimized for physical devices and is currently not recommended for use on virtual machine (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
 
-## Monitor compliance to the Microsoft Defender ATP security baseline
+## Monitor compliance to the Defender for Endpoint security baseline
 
-The **Security baseline** card on [device configuration management](configure-machines.md) provides an overview of compliance across Windows 10 devices that have been assigned the Microsoft Defender ATP security baseline.
+The **Security baseline** card on [device configuration management](configure-machines.md) provides an overview of compliance across Windows 10 devices that have been assigned the Defender for Endpoint security baseline.
 
 ![Security baseline card](images/secconmgmt_baseline_card.png)

-*Card showing compliance to the Microsoft Defender ATP security baseline*
+*Card showing compliance to the Defender for Endpoint security baseline*
 
 Each device is given one of the following status types:
 
@@ -65,20 +65,20 @@ To review specific devices, select **Configure security baseline** on the card.
 >[!NOTE]
 >You might experience discrepancies in aggregated data displayed on the device configuration management page and those displayed on overview screens in Intune.
 
-## Review and assign the Microsoft Defender ATP security baseline
+## Review and assign the Microsoft Defender for Endpoint security baseline
 
-Device configuration management monitors baseline compliance only of Windows 10 devices that have been specifically assigned the Microsoft Defender ATP security baseline. You can conveniently review the baseline and assign it to devices on Intune device management.
+Device configuration management monitors baseline compliance only of Windows 10 devices that have been specifically assigned the Microsoft Defender for Endpoint security baseline. You can conveniently review the baseline and assign it to devices on Intune device management.
 
 1. Select **Configure security baseline** on the **Security baseline** card to go to Intune device management. A similar overview of baseline compliance is displayed.
 
    >[!TIP]
-   > Alternatively, you can navigate to the Microsoft Defender ATP security baseline in the Microsoft Azure portal from **All services > Intune > Device security > Security baselines > Microsoft Defender ATP baseline**.
+   > Alternatively, you can navigate to the Defender for Endpoint security baseline in the Microsoft Azure portal from **All services > Intune > Device security > Security baselines > Microsoft Defender ATP baseline**.
 
 
 2. Create a new profile.
 
-   ![Microsoft Defender ATP security baseline overview on Intune](images/secconmgmt_baseline_intuneprofile1.png)

-   *Microsoft Defender ATP security baseline overview on Intune*
+   ![Microsoft Defender for Endpoint security baseline overview on Intune](images/secconmgmt_baseline_intuneprofile1.png)

+   *Microsoft Defender for Endpoint security baseline overview on Intune*
 
 3. During profile creation, you can review and adjust specific settings on the baseline.
 
@@ -98,9 +98,9 @@ Device configuration management monitors baseline compliance only of Windows 10
 >[!TIP]
 >Security baselines on Intune provide a convenient way to comprehensively secure and protect your devices. [Learn more about security baselines on Intune](https://docs.microsoft.com/intune/security-baselines).
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
 
 ## Related topics
 - [Ensure your devices are configured properly](configure-machines.md)
-- [Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
+- [Get devices onboarded to Microsoft Defender for Endpoint](configure-machines-onboarding.md)
 - [Optimize ASR rule deployment and detections](configure-machines-asr.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
index 163980b414..9b830a3988 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
@@ -23,14 +23,14 @@ ms.topic: conceptual
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint ](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
 With properly configured devices, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your devices:
 
-- Onboard to Microsoft Defender ATP
-- Meet or exceed the Microsoft Defender ATP security baseline configuration
+- Onboard to Microsoft Defender for Endpoint
+- Meet or exceed the Defender for Endpoint security baseline configuration
 - Have strategic attack surface mitigations in place
 
 Click **Configuration management** from the navigation menu to open the Device configuration management page.
@@ -56,7 +56,7 @@ Before you can ensure your devices are configured properly, enroll them to Intun
 >To enroll Windows devices to Intune, administrators must have already been assigned licenses. [Read about assigning licenses for device enrollment](https://docs.microsoft.com/intune/licenses-assign).
 
 >[!TIP] 
->To optimize device management through Intune, [connect Intune to Microsoft Defender ATP](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
+>To optimize device management through Intune, [connect Intune to Defender for Endpoint](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
 
 ## Obtain required permissions
 By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage and assign the device configuration profiles needed for onboarding devices and deploying the security baseline.
@@ -77,8 +77,8 @@ If you have been assigned other roles, ensure you have the necessary permissions
 ## In this section
 Topic | Description
 :---|:---
-[Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)| Track onboarding status of Intune-managed devices and onboard more devices through Intune. 
-[Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed devices.
+[Get devices onboarded to Defender for Endpoint](configure-machines-onboarding.md)| Track onboarding status of Intune-managed devices and onboard more devices through Intune. 
+[Increase compliance to the Defender for Endpoint security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed devices.
 [Optimize ASR rule deployment and detections](configure-machines-asr.md) | Review rule deployment and tweak detections using impact analysis tools in Microsoft 365 security center.
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
index d5e1655ca5..3ce240d781 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
@@ -26,20 +26,20 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Before you begin 
 > [!NOTE]
 > Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
 
-Ensure that you have Microsoft Defender ATP deployed in your environment with devices enrolled, and not just on a laboratory set-up.
+Ensure that you have Defender for Endpoint deployed in your environment with devices enrolled, and not just on a laboratory set-up.
 
-Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
+Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
 
 If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription. 
 
 ## Register to Microsoft Threat Experts managed threat hunting service 
-If you're already a Microsoft Defender ATP customer, you can apply through the Microsoft Defender ATP portal. 
+If you're already a Defender for Endpoint customer, you can apply through the Microsoft Defender for Endpoint portal. 
 
 1. From the navigation pane, go to **Settings > General > Advanced features > Microsoft Threat Experts**.
 
@@ -59,7 +59,7 @@ If you're already a Microsoft Defender ATP customer, you can apply through the M
 
 ## Receive targeted attack notification from Microsoft Threat Experts 
 You can receive targeted attack notification from Microsoft Threat Experts through the following medium:  
-- The Microsoft Defender ATP portal's **Alerts** dashboard  
+- The Defender for Endpoint portal's **Alerts** dashboard  
 - Your email, if you choose to configure it 
 
 To receive targeted attack notifications through email, create an email notification rule.
@@ -116,7 +116,7 @@ Watch this video for a quick overview of the Microsoft Services Hub.
 **Alert information**
 - We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?
 - We’ve observed two similar attacks, which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious PowerShell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
-- I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Microsoft Defender ATP see these attempts? What type of sign-ins are being monitored?
+- I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Defender for Endpoint see these attempts? What type of sign-ins are being monitored?
 - Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. 
 
 **Possible machine compromise**
@@ -125,7 +125,7 @@ Watch this video for a quick overview of the Microsoft Services Hub.
 
 **Threat intelligence details**
 - We detected a phishing email that delivered a malicious Word document to a user. The malicious Word document caused a series of suspicious events, which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
-- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor? 
+- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Defender for Endpoint provides against this threat actor? 
 
 **Microsoft Threat Experts’ alert communications** 
 - Can your incident response team help us address the targeted attack notification that we got?

From b924d11f22fb242b3b20f9d5b3f7bcc8bbe8be66 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 28 Oct 2020 14:58:08 -0700
Subject: [PATCH 062/384] calculation

---
 .../tvm-exposure-score.md                     | 49 +++++++++++++++----
 1 file changed, 40 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
index f73d28e79c..d23e973e81 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
@@ -41,15 +41,6 @@ The card gives you a high-level view of your exposure score trend over time. Any
 
 ## How it works
 
-Threat and vulnerability management  introduces a new exposure score metric, which visually represents how exposed your devices are to imminent threats.
-
-The exposure score is continuously calculated on each device in the organization. It is influenced by the following factors:
-
-- Weaknesses, such as vulnerabilities discovered on the device
-- External and internal threats such as public exploit code and security alerts
-- Likelihood of the device to get breached given its current security posture
-- Value of the device to the organization given its role and content
-
 The exposure score is broken down into the following levels:
 
 - 0–29: low exposure score
@@ -58,6 +49,46 @@ The exposure score is broken down into the following levels:
 
 You can remediate the issues based on prioritized [security recommendations](tvm-security-recommendation.md) to reduce the exposure score. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization.
 
+## How the score is calculated
+
+The exposure score is continuously calculated on each device in the organization. It is scored & evaluated based on the following categories:
+
+- **Threats** - external and internal threats such as public exploit code and security alerts
+- **Likelihood** - likelihood of the device to get breached given its current security posture
+- **Value** - value of the device to the organization given its role and content
+
+**Device exposure score** = (Threats + Likelihood) x Value
+
+**Organization exposure score** = Avg (All device exposure scores) taking into account organization value multipliers
+
+### Threats
+
+Points are added based on whether the device has any vulnerabilities or misconfigurations, determined by the Common Vulnerability Scoring System (CVSS) base score.
+
+Further points are added based on:
+
+- Exploits availability and whether the exploit is verified or ranked
+- A threat campaign is linked to the vulnerability or misconfiguration
+
+### Likelihood
+
+Points are added based on whether any of the following factors are true:
+
+- The device is internet facing
+- Specific compensating controls are misconfigured
+- An exploit attempt is linked directly to a threat spotted in the organization
+
+### Value
+
+Points are added based on whether any of the following factors are true for a device:
+
+- Contains high business impact (HBI) data
+- Marked as a High Value Asset (HVA) or serves as an important server role (e.g. AD, DNS)
+- Runs a business critical app (BCA)
+- Used by a marked high value user (HVU) (e.g. domain admin, CEO)
+
+If a device is valuable to your organization, it should increase the total organization exposure score.
+
 ## Reduce your threat and vulnerability exposure
 
 Lower your threat and vulnerability exposure by remediating [security recommendations](tvm-security-recommendation.md). Make the most impact to your exposure score by remediating the top security recommendations, which can be viewed in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md).

From 328c42903f62092b0c41a3d3f8f628b2586dae2d Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Wed, 28 Oct 2020 17:18:14 -0700
Subject: [PATCH 063/384] Added TS policies

---
 .../mdm/policy-csp-admx-terminalserver.md     | 5760 +++++++++++++++++
 1 file changed, 5760 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index 74a8c02c29..d1a599cfa9 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -1021,6 +1021,5766 @@ ADMX Info:
 
 

 
+
+**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.
+
+You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.
+
+If you enable this policy setting, users cannot redirect Clipboard data.
+
+If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.
+
+If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow Clipboard redirection*
+-   GP name: *TS_CLIENT_CLIPBOARD*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_COM**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.
+
+You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.
+
+If you enable this policy setting, users cannot redirect server data to the local COM port.
+
+If you disable this policy setting, Remote Desktop Services always allows COM port redirection.
+
+If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow COM port redirection*
+-   GP name: *TS_CLIENT_COM*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.
+
+By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.
+
+If you enable this policy setting, the default printer is the printer specified on the remote computer.  If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.
+
+If you do not configure this policy setting, the default printer is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not set default client printer to be default printer in a session*
+-   GP name: *TS_CLIENT_DEFAULT_M*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. If you use this setting, the Remote Desktop Client will use only software decoding.
+
+For example, if you have a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow hardware accelerated decoding*
+-   GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Controls whether a user can save passwords using Remote Desktop Connection.
+
+If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.
+
+If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow passwords to be saved*
+-   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_LPT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.
+
+You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.
+
+If you enable this policy setting, users in a Remote Desktop Services session cannot redirect server data to the local LPT port.
+
+If you disable this policy setting, LPT port redirection is always allowed.
+
+If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow LPT port redirection*
+-   GP name: *TS_CLIENT_LPT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_PNP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session.
+
+By default, Remote Desktop Services does not allow redirection of supported Plug and Play and RemoteFX USB devices.
+
+If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.
+
+If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is running Windows Server 2012 R2 and earlier versions.
+
+> [!NOTE]
+> You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow supported Plug and Play device redirection*
+-   GP name: *TS_CLIENT_PNP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_PRINTER**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.  You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.
+
+If you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.
+
+If you disable this policy setting, users can redirect print jobs with client printer mapping.  
+
+If you do not configure this policy setting, client printer mapping is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow client printer redirection*
+-   GP name: *TS_CLIENT_PRINTER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
+
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.  If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.
+
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
+> 
+> This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting.  If the list contains a string that is not a certificate thumbprint, it is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
+-   GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
+
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.  
+
+If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.  
+
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
+>
+> This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting.  If the list contains a string that is not a certificate thumbprint, it is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
+-   GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.
+
+If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.
+
+If you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn Off UDP On Client*
+-   GP name: *TS_CLIENT_TURN_OFF_UDP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_COLORDEPTH**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections.
+
+You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.
+
+If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.
+
+If you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level.
+
+> [!NOTE]
+> - Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
+> - The value specified in this policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
+> - For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
+>
+>    - Value specified by this policy setting. 
+>    - Maximum color depth supported by the client.
+>    - Value requested by the client  If the client does not support at least 16 bits, the connection is terminated.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit maximum color depth*
+-   GP name: *TS_COLORDEPTH*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive.
+
+This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.
+
+> [!NOTE]
+> If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.
+
+If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. When the size of the entire roaming user profile cache exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.
+
+If you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive.  Note:  This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the size of the entire roaming user profile cache*
+-   GP name: *TS_DELETE_ROAMING_USER_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP.
+
+You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session.
+
+If you enable this policy setting, wallpaper is not displayed in a Remote Desktop Services session.
+
+If you disable this policy setting, wallpaper is displayed in a Remote Desktop Services session, depending on the client configuration.
+
+If you do not configure this policy setting, Windows Vista displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2008 do not display wallpaper by default to Remote Desktop Services sessions.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove remote desktop wallpaper*
+-   GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.
+
+If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.
+
+If you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.
+
+> [!NOTE]
+> The policy setting affects only the default graphics processing unit (GPU) on a computer with more than one GPU installed. All additional GPUs are considered secondary adapters and used as hardware renderers. The GPU configuration of the local session is not affected by this policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use the hardware default graphics adapter for all Remote Desktop Services sessions*
+-   GP name: *TS_DX_USE_FULL_HWGPU*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_EASY_PRINT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
+
+If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.
+
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session.
+
+> [!NOTE]
+> If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use Remote Desktop Easy Print printer driver first*
+-   GP name: *TS_EASY_PRINT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_EASY_PRINT_User**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
+
+If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.
+
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session.
+
+> [!NOTE]
+> If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use Remote Desktop Easy Print printer driver first*
+-   GP name: *TS_EASY_PRINT_User*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_EnableVirtualGraphics**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
+
+When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.
+
+When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
+
+If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
+
+If you disable this policy setting, RemoteFX will be disabled.
+
+If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RemoteFX*
+-   GP name: *TS_EnableVirtualGraphics*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Session Host server fallback printer driver behavior.
+
+By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.
+
+If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You can choose to change this default behavior. The available options are: 
+
+- "Do nothing if one is not found" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the client's printer is not available. This is the default behavior.
+- "Default to PCL if one is not found" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.
+- "Default to PS if one is not found" - If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver.
+- "Show both PCL and PS if one is not found" - If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.  
+
+If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver.
+
+If you do not configure this policy setting, the fallback printer driver behavior is off by default.
+
+> [!NOTE]
+> If the "Do not allow client printer redirection" setting is enabled, this policy setting is ignored and the fallback printer driver is disabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Specify RD Session Host server fallback printer driver behavior*
+-   GP name: *TS_FALLBACKPRINTDRIVERTYPE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.
+
+This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost.
+
+If you enable this policy setting, logging off the connected administrator is not allowed.
+
+If you disable or do not configure this policy setting, logging off the connected administrator is allowed.
+
+> [!NOTE]
+> The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Deny logoff of an administrator logged in to the console session*
+-   GP name: *TS_FORCIBLE_LOGOFF*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+
+To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.
+
+If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method is not specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set RD Gateway authentication method*
+-   GP name: *TS_GATEWAY_POLICY_AUTH_METHOD*
+-   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting.
+
+You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+
+> [!NOTE]
+> To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
+
+To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default.
+
+If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Enable connection through RD Gateway*
+-   GP name: *TS_GATEWAY_POLICY_ENABLE*
+-   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+
+> [!NOTE]
+> It is highly recommended that you also specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
+
+To allow users to overwrite the "Set RD Gateway server address" policy setting and connect to another RD Gateway server, you must select the "Allow users to change this setting" check box and users will be allowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.
+
+> [!NOTE]
+> If you disable or do not configure this policy setting, but enable the "Enable connections through RD Gateway" policy setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set RD Gateway server address*
+-   GP name: *TS_GATEWAY_POLICY_SERVER*
+-   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.
+
+If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.  If you disable this policy setting, the server does not join a farm in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
+
+If the policy setting is not configured, the policy setting is not specified at the Group Policy level.
+
+> [!NOTE]
+> - If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
+> - For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Join RD Connection Broker*
+-   GP name: *TS_JOIN_SESSION_DIRECTORY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_KEEP_ALIVE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.
+
+After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.
+
+If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.
+
+If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure keep-alive connection interval*
+-   GP name: *TS_KEEP_ALIVE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_LICENSE_SECGROUP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).
+
+You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.
+
+If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server.  By default, the RDS Endpoint Servers group is empty.
+
+If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting.
+
+> [!NOTE]
+> You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *License server security group*
+-   GP name: *TS_LICENSE_SECGROUP*
+-   GP path: *Windows Components\Remote Desktop Services\RD Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_LICENSE_SERVERS**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.
+
+If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers cannot be located, the RD Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:
+
+1. Remote Desktop license servers that are published in Active Directory Domain Services.
+2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
+
+If you disable or do not configure this policy setting, the RD Session Host server does not specify a license server at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use the specified Remote Desktop license servers*
+-   GP name: *TS_LICENSE_SERVERS*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_LICENSE_TOOLTIP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.
+
+By default, notifications are displayed on an RD Session Host server after you log on as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.
+
+If you enable this policy setting, these notifications will not be displayed on the RD Session Host server.
+
+If you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide notifications about RD Licensing problems that affect the RD Session Host server*
+-   GP name: *TS_LICENSE_TOOLTIP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_LICENSING_MODE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
+
+You can use this policy setting to select one of two licensing modes: Per User or Per Device.  Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.
+
+Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.
+
+If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server.
+
+If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set the Remote Desktop licensing mode*
+-   GP name: *TS_LICENSING_MODE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_MAXDISPLAYRES**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.
+
+If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.
+
+If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit maximum display resolution*
+-   GP name: *TS_MAXDISPLAYRES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_MAXMONITOR**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.
+
+If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.
+
+If you disable or do not configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit number of monitors*
+-   GP name: *TS_MAXMONITOR*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_MAX_CON_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.
+
+You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.
+
+To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.
+
+If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.
+
+If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level.
+
+> [!NOTE]
+> This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit number of connections*
+-   GP name: *TS_MAX_CON_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_NoDisconnectMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.
+
+You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.  If you enable this policy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box.
+
+If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog box.
+
+> [!NOTE]
+> This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove "Disconnect" option from Shut Down dialog*
+-   GP name: *TS_NoDisconnectMenu*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_NoSecurityMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.
+
+If the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.
+
+If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Windows Security item from Start menu*
+-   GP name: *TS_NoSecurityMenu*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.
+
+If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user will not be prompted to provide credentials.
+
+> [!NOTE]
+> If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.
+
+If you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server.
+
+For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prompt for credentials on the client computer*
+-   GP name: *TS_PROMT_CREDS_CLIENT_COMP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_PreventLicenseUpgrade**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.
+
+A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.
+
+By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following:
+
+- A client connecting to a Windows Server 2003 terminal server
+- A client connecting to a Windows 2000 terminal server
+
+If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired.
+
+If you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent license upgrade*
+-   GP name: *TS_PreventLicenseUpgrade*
+-   GP path: *Windows Components\Remote Desktop Services\RD Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_RADC_DefaultConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.
+
+The default connection URL must be configured in the form of http://contoso.com/rdweb/Feed/webfeed.aspx.
+
+If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL.
+
+If you disable or do not configure this policy setting, the user has no default connection URL.  
+
+> [!NOTE]
+> RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Specify default connection URL*
+-   GP name: *TS_RADC_DefaultConnection*
+-   GP path: *Windows Components\Remote Desktop Services\RemoteApp and Desktop Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user.  By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.
+
+If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.
+
+If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Suspend user sign-in to complete app registration*
+-   GP name: *TS_RDSAppX_WaitForRegistration*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_RemoteControl_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected.
+
+Select the desired level of control and permission from the options list:
+
+1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.
+2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
+3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
+4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.
+5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.  
+
+If you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set rules for remote control of Remote Desktop Services user sessions*
+-   GP name: *TS_RemoteControl_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_RemoteControl_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected. 
+
+Select the desired level of control and permission from the options list:
+
+1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.
+2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
+3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
+4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.  
+5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.
+
+If you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set rules for remote control of Remote Desktop Services user sessions*
+-   GP name: *TS_RemoteControl_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered.
+
+Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).
+
+If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.
+
+By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Optimize visual experience when using RemoteFX*
+-   GP name: *TS_RemoteDesktopVirtualGraphics*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SD_ClustName**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services.
+
+If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.
+
+If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.  If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level.
+
+> [!NOTE]
+> - This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy.
+>- For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RD Connection Broker farm name*
+-   GP name: *TS_SD_ClustName*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.
+
+If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.
+
+If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. 
+
+If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.
+
+> [!NOTE]
+> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use IP Address Redirection*
+-   GP name: *TS_SD_EXPOSE_ADDRESS*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SD_Loc**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.
+
+If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.
+
+If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level.
+
+> [!NOTE]
+> - For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+> - This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled.
+> - To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RD Connection Broker server name*
+-   GP name: *TS_SD_Loc*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.
+
+If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. The following security methods are available:
+
+- Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended.
+- RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended.
+- SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy.
+
+If you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Require use of specific security layer for remote (RDP) connections*
+-   GP name: *TS_SECURITY_LAYER_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).  You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.
+
+If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.
+
+If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality.
+
+If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality.
+
+If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Select network detection on the server*
+-   GP name: *TS_SELECT_NETWORK_DETECT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SELECT_TRANSPORT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
+
+If you enable this policy setting, you must specify if you would like RDP to use UDP.  You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)". If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP.
+
+If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP.
+
+If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Select RDP transport protocols*
+-   GP name: *TS_SELECT_TRANSPORT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions.
+
+If you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.
+
+If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use advanced RemoteFX graphics for RemoteApp*
+-   GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_AUTH**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
+
+If you enable this policy setting, you must specify one of the following settings:
+- Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server.
+- Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
+- Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. 
+
+If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure server authentication for client*
+-   GP name: *TS_SERVER_AUTH*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
+-   GP name: *TS_SERVER_AVC444_MODE_PREFERRED*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. If you disable or do not configure this policy, we will always use software encoding.
+
+If you set the encoding option to “Always Attempt”, Remote Desktop will always try to use H.264/AVC hardware encoding when available, be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set on the Hyper-V host machine.
+
+If you set the encoding option to “Attempt only for RemoteFX vGPU virtual machines” be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set on the Hyper-V host machine.
+
+If you set the encoding option to “Attempt only for non-RemoteFX vGPU scenarios”, Remote Desktop attempts to use hardware encoding for all scenarios except RemoteFX vGPU.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections*
+-   GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_COMPRESSOR**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.
+
+By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.
+
+If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. In Windows  8 only the compression algorithm that balances memory usage and bandwidth is used.
+
+You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.
+
+If you disable or do not configure this policy setting, the default RDP compression algorithm will be used.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure compression for RemoteFX data*
+-   GP name: *TS_SERVER_COMPRESSOR*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.
+
+If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.
+
+If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.
+
+If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.  
+
+If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only.
+
+If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure image quality for RemoteFX Adaptive Graphics*
+-   GP name: *TS_SERVER_IMAGE_QUALITY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
+
+When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.
+
+When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
+
+If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
+
+If you disable this policy setting, RemoteFX will be disabled.
+
+If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RemoteFX*
+-   GP name: *TS_SERVER_LEGACY_RFX*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_PROFILE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth.
+
+If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
+1. Let the system choose the experience for the network condition
+2. Optimize for server scalability
+3. Optimize for minimum bandwidth usage
+
+If you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RemoteFX Adaptive Graphics*
+-   GP name: *TS_SERVER_PROFILE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_VISEXP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.
+
+By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.
+
+If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.
+
+If you disable or do not configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Optimize visual experience for Remote Desktop Service Sessions*
+-   GP name: *TS_SERVER_VISEXP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
+-   GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.
+
+You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.  When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
+
+If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.
+
+If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for disconnected sessions*
+-   GP name: *TS_SESSIONS_Disconnected_Timeout_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.
+
+You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.  When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
+
+If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.
+
+If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for disconnected sessions*
+-   GP name: *TS_SESSIONS_Disconnected_Timeout_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.
+
+If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.
+
+If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.  
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for active but idle Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Idle_Limit_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.
+
+If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.
+
+If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default,  Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for active but idle Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Idle_Limit_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SESSIONS_Limits_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.
+
+If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.
+
+If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for active Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Limits_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SESSIONS_Limits_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.
+
+If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.
+
+If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for active Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Limits_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SINGLE_SESSION**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict users to a single Remote Desktop Services session.
+
+If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon.
+
+If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.
+
+If you do not configure this policy setting, this policy setting is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
+-   GP name: *TS_SINGLE_SESSION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_SMART_CARD**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.
+
+If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session.
+
+If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
+
+> [!NOTE]
+> The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow smart card device redirection*
+-   GP name: *TS_SMART_CARD*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_START_PROGRAM_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Configures Remote Desktop Services to run a specified program automatically upon connection.
+
+You can use this setting to specify a program to run automatically when a user logs on to a remote computer.
+
+By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.
+
+To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message.
+
+If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program.
+
+If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)  
+
+> [!NOTE]
+> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Start a program on connection*
+-   GP name: *TS_START_PROGRAM_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_START_PROGRAM_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Configures Remote Desktop Services to run a specified program automatically upon connection.
+
+You can use this setting to specify a program to run automatically when a user logs on to a remote computer.
+
+By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.
+
+To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message.
+
+If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program.
+
+If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)  
+
+> [!NOTE]
+> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Start a program on connection*
+-   GP name: *TS_START_PROGRAM_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_Session_End_On_Limit_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
+
+You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.
+
+Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
+
+If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
+
+If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.  If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
+
+> [!NOTE]
+> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *End session when time limits are reached*
+-   GP name: *TS_Session_End_On_Limit_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_Session_End_On_Limit_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
+
+You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.
+
+Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
+
+If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
+
+If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.  If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
+
+> [!NOTE]
+> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *End session when time limits are reached*
+-   GP name: *TS_Session_End_On_Limit_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_TEMP_DELETE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.
+
+You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user logs off.
+
+If you enable this policy setting, a user's per-session temporary folders are retained when the user logs off from a session.
+
+If you disable this policy setting, temporary folders are deleted when a user logs off, even if the server administrator specifies otherwise.
+
+If you do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator.  
+
+> [!NOTE]
+> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not delete temp folders upon exit*
+-   GP name: *TS_TEMP_DELETE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_TEMP_PER_SESSION**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.
+
+You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid.
+
+If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.
+
+If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise.
+
+If you do not configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not use temporary folders per session*
+-   GP name: *TS_TEMP_PER_SESSION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_TIME_ZONE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.
+
+If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).
+
+If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone.
+
+> [!NOTE]
+> Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow time zone redirection*
+-   GP name: *TS_TIME_ZONE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server.
+
+You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the  RD Session Host server. By default, administrators are able to make such changes.
+
+If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only.
+
+If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.
+
+> [!NOTE]
+> The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow local administrators to customize permissions*
+-   GP name: *TS_TSCC_PERMISSIONS_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.
+
+If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.
+
+If you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.
+
+> [!NOTE]
+> If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Always show desktop on connection*
+-   GP name: *TS_TURNOFF_SINGLEAPP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.
+
+If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
+
+If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account.
+
+For this change to take effect, you must restart Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer*
+-   GP name: *TS_USB_REDIRECTION_DISABLE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.
+
+If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server.
+
+To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.
+
+If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server.
+
+If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.
+
+> [!IMPORTANT]
+> Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Require user authentication for remote connections by using Network Level Authentication*
+-   GP name: *TS_USER_AUTHENTICATION_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_USER_HOME**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user's home directory for a Remote Desktop Services session.
+
+To use this setting, select the location for the home directory (network or local) from the Location drop-down list. If you choose to place the directory on a network share, type the Home Dir Root Path in the form \\Computername\Sharename, and then select the drive letter to which you want the network share to be mapped.
+
+If you choose to keep the home directory on the local computer, type the Home Dir Root Path in the form "Drive:\Path" (without quotes), without environment variables or ellipses. Do not specify a placeholder for user alias, because Remote Desktop Services automatically appends this at logon.
+
+> [!NOTE]
+> The Drive Letter field is ignored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Root Path, Remote Desktop Services places user home directories in the network location.  
+
+If the status is set to Enabled, Remote Desktop Services creates the user's home directory in the specified location on the local computer or the network. The home directory path for each user is the specified Home Dir Root Path and the user's alias.  
+
+If the status is set to Disabled or Not Configured, the user's home directory is as specified at the server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set Remote Desktop Services User Home Directory*
+-   GP name: *TS_USER_HOME*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.
+
+If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.
+
+If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server.
+
+> [!NOTE]
+> For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use mandatory profiles on the RD Session Host server*
+-   GP name: *TS_USER_MANDATORY_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
+
+**ADMX_TerminalServer/TS_USER_PROFILES**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.
+
+By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles.
+
+If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.
+
+To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.
+
+If you disable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.
+
+> [!NOTE]
+> - The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.
+> - To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set path for Remote Desktop Services Roaming User Profile*
+-   GP name: *TS_USER_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+

+
 Footnotes:
 
 - 1 - Available in Windows 10, version 1607.

From 6a0166763fe3156ea938d9cf1a433ce6328a2831 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 29 Oct 2020 20:39:07 +0530
Subject: [PATCH 064/384] update-4567381-Batch4

rebranding
---
 .../configure-mssp-notifications.md           |  4 +-
 .../configure-mssp-support.md                 |  8 +--
 .../configure-proxy-internet.md               | 34 ++++-----
 .../configure-server-endpoints.md             | 69 +++++++++----------
 .../microsoft-defender-atp/configure-siem.md  | 22 +++---
 .../connected-applications.md                 | 10 +--
 .../microsoft-defender-atp/contact-support.md |  8 +--
 .../controlled-folders.md                     |  8 +--
 .../create-alert-by-reference.md              |  8 +--
 .../custom-detection-rules.md                 |  4 +-
 .../custom-detections-manage.md               |  2 +-
 .../customize-attack-surface-reduction.md     |  2 +-
 .../customize-controlled-folders.md           |  2 +-
 .../customize-exploit-protection.md           |  2 +-
 .../data-retention-settings.md                | 10 +--
 .../data-storage-privacy.md                   | 26 +++----
 .../defender-compatibility.md                 | 12 ++--
 .../delete-ti-indicator-by-id.md              |  4 +-
 .../deployment-phases.md                      | 15 ++--
 .../deployment-strategy.md                    | 18 ++---
 .../device-timeline-event-flag.md             |  8 +--
 .../edr-in-block-mode.md                      | 12 ++--
 .../enable-attack-surface-reduction.md        |  4 +-
 .../enable-controlled-folders.md              |  4 +-
 .../enable-exploit-protection.md              |  2 +-
 25 files changed, 148 insertions(+), 150 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
index 200173258f..e75588efda 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 >[!NOTE]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
index f5b7cb8755..dde5d47ec5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
  
 
 [!include[Prerelease information](../../includes/prerelease.md)]
@@ -44,7 +44,7 @@ The integration will allow MSSPs to take the following actions:
 - Get email notifications, and 
 - Fetch alerts through security information and event management (SIEM) tools
 
-Before MSSPs can take these actions, the MSSP customer will need to grant access to their Microsoft Defender ATP tenant so that the MSSP can access the portal. 
+Before MSSPs can take these actions, the MSSP customer will need to grant access to their Defender for Endpoint tenant so that the MSSP can access the portal. 
  
 
 Typically, MSSP customers take the initial configuration steps to grant MSSPs access to their Windows Defender Security Central tenant. After access is granted, other configuration steps can be done by either the MSSP customer or the MSSP.
@@ -54,7 +54,7 @@ In general, the following configuration steps need to be taken:
 
 
 - **Grant the MSSP access to Microsoft Defender Security Center** 

-This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Microsoft Defender ATP tenant.
+This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Defender for Endpoint tenant.
  
 
 - **Configure alert notifications sent to MSSPs** 

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index d0fbea257b..5a084ba92a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -26,13 +26,13 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
 
-The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
+The Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Defender for Endpoint service.
 
-The embedded Microsoft Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Microsoft Defender ATP cloud service.
+The embedded Defender for Endpoint sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Defender for Endpoint cloud service.
 
 >[!TIP]
 >For organizations that use forward proxies as a gateway to the Internet, you can use network protection to investigate behind a proxy. For more information, see [Investigate connection events that occur behind forward proxies](investigate-behind-proxy.md).
@@ -44,7 +44,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
   - Web Proxy Auto-discovery Protocol (WPAD)
 
     > [!NOTE]
-    > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+    > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Defender for Endpoint URL exclusions in the proxy, see [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
 
 - Manual static proxy configuration:
   - Registry based configuration
@@ -52,7 +52,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
 
 ## Configure the proxy server manually using a registry-based static proxy
 
-Configure a registry-based static proxy to allow only Microsoft Defender ATP sensor to report diagnostic data and communicate with Microsoft Defender ATP services if a computer is not be permitted to connect to the Internet.
+Configure a registry-based static proxy to allow only Defender for Endpoint sensor to report diagnostic data and communicate with Defender for Endpoint services if a computer is not be permitted to connect to the Internet.
 
 The static proxy is configurable through Group Policy (GP). The group policy can be found under:
 
@@ -105,7 +105,7 @@ netsh winhttp reset proxy
 
 See [Netsh Command Syntax, Contexts, and Formatting](https://docs.microsoft.com/windows-server/networking/technologies/netsh/netsh-contexts) to learn more.
 
-## Enable access to Microsoft Defender ATP service URLs in the proxy server
+## Enable access to Microsoft Defender for Endpoint service URLs in the proxy server
 
 If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.
 
@@ -114,7 +114,7 @@ The following downloadable spreadsheet lists the services and their associated U
 
 |**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
+|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed in the above table from HTTPS scanning.
@@ -130,7 +130,7 @@ If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the
 > [!NOTE]
 > If you are using Microsoft Defender Antivirus in your environment, see [Configure network connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus).
 
-If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
+If a proxy or firewall is blocking anonymous traffic, as Defender for Endpoint sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
 
 ### Microsoft Monitoring Agent (MMA) - proxy and firewall requirements for older versions of Windows client or Windows Server
 
@@ -150,7 +150,7 @@ The information below list the proxy and firewall configuration information requ
 
 Please see the following guidance to eliminate the wildcard (*) requirement for your specific environment when using the Microsoft Monitoring Agent (MMA) for previous versions of Windows.
 
-1.	Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Microsoft Defender for Endpoint (for more information, see [Onboard previous versions of Windows on Microsoft Defender ATP](https://go.microsoft.com/fwlink/p/?linkid=2010326) and [Onboard Windows servers](configure-server-endpoints.md#windows-server-2008-r2-sp1-windows-server-2012-r2-and-windows-server-2016).
+1.	Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Defender for Endpoint (for more information, see [Onboard previous versions of Windows on Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2010326) and [Onboard Windows servers](configure-server-endpoints.md#windows-server-2008-r2-sp1-windows-server-2012-r2-and-windows-server-2016).
 
 2.	Ensure the machine is successfully reporting into the Microsoft Defender Security Center portal.
 
@@ -169,9 +169,9 @@ The *.blob.core.windows.net URL endpoint can be replaced with the URLs shown in
 
 ## Verify client connectivity to Microsoft Defender ATP service URLs
 
-Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
+Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.
 
-1. Download the [MDATP Client Analyzer tool](https://aka.ms/mdatpanalyzer) to the PC where Microsoft Defender ATP sensor is running on.
+1. Download the [MDATP Client Analyzer tool](https://aka.ms/mdatpanalyzer) to the PC where Defender for Endpoint sensor is running on.
 
 2. Extract the contents of MDATPClientAnalyzer.zip on the device.
 
@@ -196,7 +196,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
 5. Extract the *MDATPClientAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*.
 
 6. Open *MDATPClientAnalyzerResult.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. 


-   The tool checks the connectivity of Microsoft Defender ATP service URLs that Microsoft Defender ATP client is configured to interact with. It then prints the results into the *MDATPClientAnalyzerResult.txt* file for each URL that can potentially be used to communicate with the Microsoft Defender ATP  services. For example:
+   The tool checks the connectivity of Defender for Endpoint service URLs that Defender for Endpoint client is configured to interact with. It then prints the results into the *MDATPClientAnalyzerResult.txt* file for each URL that can potentially be used to communicate with the Defender for Endpoint services. For example:
 
    ```text
    Testing URL : https://xxx.microsoft.com/xxx
@@ -207,18 +207,18 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
    5 - Command line proxy: Doesn't exist
    ```
 
-If at least one of the connectivity options returns a (200) status, then the Microsoft Defender ATP client can communicate with the tested URL properly using this connectivity method. 


+If at least one of the connectivity options returns a (200) status, then the Defender for Endpoint client can communicate with the tested URL properly using this connectivity method. 


 
-However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
+However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
 
 > [!NOTE]
 > The Connectivity Analyzer tool is not compatible with ASR rule [Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction#attack-surface-reduction-rules). You will need to temporarily disable this rule to run the connectivity tool.
 
 
 > [!NOTE]
-> When the TelemetryProxyServer is set, in Registry or via Group Policy, Microsoft Defender ATP will fall back to direct if it can't access the defined proxy.
+> When the TelemetryProxyServer is set, in Registry or via Group Policy, Defender for Endpoint will fall back to direct if it can't access the defined proxy.
 
 ## Related topics
 
 - [Onboard Windows 10 devices](configure-endpoints.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index fb0e253b2c..12a1b2f2be 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Onboard Windows servers to the Microsoft Defender ATP service
+# Onboard Windows servers to the Microsoft Defender for Endpoint service
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -30,21 +30,21 @@ ms.topic: article
 - Windows Server (SAC) version 1803 and later
 - Windows Server 2019 and later
 - Windows Server 2019 core edition
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
 
 
-Microsoft Defender ATP extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console.
+Defender for Endpoint extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console.
 
-For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
+For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Defender for Endpoint](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
 
 For guidance on how to download and use Windows Security Baselines for Windows servers, see [Windows Security Baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines).
 
 
 ## Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016
 
-You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Microsoft Defender ATP by using any of the following options:
+You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Defender for Endpoint by using any of the following options:
 
 - **Option 1**: [Onboard by installing and configuring Microsoft Monitoring Agent (MMA)](#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)
 - **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center)
@@ -55,23 +55,23 @@ After completing the onboarding steps using any of the provided options, you'll
 
 
 > [!NOTE]
-> Microsoft defender ATP standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
+> Defender for Endpoint standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
 
 
 ### Option 1: Onboard by installing and configuring Microsoft Monitoring Agent (MMA)
-You'll need to install and configure MMA for Windows servers to report sensor data to Microsoft Defender ATP. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
+You'll need to install and configure MMA for Windows servers to report sensor data to Defender for Endpoint. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
 
-If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support.
+If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Defender for Endpoint workspace through Multihoming support.
 
 In general, you'll need to take the following steps:
 1. Fulfill the onboarding requirements outlined in **Before you begin** section.
 2. Turn on server monitoring from Microsoft Defender Security center.
-3. Install and configure MMA for the server to report sensor data to Microsoft Defender ATP.
+3. Install and configure MMA for the server to report sensor data to Defender for Endpoint.
 4. Configure and update System Center Endpoint Protection clients.
 
 
 > [!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint endpoint](run-detection-test.md).
 
 
 #### Before you begin 
@@ -92,7 +92,7 @@ Perform the following steps to fulfill the onboarding requirements:
 
 
 
-### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
+### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender for Endpoint
 
 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
 
@@ -106,14 +106,14 @@ Perform the following steps to fulfill the onboarding requirements:
 
 
 ### Configure Windows server proxy and Internet connectivity settings if needed
-If your servers need to use a proxy to communicate with Microsoft Defender ATP, use one of the following methods to configure the MMA to use the proxy server:
+If your servers need to use a proxy to communicate with Defender for Endpoint, use one of the following methods to configure the MMA to use the proxy server:
 
 
 - [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard)
 
 - [Configure Windows to use a proxy server for all connections](configure-proxy-internet.md)
 
-If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Microsoft Defender ATP service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service. 
+If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Defender for Endpoint service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service. 
 
 Once completed, you should see onboarded Windows servers in the portal within an hour.
 
@@ -124,17 +124,16 @@ Once completed, you should see onboarded Windows servers in the portal within an
 
 3. Click **Onboard Servers in Azure Security Center**.
 
-4. Follow the onboarding instructions in [Microsoft Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
+4. Follow the onboarding instructions in [Microsoft Defender for Endpoint with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
 
 After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients).
 
 ### Option 3: Onboard Windows servers through Microsoft Endpoint Configuration Manager version 2002 and later
-You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender Advanced Threat Protection in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection).
+You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender for Endpoint
+ in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection).
 
 After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients).
 
-
-
 ## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition
 You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windows Server 2019 Core edition by using the following deployment methods:
 
@@ -150,7 +149,7 @@ You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windo
 
 Support for Windows Server, provide deeper insight into activities happening on the Windows server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
 
-1. Configure Microsoft Defender ATP onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
+1. Configure Defender for Endpoint onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
 
 2. If you're running a third-party antimalware solution, you'll need to apply the following Microsoft Defender AV passive mode settings. Verify that it was configured correctly:
 
@@ -179,28 +178,28 @@ Support for Windows Server, provide deeper insight into activities happening on
     For information on how to use Group Policy to configure and manage Microsoft Defender Antivirus on your Windows servers, see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus).
 
 ## Integration with Azure Security Center
-Microsoft Defender ATP can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
+Defender for Endpoint can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Defender for Endpoint to provide improved threat detection for Windows Servers.
 
 The following capabilities are included in this integration:
-- Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
+- Automated onboarding - Defender for Endpoint sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
 
     > [!NOTE]
     > Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016.
 
-- Windows servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers.  In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
+- Windows servers monitored by Azure Security Center will also be available in Defender for Endpoint - Azure Security Center seamlessly connects to the Defender for Endpoint tenant, providing a single view across clients and servers.  In addition, Defender for Endpoint alerts will be available in the Azure Security Center console.
 - Server investigation -  Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach.
 
 > [!IMPORTANT]
-> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created (in the US for US users, in the EU for European and UK users).

-Data collected by Microsoft Defender ATP is stored in the geo-location of the tenant as identified during provisioning.
-> - If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
+> - When you use Azure Security Center to monitor servers, a Defender for Endpoint tenant is automatically created (in the US for US users, in the EU for European and UK users).

+Data collected by Defender for Endpoint is stored in the geo-location of the tenant as identified during provisioning.
+> - If you use Defender for Endpoint before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
 > - Once configured, you cannot change the location where your data is stored. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant. 

 Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
 
 
 ## Configure and update System Center Endpoint Protection clients
 
-Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
+Defender for Endpoint integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
 
 The following steps are required to enable this integration:
 - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie).
@@ -214,28 +213,28 @@ You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2
 
 For other Windows server versions, you have two options to offboard Windows servers from the service:
 - Uninstall the MMA agent
-- Remove the Microsoft Defender ATP workspace configuration
+- Remove the Defender for Endpoint workspace configuration
 
 > [!NOTE]
 > Offboarding causes the Windows server to stop sending sensor data to the portal but data from the Windows server, including reference to any alerts it has had will be retained for up to 6 months.
 
 ### Uninstall Windows servers by uninstalling the MMA agent
-To offboard the Windows server, you can uninstall the MMA agent from the Windows server or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the Windows server will no longer send sensor data to Microsoft Defender ATP.
+To offboard the Windows server, you can uninstall the MMA agent from the Windows server or detach it from reporting to your Defender for Endpoint workspace. After offboarding the agent, the Windows server will no longer send sensor data to Defender for Endpoint.
 For more information, see [To disable an agent](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
 
-### Remove the Microsoft Defender ATP workspace configuration
+### Remove the Defender for Endpoint workspace configuration
 To offboard the Windows server, you can use either of the following methods:
 
-- Remove the Microsoft Defender ATP workspace configuration from the MMA agent
+- Remove the Defender for Endpoint workspace configuration from the MMA agent
 - Run a PowerShell command to remove the configuration
 
-#### Remove the Microsoft Defender ATP workspace configuration from the MMA agent
+#### Remove the Defender for Endpoint workspace configuration from the MMA agent
 
 1. In the **Microsoft Monitoring Agent Properties**, select the **Azure Log Analytics (OMS)** tab.
 
-2. Select the Microsoft Defender ATP workspace, and click **Remove**.
+2. Select the Defender for Endpoint workspace, and click **Remove**.
 
-    ![Image of Microsoft Monitoring Agen Properties](images/atp-mma.png)
+    ![Image of Microsoft Monitoring Agent Properties](images/atp-mma.png)
 
 #### Run a PowerShell command to remove the configuration
 
@@ -261,5 +260,5 @@ To offboard the Windows server, you can use either of the following methods:
 - [Onboard Windows 10 devices](configure-endpoints.md)
 - [Onboard non-Windows devices](configure-endpoints-non-windows.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
-- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md)
+- [Troubleshooting Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
index aa9008f98a..56a52b04ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
@@ -24,21 +24,21 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
 ## Pull detections using security information and events management (SIEM) tools
 
 >[!NOTE]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
->-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
+>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
+>- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
+>-The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
-Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
+Defender for Endpoint supports security information and event management (SIEM) tools to pull detections. Defender for Endpoint exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
 
 
-Microsoft Defender ATP currently supports the following specific SIEM solution tools through a dedicated SIEM integration model:
+Defender for Endpoint currently supports the following specific SIEM solution tools through a dedicated SIEM integration model:
 
 - IBM QRadar
 - Micro Focus ArcSight
@@ -47,12 +47,12 @@ Other SIEM solutions (such as Splunk, RSA NetWitness) are supported through a di
 
 To use either of these supported SIEM tools you'll need to:
 
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md)
 - Configure the supported SIEM tool:
-     - [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-     - Configure IBM QRadar to pull Microsoft Defender ATP detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
+     - [Configure HP ArcSight to pull Defender for Endpoint detections](configure-arcsight.md)
+     - Configure IBM QRadar to pull Defender for Endpoint detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
 
-For more information on the list of fields exposed in the Detection API see, [Microsoft Defender ATP Detection fields](api-portal-mapping.md).
+For more information on the list of fields exposed in the Detection API see, [Defender for Endpoint Detection fields](api-portal-mapping.md).
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md b/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
index 389002a969..99a86d51e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
@@ -18,17 +18,17 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Connected applications in Microsoft Defender ATP
+# Connected applications in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Connected applications integrates with the Microsoft Defender ATP platform using APIs. 
+Connected applications integrates with the Defender for Endpoint platform using APIs. 
 
-Applications use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender ATP APIs.  In addition, Azure Active Directory (Azure AD) applications allow tenant admins to set explicit control over which APIs can be accessed using the corresponding app.
+Applications use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender for Endpoint APIs.  In addition, Azure Active Directory (Azure AD) applications allow tenant admins to set explicit control over which APIs can be accessed using the corresponding app.
  
 You'll need to follow [these steps](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro) to use the APIs with the connected application.
  
@@ -37,7 +37,7 @@ From the left navigation menu, select **Partners & APIs** > **Connected AAD appl
 
  
 ## View connected application details
-The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender ATP in your organization. You can review the usage of the connected applications: last seen, number of requests in the past 24 hours, and request trends in the last 30 days.
+The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender for Endpoint in your organization. You can review the usage of the connected applications: last seen, number of requests in the past 24 hours, and request trends in the last 30 days.
 
 ![Image of connected apps](images/connected-apps.png)
  
diff --git a/windows/security/threat-protection/microsoft-defender-atp/contact-support.md b/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
index 252019ef63..b8af068443 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Contact Microsoft Defender ATP support
+# Contact Microsoft Defender for Endpoint support
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
-Microsoft Defender ATP has recently upgraded the support process to offer a more modern and advanced support experience. 
+Defender for Endpoint has recently upgraded the support process to offer a more modern and advanced support experience. 
 
 The new widget allows customers to:
 - Find solutions to common problems
@@ -68,7 +68,7 @@ In case the suggested articles are not sufficient, you can open a service reques
 
 ## Open a service request
 
-Learn how to open support tickets by contacting Microsoft Defender ATP support. 
+Learn how to open support tickets by contacting Defender for Endpoint support. 
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index 7687279880..4895d24e44 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -24,13 +24,13 @@ ms.custom: asr
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## What is controlled folder access?
 
 Controlled folder access helps you protect your valuable data from malicious apps and threats, like ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019 and Windows 10 clients, controlled folder access can be turned on using the Windows Security App or in Microsoft Endpoint Configuration Manager and Intune (for managed devices). 
 
-Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 ## How does controlled folder access work?
 
@@ -54,9 +54,9 @@ Controlled folder access requires enabling [Microsoft Defender Antivirus real-ti
 
 ## Review controlled folder access events in the Microsoft Defender Security Center
 
-Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
-You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
+You can query Microsoft Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
 
 Example query:
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
index 887c5716d1..a5c286ef37 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@@ -21,14 +21,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
 Creates new [Alert](alerts.md) on top of **Event**.
-
**Microsoft Defender ATP Event** is required for the alert creation.
+
**Microsoft Defender for Endpoint Event** is required for the alert creation.
 
You will need to supply 3 parameters from the Event in the request: **Event Time**, **Machine ID** and **Report ID**. See example below.
 
You can use an event found in Advanced Hunting API or Portal.
 
If there existing an open alert on the same Device with the same Title, the new created alert will be merged with it.
@@ -41,7 +41,7 @@ Creates new [Alert](alerts.md) on top of **Event**.
 
 ## Permissions
 
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 9135224d1c..17e23e40fc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -25,7 +25,7 @@ ms.date: 09/20/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
 
@@ -109,7 +109,7 @@ Your custom detection rule can automatically take actions on files or devices th
 
 These actions are applied to devices in the `DeviceId` column of the query results:
 
-- **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
+- **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Defender for Endpoint service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
 - **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
 - **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device
 - **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
index 93b295e31b..ef5088e134 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
@@ -24,7 +24,7 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
index 3ca15689d2..81ede44b00 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 > [!IMPORTANT]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
index d4f8aeab39..b689c58a11 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
index 6124ea2318..e0f6337ab6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
index 51f62dd09c..7932cfb153 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
@@ -16,7 +16,7 @@ audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
-# Verify data storage location and update data retention settings for Microsoft Defender ATP 
+# Verify data storage location and update data retention settings for Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -24,12 +24,12 @@ ms.topic: conceptual
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
 
-During the onboarding process, a wizard takes you through the data storage and retention settings of Microsoft Defender ATP. 
+During the onboarding process, a wizard takes you through the data storage and retention settings of Defender for Endpoint. 
 
 After completing the onboarding, you can verify your selection in the data retention settings page.
 
@@ -52,5 +52,5 @@ You can verify the data location by navigating to **Settings** > **Data retentio
 
 ## Related topics
 - [Update data retention settings](data-retention-settings.md)
-- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
+- [Configure alert notifications in Defender for Endpoint](configure-email-notifications.md)
 - [Configure advanced features](advanced-features.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
index 6e76ce4bee..25c69f5fb1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
@@ -17,29 +17,29 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Microsoft Defender ATP data storage and privacy
+# Microsoft Defender for Endpoint data storage and privacy
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
 
 
-This section covers some of the most frequently asked questions regarding privacy and data handling for Microsoft Defender ATP.
+This section covers some of the most frequently asked questions regarding privacy and data handling for Defender for Endpoint.
 > [!NOTE]
-> This document explains the data storage and privacy details related to Microsoft Defender ATP. For more information related to Microsoft Defender ATP and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
+> This document explains the data storage and privacy details related to Defender for Endpoint. For more information related to Defender for Endpoint and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
 
-## What data does Microsoft Defender ATP collect?
+## What data does Microsoft Defender for Endpoint collect?
 
-Microsoft Defender ATP will collect and store information from your configured devices in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
+Microsoft Defender for Endpoint will collect and store information from your configured devices in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
 
 Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and device details (such as device identifiers, names, and the operating system version).
 
 Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
 
-This data enables Microsoft Defender ATP to:
+This data enables Defender for Endpoint to:
 - Proactively identify indicators of attack (IOAs) in your organization
 - Generate alerts if a possible attack was detected
 - Provide your security operations with a view into devices, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network.
@@ -47,16 +47,16 @@ This data enables Microsoft Defender ATP to:
 Microsoft does not use your data for advertising.
 
 ## Data protection and encryption
-The Microsoft Defender ATP service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
+The Defender for Endpoint service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
 
-There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Microsoft Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview). 
+There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Defender for Endpoint service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview). 
 
 In all scenarios, data is encrypted using 256-bit [AES encryption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum.
 
 
 ## Data storage location
 
-Microsoft Defender ATP operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Microsoft Defender ATP uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service.
+Defender for Endpoint operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Defender for Endpoint uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service.
 
 Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States.
 
@@ -90,10 +90,10 @@ Your data will be kept and will be available to you while the license is under g
 
 
 ## Can Microsoft help us maintain regulatory compliance?
-Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Microsoft Defender ATP services against their own legal and regulatory requirements. Microsoft Defender ATP has achieved a number of certifications including ISO, SOC, FedRAMP High, and PCI and continues to pursue additional national, regional and industry-specific certifications.
+Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Defender for Endpoint services against their own legal and regulatory requirements. Defender for Endpoint has achieved a number of certifications including ISO, SOC, FedRAMP High, and PCI and continues to pursue additional national, regional and industry-specific certifications.
 
 By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run.
 
-For more information on the Microsoft Defender ATP certification reports, see [Microsoft Trust Center](https://servicetrust.microsoft.com/). 
+For more information on the Defender for Endpoint certification reports, see [Microsoft Trust Center](https://servicetrust.microsoft.com/). 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-datastorage-belowfoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-datastorage-belowfoldlink) 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
index cae9259b66..f84762a3a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
@@ -27,18 +27,18 @@ ms.date: 04/24/2018
 
 
 - Windows Defender
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
 
-The Microsoft Defender Advanced Threat Protection agent depends on Microsoft Defender Antivirus for some capabilities such as file scanning.
+The Microsoft Defender for Endpoint agent depends on Microsoft Defender Antivirus for some capabilities such as file scanning.
 
 >[!IMPORTANT]
->Microsoft Defender ATP does not adhere to the Microsoft Defender Antivirus Exclusions settings. 
+>Defender for Endpoint does not adhere to the Microsoft Defender Antivirus Exclusions settings. 
 
-You must configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
+You must configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
 
 If an onboarded device is protected by a third-party antimalware client, Microsoft Defender Antivirus on that endpoint will enter into passive mode.
 
@@ -46,4 +46,4 @@ Microsoft Defender Antivirus will continue to receive updates, and the *mspeng.e
 
 The Microsoft Defender Antivirus interface will be disabled, and users on the device will not be able to use Microsoft Defender Antivirus to perform on-demand scans or configure most options.
 
-For more information, see the [Microsoft Defender Antivirus and Microsoft Defender ATP compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
+For more information, see the [Microsoft Defender Antivirus and Defender for Endpoint compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
index 5b8786d978..123ce4959e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 9e8296bde8..eaad0ee26f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -24,20 +24,20 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-There are three phases in deploying Microsoft Defender ATP:
+There are three phases in deploying Defender for Endpoint:
 
 |Phase | Description | 
 |:-------|:-----|
-| ![Phase 1: Prepare](images/prepare.png)
[Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Microsoft Defender ATP: 

- Stakeholders and sign-off 
 - Environment considerations 
- Access 
 - Adoption order
+| ![Phase 1: Prepare](images/prepare.png)
[Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Defender for Endpoint: 

- Stakeholders and sign-off 
 - Environment considerations 
- Access 
 - Adoption order
 |  ![Phase 2: Setup](images/setup.png) 
[Phase 2: Setup](production-deployment.md)|  Take the initial steps to access Microsoft Defender Security Center. You'll be guided on:

- Validating the licensing 
  - Completing the setup wizard within the portal
- Network configuration|
 |  ![Phase 3: Onboard](images/onboard.png) 
[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them. 
 
 
 
-The deployment guide will guide you through the recommended path in deploying Microsoft Defender ATP. 
+The deployment guide will guide you through the recommended path in deploying Defender for Endpoint. 
 
 If you're unfamiliar with the general deployment planning steps, check out the [Plan deployment](deployment-strategy.md) topic to get a  high-level overview of the general deployment steps and methods.
 
@@ -47,9 +47,9 @@ The following is in scope for this deployment guide:
 
 -   Use of Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to onboard endpoints into the service and configure capabilities
 
--   Enabling Microsoft Defender ATP endpoint detection and response (EDR)  capabilities
+-   Enabling Defender for Endpoint endpoint detection and response (EDR)  capabilities
 
--   Enabling Microsoft Defender ATP endpoint protection platform (EPP)
+-   Enabling Defender for Endpoint endpoint protection platform (EPP)
     capabilities
 
     -   Next-generation protection
@@ -61,7 +61,6 @@ The following is in scope for this deployment guide:
 
 The following are out of scope of this deployment guide:
 
--   Configuration of third-party solutions that might integrate with Microsoft
-    Defender ATP
+-   Configuration of third-party solutions that might integrate with Defender for Endpoint
 
 -   Penetration testing in production environment
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
index 1da9daaa7f..9c14158aa2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
@@ -16,18 +16,18 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Plan your Microsoft Defender ATP deployment 
+# Plan your Microsoft Defender for Endpoint deployment 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
 
-Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Microsoft Defender ATP. 
+Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Defender for Endpoint. 
 
-These are the general steps you need to take to deploy Microsoft Defender ATP:
+These are the general steps you need to take to deploy Defender for Endpoint:
 
 ![Image of deployment flow](images/onboarding-flow-diagram.png)
 
@@ -41,16 +41,16 @@ We understand that every enterprise environment is unique, so we've provided sev
 
 Depending on your environment, some tools are better suited for certain architectures. 
 
-Use the following material to select the appropriate Microsoft Defender ATP architecture that best suites your organization.
+Use the following material to select the appropriate Defender for Endpoint architecture that best suites your organization.
 
 |**Item**|**Description**|
 |:-----|:-----|
-|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
 [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: 
  •  Cloud-native 
  •  Co-management 
  •  On-premise
  • Evaluation and local onboarding
    • 
+|[![Thumb image for Defender for Endpoint deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
     [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: 
    •  Cloud-native 
    •  Co-management 
    •  On-premise
    • Evaluation and local onboarding
      • 
 
 
 
 ## Step 2: Select deployment method
-Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service. 
+Defender for Endpoint supports a variety of endpoints that you can onboard to the service. 
 
 The following table lists the supported endpoints and the corresponding deployment tool that you can use so that you can plan the deployment appropriately.
 
@@ -65,7 +65,7 @@ The following table lists the supported endpoints and the corresponding deployme
 
 
 ## Step 3: Configure capabilities
-After onboarding endpoints, configure the security capabilities in Microsoft Defender ATP so that you can maximize the robust security protection available in the suite. Capabilities include:
+After onboarding endpoints, configure the security capabilities in Defender for Endpoint so that you can maximize the robust security protection available in the suite. Capabilities include:
 
 - Endpoint detection and response
 - Next-generation protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
index bd99bff2fa..8ab3495d50 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
@@ -16,15 +16,15 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Microsoft Defender ATP device timeline event flags
+# Microsoft Defender for Endpoint device timeline event flags
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Event flags in the Microsoft Defender ATP device timeline help you filter and organize specific events when you're  investigate potential attacks.
+Event flags in the Defender for Endpoint device timeline help you filter and organize specific events when you're  investigate potential attacks.
 
-The Microsoft Defender ATP device timeline provides a chronological view of the events and associated alerts observed on a device. This list of events provides full visibility into any events, files, and IP addresses observed on the device. The list can sometimes be lengthy. Device timeline event flags help you track events that could be related. 
+The Defender for Endpoint device timeline provides a chronological view of the events and associated alerts observed on a device. This list of events provides full visibility into any events, files, and IP addresses observed on the device. The list can sometimes be lengthy. Device timeline event flags help you track events that could be related. 
 
 After you've gone through a device timeline, you can sort, filter, and export the specific events that you flagged.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index be7793c044..dd5ae76ded 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -28,18 +28,18 @@ ms.collection:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## What is EDR in block mode?
 
-When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is turned on, Microsoft Defender ATP blocks malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected, post breach. 
+When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is turned on, Defender for Endpoint blocks malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected, post breach. 
 
 EDR in block mode is also integrated with [threat & vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). Your organization's security team will get a [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) to turn EDR in block mode on if it isn't already enabled. 
 
 :::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode":::
 
 > [!NOTE]
-> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
+> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
 
 ## What happens when something is detected?
 
@@ -87,11 +87,11 @@ No. EDR in block mode does not affect third-party antivirus protection running o
 
 ### Why do I need to keep Microsoft Defender Antivirus up to date? 
 
-Because Microsoft Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest device learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Microsoft Defender Antivirus up to date.  
+Because Microsoft Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest device learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Microsoft Defender Antivirus up to date.  
 
 ### Why do we need cloud protection on? 
 
-Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
+Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
 
 ## See also
 
@@ -99,5 +99,5 @@ Cloud protection is needed to turn on the feature on the device. Cloud protectio
 
 [Behavioral blocking and containment](behavioral-blocking-containment.md)
 
-[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus)
+[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index 36216eb833..6262a58c47 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -32,7 +32,7 @@ Each ASR rule contains one of three settings:
 - Block: Enable the ASR rule
 - Audit: Evaluate how the ASR rule would impact your organization if enabled
 
-To use ASR rules, you must have either a Windows 10 Enterprise E3 or E5 license. We recommend E5 licenses so you can take advantage of the advanced monitoring and reporting capabilities that are available in [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP). Advanced monitoring and reporting capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
+To use ASR rules, you must have either a Windows 10 Enterprise E3 or E5 license. We recommend E5 licenses so you can take advantage of the advanced monitoring and reporting capabilities that are available in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Defender for Endpoint). Advanced monitoring and reporting capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
 
 > [!TIP]
 > To learn more about Windows licensing, see [Windows 10 Licensing](https://www.microsoft.com/licensing/product-licensing/windows10?activetab=windows10-pivot:primaryr5) and get the [Volume Licensing guide for Windows 10](https://download.microsoft.com/download/2/D/1/2D14FE17-66C2-4D4C-AF73-E122930B60F6/Windows-10-Volume-Licensing-Guide.pdf).
@@ -51,7 +51,7 @@ Enterprise-level management such as Intune or Microsoft Endpoint Configuration M
 
 You can exclude files and folders from being evaluated by most attack surface reduction rules. This means that even if an ASR rule determines the file or folder contains malicious behavior, it will not block the file from running. This could potentially allow unsafe files to run and infect your devices.
 
-You can also exclude ASR rules from triggering based on certificate and file hashes by allowing specified Microsoft Defender ATP file and certificate indicators. (See [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).)
+You can also exclude ASR rules from triggering based on certificate and file hashes by allowing specified Defender for Endpoint file and certificate indicators. (See [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).)
 
 > [!IMPORTANT]
 > Excluding files or folders can severely reduce the protection provided by ASR rules. Excluded files will be allowed to run, and no report or event will be recorded.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
index 6f00213b3c..8af897f9a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
@@ -22,7 +22,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Controlled folder access](controlled-folders.md) helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is included with Windows 10 and Windows Server 2019.
 
@@ -134,4 +134,4 @@ Use `Disabled` to turn off the feature.
 
 * [Protect important folders with controlled folder access](controlled-folders.md)
 * [Customize controlled folder access](customize-controlled-folders.md)
-* [Evaluate Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md)
+* [Evaluate Microsoft Defender for Endpoint](../microsoft-defender-atp/evaluate-atp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index 2d44c8da7d..368d58eee8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Exploit protection](exploit-protection.md) helps protect against malware that uses exploits to infect devices and spread. Exploit protection consists of a number of mitigations that can be applied to either the operating system or individual apps.
 

From 286c1ff5708a22c7f839c26f2243df910a422040 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 29 Oct 2020 16:28:12 -0700
Subject: [PATCH 065/384] Added ADMX_WindowsExplorer policies

---
 windows/client-management/mdm/TOC.md          |    1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   71 +
 .../policy-configuration-service-provider.md  |  219 +
 .../mdm/policy-csp-admx-windowsexplorer.md    | 5367 +++++++++++++++++
 4 files changed, 5658 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsexplorer.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 2f06abcfc0..41da383f69 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -226,6 +226,7 @@
 #### [ADMX_WinCal](policy-csp-admx-wincal.md)
 #### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
 #### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
+#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
 #### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
 #### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
 #### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index da688c9114..5952cfc7ae 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -582,6 +582,77 @@ ms.date: 10/08/2020
 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
 - [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
+- [ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-checksamesourceandtargetforfranddfs)
+- [ADMX_WindowsExplorer/ClassicShell](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-classicshell)
+- [ADMX_WindowsExplorer/ConfirmFileDelete](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-confirmfiledelete)
+- [ADMX_WindowsExplorer/DefaultLibrariesLocation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-defaultlibrarieslocation)
+- [ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablebinddirectlytopropertysetstorage)
+- [ADMX_WindowsExplorer/DisableIndexedLibraryExperience](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableindexedlibraryexperience)
+- [ADMX_WindowsExplorer/DisableKnownFolders](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableknownfolders)
+- [ADMX_WindowsExplorer/DisableSearchBoxSuggestions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablesearchboxsuggestions)
+- [ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enableshellshortcuticonremotepath)
+- [ADMX_WindowsExplorer/EnableSmartScreen](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enablesmartscreen)
+- [ADMX_WindowsExplorer/EnforceShellExtensionSecurity](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enforceshellextensionsecurity)
+- [ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-explorerribbonstartsminimized)
+- [ADMX_WindowsExplorer/HideContentViewModeSnippets](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-hidecontentviewmodesnippets)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachine)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachinelockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restricted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restrictedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trusted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trustedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachine)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachinelockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restricted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restrictedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trusted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trustedlockdown)
+- [ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-linkresolveignorelinkinfo)
+- [ADMX_WindowsExplorer/MaxRecentDocs](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-maxrecentdocs)
+- [ADMX_WindowsExplorer/NoBackButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nobackbutton)
+- [ADMX_WindowsExplorer/NoCDBurning](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocdburning)
+- [ADMX_WindowsExplorer/NoCacheThumbNailPictures](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocachethumbnailpictures)
+- [ADMX_WindowsExplorer/NoChangeAnimation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangeanimation)
+- [ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangekeyboardnavigationindicators)
+- [ADMX_WindowsExplorer/NoDFSTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodfstab)
+- [ADMX_WindowsExplorer/NoDrives](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodrives)
+- [ADMX_WindowsExplorer/NoEntireNetwork](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noentirenetwork)
+- [ADMX_WindowsExplorer/NoFileMRU](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemru)
+- [ADMX_WindowsExplorer/NoFileMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemenu)
+- [ADMX_WindowsExplorer/NoFolderOptions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofolderoptions)
+- [ADMX_WindowsExplorer/NoHardwareTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nohardwaretab)
+- [ADMX_WindowsExplorer/NoManageMyComputerVerb](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomanagemycomputerverb)
+- [ADMX_WindowsExplorer/NoMyComputerSharedDocuments](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomycomputershareddocuments)
+- [ADMX_WindowsExplorer/NoNetConnectDisconnect](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonetconnectdisconnect)
+- [ADMX_WindowsExplorer/NoNewAppAlert](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonewappalert)
+- [ADMX_WindowsExplorer/NoPlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noplacesbar)
+- [ADMX_WindowsExplorer/NoRecycleFiles](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norecyclefiles)
+- [ADMX_WindowsExplorer/NoRunAsInstallPrompt](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norunasinstallprompt)
+- [ADMX_WindowsExplorer/NoSearchInternetTryHarderButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosearchinternettryharderbutton)
+- [ADMX_WindowsExplorer/NoSecurityTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosecuritytab)
+- [ADMX_WindowsExplorer/NoShellSearchButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noshellsearchbutton)
+- [ADMX_WindowsExplorer/NoStrCmpLogical](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nostrcmplogical)
+- [ADMX_WindowsExplorer/NoViewContextMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewcontextmenu)
+- [ADMX_WindowsExplorer/NoViewOnDrive](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewondrive)
+- [ADMX_WindowsExplorer/NoWindowsHotKeys](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nowindowshotkeys)
+- [ADMX_WindowsExplorer/NoWorkgroupContents](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noworkgroupcontents)
+- [ADMX_WindowsExplorer/PlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-placesbar)
+- [ADMX_WindowsExplorer/PromptRunasInstallNetPath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-promptrunasinstallnetpath)
+- [ADMX_WindowsExplorer/RecycleBinSize](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-recyclebinsize)
+- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-1)
+- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-2)
+- [ADMX_WindowsExplorer/ShowHibernateOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showhibernateoption)
+- [ADMX_WindowsExplorer/ShowSleepOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showsleepoption)
+- [ADMX_WindowsExplorer/TryHarderPinnedLibrary](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedlibrary)
+- [ADMX_WindowsExplorer/TryHarderPinnedOpenSearch](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedopensearch)
 - [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
 - [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
 - [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 4f04904352..f30a3e0abe 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2091,6 +2091,225 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 

 
+
+### ADMX_WindowsExplorer policies  
+
+

+  

+    ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS
+  

+  

+    ADMX_WindowsExplorer/ClassicShell
+  

+  

+    ADMX_WindowsExplorer/ConfirmFileDelete
+  

+  

+    ADMX_WindowsExplorer/DefaultLibrariesLocation
+  

+  

+    ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage
+  

+  

+    ADMX_WindowsExplorer/DisableIndexedLibraryExperience
+  

+  

+    ADMX_WindowsExplorer/DisableKnownFolders
+  

+  

+    ADMX_WindowsExplorer/DisableSearchBoxSuggestions
+  

+  

+    ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath
+  

+  

+    ADMX_WindowsExplorer/EnableSmartScreen
+  

+  

+    ADMX_WindowsExplorer/EnforceShellExtensionSecurity
+  

+  

+    ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized
+  

+  

+    ADMX_WindowsExplorer/HideContentViewModeSnippets
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown
+  

+  

+    ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo
+  

+  

+    ADMX_WindowsExplorer/MaxRecentDocs
+  

+  

+    ADMX_WindowsExplorer/NoBackButton
+  

+  

+    ADMX_WindowsExplorer/NoCDBurning
+  

+  

+    ADMX_WindowsExplorer/NoCacheThumbNailPictures
+  

+  

+    ADMX_WindowsExplorer/NoChangeAnimation
+  

+  

+    ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators
+  

+  

+    ADMX_WindowsExplorer/NoDFSTab
+  

+  

+    ADMX_WindowsExplorer/NoDrives
+  

+  

+    ADMX_WindowsExplorer/NoEntireNetwork
+  

+  

+    ADMX_WindowsExplorer/NoFileMRU
+  

+  

+    ADMX_WindowsExplorer/NoFileMenu
+  

+  

+    ADMX_WindowsExplorer/NoFolderOptions
+  

+  

+    ADMX_WindowsExplorer/NoHardwareTab
+  

+  

+    ADMX_WindowsExplorer/NoManageMyComputerVerb
+  

+  

+    ADMX_WindowsExplorer/NoMyComputerSharedDocuments
+  

+  

+    ADMX_WindowsExplorer/NoNetConnectDisconnect
+  

+  

+    ADMX_WindowsExplorer/NoNewAppAlert
+  

+  

+    ADMX_WindowsExplorer/NoPlacesBar
+  

+  

+    ADMX_WindowsExplorer/NoRecycleFiles
+  

+  

+    ADMX_WindowsExplorer/NoRunAsInstallPrompt
+  

+  

+    ADMX_WindowsExplorer/NoSearchInternetTryHarderButton
+  

+  

+    ADMX_WindowsExplorer/NoSecurityTab
+  

+  

+    ADMX_WindowsExplorer/NoShellSearchButton
+  

+  

+    ADMX_WindowsExplorer/NoStrCmpLogical
+  

+  

+    ADMX_WindowsExplorer/NoViewContextMenu
+  

+  

+    ADMX_WindowsExplorer/NoViewOnDrive
+  

+  

+    ADMX_WindowsExplorer/NoWindowsHotKeys
+  

+  

+    ADMX_WindowsExplorer/NoWorkgroupContents
+  

+  

+    ADMX_WindowsExplorer/PlacesBar
+  

+  

+    ADMX_WindowsExplorer/PromptRunasInstallNetPath
+  

+  

+    ADMX_WindowsExplorer/RecycleBinSize
+  

+  

+    ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1
+  

+  

+    ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2
+  

+  

+    ADMX_WindowsExplorer/ShowHibernateOption
+  

+  

+    ADMX_WindowsExplorer/ShowSleepOption
+  

+  

+    ADMX_WindowsExplorer/TryHarderPinnedLibrary
+  

+  

+    ADMX_WindowsExplorer/TryHarderPinnedOpenSearch
+  

+

+
 ### ADMX_WindowsMediaDRM policies  
 
 

diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
new file mode 100644
index 0000000000..da00432094
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -0,0 +1,5367 @@
+---
+title: Policy CSP - ADMX_WindowsExplorer
+description: Policy CSP - ADMX_WindowsExplorer
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/29/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsExplorer
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+
+## ADMX_WindowsExplorer policies  
+
+

+  

+    ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS
+  

+  

+    ADMX_WindowsExplorer/ClassicShell
+  

+  

+    ADMX_WindowsExplorer/ConfirmFileDelete
+  

+  

+    ADMX_WindowsExplorer/DefaultLibrariesLocation
+  

+  

+    ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage
+  

+  

+    ADMX_WindowsExplorer/DisableIndexedLibraryExperience
+  

+  

+    ADMX_WindowsExplorer/DisableKnownFolders
+  

+  

+    ADMX_WindowsExplorer/DisableSearchBoxSuggestions
+  

+  

+    ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath
+  

+  

+    ADMX_WindowsExplorer/EnableSmartScreen
+  

+  

+    ADMX_WindowsExplorer/EnforceShellExtensionSecurity
+  

+  

+    ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized
+  

+  

+    ADMX_WindowsExplorer/HideContentViewModeSnippets
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted
+  

+  

+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown
+  

+  

+    ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo
+  

+  

+    ADMX_WindowsExplorer/MaxRecentDocs
+  

+  

+    ADMX_WindowsExplorer/NoBackButton
+  

+  

+    ADMX_WindowsExplorer/NoCDBurning
+  

+  

+    ADMX_WindowsExplorer/NoCacheThumbNailPictures
+  

+  

+    ADMX_WindowsExplorer/NoChangeAnimation
+  

+  

+    ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators
+  

+  

+    ADMX_WindowsExplorer/NoDFSTab
+  

+  

+    ADMX_WindowsExplorer/NoDrives
+  

+  

+    ADMX_WindowsExplorer/NoEntireNetwork
+  

+  

+    ADMX_WindowsExplorer/NoFileMRU
+  

+  

+    ADMX_WindowsExplorer/NoFileMenu
+  

+  

+    ADMX_WindowsExplorer/NoFolderOptions
+  

+  

+    ADMX_WindowsExplorer/NoHardwareTab
+  

+  

+    ADMX_WindowsExplorer/NoManageMyComputerVerb
+  

+  

+    ADMX_WindowsExplorer/NoMyComputerSharedDocuments
+  

+  

+    ADMX_WindowsExplorer/NoNetConnectDisconnect
+  

+  

+    ADMX_WindowsExplorer/NoNewAppAlert
+  

+  

+    ADMX_WindowsExplorer/NoPlacesBar
+  

+  

+    ADMX_WindowsExplorer/NoRecycleFiles
+  

+  

+    ADMX_WindowsExplorer/NoRunAsInstallPrompt
+  

+  

+    ADMX_WindowsExplorer/NoSearchInternetTryHarderButton
+  

+  

+    ADMX_WindowsExplorer/NoSecurityTab
+  

+  

+    ADMX_WindowsExplorer/NoShellSearchButton
+  

+  

+    ADMX_WindowsExplorer/NoStrCmpLogical
+  

+  

+    ADMX_WindowsExplorer/NoViewContextMenu
+  

+  

+    ADMX_WindowsExplorer/NoViewOnDrive
+  

+  

+    ADMX_WindowsExplorer/NoWindowsHotKeys
+  

+  

+    ADMX_WindowsExplorer/NoWorkgroupContents
+  

+  

+    ADMX_WindowsExplorer/PlacesBar
+  

+  

+    ADMX_WindowsExplorer/PromptRunasInstallNetPath
+  

+  

+    ADMX_WindowsExplorer/RecycleBinSize
+  

+  

+    ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1
+  

+  

+    ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2
+  

+  

+    ADMX_WindowsExplorer/ShowHibernateOption
+  

+  

+    ADMX_WindowsExplorer/ShowSleepOption
+  

+  

+    ADMX_WindowsExplorer/TryHarderPinnedLibrary
+  

+  

+    ADMX_WindowsExplorer/TryHarderPinnedOpenSearch
+  

+

+
+
+

+
+
+**ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.
+
+If you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted.
+
+If you disable or do not configure this policy setting, Folder Redirection does not create a temporary file and functions as if both new and old locations point to different shares when their network paths are different.
+
+> [!NOTE]
+> If the paths point to different network shares, this policy setting is not required. If the paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Verify old and new Folder Redirection targets point to the same share before redirecting*
+-   GP name: *CheckSameSourceAndTargetForFRAndDFS*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+

+
+
+**ADMX_WindowsExplorer/ClassicShell**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.
+
+If you enable this setting, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users cannot restore the new features.
+
+Enabling this policy will also turn off the preview pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options.
+
+If you disable or not configure this policy, the default File Explorer behavior is applied to the user.
+
+> [!NOTE]
+> In operating systems earlier than Windows Vista, enabling this policy will also disable the Active Desktop and Web view. This setting will also take precedence over the "Enable Active Desktop" setting. If both policies are enabled, Active Desktop is disabled. Also, see the "Disable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop and the "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon" setting in User Configuration\Administrative Templates\Windows Components\File Explorer.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn on Classic Shell*
+-   GP name: *ClassicShell*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/ConfirmFileDelete**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Allows you to have File Explorer display a confirmation dialog  whenever a file is deleted or moved to the Recycle Bin.
+
+If you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.
+
+If you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Display confirmation dialog when deleting files*
+-   GP name: *ConfirmFileDelete*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/DefaultLibrariesLocation**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a location where all default Library definition files for users/machines reside.
+
+If you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user will not be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined.
+
+If you disable or do not configure this policy setting, no changes are made to the location of the default Library definition files.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Location where all default Library definition files for users/machines reside.*
+-   GP name: *DefaultLibrariesLocation*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System.
+
+This behavior is consistent with Windows Vista's behavior in this scenario.
+
+This disables access to user-defined properties, and properties stored in NTFS secondary streams.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Disable binding directly to IPropertySetStorage without intermediate layers.*
+-   GP name: *DisableBindDirectlyToPropertySetStorage*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/DisableIndexedLibraryExperience**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly.
+
+If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations.
+
+Setting this policy will:  
+
+- Disable all Arrangement views except for "By Folder"
+- Disable all Search filter suggestions other than "Date Modified" and "Size"
+- Disable view of file content snippets in Content mode when search results are returned
+- Disable ability to stack in the Context menu and Column headers
+- Exclude Libraries from the scope of Start search  This policy will not enable users to add unsupported locations to Libraries
+
+If you enable this policy, Windows Libraries features that rely on indexed file data will be disabled.
+
+If you disable or do not configure this policy, all default Windows Libraries features will be enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off Windows Libraries features that rely on indexed file data*
+-   GP name: *DisableIndexedLibraryExperience*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+

+
+
+**ADMX_WindowsExplorer/DisableKnownFolders**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of known folders that should be disabled.
+
+Disabling a known folder will prevent the underlying file or directory from being created via the known folder API. If the folder exists before the policy is applied, the folder must be manually deleted since the policy only blocks the creation of the folder.
+
+You can specify a known folder using its known folder id or using its canonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or SampleVideos.
+
+> [!NOTE]
+> Disabling a known folder can introduce application compatibility issues in applications that depend on the existence of the known folder.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Disable Known Folders*
+-   GP name: *DisableKnownFolders*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/DisableSearchBoxSuggestions**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.
+
+File Explorer shows suggestion pop-ups as users type into the Search Box.
+
+These suggestions are based on their past entries into the Search Box.
+
+> [!NOTE]
+> If you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box entries into the registry for future references. If the user types a property, values that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off display of recent search entries in the File Explorer search box*
+-   GP name: *DisableSearchBoxSuggestions*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+

+
+
+**ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.
+
+If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.
+
+If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed.
+
+> [!NOTE]
+> Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow the use of remote paths in file shortcut icons*
+-   GP name: *EnableShellShortcutIconRemotePath*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+

+
+
+**ADMX_WindowsExplorer/EnableSmartScreen**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. 
+
+Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
+
+If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:  
+
+- Warn and prevent bypass
+- Warn  
+
+If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app.
+
+If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet.
+
+If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure Windows Defender SmartScreen*
+-   GP name: *EnableSmartScreen*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/EnforceShellExtensionSecurity**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting is designed to ensure that shell extensions can operate on a per-user basis.
+
+If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine. A shell extension only runs if there is an entry in at least one of the following locations in registry.
+
+For shell extensions that have been approved by the administrator and are available to all users of the computer, there must be an entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.
+
+For shell extensions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow only per user or approved shell extensions*
+-   GP name: *EnforceShellExtensionSecurity*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened.
+
+If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows.
+
+If you disable or do not configure this policy setting, users can choose how the ribbon appears when they open new windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Start File Explorer with ribbon minimized*
+-   GP name: *ExplorerRibbonStartsMinimized*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/HideContentViewModeSnippets**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off the display of snippets in Content view mode.
+
+If you enable this policy setting, File Explorer will not display snippets in Content view mode.
+
+If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the display of snippets in Content view mode*
+-   GP name: *HideContentViewModeSnippets*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_Internet*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_InternetLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_Intranet*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_IntranetLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_LocalMachine*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_LocalMachineLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_Restricted*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_RestrictedLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_Trusted*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_TrustedLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_Internet*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_InternetLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_Intranet*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_IntranetLockdown*
+-   GP path: *WWindows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_LocalMachine*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_LocalMachineLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_Restricted*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_RestrictedLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_Trusted*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_TrustedLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.
+
+Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server.
+
+If you enable this policy setting, Windows only searches the current target path. It does not search for the original path even when it cannot find the target file in the current target path.
+
+If you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target file in the current target path.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not track Shell shortcuts during roaming*
+-   GP name: *LinkResolveIgnoreLinkInfo*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/MaxRecentDocs**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on the Start menu. The Recent Items menu contains shortcuts to the nonprogram files the user has most recently opened.
+
+If you enable this policy setting, the system displays the number of shortcuts specified by the policy setting.
+
+If you disable or do not configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Maximum number of recent documents*
+-   GP name: *MaxRecentDocs*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoBackButton**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Hide the Back button in the Open dialog box. This policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided to developers of Windows programs.
+
+If you enable this policy setting, the Back button is removed from the standard Open dialog box.
+
+If you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog box. To see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open.
+
+> [!NOTE]
+> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this policy setting.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide the common dialog back button*
+-   GP name: *NoBackButton*
+-   GP path: *Windows Components\File Explorer\Common Open File Dialog*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoCDBurning**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.
+
+If you enable this policy setting, all features in the File Explorer that allow you to use your CD writer are removed.
+
+If you disable or do not configure this policy setting, users are able to use the File Explorer CD burning features.
+
+> [!NOTE]
+> This policy setting does not prevent users from using third-party applications to create or modify CDs using a CD writer.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove CD Burning features*
+-   GP name: *NoCDBurning*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoCacheThumbNailPictures**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off caching of thumbnail pictures.
+
+If you enable this policy setting, thumbnail views are not cached.
+
+If you disable or do not configure this policy setting, thumbnail views are cached.
+
+> [!NOTE]
+> For shared corporate workstations or computers where security is a top concern, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off caching of thumbnail pictures*
+-   GP name: *NoCacheThumbNailPictures*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoChangeAnimation**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.
+
+If you enable this policy setting, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled, and cannot be toggled by users.
+
+Effects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to some users.
+
+If you disable or do not configure this policy setting, users are allowed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Control Panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove UI to change menu animation setting*
+-   GP name: *NoChangeAnimation*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.
+
+Effects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove UI to change keyboard navigation indicator setting*
+-   GP name: *NoChangeKeyboardNavigationIndicators*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoDFSTab**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the DFS tab from File Explorer.
+
+If you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the DFS shares available from their computer. This policy setting does not prevent users from using other methods to configure DFS.
+
+If you disable or do not configure this policy setting, the DFS tab is available.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove DFS tab*
+-   GP name: *NoDFSTab*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoDrives**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide these specified drives in My Computer.
+
+This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.
+
+If you enable this policy setting, select a drive or combination of drives in the drop-down list.
+
+> [!NOTE]
+> This policy setting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window. Also, this policy setting does not prevent users from using programs to access these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
+
+If you disable or do not configure this policy setting, all drives are displayed, or select the "Do not restrict drives" option in the drop-down list. Also, see the "Prevent access to drives from My Computer" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide these specified drives in My Computer*
+-   GP name: *NoDrives*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoEntireNetwork**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Network Locations.
+
+If you enable this setting, the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the browser associated with the Map Network Drive option.
+
+This setting does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box.
+
+To remove computers in the user's workgroup or domain from lists of network resources, use the "No Computers Near Me in Network Locations" setting.
+
+> [!NOTE]
+> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *No Entire Network in Network Locations*
+-   GP name: *NoEntireNetwork*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoFileMRU**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the list of most recently used files from the Open dialog box.
+
+If you disable this setting or do not configure it, the "File name" field includes a drop-down list of recently used files. If you enable this setting, the "File name" field is a simple text box. Users must browse directories to find a file or type a file name in the text box.
+
+This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
+
+To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.
+
+> [!NOTE]
+> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide the dropdown list of recent files*
+-   GP name: *NoFileMRU*
+-   GP path: *Windows Components\File Explorer\Common Open File Dialog*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoFileMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the File menu from My Computer and File Explorer.
+
+This setting does not prevent users from using other methods to perform tasks available on the File menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove File menu from File Explorer*
+-   GP name: *NoFileMenu*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoFolderOptions**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer.
+
+Folder Options allows users to change the way files and folders open, what appears in the navigation pane, and other advanced view settings.
+
+If you enable this policy setting, users will receive an error message if they tap or click the Options button or choose the Change folder and search options command, and they will not be able to open Folder Options.
+
+If you disable or do not configure this policy setting, users can open Folder Options from the View tab on the ribbon.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon*
+-   GP name: *NoFolderOptions*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoHardwareTab**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Hardware tab*
+-   GP name: *NoHardwareTab*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoManageMyComputerVerb**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.
+
+The Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools.
+
+This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.
+
+> [!TIP]
+> To hide all context menus, use the "Remove File Explorer's default context menu" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hides the Manage item on the File Explorer context menu*
+-   GP name: *NoManageMyComputerVerb*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoMyComputerSharedDocuments**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.
+
+If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.
+
+If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.
+
+> [!NOTE]
+> The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Professional.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Shared Documents from My Computer*
+-   GP name: *NoMyComputerSharedDocuments*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoNetConnectDisconnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents users from using File Explorer or Network Locations to map or disconnect network drives.
+
+If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons.
+
+This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.
+
+> [!NOTE]
+> This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
+>
+> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove "Map Network Drive" and "Disconnect Network Drive"*
+-   GP name: *NoNetConnectDisconnect*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoNewAppAlert**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:).
+
+If this group policy is enabled, no notifications will be shown. If the group policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not show the 'new application installed' notification*
+-   GP name: *NoNewAppAlert*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoPlacesBar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
+
+To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.
+
+> [!NOTE]
+> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide the common dialog places bar*
+-   GP name: *NoPlacesBar*
+-   GP path: *Windows Components\File Explorer\Common Open File Dialog*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoRecycleFiles**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.
+
+If you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.
+
+If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recyele Bin.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not move deleted files to the Recycle Bin*
+-   GP name: *NoRecycleFiles*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoRunAsInstallPrompt**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents users from submitting alternate logon credentials to install a program.
+
+This setting suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.
+
+Many programs can be installed only by an administrator. If you enable this setting and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.
+
+If you disable this setting or do not configure it, the "Install Program As Other User" dialog box appears whenever users install programs locally on the computer.
+
+By default, users are not prompted for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credentials for network installations" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not request alternate credentials*
+-   GP name: *NoRunAsInstallPrompt*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoSearchInternetTryHarderButton**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer window.
+
+If you disable this policy, there will be an "Internet" "Search again" link when the user performs a search in the Explorer window. This button launches a search in the default browser with the search terms.
+
+If you do not configure this policy (default), there will be an "Internet" link when the user performs a search in the Explorer window.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the Search the Internet "Search again" link*
+-   GP name: *NoSearchInternetTryHarderButton*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoSecurityTab**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the Security tab from File Explorer.
+
+If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question.
+
+If you disable or do not configure this setting, users will be able to access the security tab.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Security tab*
+-   GP name: *NoSecurityTab*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoShellSearchButton**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.
+
+If you disable or do not configure this policy setting, the Search button is available from the File Explorer toolbar.
+
+This policy setting does not affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Search button from File Explorer*
+-   GP name: *NoShellSearchButton*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoStrCmpLogical**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order.
+
+If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).
+
+If you disable or do not configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off numerical sorting in File Explorer*
+-   GP name: *NoStrCmpLogical*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoViewContextMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.
+
+If you enable this setting, menus do not appear when you right-click the desktop or when you right-click the items in File Explorer. This setting does not prevent users from using other methods to issue commands available on the shortcut menus.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove File Explorer's default context menu*
+-   GP name: *NoViewContextMenu*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoViewOnDrive**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents users from using My Computer to gain access to the content of selected drives.
+
+If you enable this setting, users can browse the directory structure of the selected drives in My Computer or File Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.
+
+To use this setting, select a drive or combination of drives from the drop-down list. To allow access to all drive directories, disable this setting or select the "Do not restrict drives" option from the drop-down list.
+
+> [!NOTE]
+> The icons representing the specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a setting prevents the action.
+>
+> Also, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics. Also, see the "Hide these specified drives in My Computer" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent access to drives from My Computer*
+-   GP name: *NoViewOnDrive*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoWindowsHotKeys**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Turn off Windows Key hotkeys. Keyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer.
+
+By using this setting, you can disable these Windows Key hotkeys.
+
+If you enable this setting, the Windows Key hotkeys are unavailable.
+
+If you disable or do not configure this setting, the Windows Key hotkeys are available.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off Windows Key hotkeys*
+-   GP name: *NoWindowsHotKeys*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/NoWorkgroupContents**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File Explorer and Network Locations.
+
+If you enable this policy setting, the system removes the "Computers Near Me" option and the icons representing nearby computers from Network Locations. This policy setting also removes these icons from the Map Network Drive browser.
+
+If you disable or do not configure this policy setting, computers in the user's workgroup and domain appear in lists of network resources in File Explorer and Network Locations.
+
+This policy setting does not prevent users from connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog box or the Map Network Drive dialog box.
+
+To remove network computers from lists of network resources, use the "No Entire Network in Network Locations" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *No Computers Near Me in Network Locations*
+-   GP name: *NoWorkgroupContents*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/PlacesBar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
+
+The valid items you may display in the Places Bar are:
+
+1. Shortcuts to a local folders -- (example: `C:\Windows`)
+2. Shortcuts to remote folders -- (`\\server\share`)
+3. FTP folders
+4. web folders
+5. Common Shell folders.
+
+The list of Common Shell Folders that may be specified:
+
+Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.
+
+If you disable or do not configure this setting the default list of items will be displayed in the Places Bar.
+
+> [!NOTE]
+> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Items displayed in Places Bar*
+-   GP name: *PlacesBar*
+-   GP path: *Windows Components\File Explorer\Common Open File Dialog*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/PromptRunasInstallNetPath**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prompts users for alternate logon credentials during network-based installations.
+
+This setting displays the "Install Program As Other User" dialog box even when a program is being installed from files on a network computer across a local area network connection.
+
+If you disable this setting or do not configure it, this dialog box appears only when users are installing programs from local media.
+
+The "Install Program as Other User" dialog box prompts the current user for the user name and password of an administrator. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.
+
+If the dialog box does not appear, the installation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.
+
+> [!NOTE]
+> If it is enabled, the "Do not request alternate credentials" setting takes precedence over this setting. When that setting is enabled, users are not prompted for alternate logon credentials on any installation.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Request credentials for network installations*
+-   GP name: *PromptRunasInstallNetPath*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/RecycleBinSize**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Limits the percentage of a volume's disk space that can be used to store deleted files.
+
+If you enable this setting, the user has a maximum amount of disk space that may be used for the Recycle Bin on their workstation.
+
+If you disable or do not configure this setting, users can change the total amount of disk space used by the Recycle Bin.
+
+> [!NOTE]
+> This setting is applied to all volumes.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Maximum allowed Recycle Bin size*
+-   GP name: *RecycleBinSize*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
+
+If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.
+
+If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
+
+If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off shell protocol protected mode*
+-   GP name: *ShellProtocolProtectedModeTitle_1*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
+
+If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.
+
+If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
+
+If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off shell protocol protected mode*
+-   GP name: *ShellProtocolProtectedModeTitle_2*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/ShowHibernateOption**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Shows or hides hibernate from the power options menu.
+
+If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).
+
+If you disable this policy setting, the hibernate option will never be shown in the Power Options menu.
+
+If you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power Options Control Panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show hibernate in the power options menu*
+-   GP name: *ShowHibernateOption*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/ShowSleepOption**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. Shows or hides sleep from the power options menu.
+
+If you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).
+
+If you disable this policy setting, the sleep option will never be shown in the Power Options menu.
+
+If you do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show sleep in the power options menu*
+-   GP name: *ShowSleepOption*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/TryHarderPinnedLibrary**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConnector-ms file.
+
+You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
+
+The first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links.
+
+If you enable this policy setting, the specified Libraries or Search Connectors will appear in the "Search again" links and the Start menu links.
+
+If you disable or do not configure this policy setting, no Libraries or Search Connectors will appear in the "Search again" links or the Start menu links.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Pin Libraries or Search Connectors to the "Search again" links and the Start menu*
+-   GP name: *TryHarderPinnedLibrary*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+
+**ADMX_WindowsExplorer/TryHarderPinnedOpenSearch**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.aspx?q={searchTerms}).
+
+You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
+
+The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links.
+
+If you enable this policy setting, the specified Internet sites will appear in the "Search again" links and the Start menu links.
+
+If you disable or do not configure this policy setting, no custom Internet search sites will be added to the "Search again" links or the Start menu links.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Pin Internet search sites to the "Search again" links and the Start menu*
+-   GP name: *TryHarderPinnedOpenSearch*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file

From d0584bde816c72b2ca8b8871c03a9a14673042fd Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 29 Oct 2020 16:34:43 -0700
Subject: [PATCH 066/384] Fixed broken links

---
 .../mdm/policies-in-policy-csp-admx-backed.md | 44 +++++++++----------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 5952cfc7ae..f17aa74561 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -395,28 +395,28 @@ ms.date: 10/08/2020
 - [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
 - [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
 - [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
-- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md.#admx-taskbar-disablenotificationcenter)
-- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md.#admx-taskbar-enablelegacyballoonnotifications)
-- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescahealth)
-- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescanetwork)
-- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescapower)
-- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescavolume)
-- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md.#admx-taskbar-noballoonfeatureadvertisements)
-- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningstoretotaskbar)
-- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningtodestinations)
-- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningtotaskbar)
-- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md.#admx-taskbar-noremotedestinations)
-- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md.#admx-taskbar-nosystraysystempromotion)
-- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-showwindowsstoreappsontaskbar)
-- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarlockall)
-- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoaddremovetoolbar)
-- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnodragtoolbar)
-- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnomultimon)
-- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnonotification)
-- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnopinnedlist)
-- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoredock)
-- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoresize)
-- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnothumbnail)
+- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md#admx-taskbar-disablenotificationcenter)
+- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md#admx-taskbar-enablelegacyballoonnotifications)
+- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md#admx-taskbar-hidescahealth)
+- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md#admx-taskbar-hidescanetwork)
+- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md#admx-taskbar-hidescapower)
+- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md#admx-taskbar-hidescavolume)
+- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md#admx-taskbar-noballoonfeatureadvertisements)
+- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningstoretotaskbar)
+- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtodestinations)
+- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtotaskbar)
+- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-noremotedestinations)
+- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md#admx-taskbar-nosystraysystempromotion)
+- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-showwindowsstoreappsontaskbar)
+- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarlockall)
+- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoaddremovetoolbar)
+- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnodragtoolbar)
+- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnomultimon)
+- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnonotification)
+- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnopinnedlist)
+- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoredock)
+- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoresize)
+- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnothumbnail)
 - [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
 - [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
 - [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)

From ba2c16ee36460ea2f924e223057d772e918dfbcc Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Fri, 30 Oct 2020 14:34:44 -0700
Subject: [PATCH 067/384] Added 20H2 Multitasking policy

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policy-csp-multitasking.md            | 124 ++++++++++++++++++
 2 files changed, 125 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-multitasking.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 8ff993ef33..24ecee31bb 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -275,6 +275,7 @@
 #### [MixedReality](policy-csp-mixedreality.md)
 #### [MSSecurityGuide](policy-csp-mssecurityguide.md)
 #### [MSSLegacy](policy-csp-msslegacy.md)
+#### [Multitasking](policy-csp-multitasking.md)
 #### [NetworkIsolation](policy-csp-networkisolation.md)
 #### [Notifications](policy-csp-notifications.md)
 #### [Power](policy-csp-power.md)
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
new file mode 100644
index 0000000000..88bdb807b7
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -0,0 +1,124 @@
+---
+title: Policy CSP - Multitasking
+description: Policy CSP - Multitasking
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 10/30/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - Multitasking
+
+

+
+
+## Multitasking policies  
+
+

+  

+    Multitasking/BrowserAltTabBlowout
+  

+ 

+
+
+

+
+
+**Multitasking/BrowserAltTabBlowout**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscheck mark9
Enterprisecheck mark9
Educationcheck mark9

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+

+
+
+
+This policy controls the inclusion of Edge tabs into Alt+Tab.
+
+Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the 5 most recent tabs, only the 3 most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior. 
+
+This policy only applies to the Alt+Tab switcher. When the policy is not enabled, the feature respects the user's setting in the Settings app.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure the inclusion of Edge tabs into Alt-Tab*
+-   GP name: *MultiTaskingAltTabFilter*
+-   GP path: *Windows Components/Multitasking*
+-   GP ADMX file name: *Multitasking.admx*
+
+
+
+
+The following list shows the supported values:
+
+- 1 - Open windows and all tabs in Edge.
+- 2 - Open windows and 5 most recent tabs in Edge.
+- 3 - Open windows and 3 most recent tabs in Edge.
+- 4 - Open windows only.
+
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+- 9 - Available in Windows 10, version 20H2.
+
+
+

From 8b72f243d753a686e67bd19d52f4e63112be3040 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 30 Oct 2020 15:10:19 -0700
Subject: [PATCH 068/384] available software

---
 .../tvm-software-inventory.md                 | 27 +++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
index 8ee0bcbe8c..612a08ef5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
@@ -28,7 +28,7 @@ ms.topic: conceptual
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
-The software inventory in threat and vulnerability management is a list of all the software in your organization with known vulnerabilities. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices.
+The software inventory in threat and vulnerability management is a list of known software in your organization with official [Common Platform Enumerations (CPE)](https://nvd.nist.gov/products/cpe). Software products without an official CPE don’t have vulnerabilities published. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices.
 
 ## How it works
 
@@ -70,12 +70,29 @@ You can view software pages a few different ways:
 
     ![Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more.](images/tvm-software-page-example.png)
 
-## Software evidence
+### Software that isn't supported
 
-We now show evidence of where we detected a specific software on a device from the registry, disk or both.
-You can find it on any devices found in the [devices list](machines-view-overview.md) in a section called "Software Evidence."
+Software that isn't currently supported by threat & vulnerability management is still present in the Software inventory page. Because it is not supported, only limited data will be available. Sort by unsupported software with the ‘Not available’ filter option in the Weakness section.
 
-From the Microsoft Defender Security Center navigation panel, go to the **Devices list**. Select the name of a device to open the device page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence.
+The following indicates that a software is not supported:
+
+- Weaknesses field shows "Not available"
+- Exposed devices field shows a dash
+- Informational text added in side panel and in software page
+
+Currently, products without a CPE are not shown in the software inventory page, only in the device level software inventory.
+
+## Software inventory on devices
+
+From the Microsoft Defender Security Center navigation panel, go to the **[Devices list](machines-view-overview.md)**. Select the name of a device to open the device page (like Computer1) > select the **Software inventory** tab to see a list of all the known software present on the device. Select a specific software entry to open the flyout with more information.
+
+Software with no CPE can show up under this device specific software inventory.
+
+### Software evidence
+
+See evidence of where we detected a specific software on a device from the registry, disk, or both.
+
+You can find it on any device in the device software inventory. Select a software name to open the flyout, and look for the section called "Software Evidence."
 
 ![Software evidence example of Windows 10 from the devices list, showing software evidence registry path.](images/tvm-software-evidence.png)
 

From 919234835ea5b192a3a637ff7a240dcfe94591c5 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Fri, 30 Oct 2020 15:10:57 -0700
Subject: [PATCH 069/384] Added 20H2 Experience policy

---
 .../mdm/policy-csp-experience.md              | 71 +++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index d9e072c7c3..4a8fcea215 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -73,6 +73,9 @@ manager: dansimp
   

     Experience/ConfigureWindowsSpotlightOnLockScreen
   

+  

+    Experience/DisableCloudOptimizedContent
+  

   

     Experience/DoNotShowFeedbackNotifications
   

@@ -1153,6 +1156,74 @@ The following list shows the supported values:
 
 
 
+
+**Experience/DisableCloudOptimizedContent**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+This policy setting lets you turn off cloud optimized content in all Windows experiences.
+
+If you enable this policy, Windows experiences that use the cloud optimized content client component will present the default fallback content.
+
+If you disable or do not configure this policy, Windows experiences will be able to use cloud optimized content.
+
+
+
+ADMX Info:  
+-   GP English name: *Turn off cloud optimized content*
+-   GP name: *DisableCloudOptimizedContent*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+
+
+The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+
+
+
 

 
 

From f26c207f819150322da304573c250bdb2da8567b Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 30 Oct 2020 15:17:57 -0700
Subject: [PATCH 070/384] software mages moving

---
 .../tvm-software-inventory.md                 | 38 +++++++++----------
 1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
index 612a08ef5c..377e7ed313 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
@@ -52,24 +52,6 @@ The **Software inventory** page opens with a list of software installed in your
 
 Select the software that you want to investigate. A flyout panel will open with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**.
 
-![Flyout example page of "Visual Studio 2017" from the software inventory page.](images/tvm-software-inventory-flyout500.png)
-
-## Software pages
-
-You can view software pages a few different ways:
-
-- Software inventory page > Select a software name > Select **Open software page** in the flyout
-- [Security recommendations page](tvm-security-recommendation.md) > Select a recommendation > Select **Open software page** in the flyout
-- [Event timeline page](threat-and-vuln-mgt-event-timeline.md) > Select an event > Select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout
-
- A full page will appear with all the details of a specific software and the following information:
-
-- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to your exposure score
-- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices
-- Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the devices that the software is installed on, and the specific versions of the software with the number of devices that have each version installed and number of vulnerabilities.
-
-    ![Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more.](images/tvm-software-page-example.png)
-
 ### Software that isn't supported
 
 Software that isn't currently supported by threat & vulnerability management is still present in the Software inventory page. Because it is not supported, only limited data will be available. Sort by unsupported software with the ‘Not available’ filter option in the Weakness section.
@@ -90,12 +72,28 @@ Software with no CPE can show up under this device specific software inventory.
 
 ### Software evidence
 
-See evidence of where we detected a specific software on a device from the registry, disk, or both.
+See evidence of where we detected a specific software on a device from the registry, disk, or both.You can find it on any device in the device software inventory. 
 
-You can find it on any device in the device software inventory. Select a software name to open the flyout, and look for the section called "Software Evidence."
+Select a software name to open the flyout, and look for the section called "Software Evidence."
 
 ![Software evidence example of Windows 10 from the devices list, showing software evidence registry path.](images/tvm-software-evidence.png)
 
+## Software pages
+
+You can view software pages a few different ways:
+
+- Software inventory page > Select a software name > Select **Open software page** in the flyout
+- [Security recommendations page](tvm-security-recommendation.md) > Select a recommendation > Select **Open software page** in the flyout
+- [Event timeline page](threat-and-vuln-mgt-event-timeline.md) > Select an event > Select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout
+
+ A full page will appear with all the details of a specific software and the following information:
+
+- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to your exposure score
+- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices
+- Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the devices that the software is installed on, and the specific versions of the software with the number of devices that have each version installed and number of vulnerabilities.
+
+    ![Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more.](images/tvm-software-page-example.png)
+
 ## Report inaccuracy
 
 Report a false positive when you see any vague, inaccurate, or incomplete information. You can also report on security recommendations that have already been remediated.

From f4718e6112bf3e57d01737d7c734a8290aeae218 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Fri, 30 Oct 2020 15:36:04 -0700
Subject: [PATCH 071/384] Minor update

---
 windows/client-management/mdm/policy-csp-experience.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 4a8fcea215..9eb1843b21 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1202,9 +1202,9 @@ The following list shows the supported values:
 
 This policy setting lets you turn off cloud optimized content in all Windows experiences.
 
-If you enable this policy, Windows experiences that use the cloud optimized content client component will present the default fallback content.
+If you enable this policy setting, Windows experiences that use the cloud optimized content client component will present the default fallback content.
 
-If you disable or do not configure this policy, Windows experiences will be able to use cloud optimized content.
+If you disable or do not configure this policy setting, Windows experiences will be able to use cloud optimized content.
 
 
 
@@ -1571,6 +1571,7 @@ Footnotes:
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
+- 9 - Available in Windows 10, version 20H2.
 
 
 

From 62287b93c6a6ce65b9abc31f2af2627948cbc2d5 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 1 Nov 2020 13:38:51 +0500
Subject: [PATCH 072/384] Update vpn-profile-options.md

---
 windows/security/identity-protection/vpn/vpn-profile-options.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 19df534358..29b5df1daf 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -316,7 +316,7 @@ After you configure the settings that you want using ProfileXML, you can apply i
 
 ## Learn more
 
-- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
+- [Create VPN profiles to connect to VPN servers in Intune](https://docs.microsoft.com/mem/intune/configuration/vpn-settings-configure)
 - [VPNv2 configuration service provider (CSP) reference](https://go.microsoft.com/fwlink/p/?LinkId=617588)
 - [How to Create VPN Profiles in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=618028)
 

From 1e69c7028e37db0dc28862181eff35f188e0faf6 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Mon, 2 Nov 2020 16:23:10 +0530
Subject: [PATCH 073/384] Updated-4567381-batch5

Rebranding update
---
 .../enable-network-protection.md              |  2 +-
 .../enable-siem-integration.md                | 22 ++---
 ...endpoint-detection-response-mac-preview.md |  8 +-
 .../microsoft-defender-atp/evaluate-atp.md    | 10 +-
 .../evaluate-attack-surface-reduction.md      |  4 +-
 .../evaluate-controlled-folder-access.md      |  6 +-
 .../evaluate-exploit-protection.md            |  2 +-
 .../evaluate-network-protection.md            |  2 +-
 .../microsoft-defender-atp/evaluation-lab.md  | 28 +++---
 .../event-error-codes.md                      | 92 +++++++++----------
 .../microsoft-defender-atp/event-views.md     |  4 +-
 .../exploit-protection-reference.md           | 26 +++---
 .../exploit-protection.md                     |  8 +-
 .../exposed-apis-create-app-nativeapp.md      | 30 +++---
 .../exposed-apis-create-app-partners.md       | 28 +++---
 .../exposed-apis-create-app-webapp.md         | 30 +++---
 .../exposed-apis-full-sample-powershell.md    | 12 +--
 .../exposed-apis-list.md                      |  8 +-
 .../exposed-apis-odata-samples.md             |  4 +-
 .../feedback-loop-blocking.md                 | 12 +--
 .../fetch-alerts-mssp.md                      |  8 +-
 .../microsoft-defender-atp/files.md           |  8 +-
 .../find-machine-info-by-ip.md                |  4 +-
 .../find-machines-by-ip.md                    |  6 +-
 .../fix-unhealthy-sensors.md                  | 20 ++--
 25 files changed, 191 insertions(+), 193 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
index 76fd837692..9ea6caec2a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to view which apps would be blocked before you enable it.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
index c53ee2581c..b14645197d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
@@ -17,23 +17,23 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Enable SIEM integration in Microsoft Defender ATP
+# Enable SIEM integration in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) 
 
 Enable security information and event management (SIEM) integration so you can pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API.
 
 >[!NOTE]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
->- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
+>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
+>- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
+>- The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 ## Prerequisites
 - The user who activates the setting must have permissions to create an app in Azure Active Directory (AAD). This is someone with the following roles: Security Administrator and either Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
@@ -71,15 +71,15 @@ Enable security information and event management (SIEM) integration so you can p
    > [!NOTE]
    > You'll need to generate a new Refresh token every 90 days. 
 
-6. Follow the instructions for [creating an Azure AD app registration for Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp) and assign the correct permissions to it to read alerts.
+6. Follow the instructions for [creating an Azure AD app registration for Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp) and assign the correct permissions to it to read alerts.
 
 You can now proceed with configuring your SIEM solution or connecting to the detections REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive detections from Microsoft Defender Security Center.
 
-## Integrate Microsoft Defender ATP with IBM QRadar 
+## Integrate Microsoft Defender for Endpoint with IBM QRadar 
 You can configure IBM QRadar to collect detections from Microsoft Defender ATP. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
 
 ## Related topics
-- [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-- [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
-- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
+- [Configure HP ArcSight to pull Microsoft Defender for Endpoint detections](configure-arcsight.md)
+- [Microsoft Defender for Endpoint Detection fields](api-portal-mapping.md)
+- [Pull Microsoft Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md)
 - [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 4d724bc3ca..8b26cb11a8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -19,15 +19,15 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Enable Microsoft Defender ATP Insider Device
+# Enable Microsoft Defender for Endpoint Insider Device
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+Endpoint detection and response capabilities in Defender for Endpoint for Mac are now in preview. To get these and other preview features, you must set up your Mac device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
->Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
+>Make sure you have enabled [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf
 
@@ -148,7 +148,7 @@ For versions earlier than 100.78.0, run:
 
 ### Verify you are running the correct version
 
-To get the latest version of the Microsoft Defender ATP for Mac, set the Microsoft AutoUpdate to “Fast Ring”. To get “Microsoft AutoUpdate”, download it from [Release history for Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/officeupdates/release-history-microsoft-autoupdate).
+To get the latest version of the Microsoft Defender for Endpoint  for Mac, set the Microsoft AutoUpdate to “Fast Ring”. To get “Microsoft AutoUpdate”, download it from [Release history for Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/officeupdates/release-history-microsoft-autoupdate).
 
 To verify you are running the correct version, run ‘mdatp --health’ on the device.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
index 49d937c1ed..cbc48ae6b4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
@@ -18,16 +18,16 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Evaluate Microsoft Defender ATP 
+# Evaluate Microsoft Defender for Endpoint 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
+[Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
 
-You can evaluate Microsoft Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
+You can evaluate Microsoft Defender for Endpoint in your organization by [starting your free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
 
-You can also evaluate the different security capabilities in Microsoft Defender ATP by using the following instructions.
+You can also evaluate the different security capabilities in Microsoft Defender for Endpoint by using the following instructions.
 
 ## Evaluate attack surface reduction
 
@@ -48,4 +48,4 @@ Next gen protections help detect and block the latest threats.
 
 ## See Also
 
-[Microsoft Defender Advanced Threat Protection overview](microsoft-defender-advanced-threat-protection.md)
+[Microsoft Defender for Endpoint overview](microsoft-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
index ad4b38e29a..4fdbaae9b9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Attack surface reduction rules help prevent actions typically used by malware to compromise devices or networks. Set attack surface reduction rules for devices running any of the following editions and versions of Windows:
 
@@ -33,7 +33,7 @@ Attack surface reduction rules help prevent actions typically used by malware to
 Learn how to evaluate attack surface reduction rules by enabling audit mode to test the feature directly in your organization.
 
 > [!TIP]
-> You can also visit the Microsoft Defender ATP demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+> You can also visit the Microsoft Defender for Endpoint demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
 ## Use audit mode to measure impact
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
index 4493d69e8f..3a863de936 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Controlled folder access](controlled-folders.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.
 
@@ -30,7 +30,7 @@ It is especially useful in helping protect against [ransomware](https://www.micr
 This article helps you evaluate controlled folder access. It explains how to enable audit mode so you can test the feature directly in your organization.
 
 > [!TIP]
-> You can also visit the Microsoft Defender ATP demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+> You can also visit the Microsoft Defender for Endpoint demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
 ## Use audit mode to measure impact
 
@@ -68,5 +68,5 @@ See [Protect important folders with controlled folder access](controlled-folders
 ## See also
 
 * [Protect important folders with controlled folder access](controlled-folders.md)
-* [Evaluate Microsoft Defender ATP]../(microsoft-defender-atp/evaluate-atp.md)
+* [Evaluate Microsoft Defender for Endpoint]../(microsoft-defender-atp/evaluate-atp.md)
 * [Use audit mode](audit-windows-defender.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
index caf0665673..fa425e0332 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
@@ -23,7 +23,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices. Mitigation can be applied to either the operating system or to an individual app. Many of the features that were part of the Enhanced Mitigation Experience Toolkit (EMET) are included in exploit protection. (The EMET has reached its end of support.)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
index 2dad3dd570..671f1a5aa3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Network protection](network-protection.md) helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
index 8354be2047..c16a827f73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
@@ -18,33 +18,33 @@ ms.collection:
 ms.topic: article
 ---
 
-# Microsoft Defender ATP evaluation lab
+# Microsoft Defender for Endpoint evaluation lab
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and device configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation.
 
-The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can  focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
+The Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can  focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUM]
 
-With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Microsoft Defender ATP performs. 
+With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Defender for Endpoint performs. 
 
-You'll have full access to the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers. 
+You'll have full access to the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Defender for Endpoint offers. 
 
 You can add Windows 10 or Windows Server 2019 devices that come pre-configured to have the latest OS versions and the right security components in place as well as Office 2019 Standard installed.
 
-You can also install threat simulators. Microsoft Defender ATP has partnered with industry leading threat simulation platforms to help you test out the Microsoft Defender ATP capabilities without having to leave the portal.
+You can also install threat simulators. Defender for Endpoint has partnered with industry leading threat simulation platforms to help you test out the Defender for Endpoint capabilities without having to leave the portal.
 
  Install your preferred simulator, run scenarios within the evaluation lab, and instantly see how the platform performs - all conveniently available at no extra cost to you. You'll also have convenient access to wide array of simulations which you can access and run from the simulations catalog.
     
 
 ## Before you begin
-You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Microsoft Defender ATP to access the evaluation lab.
+You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Defender for Endpoint to access the evaluation lab.
 
 You must have **Manage security settings** permissions to:
 - Create the lab
@@ -59,7 +59,7 @@ For more information, see [Create and manage roles](user-roles.md).
 
 
 
-Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
+Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
 
 
 ## Get started with the lab
@@ -103,12 +103,12 @@ After the lab setup process is complete, you can add devices and run simulations
 
 
 ## Add devices
-When you add a device to your environment, Microsoft Defender ATP sets up a well-configured device with connection details. You can add Windows 10 or Windows Server 2019 devices.
+When you add a device to your environment, Defender for Endpoint sets up a well-configured device with connection details. You can add Windows 10 or Windows Server 2019 devices.
 
 The device will be configured with the most up-to-date version of the OS and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals. 
 
    >[!TIP]
-   > Need more devices in your lab? Submit a support ticket to have your request reviewed by the Microsoft Defender ATP team. 
+   > Need more devices in your lab? Submit a support ticket to have your request reviewed by the Defender for Endpoint team. 
 
 If you chose to add a threat simulator during the lab setup, all devices will have the threat simulator agent installed in the devices that you add.
 
@@ -172,7 +172,7 @@ You can simulate attack scenarios using:
 You can also use [Advanced hunting](advanced-hunting-query-language.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats.
 
 ### Do-it-yourself attack scenarios
-If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience.
+If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Defender for Endpoint capabilities and walk you through investigation experience.
 
 
 >[!NOTE]
@@ -202,7 +202,7 @@ If you are looking for a pre-made simulation, you can use our ["Do It Yourself"
 If you chose to install any of the supported threat simulators during the lab setup, you can run the built-in simulations on the evaluation lab devices. 
 
 
-Running threat simulations using third-party platforms is a good way to evaluate Microsoft Defender ATP capabilities within the confines of a lab environment.
+Running threat simulations using third-party platforms is a good way to evaluate Defender for Endpoint capabilities within the confines of a lab environment.
 
 >[!NOTE]
 >Before you can run simulations, ensure the following requirements are met:
@@ -229,13 +229,13 @@ Running threat simulations using third-party platforms is a good way to evaluate
 
     ![Image of simulations tab](images/simulations-tab.png)
     
-After running your simulations, we encourage you to walk through the lab progress bar and explore Microsoft Defender ATP features. See if the attack simulations you ran triggered an automated investigation and remediation, check out the evidence collected and analyzed by the feature.
+After running your simulations, we encourage you to walk through the lab progress bar and explore Defender for Endpoint triggered an automated investigation and remediation, check out the evidence collected and analyzed by the feature.
 
 Hunt for attack evidence through advanced hunting by using the rich query language and raw telemetry and check out some world-wide threats documented in Threat analytics.
 
 
 ## Simulation gallery
-Microsoft Defender ATP has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal. 
+Defender for Endpoint has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal. 
 
 View all the available simulations by going to  **Simulations and tutorials** > **Simulations catalog**  from the menu. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
index 18f64aec7c..b9b993006e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
@@ -28,15 +28,13 @@ ms.date: 05/21/2018
 
 - Event Viewer
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
-
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual devices.
 
 For example, if devices are not appearing in the **Devices list**, you might need to look for event IDs on the devices. You can then use this table to determine further troubleshooting steps.
 
-**Open Event Viewer and find the Microsoft Defender ATP service event log:**
+**Open Event Viewer and find the Microsoft Defender for Endpoint service event log:**
 
 1. Click **Start** on the Windows menu, type **Event Viewer**, and press **Enter**.
 
@@ -46,7 +44,7 @@ For example, if devices are not appearing in the **Devices list**, you might nee
    a.  You can also access the log by expanding **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE** and click on **Operational**.
 
    > [!NOTE]
-   > SENSE is the internal name used to refer to the behavioral sensor that powers Microsoft Defender ATP.
+   > SENSE is the internal name used to refer to the behavioral sensor that powers Microsoft Defender for Endpoint.
 
 3. Events recorded by the service will appear in the log. See the following table for a list of events recorded by the service.
 
@@ -60,39 +58,39 @@ For example, if devices are not appearing in the **Devices list**, you might nee
 
 
 1
-Microsoft Defender Advanced Threat Protection service started (Version variable).
+Defender for Endpoint service started (Version variable).
 Occurs during system start up, shut down, and during onbboarding.
 Normal operating notification; no action required.
 
 
 2
-Microsoft Defender Advanced Threat Protection service shutdown.
+Defender for Endpoint service shutdown.
 Occurs when the device is shut down or offboarded.
 Normal operating notification; no action required.
 
 
 3
-Microsoft Defender Advanced Threat Protection service failed to start. Failure code: variable.
+Defender for Endpoint service failed to start. Failure code: variable.
 Service did not start.
 Review other messages to determine possible cause and troubleshooting steps.
 
 
 4
-Microsoft Defender Advanced Threat Protection service contacted the server at variable.
-Variable = URL of the Microsoft Defender ATP processing servers.

+Defender for Endpoint service contacted the server at variable.
+Variable = URL of the Defender for Endpoint processing servers.

 This URL will match that seen in the Firewall or network activity.
 Normal operating notification; no action required.
 
 
 5
-Microsoft Defender Advanced Threat Protection service failed to connect to the server at variable.
-Variable = URL of the Microsoft Defender ATP processing servers.

+Defender for Endpoint service failed to connect to the server at variable.
+Variable = URL of the Defender for Endpoint processing servers.

 The service could not contact the external processing servers at that URL.
 Check the connection to the URL. See Configure proxy and Internet connectivity.
 
 
 6
-Microsoft Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found.
+Defender for Endpoint service is not onboarded and no onboarding parameters were found.
 The device did not onboard correctly and will not be reporting to the portal.
 Onboarding must be run before starting the service.

 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -100,14 +98,14 @@ See Onboard Windows 10 devices.
 
 
 8
-Microsoft Defender Advanced Threat Protection service failed to clean its configuration. Failure code: variable.
+Defender for Endpoint service failed to clean its configuration. Failure code: variable.
 During onboarding: The service failed to clean its configuration during the onboarding. The onboarding process continues. 

 During offboarding: The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
  
 Onboarding: No action required. 

 Offboarding: Reboot the system.

@@ -115,47 +113,47 @@ See Onboard Windows 10 devices.
 
 
 10
-Microsoft Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable.
+Defender for Endpoint service failed to persist the onboarding information. Failure code: variable.
 The device did not onboard correctly and will not be reporting to the portal.
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

 See Onboard Windows 10 devices.
 
 
 11
-Onboarding or re-onboarding of Microsoft Defender Advanced Threat Protection service completed.
+Onboarding or re-onboarding of Defender for Endpoint service completed.
 The device onboarded correctly.
 Normal operating notification; no action required.

 It may take several hours for the device to appear in the portal.
 
 
 12
-Microsoft Defender Advanced Threat Protection failed to apply the default configuration.
+Defender for Endpoint failed to apply the default configuration.
 Service was unable to apply the default configuration.
 This error should resolve after a short period of time.
 
 
 13
-Microsoft Defender Advanced Threat Protection device ID calculated: variable.
+Defender for Endpoint device ID calculated: variable.
 Normal operating process.
 Normal operating notification; no action required.
 
 
 15
-Microsoft Defender Advanced Threat Protection cannot start command channel with URL: variable.
-Variable = URL of the Microsoft Defender ATP processing servers.

+Defender for Endpoint cannot start command channel with URL: variable.
+Variable = URL of the Defender for Endpoint processing servers.

 The service could not contact the external processing servers at that URL.
 Check the connection to the URL. See Configure proxy and Internet connectivity.
 
 
 17
-Microsoft Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable.
+Defender for Endpoint service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable.
 An error occurred with the Windows telemetry service.
 Ensure the diagnostic data service is enabled.

 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -182,7 +180,7 @@ If this error persists after a system restart, ensure all Windows updates have f
 
 
 25
-Microsoft Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: variable.
+Defender for Endpoint service failed to reset health status in the registry. Failure code: variable.
 The device did not onboard correctly.
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -190,7 +188,7 @@ See Onboard Windows 10 devices.

 Ensure real-time antimalware protection is running properly.
 
 
 28
-Microsoft Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: variable.
+Microsoft Defender for Endpoint Connected User Experiences and Telemetry service registration failed. Failure code: variable.
 An error occurred with the Windows telemetry service.
 Ensure the diagnostic data service is enabled.

 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -220,34 +218,34 @@ See Onboard Windows 10 devices

 Ensure real-time antimalware protection is running properly.
 
 
 31
-Microsoft Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: variable.
+Defender for Endpoint Connected User Experiences and Telemetry service unregistration failed. Failure code: variable.
 An error occurred with the Windows telemetry service during onboarding. The offboarding process continues.
 Check for errors with the Windows telemetry service.
 
 
 32
-Microsoft Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1
+Defender for Endpoint service failed to request to stop itself after offboarding process. Failure code: %1
 An error occurred during offboarding.
 Reboot the device.
 
 
 33
-Microsoft Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: variable.
+Defender for Endpoint service failed to persist SENSE GUID. Failure code: variable.
 A unique identifier is used to represent each device that is reporting to the portal.

 If the identifier does not persist, the same device might appear twice in the portal.
 Check registry permissions on the device to ensure the service can update the registry.
 
 
 34
-Microsoft Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: variable.
+Defender for Endpoint service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: variable.
 An error occurred with the Windows telemetry service.
 Ensure the diagnostic data service is enabled.

 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -255,62 +253,62 @@ See  [!TIP]
 > You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
-Exploit protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Exploit protection works best with [Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 You can [enable exploit protection](enable-exploit-protection.md) on an individual device, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once.
 
@@ -49,9 +49,9 @@ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](http
 
 ## Review exploit protection events in the Microsoft Security Center
 
-Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
+Defender for Endpoint provides detailed reporting into events and blocks as part of its alert investigation scenarios.
 
-You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how exploit protection settings could affect your environment.
+You can query Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how exploit protection settings could affect your environment.
 
 Here is an example query:
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index 20194e3e9e..27fe46dc69 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -17,33 +17,33 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Use Microsoft Defender ATP APIs
+# Use Microsoft Defender for Endpoint APIs
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-This page describes how to create an application to get programmatic access to Microsoft Defender ATP on behalf of a user.
+This page describes how to create an application to get programmatic access to Defender for Endpoint on behalf of a user.
 
-If you need programmatic access Microsoft Defender ATP without a user, refer to [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md).
+If you need programmatic access Defender for Endpoint without a user, refer to [Access Defender for Endpoint with application context](exposed-apis-create-app-webapp.md).
 
 If you are not sure which access you need, read the [Introduction page](apis-intro.md).
 
-Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application
 - Get an access token using this application
-- Use the token to access Microsoft Defender ATP API
+- Use the token to access Defender for Endpoint API
 
-This page explains how to create an AAD application, get an access token to Microsoft Defender ATP and validate the token.
+This page explains how to create an AAD application, get an access token to Defender for Endpoint and validate the token.
 
 >[!NOTE]
-> When accessing Microsoft Defender ATP API on behalf of a user, you will need the correct Application permission and user permission.
-> If you are not familiar with user permissions on Microsoft Defender ATP, see [Manage portal access using role-based access control](rbac.md).
+> When accessing Defender for Endpoint API on behalf of a user, you will need the correct Application permission and user permission.
+> If you are not familiar with user permissions on Defender for Endpoint, see [Manage portal access using role-based access control](rbac.md).
 
 >[!TIP]
 > If you have the permission to perform an action in the portal, you have the permission to perform the action in the API.
@@ -63,7 +63,7 @@ This page explains how to create an AAD application, get an access token to Micr
    - **Name:** -Your application name-
    - **Application type:** Public client
 
-4. Allow your Application to access Microsoft Defender ATP and assign it 'Read alerts' permission:
+4. Allow your Application to access Defender for Endpoint and assign it 'Read alerts' permission:
 
     - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**.
 
@@ -152,9 +152,9 @@ Sanity check to make sure you got a correct token:
 
 ![Image of token validation](images/nativeapp-decoded-token.png)
 
-## Use the token to access Microsoft Defender ATP API
+## Use the token to access Microsoft Defender for Endpoint API
 
-- Choose the API you want to use - [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
+- Choose the API you want to use - [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
 - Set the Authorization header in the HTTP request you send to "Bearer {token}" (Bearer is the Authorization scheme)
 - The Expiration time of the token is 1 hour (you can send more then one request with the same token)
 
@@ -173,5 +173,5 @@ Sanity check to make sure you got a correct token:
     ```
 
 ## Related topics
-- [Microsoft Defender ATP APIs](exposed-apis-list.md)
-- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
+- [Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
+- [Access Defender for Endpoint with application context](exposed-apis-create-app-webapp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
index 6e860b794b..0eb0aa16b4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
@@ -17,26 +17,26 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Partner access through Microsoft Defender ATP APIs
+# Partner access through Microsoft Defender for Endpoint APIs
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-This page describes how to create an AAD application to get programmatic access to Microsoft Defender ATP on behalf of your customers.
+This page describes how to create an AAD application to get programmatic access to Defender for Endpoint on behalf of your customers.
 
-Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create a **multi-tenant** AAD application.
-- Get authorized(consent) by your customer administrator for your application to access Microsoft Defender ATP resources it needs.
+- Get authorized(consent) by your customer administrator for your application to access Defender for Endpoint resources it needs.
 - Get an access token using this application.
 - Use the token to access Microsoft Defender ATP API.
 
-The following steps with guide you how to create an AAD application, get an access token to Microsoft Defender ATP and validate the token.
+The following steps with guide you how to create an AAD application, get an access token to Microsoft Defender for Endpoint and validate the token.
 
 ## Create the multi-tenant app
 
@@ -57,7 +57,7 @@ The following steps with guide you how to create an AAD application, get an acce
 	![Image of Microsoft Azure partner application registration](images/atp-api-new-app-partner.png)
 
 
-4. Allow your Application to access Microsoft Defender ATP and assign it with the minimal set of permissions required to complete the integration.
+4. Allow your Application to access Microsoft Defender for Endpoint and assign it with the minimal set of permissions required to complete the integration.
 
    - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**.
 
@@ -102,7 +102,7 @@ The following steps with guide you how to create an AAD application, get an acce
 
 8. Add the application to your customer's tenant.
 
-    You need your application to be approved in each customer tenant where you intend to use it. This is because your application interacts with Microsoft Defender ATP application on behalf of your customer.
+    You need your application to be approved in each customer tenant where you intend to use it. This is because your application interacts with Microsoft Defender for Endpoint application on behalf of your customer.
 
     A user with **Global Administrator** from your customer's tenant need to click the consent link and approve your application.
 
@@ -194,7 +194,7 @@ Refer to [Get token using Python](run-advanced-query-sample-python.md#get-token)
 - Open a command window
 - Set CLIENT_ID to your Azure application ID
 - Set CLIENT_SECRET to your Azure application secret
-- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access Microsoft Defender ATP application
+- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access Microsoft Defender for Endpoint application
 - Run the below command:
 
 ```
@@ -217,9 +217,9 @@ Sanity check to make sure you got a correct token:
 
 ![Image of token validation](images/webapp-decoded-token.png)
 
-## Use the token to access Microsoft Defender ATP API
+## Use the token to access Microsoft Defender for Endpoint API
 
-- Choose the API you want to use, for more information, see [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
+- Choose the API you want to use, for more information, see [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
 - Set the Authorization header in the Http request you send to "Bearer {token}" (Bearer is the Authorization scheme)
 - The Expiration time of the token is 1 hour (you can send more then one request with the same token)
 
@@ -237,5 +237,5 @@ Sanity check to make sure you got a correct token:
     ```
 
 ## Related topics
-- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
-- [Access Microsoft Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
+- [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
+- [Access Microsoft Defender for Endpoint on behalf of a user](exposed-apis-create-app-nativeapp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
index 2f0c92ed8d..b71d2bfaa6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@@ -17,25 +17,25 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Create an app to access Microsoft Defender ATP without a user
+# Create an app to access Microsoft Defender for Endpoint without a user
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-This page describes how to create an application to get programmatic access to Microsoft Defender ATP without a user. If you need programmatic access to Microsoft Defender ATP on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md). If you are not sure which access you need, see [Get started](apis-intro.md).
+This page describes how to create an application to get programmatic access to Defender for Endpoint without a user. If you need programmatic access to Defender for Endpoint on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md). If you are not sure which access you need, see [Get started](apis-intro.md).
 
-Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an Azure Active Directory (Azure AD) application.
 - Get an access token using this application.
-- Use the token to access Microsoft Defender ATP API.
+- Use the token to access Defender for Endpoint API.
 
-This article explains how to create an Azure AD application, get an access token to Microsoft Defender ATP, and validate the token.
+This article explains how to create an Azure AD application, get an access token to Defender for Endpoint, and validate the token.
 
 ## Create an app
 
@@ -47,7 +47,7 @@ This article explains how to create an Azure AD application, get an access token
 
 3. In the registration form, choose a name for your application, and then select **Register**.
 
-4. To enable your app to access Microsoft Defender ATP and assign it **'Read all alerts'** permission, on your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** >, type **WindowsDefenderATP**, and then select **WindowsDefenderATP**.
+4. To enable your app to access Defender for Endpoint and assign it **'Read all alerts'** permission, on your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** >, type **WindowsDefenderATP**, and then select **WindowsDefenderATP**.
 
    > [!NOTE]
    > WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
@@ -82,13 +82,13 @@ This article explains how to create an Azure AD application, get an access token
 
    ![Image of created app id](images/app-and-tenant-ids.png)
 
-8. **For Microsoft Defender ATP Partners only**. Set your app to be multi-tenanted (available in all tenants after consent). This is **required** for third-party apps (for example, if you create an app that is intended to run in multiple customers' tenant). This is **not required** if you create a service that you want to run in your tenant only (for example, if you create an application for your own usage that will only interact with your own data). To set your app to be multi-tenanted:
+8. **For Defender for Endpoint Partners only**. Set your app to be multi-tenanted (available in all tenants after consent). This is **required** for third-party apps (for example, if you create an app that is intended to run in multiple customers' tenant). This is **not required** if you create a service that you want to run in your tenant only (for example, if you create an application for your own usage that will only interact with your own data). To set your app to be multi-tenanted:
 
     - Go to **Authentication**, and add https://portal.azure.com as the **Redirect URI**.
 
     - On the bottom of the page, under **Supported account types**, select the **Accounts in any organizational directory** application consent for your multi-tenant app.
 
-    You need your application to be approved in each tenant where you intend to use it. This is because your application interacts Microsoft Defender ATP on behalf of your customer.
+    You need your application to be approved in each tenant where you intend to use it. This is because your application interacts Defender for Endpoint on behalf of your customer.
 
     You (or your customer if you are writing a third-party app) need to select the consent link and approve your app. The consent should be done with a user who has administrative privileges in Active Directory.
 
@@ -171,7 +171,7 @@ See [Get token using Python](run-advanced-query-sample-python.md#get-token).
 
 1. Open a command prompt, and set CLIENT_ID to your Azure application ID.
 1. Set CLIENT_SECRET to your Azure application secret.
-1. Set TENANT_ID to the Azure tenant ID of the customer that wants to use your app to access Microsoft Defender ATP.
+1. Set TENANT_ID to the Azure tenant ID of the customer that wants to use your app to access Defender for Endpoint.
 1. Run the following command:
 
 ```
@@ -194,9 +194,9 @@ Ensure that you got the correct token:
 
 ![Image of token validation](images/webapp-decoded-token.png)
 
-## Use the token to access Microsoft Defender ATP API
+## Use the token to access Defender for Endpoint API
 
-1. Choose the API you want to use. For more information, see [Supported Microsoft Defender ATP APIs](exposed-apis-list.md).
+1. Choose the API you want to use. For more information, see [Supported Defender for Endpoint APIs](exposed-apis-list.md).
 1. Set the authorization header in the http request you send to "Bearer {token}" (Bearer is the authorization scheme).
 1. The expiration time of the token is one hour. You can send more then one request with the same token.
 
@@ -214,5 +214,5 @@ The following is an example of sending a request to get a list of alerts **using
     ```
 
 ## Related topics
-- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
-- [Access Microsoft Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
+- [Supported Defender for Endpoint APIs](exposed-apis-list.md)
+- [Access Defender for Endpoint on behalf of a user](exposed-apis-create-app-nativeapp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
index bdb9fddc2c..6c3bd1ee50 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
@@ -18,19 +18,19 @@ ms.topic: article
 ms.date: 09/24/2018
 ---
 
-# Microsoft Defender ATP APIs using PowerShell
+# Microsoft Defender for Endpoint APIs using PowerShell
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Full scenario using multiple APIs from Microsoft Defender ATP.
+Full scenario using multiple APIs from Defender for Endpoint.
 
 In this section we share PowerShell samples to 
 - Retrieve a token 
-- Use token to retrieve the latest alerts in Microsoft Defender ATP
+- Use token to retrieve the latest alerts in Defender for Endpoint
 - For each alert, if the alert has medium or high priority and is still in progress, check how many times the device has connected to suspicious URL.
 
 **Prerequisite**: You first need to [create an app](apis-intro.md).
@@ -50,7 +50,7 @@ For more details, refer to [PowerShell documentation](https://docs.microsoft.com
 Run the below:
 
 - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
+- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Defender for Endpoint)
 - $appSecret: Secret of your AAD app
 - $suspiciousUrl: The URL
 
@@ -117,6 +117,6 @@ $response
 
 
 ## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using Python](run-advanced-query-sample-python.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
index a226699cda..878180dc45 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Supported Microsoft Defender ATP APIs
+# Supported Microsoft Defender for Endpoint APIs
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 ## End Point URI and Versioning
 
@@ -66,4 +66,4 @@ Vulnerability | Run API calls such as list devices by vulnerability.
 Recommendation | Run API calls such as Get recommendation by Id.
 
 ## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index 3cbeec8462..9bf1f16482 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# OData queries with Microsoft Defender ATP
+# OData queries with Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
index e65d2379cd..f8a0036aa3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
@@ -25,11 +25,11 @@ ms.collection:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Overview
 
-Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices across your organization are better protected from attacks. 
+Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices across your organization are better protected from attacks. 
 
 ## How feedback-loop blocking works
 
@@ -40,11 +40,11 @@ With rapid protection in place, an attack can be stopped on a device, other devi
 
 ## Configuring feedback-loop blocking
 
-If your organization is using Microsoft Defender ATP, feedback-loop blocking is enabled by default. However, rapid protection occurs through a combination of Microsoft Defender ATP capabilities, machine learning protection features, and signal-sharing across Microsoft security services. Make sure the following features and capabilities of Microsoft Defender ATP are enabled and configured:
+If your organization is using Defender for Endpoint, feedback-loop blocking is enabled by default. However, rapid protection occurs through a combination of Defender for Endpoint capabilities, machine learning protection features, and signal-sharing across Microsoft security services. Make sure the following features and capabilities of Defender for Endpoint are enabled and configured:
 
-- [Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
+- [Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
 
-- [Devices onboarded to Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
+- [Devices onboarded to Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
 
 - [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode)
 
@@ -58,4 +58,4 @@ If your organization is using Microsoft Defender ATP, feedback-loop blocking is
 
 - [(Blog) Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection/)
 
-- [Helpful Microsoft Defender ATP resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)
+- [Helpful Microsoft Defender for Endpoint resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md b/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
index 8d265f32ed..3838221082 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 >[!NOTE]
@@ -52,7 +52,7 @@ Step 3: allow your application on Microsoft Defender Security Center
 
 ### Step 1: Create an application in Azure Active Directory (Azure AD)
  
-You'll need to create an application and grant it permissions to fetch alerts from your customer's Microsoft Defender ATP tenant.
+You'll need to create an application and grant it permissions to fetch alerts from your customer's Defender for Endpoint tenant.
  
 
 1. Sign in to the [Azure AD portal](https://aad.portal.azure.com/).
@@ -182,7 +182,7 @@ You'll need to have **Manage portal system settings** permission to allow the ap
 5. Click **Authorize application**. 
 
  
-You can now download the relevant configuration file for your SIEM and connect to the Microsoft Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md).
+You can now download the relevant configuration file for your SIEM and connect to the Defender for Endpoint API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md).
  
 
 - In the ArcSight configuration file / Splunk Authentication Properties file ? you will have to write your application key manually by settings the secret value.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md
index 69f2d43120..73860bca59 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/files.md
@@ -21,11 +21,11 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-Represent a file entity in Microsoft Defender ATP.
+Represent a file entity in Defender for Endpoint.
 
 ## Methods
 Method|Return Type |Description
@@ -52,7 +52,7 @@ fileProductName | String | Product name.
 signer | String | File signer.
 issuer | String | File issuer.
 signerHash | String | Hash of the signing certificate.
-isValidCertificate | Boolean | Was signing certificate successfully verified by  Microsoft Defender ATP agent.
+isValidCertificate | Boolean | Was signing certificate successfully verified by Defender for Endpoint agent.
 determinationType | String | The determination type of the file.
 determinationValue | String | Determination value.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
index e7ecb972a1..0d640fa36f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Find a device by internal IP.
 
@@ -31,7 +31,7 @@ Find a device by internal IP.
 >The timestamp must be within the last 30 days.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type | Permission | Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
index 86fc568017..f3c00acd57 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
@@ -36,7 +36,7 @@ Find [Machines](machine.md) seen with the requested internal IP in the time rang
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index 83511489cb..30dff867d7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -18,7 +18,7 @@ ms.topic: article
 ms.date: 10/23/2017
 ---
 
-# Fix unhealthy sensors in Microsoft Defender ATP
+# Fix unhealthy sensors in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -26,11 +26,11 @@ ms.date: 10/23/2017
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
 
 Devices that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a device to be categorized as inactive or misconfigured.
 
@@ -42,14 +42,14 @@ An inactive device is not necessarily flagged due to an issue. The following act
 If the device has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
 
 **Device was reinstalled or renamed**

-A reinstalled or renamed device will generate a new device entity in Microsoft Defender Security Center. The previous device entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a device and deployed the Microsoft Defender ATP package, search for the new device name to verify that the device is reporting normally.
+A reinstalled or renamed device will generate a new device entity in Microsoft Defender Security Center. The previous device entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a device and deployed the Defender for Endpoint package, search for the new device name to verify that the device is reporting normally.
 
 **Device was offboarded**

 If the device was offboarded it will still appear in devices list. After 7 days, the device health state should change to inactive.
 
 
 **Device is not sending signals**
-If the device is not sending any signals for more than 7 days to any of the Microsoft Defender ATP channels for any reason including conditions that fall under misconfigured devices classification, a device can be considered inactive. 
+If the device is not sending any signals for more than 7 days to any of the Defender for Endpoint channels for any reason including conditions that fall under misconfigured devices classification, a device can be considered inactive. 
 
 
 Do you expect a device to be in ‘Active’ status? [Open a support ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
@@ -67,8 +67,8 @@ The following suggested actions can help fix issues related to a misconfigured d
 - [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)

   The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
 
-- [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

-  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
+- [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

+  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the  Defender for Endpoint service URLs.
 
 If you took corrective actions and the device status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 
@@ -79,16 +79,16 @@ Follow theses actions to correct known issues related to a misconfigured device
 - [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)

   The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
 
-- [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

+- [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

   Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
 
 - [Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled)

 If the devices aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
 
 - [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy)

-If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
+If your devices are running a third-party antimalware client, the Defender for Endpoint agent needs the Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
 
 If you took corrective actions and the device status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 
 ## Related topic
-- [Check sensor health state in Microsoft Defender ATP](check-sensor-status.md)
+- [Check sensor health state in Defender for Endpoint](check-sensor-status.md)

From 203b81b89331e19ccf432301e6685038b57d8fff Mon Sep 17 00:00:00 2001
From: Andy Rivas <45184653+andyrivMSFT@users.noreply.github.com>
Date: Mon, 2 Nov 2020 08:32:26 -0800
Subject: [PATCH 074/384] Update waas-delivery-optimization-reference.md

Adding clarification for customer to add as type = text on their DHCP custom option.  DO client expects a string when processing the DHCP option.
---
 .../deployment/update/waas-delivery-optimization-reference.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md
index b101477546..29f8b473d8 100644
--- a/windows/deployment/update/waas-delivery-optimization-reference.md
+++ b/windows/deployment/update/waas-delivery-optimization-reference.md
@@ -249,7 +249,7 @@ This policy allows you to specify how your client(s) can discover Delivery Optim
 
 with either option, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set.
 
-Set this policy to designate one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. You can add one or more value either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address by commas.
+Set this policy to designate one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. Specify the custom DHCP option on your server as text type. You can add one or more value either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address by commas.
 
 > [!NOTE]
 > If you format the DHCP Option ID incorrectly, the client will fall back to the Cache Server Hostname policy value if that value has been set.

From 9c77be942fdc588263a358b7e2a3c2a7a71f89c8 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 2 Nov 2020 12:03:38 -0800
Subject: [PATCH 075/384] Updated SKU support

---
 windows/client-management/mdm/policy-csp-experience.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 9eb1843b21..66f3b9171f 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1167,15 +1167,15 @@ The following list shows the supported values:
 
 
     Home
-    cross mark
+    check mark9
 
 
     Pro
-    cross mark
+    check mark9
 
 
     Business
-    cross mark
+    check mark9
 
 
     Enterprise

From 4b88769f22db002aafb019c1f111706593d0bee5 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:41:50 -0800
Subject: [PATCH 076/384] localizationpriority metada was messed up

---
 windows/deployment/update/wufb-basics.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/wufb-basics.md b/windows/deployment/update/wufb-basics.md
index 0c8f5c32db..cea6e517ca 100644
--- a/windows/deployment/update/wufb-basics.md
+++ b/windows/deployment/update/wufb-basics.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
-ms.localizationprioauthor: jaimeo
+ms.localizationpriority: medium
 ms.audience: itpro
 ms.reviewer: 
 manager: laurawi

From f957d02e0c4a0b3fda85e2343126f0f39f185db9 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:48:53 -0800
Subject: [PATCH 077/384] Update windows-sandbox-configure-using-wsb-file.md

Localization priority metadata value was blank
---
 .../windows-sandbox/windows-sandbox-configure-using-wsb-file.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 2ac125c33b..16214a5f59 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: 
 ms.topic: article
-ms.localizationpriority: 
+ms.localizationpriority: medium
 ms.date: 
 ms.reviewer: 
 ---

From f74a99748a53c23d89ecf368f77a5b82cb494438 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:52:15 -0800
Subject: [PATCH 078/384] Update bitlocker-recovery-loop-break.md

Localization priority value had unwanted "#"
---
 .../bitlocker/bitlocker-recovery-loop-break.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
index f06b11a197..9ed6f0f984 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: #medium
+ms.localizationpriority: medium
 ms.author: v-maave
 author: martyav
 manager: dansimp

From de51789efc3caedff5df778efb8fbaa3fe8b0cb6 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 2 Nov 2020 15:11:27 -0800
Subject: [PATCH 079/384] Updated per task 4605783

---
 ...op-employees-from-using-microsoft-store.md | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index e665d37ba5..a6c45ca8c1 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -32,7 +32,6 @@ IT pros can configure access to Microsoft Store for client computers in their or
 
 ## Options to configure access to Microsoft Store
 
-
 You can use these tools to configure access to Microsoft Store: AppLocker or Group Policy. For Windows 10, this is only supported on Windows 10 Enterprise edition.
 
 ## Block Microsoft Store using AppLocker
@@ -64,6 +63,20 @@ For more information on AppLocker, see [What is AppLocker?](/windows/device-secu
 
 8.  Optional: On **Exceptions**, specify conditions by which to exclude files from being affected by the rule. This allows you to add exceptions based on the same rule reference and rule scope as you set before. Click **Next**.
 
+## Block Microsoft Store using configuration service provider
+
+Applies to: Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education
+
+If you have Windows 10 devices in your organization that are managed using a mobile device management (MDM) system, such as Microsoft Intune, you can block access to Microsoft Store app using the following configuration service providers (CSPs):
+
+- [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)
+- [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp)
+
+For more information, see [Configure an MDM provider](https://docs.microsoft.com/microsoft-store/configure-mdm-provider-microsoft-store-for-business).
+
+For more information on the rules available via AppLocker on the different supported operating systems, see [Operating system requirements](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker#operating-system-requirements).
+
+
 ## Block Microsoft Store using Group Policy
 
 
@@ -87,12 +100,12 @@ You can also use Group Policy to manage access to Microsoft Store.
 > [!Important]
 > Enabling **Turn off the Store application** policy turns off app updates from Microsoft Store.  
 
-## Block Microsoft Store using management tool
+## Block Microsoft Store on Windows 10 Mobile
 
 
 Applies to: Windows 10 Mobile
 
-If you have mobile devices in your organization that you upgraded from earlier versions of Windows Phone 8 to Windows 10 Mobile, existing policies created using the Windows Phone 8.1 configuration service providers (CSP) with your MDM tool will continue to work on Windows 10 Mobile. If you are starting with Windows 10 Mobile, we recommend using [AppLocker](#block-store-applocker) to manage access to Microsoft Store app.
+If you have mobile devices in your organization that you upgraded from earlier versions of Windows Phone 8 to Windows 10 Mobile, existing policies created using the Windows Phone 8.1 CSPs with your MDM tool will continue to work on Windows 10 Mobile. If you are starting with Windows 10 Mobile, we recommend using [AppLocker](#block-store-applocker) to manage access to Microsoft Store app.
 
 When your MDM tool supports Microsoft Store for Business, the MDM can use these CSPs to block Microsoft Store app:
 

From 198e2f8b18484ae8fe1e493e2dcf9f3b2cbd5709 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 17:09:26 -0800
Subject: [PATCH 080/384] Update ie-edge-faqs.md

Fixed Localization Priority metadata
---
 browsers/internet-explorer/kb-support/ie-edge-faqs.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.md b/browsers/internet-explorer/kb-support/ie-edge-faqs.md
index 0257a9db03..5c29be5126 100644
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.md
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.md
@@ -10,9 +10,7 @@ ms.prod: internet-explorer
 ms.technology:
 ms.topic: kb-support
 ms.custom: CI=111020
-ms.localizationpriority: Normal
-# localization_priority: medium
-# ms.translationtype: MT
+ms.localizationpriority: medium
 ms.date: 01/23/2020
 ---
 # Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros

From 5f72df8a69b8d6427974232cc00d49d1b43d620f Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 3 Nov 2020 10:10:43 +0530
Subject: [PATCH 081/384] Update
 microsoft-defender-atp-ios-privacy-information.md

fix build error
---
 ...ft-defender-atp-ios-privacy-information.md | 68 +++++++++++--------
 1 file changed, 40 insertions(+), 28 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index 9936fd17df..fa6f5b1e07 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -1,8 +1,8 @@
 ---
-title: Microsoft Defender ATP for iOS privacy information
+title: Microsoft Defender ATP for iOS - Privacy information
 ms.reviewer:
-description: Describes the policy information for Microsoft Defender ATP for iOS
-keywords: microsoft, defender, atp, ios, privacy, overview, installation, deploy, uninstallation, intune
+description: Describes privacy information for Microsoft Defender ATP for iOS
+keywords: microsoft, defender, atp, ios, policy, overview
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -20,45 +20,56 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Microsoft Defender ATP for iOS - Privacy information
+# Privacy information - Microsoft Defender for Endpoint for iOS
 
->[!NOTE]
-> Microsoft Defender ATP for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization does not see your browsing activity.
+> [!NOTE]
+> Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.**
 
-Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP.
+Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected, and to support the service.
 
-Information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected and to support the service.
+For more details about data storage, see [Microsoft Defender for Endpoint data storage and privacy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy).
 
-## Required Data 
+## Required data 
 
-Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps.

-Here's a list of the types of data being collected:
+Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. 
 
-### Web page or Network information
+Here is a list of the types of data being collected: 
+
+### Web page or Network information 
 
 - Connection information only when a malicious connection or web page is detected. 
-- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected.
 
-### Device and account information
+- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. 
+
+### Device and account information 
+
+- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following: 
 
-- Device information such as date & time, iOS version, CPU info, and Device identifier
-- Device identifier is one of the below: 
     - Wi-Fi adapter MAC address 
+
     - Randomly generated globally unique identifier (GUID) 
+
 - Tenant, Device and User information 
-    - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. 
-    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory 
+
+    - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. 
+
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. 
+
     - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. 
-    - User Principal Name – Email ID of the user 
+
+    - User Principal Name – Email ID of the user. 
 
 ### Product and service usage data 
 
-The following information is collected only for Microsoft Defender ATP app installed on the device. 
+The following information is collected only for Microsoft Defender for Endpoint app installed on the device. 
 
 - App package info, including name, version, and app upgrade status. 
-- Actions performed in the app 
-- Crash report logs generated by iOS 
-- Memory usage data 
+
+- Actions performed in the app. 
+
+- Crash report logs generated by iOS. 
+
+- Memory usage data. 
 
 ## Optional Data 
 
@@ -66,16 +77,17 @@ Optional data includes diagnostic data and feedback data from the client. Option
 
 Optional diagnostic data includes: 
 
-- App, CPU, and network usage for Microsoft Defender ATP. 
-- Features configured by the admin. 
+- App, CPU, and network usage for Defender for Endpoint. 
+
+- Features configured by the admin for Defender for Endpoint. 
 
 Feedback Data is collected through in-app feedback provided by the user. 
 
-- The user’s email address, if they choose to provide it
+- The user’s email address, if they choose to provide it.
+
 - Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
 
-[More on Privacy](https://aka.ms/mdatpiosprivacystatement)
-
+For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatement).
 
 
 

From 83c90730653a612a40a4887ae744a00c9366c045 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 3 Nov 2020 11:57:23 +0530
Subject: [PATCH 082/384] Update web-threat-protection.md

updated to fix build error and rebranded
---
 .../microsoft-defender-atp/web-threat-protection.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md
index d9d063c82f..f6b119e508 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
 
-Web threat protection is part of [Web protection](web-protection-overview.md) in Microsoft Defender ATP. It uses [network protection](network-protection.md) to secure your devices against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect devices while they are away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md).
+Web threat protection is part of [Web protection](web-protection-overview.md) in Defender for Endpoint. It uses [network protection](network-protection.md) to secure your devices against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect devices while they are away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md).
 
 >[!Note]
 >It can take up to an hour for devices to receive new customer indicators.
@@ -33,7 +33,7 @@ Web threat protection is part of [Web protection](web-protection-overview.md) in
 Web protection uses network protection to provide web browsing security on Microsoft Edge and third-party web browsers.
 
 To turn on network protection on your devices:
-- Edit the Microsoft Defender ATP security baseline under **Web & Network Protection** to enable network protection before deploying or redeploying it. [Learn about reviewing and assigning the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-atp-security-baseline)
+- Edit the Defender for Endpoint security baseline under **Web & Network Protection** to enable network protection before deploying or redeploying it. [Learn about reviewing and assigning the Defender for Endpoint security baseline](configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-for-endpoint-security-baseline)
 - Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. [Read more about enabling network protection](enable-network-protection.md)  
 
 >[!Note]

From e09dbbb5428d53c9d603dbf41fa04db2812464c4 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 3 Nov 2020 14:31:04 +0530
Subject: [PATCH 083/384] updated-4567381-batch4

fixed build errors and warnings
---
 .../microsoft-defender-atp/configure-proxy-internet.md    | 4 ++--
 .../microsoft-defender-atp/configure-server-endpoints.md  | 2 +-
 .../microsoft-defender-atp/onboard-offline-machines.md    | 8 ++++----
 .../microsoft-defender-atp/troubleshoot-live-response.md  | 8 ++++----
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index 5a084ba92a..6abe8ff951 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -44,7 +44,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
   - Web Proxy Auto-discovery Protocol (WPAD)
 
     > [!NOTE]
-    > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Defender for Endpoint URL exclusions in the proxy, see [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+    > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Defender for Endpoint URL exclusions in the proxy, see [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server).
 
 - Manual static proxy configuration:
   - Registry based configuration
@@ -209,7 +209,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
 
 If at least one of the connectivity options returns a (200) status, then the Defender for Endpoint client can communicate with the tested URL properly using this connectivity method. 


 
-However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
+However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
 
 > [!NOTE]
 > The Connectivity Analyzer tool is not compatible with ASR rule [Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction#attack-surface-reduction-rules). You will need to temporarily disable this rule to run the connectivity tool.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 12a1b2f2be..ad4b3d8853 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -113,7 +113,7 @@ If your servers need to use a proxy to communicate with Defender for Endpoint, u
 
 - [Configure Windows to use a proxy server for all connections](configure-proxy-internet.md)
 
-If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Defender for Endpoint service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service. 
+If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Defender for Endpoint service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service. 
 
 Once completed, you should see onboarded Windows servers in the portal within an hour.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
index 137f5c07bc..41098d9b2e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
@@ -24,7 +24,7 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 To onboard devices without Internet access, you'll need to take the following general steps:
 
@@ -40,14 +40,14 @@ Windows Server 2016 and earlier or Windows 8.1 and earlier.
 
 For more information about onboarding methods, see the following articles:
 - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel)
-- [Onboard servers to the Microsoft Defender ATP service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016)
+- [Onboard servers to the Microsoft Defender for Endpoint service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016)
 - [Configure device proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#configure-the-proxy-server-manually-using-a-registry-based-static-proxy)
 
 ## On-premise devices
 
 - Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
   - [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
-  - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp) point to Microsoft Defender ATP Workspace key & ID
+  - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Microsoft Defender ATP Workspace key & ID
 
 - Offline devices in the same network of Azure Log Analytics
   -  Configure MMA to point to:
@@ -59,7 +59,7 @@ For more information about onboarding methods, see the following articles:
 
     - Setup Azure Log Analytics Gateway (formerly known as OMS Gateway) to act as proxy or hub:
       - [Azure Log Analytics Gateway](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
-      - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp) point to Microsoft Defender ATP Workspace key & ID
+      - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Microsoft Defender ATP Workspace key & ID
     - Offline Azure VMs in the same network of OMS Gateway
       - Configure Azure Log Analytics IP as a proxy
       - Azure Log Analytics Workspace Key & ID
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
index 2305bcbf00..01ddeadebe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: troubleshooting
 ---
 
-# Troubleshoot Microsoft Defender Advanced Threat Protection live response issues
+# Troubleshoot Microsoft Defender for Endpoint live response issues
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 This page provides detailed steps to troubleshoot live response issues.
@@ -56,9 +56,9 @@ If while trying to take an action during a live response session, you encounter
 5. Run the action you wanted to take on the copied file.
 
 ## Slow live response sessions or delays during initial connections
-Live response leverages Microsoft Defender ATP sensor registration with WNS service in Windows. 
+Live response leverages Defender for Endpoint sensor registration with WNS service in Windows. 
 If you are having connectivity issues with live response, confirm the following details:
-1. `notify.windows.com` is not blocked in your environment. For more information, see, [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+1. `notify.windows.com` is not blocked in your environment. For more information, see, [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server).
 2. WpnService (Windows Push Notifications System Service) is not disabled.
 
 Refer to the articles below to fully understand the WpnService service behavior and requirements:

From ba8eba48b3789c714e7e9cca28331c6059d015ba Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 3 Nov 2020 14:59:12 +0530
Subject: [PATCH 084/384] Update exposed-apis-create-app-webapp.md

fix build errors
---
 .../microsoft-defender-atp/exposed-apis-create-app-webapp.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
index b71d2bfaa6..5223dab678 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@@ -201,7 +201,7 @@ Ensure that you got the correct token:
 1. The expiration time of the token is one hour. You can send more then one request with the same token.
 
 The following is an example of sending a request to get a list of alerts **using C#**: 
-    ```
+```
     var httpClient = new HttpClient();
 
     var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts");
@@ -211,7 +211,7 @@ The following is an example of sending a request to get a list of alerts **using
     var response = httpClient.SendAsync(request).GetAwaiter().GetResult();
 
     // Do something useful with the response
-    ```
+```
 
 ## Related topics
 - [Supported Defender for Endpoint APIs](exposed-apis-list.md)

From 471d92e84677041910191a34b7ada7b64b37d874 Mon Sep 17 00:00:00 2001
From: Ben 
Date: Tue, 3 Nov 2020 12:30:13 +0200
Subject: [PATCH 085/384] Update machine.md

Added Informational type for riskScore
---
 .../threat-protection/microsoft-defender-atp/machine.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index 4fbc97c8a3..e2c6f6756f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -59,7 +59,7 @@ lastExternalIpAddress | String | Last IP through which the [machine](machine.md)
 healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
 rbacGroupName | String | Machine group Name.
 rbacGroupId | Int | Machine group unique ID.
-riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
 exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined).
 machineTags | String collection | Set of [machine](machine.md) tags.

From 65d9371d2501cda5b262fe5c3892061ea2826bb9 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Tue, 3 Nov 2020 08:00:22 -0700
Subject: [PATCH 086/384] acrolinx fixes

---
 .../cortana-at-work-scenario-2.md             |  2 +-
 windows/configuration/kiosk-mdm-bridge.md     |  6 +--
 windows/configuration/kiosk-xml.md            |  8 ++--
 .../start-layout-troubleshoot.md              | 37 ++++++++++---------
 4 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index cd8da63e37..d4e6253873 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -20,7 +20,7 @@ manager: dansimp
 
 Cortana will respond with the information from Bing.
 
-:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderbad":::
+:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderabad":::
 
 >[!NOTE]
 >This scenario requires Bing Answers to be enabled. To learn more, see [Set up and configure the Bing Answers feature](https://docs.microsoft.com/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10#set-up-and-configure-the-bing-answers-feature).
\ No newline at end of file
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 51eeccc08b..ff85a3537a 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -1,6 +1,6 @@
 ---
 title: Use MDM Bridge WMI Provider to create a Windows 10 kiosk (Windows 10)
-description: Environments that use Windows Management Instrumentation (WMI)can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
+description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
 manager: dansimp
@@ -22,9 +22,9 @@ ms.topic: article
 
 -   Windows 10 Pro, Enterprise, and Education
 
-Environments that use [Windows Management Instrumentation (WMI)](https://msdn.microsoft.com/library/aa394582.aspx) can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the MDM_AssignedAccess class. See [PowerShell Scripting with WMI Bridge Provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider) for more details about using a PowerShell script to configure AssignedAccess. 
+Environments that use [Windows Management Instrumentation (WMI)](https://msdn.microsoft.com/library/aa394582.aspx) can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). 
 
-Here’s an example to set AssignedAccess configuration:
+Here's an example to set AssignedAccess configuration:
 
 1. Download the [psexec tool](https://technet.microsoft.com/sysinternals/bb897553.aspx).  
 2. Run `psexec.exe -i -s cmd.exe`.
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index f09e5ee991..c0eb573c32 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -255,7 +255,7 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
 ```
 
 ## [Preview] Global Profile Sample XML
-Global Profile is currently supported in Windows 10 Insider Preview (20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
+Global Profile is currently supported in Windows 10 Insider Preview (20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
 
 This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in 
 ```xml
@@ -309,7 +309,7 @@ This sample demonstrates that only a global profile is used, no active user conf
 
 ```
 
-Below sample shows dedicated profile and global profile mixed usage, aauser would use one profile, everyone else that's non-admin will use another profile.
+Below sample shows dedicated profile and global profile mixed usage, a user would use one profile, everyone else that's non-admin will use another profile.
 ```xml
 
 
@@ -889,7 +889,7 @@ Schema for Windows 10 Insider Preview (19H2, 20H1 builds)
 
 ```
 
-To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the auto-launch feature which is added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the autolaunch feature that was added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
 ```xml
 [!NOTE]
 >You cannot stop this automatic service when machine is running (C:\windows\system32\svchost.exe -k DcomLaunch -p).
@@ -179,17 +180,17 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
 
 **Cause**: There was a change in the All Apps list between Windows 10, versions 1511 and 1607. These changes mean the original Group Policy and corresponding registry key no longer apply.
 
-**Resolution**: This issue was resolved in the June 2017 updates. Please update Windows 10, version 1607 to the latest cumulative or feature updates.
+**Resolution**: This issue was resolved in the June 2017 updates. Update Windows 10, version 1607, to the latest cumulative or feature updates.
 
 >[!NOTE]
 >When the Group Policy is enabled, the desired behavior also needs to be selected. By default, it is set to **None**.
 
 
-### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start Menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted
+### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted
 
 ![Screenshots that show download icons on app tiles and missing app tiles](images/start-ts-2.png)
 
-**Cause**: This is a known issue where the first-time logon experience is not detected and does not trigger the install of some Apps.
+**Cause**: This issue is known. The first-time sign-in experience is not detected and does not trigger the install of some apps.
 
 **Resolution**: This issue has been fixed for Windows 10, version 1709 in [KB 4089848](https://support.microsoft.com/help/4089848) March 22, 2018—KB4089848 (OS Build 16299.334)
 
@@ -202,7 +203,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
   - Event ID 22 is logged when the xml is malformed, meaning the specified file simply isn’t valid xml.
   - When editing the xml file, it should be saved in UTF-8 format.
 
-- Unexpected information: This occurs when possibly trying to add a tile via unexpected or undocumented method.
+- Unexpected information: This occurs when possibly trying to add a tile via an unexpected or undocumented method.
   - **Event ID: 64** is logged when the xml is valid but has unexpected values.
   - For example: The following error occurred while parsing a layout xml file: The attribute 'LayoutCustomizationRestrictiontype' on the element '{http://schemas.microsoft.com/Start/2014/LayoutModification}DefaultLayoutOverride' is not defined in the DTD/Schema.
 

From 41c67c26fc97a966993b0a65c66d431f5f43fd23 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Tue, 3 Nov 2020 09:29:32 -0700
Subject: [PATCH 087/384] Acrolinx fixes

---
 .../start-layout-troubleshoot.md              |  28 +--
 ...anage-administrative-backup-and-restore.md |  12 +-
 .../ue-v/uev-release-notes-1607.md            |  12 +-
 windows/configuration/wcd/wcd-accounts.md     |   4 +-
 windows/configuration/wcd/wcd-maps.md         |   6 +-
 .../configuration/wcd/wcd-personalization.md  |   8 +-
 ...ata-windows-analytics-events-and-fields.md |  70 +++----
 .../privacy/windows-diagnostic-data-1703.md   |  44 ++---
 windows/privacy/windows-diagnostic-data.md    | 186 +++++++++---------
 9 files changed, 185 insertions(+), 185 deletions(-)

diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 9e010d7114..f373bc8c78 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -19,7 +19,7 @@ Start failures can be organized into these categories:
 - **Deployment/Install issues** - Easiest to identify but difficult to recover. This failure is consistent and usually permanent. Reset, restore from backup, or rollback to recover.
 - **Performance issues** - More common with older hardware, low-powered machines. Symptoms include: High CPU utilization, disk contention, memory resources. This makes Start very slow to respond. Behavior is intermittent depending on available resources.
 - **Crashes** - Also easy to identify. Crashes in Shell Experience Host or related can be found in System or Application event logs. This can be a code defect or related to missing or altered permissions to files or registry keys by a program or incorrect security tightening configurations. Determining permissions issues can be time consuming but a [SysInternals tool called Procmon](https://docs.microsoft.com/sysinternals/downloads/procmon) will show **Access Denied**. The other option is to get a dump of the process when it crashes and depending on comfort level, review the dump in the debugger, or have support review the data.
-- **Hangs** in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start will not have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario.
+- **Hangs** - in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start will not have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario.
 - **Other issues** - Customization, domain policies, deployment issues.
 
 ## Basic troubleshooting
@@ -46,7 +46,7 @@ When troubleshooting basic Start issues (and for the most part, all other Window
 
     Failure messages will appear if they aren't installed
 
-- If Start is not installed, then the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there is a choice to save to delete user data), or restoring from backup. There is no supported method to install Start Appx files. The results are often problematic and unreliable.
+- If Start is not installed, then the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there is a choice to save to delete user data), or restoring from backup. No method is supported to install Start Appx files. The results are often problematic and unreliable.
 
 ### Check if Start is running
 
@@ -209,11 +209,11 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
 
 XML files can and should be tested locally on a Hyper-V or other virtual machine before deployment or application by Group Policy
 
-### Symptom: Start menu no longer works after a PC is refreshed using F12 during start up 
+### Symptom: Start menu no longer works after a PC is refreshed using F12 during startup 
 
-**Description**: If a user is having problems with a PC, is can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at start up. Refreshing the PC finishes, but Start Menu is not accessible.
+**Description**: If a user is having problems with a PC, it can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at startup. Refreshing the PC finishes, but Start Menu is not accessible.
 
-**Cause**: This is a known issue and has been resolved in a cumulative update released August 30th 2018. 
+**Cause**: This issue is known and was resolved in a cumulative update released August 30, 2018. 
 
 **Resolution**: Install corrective updates; a fix is included in the [September 11, 2018-KB4457142 release](https://support.microsoft.com/help/4457142).
 
@@ -233,7 +233,7 @@ Specifically, behaviors include
 - Applications (apps or icons) pinned to the start menu are missing.
 - Entire tile window disappears.
 - The start button fails to respond.
-- If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing.
+- If a new roaming user is created, the first sign-in appears normal, but on subsequent sign-ins, tiles are missing.
 
 
 ![Example of a working layout](images/start-ts-3.png)
@@ -262,12 +262,12 @@ After the upgrade the user pinned tiles are missing:
 
   ![Example of Start screen with previously pinned tiles missing](images/start-ts-6.png)
  
-Additionally, users may see blank tiles if logon was attempted without network connectivity.
+Additionally, users may see blank tiles if sign-in was attempted without network connectivity.
 
   ![Example of blank tiles](images/start-ts-7.png)
  
 
-**Resolution**: This is fixed in [October 2017 update](https://support.microsoft.com/en-us/help/4041676).
+**Resolution**: This issue was fixed in the [October 2017 update](https://support.microsoft.com/en-us/help/4041676).
 
 ### Symptom: Tiles are missing after upgrade from Windows 10, version 1607 to version 1709 for users with Roaming User Profiles (RUP) enabled and managed Start Menu layout with partial lockdown
 
@@ -279,13 +279,13 @@ Additionally, users may see blank tiles if logon was attempted without network c
 
 ### Symptom: Start Menu issues with Tile Data Layer corruption 
 
-**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update)). 
+**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update).) 
 
 **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed.
 
-1. The App or Apps work fine when you click on the tiles.
+1. The App or Apps work fine when you select the tiles.
 2. The tiles are blank, have a generic placeholder icon, have the wrong or strange title information.
-3. The app is missing, but listed as installed via Powershell and works if you launch via URI.
+3. The app is missing, but listed as installed via PowerShell and works if you launch via URI.
    - Example: `windows-feedback://`
 4. In some cases, Start can be blank, and Action Center and Cortana do not launch.
 
@@ -302,9 +302,9 @@ Although a reboot is not required, it may help clear up any residual issues afte
 
 ### Symptoms: Start Menu and Apps cannot start after upgrade to Windows 10 version 1809 when Symantec Endpoint Protection is installed
 
-**Description** Start Menu, Search and Apps do not start after you upgrade a Windows 7-based computer that has Symantec Endpoint Protection installed to Windows 10 version 1809.
+**Description**: Start menu, Search, and Apps do not start after you upgrade a computer running Windows 7 that has Symantec Endpoint Protection installed to Windows 10 version 1809.
 
-**Cause** This occurs because of a failure to load sysfer.dll.  During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules.
+**Cause**: This problem occurs because of a failure to load sysfer.dll.  During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules.
 
 **Resolution** This issue was fixed by the Windows Cumulative Update that were released on December 5, 2018—KB4469342 (OS Build 17763.168).
 
@@ -322,7 +322,7 @@ If you have already encountered this issue, use one of the following two options
 
 4. Confirm that **All Application Packages** group is missing.
 
-5. Click **Edit**, and then click **Add** to add the group.
+5. Select **Edit**, and then select **Add** to add the group.
 
 6. Test Start and other Apps.
 
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index 375f826703..f953320ab4 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -24,7 +24,7 @@ As an administrator of User Experience Virtualization (UE-V), you can restore ap
 ## Restore Settings in UE-V when a User Adopts a New Device
 
 
-To restore settings when a user adopts a new device, you can put a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To backup settings for a template, use the following cmdlet in Windows PowerShell:
+To restore settings when a user adopts a new device, you can put a settings location template in a **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This setup lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To back up settings for a template, use the following cmdlet in Windows PowerShell:
 
 ```powershell
 Set-UevTemplateProfile -ID  -Profile 
@@ -50,7 +50,7 @@ As part of the Backup/Restore feature, UE-V added **last known good (LKG)** to t
 
 ### How to Backup/Restore Templates with UE-V
 
-These are the key backup and restore components of UE-V:
+Here are the key backup and restore components of UE-V:
 
 -   Template profiles
 
@@ -74,7 +74,7 @@ All templates are included in the roaming profile when registered unless otherwi
 
 Templates can be added to the Backup Profile with PowerShell or WMI using the Set-UevTemplateProfile cmdlet. Templates in the Backup Profile back up these settings to the Settings Storage Location in a special Device name directory. Specified settings are backed up to this location.
 
-Templates designated BackupOnly include settings specific to that device that should not be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile.
+Templates designated BackupOnly include settings specific to that device that shouldn't be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile.
 
 **Settings packages location within the Settings Storage Location template**
 
@@ -90,10 +90,10 @@ Restoring a user’s device restores the currently registered Template’s setti
 
 -   **Automatic restore**
 
-    If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user logs on to a new device for the first time and these criteria are met, the settings data is applied to that device.
+    If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user signs in to a new device for the first time and these criteria are met, the settings data is applied to that device.
 
     **Note**  
-    Accessibility and Windows Desktop settings require the user to re-logon to Windows to be applied.
+    Accessibility and Windows Desktop settings require the user to sign in again to Windows to be applied.
 
 
 
@@ -104,7 +104,7 @@ Restoring a user’s device restores the currently registered Template’s setti
 ## Restore Application and Windows Settings to Original State
 
 
-WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V service was enabled. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user logs on to the operating system.
+WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V service was enabled. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user signs in to the operating system.
 
 **To restore application settings and Windows settings with Windows PowerShell for UE-V**
 
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 663afd38eb..7c5805ff7d 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -37,7 +37,7 @@ Administrators can still define which user-customized application settings can s
 
 ### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked
 
-Version 1.0 of UE-V used Offline Files (Client Side Caching) for settings synchronization and pinned the UE-V sync folder to be available when the network was offline, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607.
+Version 1.0 of UE-V used Offline Files (Client-Side Caching) for settings synchronization and pinned the UE-V sync folder to be available when the network was offline, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607.
 
 WORKAROUND: Remove the UE-V 1.0 sync folder from the Offline Files configuration and then upgrade to the in-box version of UE-V for Windows, version 1607 release.
 
@@ -55,13 +55,13 @@ WORKAROUND: To resolve this problem, run the application by selecting one of the
 
 ### Unpredictable results when both Office 2010 and Office 2013 are installed on the same device
 
-When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
+When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
 
 WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V.
 
-### Uninstall and re-install of Windows 8 applications reverts settings to initial state
+### Uninstallation and reinstallation of Windows 8 applications reverts settings to initial state
 
-While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gather the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
 
 WORKAROUND: None.
 
@@ -85,7 +85,7 @@ WORKAROUND: Use folder redirection or some other technology to ensure that any f
 
 ### Long Settings Storage Paths could cause an error
 
-Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
+Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + "settingspackages" + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
 
 \[boost::filesystem::copy\_file: The system cannot find the path specified\]
 
@@ -95,7 +95,7 @@ WORKAROUND: None.
 
 ### Some operating system settings only roam between like operating system versions
 
-Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
+Operating system settings for Narrator and currency characters specific to the locale (that is, language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
 
 WORKAROUND: None
 
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 6a6265ee5a..d39c37513b 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -45,7 +45,7 @@ Specifies the settings you can configure when joining a device to a domain, incl
 | --- | --- | --- |
 | Account | string  | Account to use to join computer to domain  |
 | AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com.  | Name of organizational unit for the computer account  |
-| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer less than 15 digits long, or using %SERIAL% characters in the name.

ComputerName is a string with a maximum length of 15 bytes of content:

- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.

- ComputerName cannot use spaces or any of the following characters: \{ | \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.

- ComputerName cannot use some non-standard characters, such as emoji.

Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](https://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs)  |
+| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer that includes fewer than 15 digits, or using %SERIAL% characters in the name.

ComputerName is a string with a maximum length of 15 bytes of content:

- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.

- ComputerName cannot use spaces or any of the following characters: \{ | \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.

- ComputerName cannot use some non-standard characters, such as emoji.

 Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](https://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs)  |
 | DomainName | string (cannot be empty) | Specify the name of the domain that the device will join  |
 | Password | string (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain.  |
 
@@ -56,6 +56,6 @@ Use these settings to add local user accounts to the device.
 | Setting | Value | Description |
 | --- | --- | --- |
 | UserName | string (cannot be empty)  | Specify a name for the local user account  |
-| HomeDir | string (cannot be ampty) | Specify the path of the home directory for the user |
+| HomeDir | string (cannot be empty) | Specify the path of the home directory for the user |
 | Password | string (cannot be empty)  | Specify the password for the user account |
 | UserGroup | string (cannot be empty) | Specify the local user group for the user |
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index d50b2c93ed..c8d1a683fb 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -27,7 +27,7 @@ Use for settings related to Maps.
 
 ## ChinaVariantWin10
 
-Use **ChinaVariantWin10** to specify that the Windows device is intended to ship in China. When set to **True**, maps approved by the State Bureau of Surveying and Mapping in China are used, which are obtained from a server located in China.
+Use **ChinaVariantWin10** to specify that the Windows device is intended to ship in China. When set to **True**, maps approved by the State Bureau of Surveying and Mapping in China are used. These maps are obtained from a server located in China.
 
 This customization may result in different maps, servers, or other configuration changes on the device.
 
@@ -38,7 +38,7 @@ Use to store map data on an SD card.
 
 Map data is used by the Maps application and the map control for third-party applications. This data can be store on an SD card, which provides the advantage of saving internal memory space for user data and allows the user to download more offline map data. Microsoft recommends enabling the **UseExternalStorage** setting on devices that have less than 8 GB of user storage and an SD card slot.
 
-You can use **UseExternalStorage** whether or not you include an SD card with preloaded map data on the phone. If set to **True**, the OS only allows the user to download offline maps when an SD card is present. If an SD card is not present, users can still view and cache maps, but they will not be able to download a region of offline maps until an SD card is inserted.
+You can use **UseExternalStorage** whether or not you include an SD card with preloaded map data on the phone. If set to **True**, the OS only allows the user to download offline maps when an SD card is present. If no SD card is present, users can view and cache maps, but they can't download a region of offline maps until an SD card is inserted.
 
 If set to **False**, map data will always be stored on the internal data partition of the device.
 
@@ -47,4 +47,4 @@ If set to **False**, map data will always be stored on the internal data partiti
 
 ## UseSmallerCache
 
-Do not use.
+Don't use this setting.
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index c452d22dbc..2bd33a11a5 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -27,20 +27,20 @@ Use to configure settings to personalize a PC.
 
 ## DeployDesktopImage
 
-Deploy a jpg, jpeg or png image to the device to be used as desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
+Deploy a .jpg, .jpeg, or .png image to the device to be used as a desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
 
 When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different. 
 
 ## DeployLockScreenImage
 
-Deploy a jpg, jpeg or png image to the device to be used as lock screen image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [LockScreenImageUrl](#lockscreenimageurl).
+Deploy a .jpg, .jpeg, or .png image to the device to be used as lock screen image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [LockScreenImageUrl](#lockscreenimageurl).
 
 When using [DeployDesktopImage](#deploydesktopimage) and **DeployLockScreenImageFile**, the file names need to be different.
 
 ## DesktopImageUrl
 
-Specify a jpg, jpeg or png image to be used as desktop image. This setting can take a http or https url to a remote image to be downloaded or a file url to a local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployDesktopImage](#deploydesktopimage).
+Specify a .jpg, .jpeg, or .png image to be used as desktop image. This setting can take an HTTP or HTTPS URL to a remote image to be downloaded or a file URL to a local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployDesktopImage](#deploydesktopimage).
 
 ## LockScreenImageUrl
 
-Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take a http or https Url to a remote image to be downloaded or a file Url to an existing local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployLockScreenImage](#deploylockscreenimage).
+Specify a .jpg, .jpeg, or .png image to be used as Lock Screen Image. This setting can take an HTTP or HTTPS URL to a remote image to be downloaded or a file URL to an existing local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployLockScreenImage](#deploylockscreenimage).
diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
index 41c5fa5a8a..4188fd5ad3 100644
--- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
@@ -30,7 +30,7 @@ ms.reviewer:
 
 Desktop Analytics reports are powered by diagnostic data not included in the Basic level.
 
-In Windows 10, version 1709, we introduced a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+In Windows 10, version 1709, we introduced a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only the events described below. The Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
 With the retirement of Windows Analytics, this policy will continue to be supported by Desktop Analytics, but will not include Office related diagnostic data.
 
@@ -48,7 +48,7 @@ The following fields are available:
 - **GhostCount_Sum:** Total number of instances where the application stopped responding
 - **HandleCountAtExit_Sum:** Total handle count for a process when it exits
 - **HangCount_Max:** Maximum number of hangs detected
-- **HangCount_Sum:** Total number of application hangs detected
+- **HangCount_Sum:** Total number of application hangs that are detected
 - **HardFaultCountAtExit_Sum:** Total number of hard page faults detected for a process when it exits
 - **HeartbeatCount:** Heartbeats logged for this summary
 - **HeartbeatSuspendedCount:** Heartbeats logged for this summary where the process was suspended
@@ -68,7 +68,7 @@ The following fields are available:
 - **WriteSizeInKBAtExit_Sum:** Total size of IO writes for a process when it exited          
 
 ## Microsoft.Office.TelemetryEngine.IsPreLaunch
-Applicable for Office UWP applications. This event is fired when an office application is initiated for the first-time post upgrade/install from the store. This is part of basic diagnostic data, used to track whether a particular session is launch session or not.
+Applicable for Office UWP applications. This event is fired when an Office application is initiated for the first-time post upgrade/install from the store. It's part of basic diagnostic data. It's used to track whether a particular session is a launch session or not.
 
 - **appVersionBuild:** Third part of the version *.*.XXXXX.*
 - **appVersionMajor:** First part of the version X.*.*.*
@@ -77,10 +77,10 @@ Applicable for Office UWP applications. This event is fired when an office appli
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.SessionIdProvider.OfficeProcessSessionStart
-This event sends basic information upon the start of a new Office session. This is used to count the number of unique sessions seen on a given device. This is used as a heartbeat event to ensure that the application is running on a device or not. In addition, it serves as a critical signal for overall application reliability.
+This event sends basic information upon the start of a new Office session. It's used to count the number of unique sessions seen on a given device. The event is used as a heartbeat event to ensure that the application is running on a device. In addition, it serves as a critical signal for overall application reliability.
 
-- **AppSessionGuid:** ID of the session which maps to the process of the application
-- **processSessionId:** ID of the session which maps to the process of the application
+- **AppSessionGuid:** ID of the session that maps to the process of the application
+- **processSessionId:** ID of the session that maps to the process of the application
 
 ## Microsoft.Office.TelemetryEngine.SessionHandOff
 Applicable to Win32 Office applications. This event helps us understand whether there was a new session created to handle a user-initiated file open event. It is a critical diagnostic information that is used to derive reliability signal and ensure that the application is working as expected.
@@ -89,7 +89,7 @@ Applicable to Win32 Office applications. This event helps us understand whether
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **childSessionID:** Id of the session that was created to handle the user initiated file open
+- **childSessionID:** ID of the session that was created to handle the user initiated file open
 - **parentSessionId:** ID of the session that was already running
 
 ## Microsoft.Office.CorrelationMetadata.UTCCorrelationMetadata
@@ -102,15 +102,15 @@ Collects Office metadata through UTC to compare with equivalent data collected t
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRevision:** Fourth part of the version *.*.*.XXXXX
-- **audienceGroup:** Is this part of the insiders or production
+- **audienceGroup:** Is this group part of the insiders or production?
 - **audienceId:** ID of the audience setting
 - **channel:** Are you part of Semi annual channel or Semi annual channel-Targeted?
-- **deviceClass:** Is this a desktop or a mobile?
+- **deviceClass:** Is this device a desktop device or a mobile device?
 - **impressionId:** What features were available to you in this session
 - **languageTag:** Language of the app
 - **officeUserID:** A unique identifier tied to the office installation on a particular device.
 - **osArchitecture:** Is the machine 32 bit or 64 bit?
-- **osEnvironment:** Is this a win32 app or a UWP app?
+- **osEnvironment:** Is this app a win32 app or a UWP app?
 - **osVersionString:** Version of the OS
 - **sessionID:** ID of the session
 
@@ -131,7 +131,7 @@ This event is fired when the telemetry engine within an office application is re
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.FirstProcessed
@@ -141,7 +141,7 @@ This event is fired when the telemetry engine within an office application has p
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.FirstRuleRequest
@@ -151,7 +151,7 @@ This event is fired when the telemetry engine within an office application has r
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.Init
@@ -161,18 +161,18 @@ This event is fired when the telemetry engine within an office application has b
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.Resume
-This event is fired when the application resumes from sleep state. Used for understanding whether there are issues in the application life-cycle.
+This event is fired when the application resumes from sleep state. Used for understanding whether there are issues in the application life cycle.
 
 - **appVersionBuild:** Third part of the version *.*.XXXXX.*
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
 - **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 
@@ -183,7 +183,7 @@ This event is fired when the telemetry engine within an office application fails
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.RuleRequestFailedDueToClientOffline
@@ -193,7 +193,7 @@ This event is fired when the telemetry engine within an office application fails
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.ShutdownComplete
@@ -204,7 +204,7 @@ This event is fired when the telemetry engine within an office application has p
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
 - **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 
@@ -215,7 +215,7 @@ This event is fired when the telemetry engine within an office application been
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 
@@ -227,26 +227,26 @@ This event is fired when the telemetry engine within an office application has p
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
 - **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 - **SuspendType:** Type of suspend
 
 ## Microsoft.Office.TelemetryEngine.SuspendStart
-This event is fired when the office application suspends as per app life-cycle change. Used for understanding whether there are issues in the application life-cycle.
+This event is fired when the office application suspends as per app life-cycle change. Used for understanding whether there are issues in the application life cycle.
 
 - **appVersionBuild:** Third part of the version *.*.XXXXX.*
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
 - **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 - **SuspendType:** Type of suspend
 
 ## Microsoft.OSG.OSS.CredProvFramework.ReportResultStop
-This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve logon reliability. Using this event with Desktop Analytics can help organizations monitor and improve logon success for different methods (for example, biometric) on managed devices.
+This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve sign-in reliability. Using this event with Desktop Analytics can help organizations monitor and improve sign-in success for different methods (for example, biometric) on managed devices.
 
 The following fields are available:
 
@@ -262,11 +262,11 @@ The following fields are available:
 - **ReturnCode:** Output of the ReportResult function
 - **SessionId:** Session identifier
 - **Sign-in error status:** The sign-in error status
-- **SubStatus:** Sign-in error sub-status
+- **SubStatus:** Sign-in error substatus
 - **UserTag:** Count of the number of times a user has selected a provider
 
 ## Microsoft.Windows.Kernel.Power.OSStateChange
-This event denotes the transition between operating system states (e.g., On, Off, Sleep, etc.). By using this event with Desktop Analytics, organizations can use this to monitor reliability and performance of managed devices
+This event denotes the transition between operating system states (On, Off, Sleep, etc.). By using this event with Desktop Analytics, organizations can monitor reliability and performance of managed devices.
 
 The following fields are available:
 
@@ -281,10 +281,10 @@ The following fields are available:
 - **EnergyChangeV2Flags:** Flags for disambiguating EnergyChangeV2 context
 - **EventSequence:** A sequential number used to evaluate the completeness of the data
 - **LastStateTransition:** ID of the last operating system state transition
-- **LastStateTransitionSub:** ID of the last operating system sub-state transition
+- **LastStateTransitionSub:** ID of the last operating system substate transition
 - **StateDurationMS:** Number of milliseconds spent in the last operating system state
 - **StateTransition:** ID of the operating system state the system is transitioning to
-- **StateTransitionSub:** ID of the operating system sub-state the system is transitioning to
+- **StateTransitionSub:** ID of the operating system substate the system is transitioning to
 - **TotalDurationMS:** Total time (in milliseconds) spent in all states since the last boot
 - **TotalUptimeMS:** Total time (in milliseconds) the device was in Up or Running states since the last boot
 - **TransitionsToOn:** Number of transitions to the Powered On state since the last boot
@@ -305,7 +305,7 @@ Sends details about any error codes detected during a failed sign-in.
 The following fields are available:
 
 - **ntsStatus:** The NTSTATUS error code status returned from an attempted sign-in
-- **ntsSubstatus:** The NTSTATUS error code sub-status returned from an attempted sign-in 
+- **ntsSubstatus:** The NTSTATUS error code substatus returned from an attempted sign-in 
 
 ## Microsoft.Windows.Security.Biometrics.Service.BioServiceActivityCapture
 Indicates that a biometric capture was compared to known templates
@@ -327,7 +327,7 @@ The following field is available:
 - **ticksSinceBoot:** Duration of boot event (milliseconds)
 
 ## Microsoft.Windows.Shell.Desktop.LogonFramework.AllLogonTasks
-This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Desktop Analytics organizations can help identify logon problems on managed devices.
+This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Desktop Analytics, organizations can help identify logon problems on managed devices.
 
 The following fields are available:
 
@@ -341,7 +341,7 @@ The following fields are available:
 - **wilActivity:** Indicates errors in the task to help Microsoft improve reliability.
 
 ## Microsoft.Windows.Shell.Desktop.LogonFramework.LogonTask
-This event describes system tasks which are part of the user logon sequence and helps Microsoft to improve reliability.
+This event describes system tasks that are part of the user logon sequence and helps Microsoft to improve reliability.
 
 The following fields are available:
 
@@ -359,7 +359,7 @@ For a device subject to Windows Information Protection policy, learning events a
 The following fields are available:
 
 - **actiontype:** Indicates what type of resource access the app was attempting (for example, opening a local document vs. a network resource) when it encountered a policy boundary. Useful for Windows Information Protection administrators to tune policy rules.
-- **appIdType:** Based on the type of application, this indicates what type of app rule a Windows Information Protection administrator would need to create for this app.
+- **appIdType:** Based on the type of application, this field indicates what type of app rule a Windows Information Protection administrator would need to create for this app.
 - **appname:** App that triggered the event
 - **status:** Indicates whether errors occurred during WIP learning events
 
@@ -397,11 +397,11 @@ The following fields are available:
 - **MonitorWidth:** Number of horizontal pixels in the application host monitor resolution
 - **MouseInputSec:** Total number of seconds during which there was mouse input
 - **NewProcessCount:** Number of new processes contributing to the aggregate
-- **PartATransform_AppSessionGuidToUserSid:** Flag which influences how other parts of the event are constructed
+- **PartATransform_AppSessionGuidToUserSid:** Flag that influences how other parts of the event are constructed
 - **PenInputSec:** Total number of seconds during which there was pen input
 - **SpeechRecognitionSec:** Total number of seconds of speech recognition
 - **SummaryRound:** Incrementing number indicating the round (batch) being summarized
-- **TargetAsId:** Flag which influences how other parts of the event are constructed
+- **TargetAsId:** Flag that influences how other parts of the event are constructed
 - **TotalUserOrDisplayActiveDurationMS:** Total time the user or the display was active (in milliseconds)
 - **TouchInputSec:** Total number of seconds during which there was touch input
 - **UserActiveDurationMS:** Total time that the user was active including all input methods
@@ -415,7 +415,7 @@ The following fields are available:
 ## Revisions
 
 ### PartA_UserSid removed
-A previous revision of this list stated that a field named PartA_UserSid was a member of the event Microsoft.Windows.LogonController.LogonAndUnlockSubmit. This was incorrect. The list has been updated to reflect that no such field is present in the event.
+A previous revision of this list stated that a field named PartA_UserSid was a member of the event Microsoft.Windows.LogonController.LogonAndUnlockSubmit. This statement was incorrect. The list has been updated to reflect that no such field is present in the event.
 
 ### Office events added
 In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 16 events were added, describing Office app launch and availability. These events were added to improve the precision of Office data in Windows Analytics.
diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md
index ef7ec52739..ffa7858d15 100644
--- a/windows/privacy/windows-diagnostic-data-1703.md
+++ b/windows/privacy/windows-diagnostic-data-1703.md
@@ -42,7 +42,7 @@ Most diagnostic events contain a header of common data:
 
 | Category Name | Examples |
 | - | - |
-| Common Data | Information that is added to most diagnostic events, if relevant and available:
  • OS name, version, build, and [locale](https://msdn.microsoft.com/library/windows/desktop/dd318716.aspx)
  • User ID -- a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic diagnostic data
  • Xbox UserID
  • Environment from which the event was logged -- Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time such the period an app is running or between boots of the OS.
  • The diagnostic event name, Event ID, [ETW](https://msdn.microsoft.com/library/windows/desktop/bb968803.aspx) opcode, version, schema signature, keywords, and flags
  • HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service.
  • Various IDs that are used to correlate and sequence related events together.
  • Device ID. This is not the user provided device name, but an ID that is unique for that device.
  • Device class -- Desktop, Server, or Mobile
  • Event collection time
  • Diagnostic level --  Basic or Full, Sample level -- for sampled data, what sample level is this device opted into
 |
+| Common Data | Information that is added to most diagnostic events, if relevant and available:
  • OS name, version, build, and [locale](https://msdn.microsoft.com/library/windows/desktop/dd318716.aspx)
  • User ID - a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic diagnostic data
  • Xbox UserID
  • Environment from which the event was logged - Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time such the period an app is running or between boots of the OS.
  • The diagnostic event name, Event ID, [ETW](https://msdn.microsoft.com/library/windows/desktop/bb968803.aspx) opcode, version, schema signature, keywords, and flags
  • HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service.
  • Various IDs that are used to correlate and sequence related events together.
  • Device ID. This ID is not the user provided device name, but an ID that is unique for that device.
  • Device class - Desktop, Server, or Mobile
  • Event collection time
  • Diagnostic level -  Basic or Full, Sample level - for sampled data, what sample level is this device opted into
 |
 
 ## ​Device, Connectivity, and Configuration data
 
@@ -50,38 +50,38 @@ This type of data includes details about the device, its configuration and conne
 
 | Category Name |  Examples |
 | - | - |
-| Device properties | Information about the OS and device hardware, such as:
  •  OS - version name, Edition
  • Installation type, subscription status, and genuine OS status
  • Processor architecture, speed, number of cores, manufacturer, and model
  • OEM details --manufacturer, model, and serial number
  • Device identifier and Xbox serial number
  • Firmware/BIOS -- type, manufacturer, model, and version
  • Memory -- total memory, video memory, speed, and how much memory is available after the device has reserved memory
  • Storage -- total capacity and disk type
  • Battery -- charge capacity and InstantOn support
  • Hardware chassis type, color, and form factor
  • Is this a virtual machine?
 |
-| Device capabilities | Information about the specific device capabilities such as:
  • Camera -- whether the device has a front facing, a rear facing camera, or both.
  • Touch screen -- does the device include a touch screen? If so, how many hardware touch points are supported?
  • Processor capabilities -- CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2
  • Trusted Platform Module (TPM) – whether present and what version
  • Virtualization hardware -- whether an IOMMU is present, SLAT support, is virtualization enabled in the firmware
  • Voice – whether voice interaction is supported and the number of active microphones
  • Number of displays, resolutions, DPI
  • Wireless capabilities
  • OEM or platform face detection
  • OEM or platform video stabilization and quality level set
  • Advanced Camera Capture mode (HDR vs. LowLight), OEM vs. platform implementation, HDR probability, and Low Light probability
 |
-| Device preferences and settings | Information about the device settings and user preferences such as:
  • User Settings – System, Device, Network & Internet, Personalization, Cortana, Apps, Accounts, Time & Language, Gaming, Ease of Access, Privacy, Update & Security
  • User-provided device name
  • Whether device is domain-joined, or cloud-domain joined (i.e. part of a company-managed network)
  • Hashed representation of the domain name
  • MDM (mobile device management) enrollment settings and status
  • BitLocker, Secure Boot, encryption settings, and status
  • Windows Update settings and status
  • Developer Unlock settings and status
  • Default app choices
  • Default browser choice
  • Default language settings for app, input, keyboard, speech, and display
  • App store update settings
  • Enterprise OrganizationID, Commercial ID
 |
-| Device peripherals | Information about the device peripherals such as:
  • Peripheral name, device model, class, manufacturer and description
  • Peripheral device state, install state, and checksum
  • Driver name, package name, version, and manufacturer
  • HWID - A hardware vendor defined ID to match a device to a driver [INF file](https://msdn.microsoft.com/windows/hardware/drivers/install/hardware-ids)
  • Driver state, problem code, and checksum
  • Whether driver is kernel mode, signed, and image size
 |
-| Device network info | Information about the device network configuration such as:
  • Network system capabilities
  • Local or Internet connectivity status
  • Proxy, gateway, DHCP, DNS details and addresses
  • Paid or free network
  • Wireless driver is emulated or not
  • Access point mode capable
  • Access point manufacturer, model, and MAC address
  • WDI Version
  • Name of networking driver service
  • Wi-Fi Direct details
  • Wi-Fi device hardware ID and manufacturer
  • Wi-Fi scan attempt counts and item counts
  • Mac randomization is supported/enabled or not
  • Number of spatial streams and channel frequencies supported
  • Manual or Auto Connect enabled
  • Time and result of each connection attempt
  • Airplane mode status and attempts
  • Interface description provided by the manufacturer
  • Data transfer rates
  • Cipher algorithm
  • Mobile Equipment ID (IMEI) and Mobile Country Code (MCCO)
  • Mobile operator and service provider name
  • Available SSIDs and BSSIDs
  • IP Address type -- IPv4 or IPv6
  • Signal Quality percentage and changes
  • Hotspot presence detection and success rate
  • TCP connection performance
  • Miracast device names
  • Hashed IP address

+| Device properties | Information about the OS and device hardware, such as:
  •  OS - version name, Edition
  • Installation type, subscription status, and genuine OS status
  • Processor architecture, speed, number of cores, manufacturer, and model
  • OEM details - manufacturer, model, and serial number
  • Device identifier and Xbox serial number
  • Firmware/BIOS - type, manufacturer, model, and version
  • Memory - total memory, video memory, speed, and how much memory is available after the device has reserved memory
  • Storage - total capacity and disk type
  • Battery - charge capacity and InstantOn support
  • Hardware chassis type, color, and form factor
  • Is this machine a virtual machine?
 |
+| Device capabilities | Information about the specific device capabilities such as:
  • Camera - whether the device has a front facing, a rear facing camera, or both.
  • Touch screen - does the device include a touch screen? If so, how many hardware touch points are supported?
  • Processor capabilities - CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2
  • Trusted Platform Module (TPM) – whether present and what version
  • Virtualization hardware - whether an IOMMU is present, SLAT support, is virtualization enabled in the firmware
  • Voice – whether voice interaction is supported and the number of active microphones
  • Number of displays, resolutions, DPI
  • Wireless capabilities
  • OEM or platform face detection
  • OEM or platform video stabilization and quality level set
  • Advanced Camera Capture mode (HDR vs. LowLight), OEM vs. platform implementation, HDR probability, and Low Light probability
 |
+| Device preferences and settings | Information about the device settings and user preferences such as:
  • User Settings – System, Device, Network & Internet, Personalization, Cortana, Apps, Accounts, Time & Language, Gaming, Ease of Access, Privacy, Update & Security
  • User-provided device name
  • Whether device is domain-joined, or cloud-domain joined (that is, part of a company-managed network)
  • Hashed representation of the domain name
  • MDM (mobile device management) enrollment settings and status
  • BitLocker, Secure Boot, encryption settings, and status
  • Windows Update settings and status
  • Developer Unlock settings and status
  • Default app choices
  • Default browser choice
  • Default language settings for app, input, keyboard, speech, and display
  • App store update settings
  • Enterprise OrganizationID, Commercial ID
 |
+| Device peripherals | Information about the device peripherals such as:
  • Peripheral name, device model, class, manufacturer, and description
  • Peripheral device state, install state, and checksum
  • Driver name, package name, version, and manufacturer
  • HWID - A hardware vendor defined ID to match a device to a driver [INF file](https://msdn.microsoft.com/windows/hardware/drivers/install/hardware-ids)
  • Driver state, problem code, and checksum
  • Whether driver is kernel mode, signed, and image size
 |
+| Device network info | Information about the device network configuration such as:
  • Network system capabilities
  • Local or Internet connectivity status
  • Proxy, gateway, DHCP, DNS details, and addresses
  • Paid or free network
  • Wireless driver is emulated or not
  • Access point mode capable
  • Access point manufacturer, model, and MAC address
  • WDI Version
  • Name of networking driver service
  • Wi-Fi Direct details
  • Wi-Fi device hardware ID and manufacturer
  • Wi-Fi scan attempt counts and item counts
  • Mac randomization is supported/enabled or not
  • Number of spatial streams and channel frequencies supported
  • Manual or Auto Connect enabled
  • Time and result of each connection attempt
  • Airplane mode status and attempts
  • Interface description provided by the manufacturer
  • Data transfer rates
  • Cipher algorithm
  • Mobile Equipment ID (IMEI) and Mobile Country Code (MCCO)
  • Mobile operator and service provider name
  • Available SSIDs and BSSIDs
  • IP Address type - IPv4 or IPv6
  • Signal Quality percentage and changes
  • Hotspot presence detection and success rate
  • TCP connection performance
  • Miracast device names
  • Hashed IP address

 
 ## Product and Service Usage data
 
-This type of data includes details about the usage of the device, operating system, applications and services. 
+This type of data includes details about the usage of the device, operating system, applications, and services. 
 
 | Category Name | Examples |
 | - | - |
-| App usage | Information about Windows and application usage such as:
  • OS component and app feature usage
  • User navigation and interaction with app and Windows features. This could potentially include user input, such as name of a new alarm set, user menu choices, or user favorites.
  • Time of and count of app/component launches, duration of use, session GUID, and process ID
  • App time in various states – running foreground or background, sleeping, or receiving active user interaction
  • User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller
  • Cortana launch entry point/reason
  • Notification delivery requests and status
  • Apps used to edit images and videos
  • SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line
  • Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line
  • Emergency alerts are received or displayed statistics
  • Content searches within an app
  • Reading activity -- bookmarking used, print used, layout changed
|
-| App or product state | Information about Windows and application state such as:
  • Start Menu and Taskbar pins
  • Online/Offline status
  • App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.
  • Personalization impressions delivered
  • Whether the user clicked or hovered on UI controls or hotspots
  • User feedback Like or Dislike or rating was provided
  • Caret location or position within documents and media files -- how much of a book has been read in a single session or how much of a song has been listened to.
|
+| App usage | Information about Windows and application usage such as:
  • OS component and app feature usage
  • User navigation and interaction with app and Windows features. This information could include user input, such as the name of a new alarm set, user menu choices, or user favorites.
  • Time of and count of app/component launches, duration of use, session GUID, and process ID
  • App time in various states – running foreground or background, sleeping, or receiving active user interaction
  • User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller
  • Cortana launch entry point/reason
  • Notification delivery requests and status
  • Apps used to edit images and videos
  • SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line
  • Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line
  • Emergency alerts are received or displayed statistics
  • Content searches within an app
  • Reading activity - bookmarking used, print used, layout changed
|
+| App or product state | Information about Windows and application state such as:
  • Start Menu and Taskbar pins
  • Online/Offline status
  • App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.
  • Personalization impressions delivered
  • Whether the user clicked or hovered on UI controls or hotspots
  • User feedback Like or Dislike or rating was provided
  • Caret location or position within documents and media files - how much of a book has been read in a single session or how much of a song has been listened to.
|
 | Login properties | 
  • Login success or failure
  • Login sessions and state
|
 
 
 ## Product and Service Performance data
 
-This type of data includes details about the health of the device, operating system, apps and drivers.
+This type of data includes details about the health of the device, operating system, apps, and drivers.
 
 | Category Name | Description and Examples |
 | - | - |
-|Device health and crash data | Information about the device and software health such as:

 
+### ADMX_CipherSuiteOrder policies  
+
+

+  

+    ADMX_CipherSuiteOrder/SSLCipherSuiteOrder
+  

+  

+    ADMX_CipherSuiteOrder/SSLCurveOrder
+  

+

+
+### ADMX_COM policies  
+
+

+  

+    ADMX_COM/AppMgmt_COM_SearchForCLSID_1
+  

+  

+    ADMX_COM/AppMgmt_COM_SearchForCLSID_2
+  

+

+
 
 ### ADMX_Cpls policies
 
@@ -599,6 +621,323 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
 
+### ADMX_MMCSnapins policies  
+
+

+  

+    ADMX_MMCSnapins/MMC_ADMComputers_1
+  

+  

+    ADMX_MMCSnapins/MMC_ADMComputers_2
+  

+  

+    ADMX_MMCSnapins/MMC_ADMUsers_1
+  

+  

+    ADMX_MMCSnapins/MMC_ADMUsers_2
+  

+  

+    ADMX_MMCSnapins/MMC_ADSI
+  

+  

+    ADMX_MMCSnapins/MMC_ActiveDirDomTrusts
+  

+  

+    ADMX_MMCSnapins/MMC_ActiveDirSitesServices
+  

+  

+    ADMX_MMCSnapins/MMC_ActiveDirUsersComp
+  

+  

+    ADMX_MMCSnapins/MMC_AppleTalkRouting
+  

+  

+    ADMX_MMCSnapins/MMC_AuthMan
+  

+  

+    ADMX_MMCSnapins/MMC_CertAuth
+  

+  

+    ADMX_MMCSnapins/MMC_CertAuthPolSet
+  

+  

+    ADMX_MMCSnapins/MMC_Certs
+  

+  

+    ADMX_MMCSnapins/MMC_CertsTemplate
+  

+  

+    ADMX_MMCSnapins/MMC_ComponentServices
+  

+  

+    ADMX_MMCSnapins/MMC_ComputerManagement
+  

+  

+    ADMX_MMCSnapins/MMC_ConnectionSharingNAT
+  

+  

+    ADMX_MMCSnapins/MMC_DCOMCFG
+  

+  

+    ADMX_MMCSnapins/MMC_DFS
+  

+  

+    ADMX_MMCSnapins/MMC_DHCPRelayMgmt
+  

+  

+    ADMX_MMCSnapins/MMC_DeviceManager_1
+  

+  

+    ADMX_MMCSnapins/MMC_DeviceManager_2
+  

+  

+    ADMX_MMCSnapins/MMC_DiskDefrag
+  

+  

+    ADMX_MMCSnapins/MMC_DiskMgmt
+  

+  

+    ADMX_MMCSnapins/MMC_EnterprisePKI
+  

+  

+    ADMX_MMCSnapins/MMC_EventViewer_1
+  

+  

+    ADMX_MMCSnapins/MMC_EventViewer_2
+  

+  

+    ADMX_MMCSnapins/MMC_EventViewer_3
+  

+  

+    ADMX_MMCSnapins/MMC_EventViewer_4
+  

+  

+    ADMX_MMCSnapins/MMC_FAXService
+  

+  

+    ADMX_MMCSnapins/MMC_FailoverClusters
+  

+  

+    ADMX_MMCSnapins/MMC_FolderRedirection_1
+  

+  

+    ADMX_MMCSnapins/MMC_FolderRedirection_2
+  

+  

+    ADMX_MMCSnapins/MMC_FrontPageExt
+  

+  

+    ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn
+  

+  

+    ADMX_MMCSnapins/MMC_GroupPolicySnapIn
+  

+  

+    ADMX_MMCSnapins/MMC_GroupPolicyTab
+  

+  

+    ADMX_MMCSnapins/MMC_HRA
+  

+  

+    ADMX_MMCSnapins/MMC_IAS
+  

+  

+    ADMX_MMCSnapins/MMC_IASLogging
+  

+  

+    ADMX_MMCSnapins/MMC_IEMaintenance_1
+  

+  

+    ADMX_MMCSnapins/MMC_IEMaintenance_2
+  

+  

+    ADMX_MMCSnapins/MMC_IGMPRouting
+  

+  

+    ADMX_MMCSnapins/MMC_IIS
+  

+  

+    ADMX_MMCSnapins/MMC_IPRouting
+  

+  

+    ADMX_MMCSnapins/MMC_IPSecManage_GP
+  

+  

+    ADMX_MMCSnapins/MMC_IPXRIPRouting
+  

+  

+    ADMX_MMCSnapins/MMC_IPXRouting
+  

+  

+    ADMX_MMCSnapins/MMC_IPXSAPRouting
+  

+  

+    ADMX_MMCSnapins/MMC_IndexingService
+  

+  

+    ADMX_MMCSnapins/MMC_IpSecManage
+  

+  

+    ADMX_MMCSnapins/MMC_IpSecMonitor
+  

+  

+    ADMX_MMCSnapins/MMC_LocalUsersGroups
+  

+  

+    ADMX_MMCSnapins/MMC_LogicalMappedDrives
+  

+  

+    ADMX_MMCSnapins/MMC_NPSUI
+  

+  

+    ADMX_MMCSnapins/MMC_NapSnap
+  

+  

+    ADMX_MMCSnapins/MMC_NapSnap_GP
+  

+  

+    ADMX_MMCSnapins/MMC_Net_Framework
+  

+  

+    ADMX_MMCSnapins/MMC_OCSP
+  

+  

+    ADMX_MMCSnapins/MMC_OSPFRouting
+  

+  

+    ADMX_MMCSnapins/MMC_PerfLogsAlerts
+  

+  

+    ADMX_MMCSnapins/MMC_PublicKey
+  

+  

+    ADMX_MMCSnapins/MMC_QoSAdmission
+  

+  

+    ADMX_MMCSnapins/MMC_RAS_DialinUser
+  

+  

+    ADMX_MMCSnapins/MMC_RIPRouting
+  

+  

+    ADMX_MMCSnapins/MMC_RIS
+  

+  

+    ADMX_MMCSnapins/MMC_RRA
+  

+  

+    ADMX_MMCSnapins/MMC_RSM
+  

+  

+    ADMX_MMCSnapins/MMC_RemStore
+  

+  

+    ADMX_MMCSnapins/MMC_RemoteAccess
+  

+  

+    ADMX_MMCSnapins/MMC_RemoteDesktop
+  

+  

+    ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn
+  

+  

+    ADMX_MMCSnapins/MMC_Routing
+  

+  

+    ADMX_MMCSnapins/MMC_SCA
+  

+  

+    ADMX_MMCSnapins/MMC_SMTPProtocol
+  

+  

+    ADMX_MMCSnapins/MMC_SNMP
+  

+  

+    ADMX_MMCSnapins/MMC_ScriptsMachine_1
+  

+  

+    ADMX_MMCSnapins/MMC_ScriptsMachine_2
+  

+  

+    ADMX_MMCSnapins/MMC_ScriptsUser_1
+  

+  

+    ADMX_MMCSnapins/MMC_ScriptsUser_2
+  

+  

+    ADMX_MMCSnapins/MMC_SecuritySettings_1
+  

+  

+    ADMX_MMCSnapins/MMC_SecuritySettings_2
+  

+  

+    ADMX_MMCSnapins/MMC_SecurityTemplates
+  

+  

+    ADMX_MMCSnapins/MMC_SendConsoleMessage
+  

+  

+    ADMX_MMCSnapins/MMC_ServerManager
+  

+  

+    ADMX_MMCSnapins/MMC_ServiceDependencies
+  

+  

+    ADMX_MMCSnapins/MMC_Services
+  

+  

+    ADMX_MMCSnapins/MMC_SharedFolders
+  

+  

+    ADMX_MMCSnapins/MMC_SharedFolders_Ext
+  

+  

+    ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1
+  

+  

+    ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2
+  

+  

+    ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1
+  

+  

+    ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2
+  

+  

+    ADMX_MMCSnapins/MMC_SysInfo
+  

+  

+    ADMX_MMCSnapins/MMC_SysProp
+  

+  

+    ADMX_MMCSnapins/MMC_TPMManagement
+  

+  

+    ADMX_MMCSnapins/MMC_Telephony
+  

+  

+    ADMX_MMCSnapins/MMC_TerminalServices
+  

+  

+    ADMX_MMCSnapins/MMC_WMI
+  

+  

+    ADMX_MMCSnapins/MMC_WindowsFirewall
+  

+  

+    ADMX_MMCSnapins/MMC_WindowsFirewall_GP
+  

+  

+    ADMX_MMCSnapins/MMC_WiredNetworkPolicy
+  

+  

+    ADMX_MMCSnapins/MMC_WirelessMon
+  

+  

+    ADMX_MMCSnapins/MMC_WirelessNetworkPolicy
+  

+

+
 ### ADMX_MSAPolicy policies
 

   

diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
deleted file mode 100644
index d1a599cfa9..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ /dev/null
@@ -1,6796 +0,0 @@
----
-title: Policy CSP - ADMX_TerminalServer
-description: Policy CSP - ADMX_TerminalServer
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 10/27/2020
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_TerminalServer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-

-
-
-## ADMX_TerminalServer policies  
-
-

-  

-    ADMX_TerminalServer/TS_AUTO_RECONNECT
-  

-  

-    ADMX_TerminalServer/TS_CAMERA_REDIRECTION
-  

-  

-    ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_AUDIO
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_CLIPBOARD
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_COM
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_DEFAULT_M
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_LPT
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_PNP
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_PRINTER
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2
-  

-  

-    ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP
-  

-  

-    ADMX_TerminalServer/TS_COLORDEPTH
-  

-  

-    ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES
-  

-  

-    ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER
-  

-  

-    ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU
-  

-  

-    ADMX_TerminalServer/TS_EASY_PRINT
-  

-  

-    ADMX_TerminalServer/TS_EASY_PRINT_User
-  

-  

-    ADMX_TerminalServer/TS_EnableVirtualGraphics
-  

-  

-    ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE
-  

-  

-    ADMX_TerminalServer/TS_FORCIBLE_LOGOFF
-  

-  

-    ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
-  

-  

-    ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
-  

-  

-    ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
-  

-  

-    ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY
-  

-  

-    ADMX_TerminalServer/TS_KEEP_ALIVE
-  

-  

-    ADMX_TerminalServer/TS_LICENSE_SECGROUP
-  

-  

-    ADMX_TerminalServer/TS_LICENSE_SERVERS
-  

-  

-    ADMX_TerminalServer/TS_LICENSE_TOOLTIP
-  

-  

-    ADMX_TerminalServer/TS_LICENSING_MODE
-  

-  

-    ADMX_TerminalServer/TS_MAXDISPLAYRES
-  

-  

-    ADMX_TerminalServer/TS_MAXMONITOR
-  

-  

-    ADMX_TerminalServer/TS_MAX_CON_POLICY
-  

-  

-    ADMX_TerminalServer/TS_NoDisconnectMenu
-  

-  

-    ADMX_TerminalServer/TS_NoSecurityMenu
-  

-  

-    ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
-  

-  

-    ADMX_TerminalServer/TS_PreventLicenseUpgrade
-  

-  

-    ADMX_TerminalServer/TS_RADC_DefaultConnection
-  

-  

-    ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration
-  

-  

-    ADMX_TerminalServer/TS_RemoteControl_1
-  

-  

-    ADMX_TerminalServer/TS_RemoteControl_2
-  

-  

-    ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics
-  

-  

-    ADMX_TerminalServer/TS_SD_ClustName
-  

-  

-    ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS
-  

-  

-    ADMX_TerminalServer/TS_SD_Loc
-  

-  

-    ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY
-  

-  

-    ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT
-  

-  

-    ADMX_TerminalServer/TS_SELECT_TRANSPORT
-  

-  

-    ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
-  

-  

-    ADMX_TerminalServer/TS_SERVER_AUTH
-  

-  

-    ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED
-  

-  

-    ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
-  

-  

-    ADMX_TerminalServer/TS_SERVER_COMPRESSOR
-  

-  

-    ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
-  

-  

-    ADMX_TerminalServer/TS_SERVER_LEGACY_RFX
-  

-  

-    ADMX_TerminalServer/TS_SERVER_PROFILE
-  

-  

-    ADMX_TerminalServer/TS_SERVER_VISEXP
-  

-  

-    ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER
-  

-  

-    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1
-  

-  

-    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
-  

-  

-    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1
-  

-  

-    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2
-  

-  

-    ADMX_TerminalServer/TS_SESSIONS_Limits_1
-  

-  

-    ADMX_TerminalServer/TS_SESSIONS_Limits_2
-  

-  

-    ADMX_TerminalServer/TS_SINGLE_SESSION
-  

-  

-    ADMX_TerminalServer/TS_SMART_CARD
-  

-  

-    ADMX_TerminalServer/TS_START_PROGRAM_1
-  

-  

-    ADMX_TerminalServer/TS_START_PROGRAM_2
-  

-  

-    ADMX_TerminalServer/TS_Session_End_On_Limit_1
-  

-  

-    ADMX_TerminalServer/TS_Session_End_On_Limit_2
-  

-  

-    ADMX_TerminalServer/TS_TEMP_DELETE
-  

-  

-    ADMX_TerminalServer/TS_TEMP_PER_SESSION
-  

-  

-    ADMX_TerminalServer/TS_TIME_ZONE
-  

-  

-    ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY
-  

-  

-    ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP
-  

-  

-    ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE
-  

-  

-    ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY
-  

-  

-    ADMX_TerminalServer/TS_USER_HOME
-  

-  

-    ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES
-  

-  

-    ADMX_TerminalServer/TS_USER_PROFILES
-  

-

-
-
-

-
-
-**ADMX_TerminalServer/TS_AUTO_RECONNECT**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost.
-
-By default, a maximum  of twenty reconnection attempts are made at five second intervals.
-
-If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.
-
-If the status is set to Disabled, automatic reconnection of clients is prohibited.
-
-If the status is set to Not Configured, automatic reconnection is not specified at the  Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Automatic reconnection*
--   GP name: *TS_AUTO_RECONNECT*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CAMERA_REDIRECTION**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost.
-
-By default, a maximum  of twenty reconnection attempts are made at five second intervals.
-
-If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.
-
-If the status is set to Disabled, automatic reconnection of clients is prohibited.
-
-If the status is set to Not Configured, automatic reconnection is not specified at the  Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Automatic reconnection*
--   GP name: *TS_CAMERA_REDIRECTION*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.
-
-A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
-
-If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected.
-
-If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.
-
-If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.  
-
-> [!NOTE]
-> If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Server authentication certificate template*
--   GP name: *TS_CERTIFICATE_TEMPLATE_POLICY*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).
-
-If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
-
-If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
-
-> [!NOTE]
-> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Allow .rdp files from valid publishers and user's default .rdp settings*
--   GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).
-
-If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
-
-If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
-
-> [!NOTE]
-> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Allow .rdp files from valid publishers and user's default .rdp settings*
--   GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
-
-If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
-
-If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Allow .rdp files from unknown publishers*
--   GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
-
-If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
-
-If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Allow .rdp files from unknown publishers*
--   GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_AUDIO**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.
-
-Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.
-
-By default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.
-
-If you enable this policy setting, audio and video playback redirection is allowed.
-
-If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file.  If you do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Allow audio and video playback redirection*
--   GP name: *TS_CLIENT_AUDIO*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.
-
-Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone.
-
-By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.
-
-If you enable this policy setting, audio recording redirection is allowed.
-
-If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC.
-
-If you do not configure this policy setting, Audio recording redirection is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Allow audio recording redirection*
--   GP name: *TS_CLIENT_AUDIO_CAPTURE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links.
-
-If you enable this policy setting, you must select one of the following:  High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection.
-
-The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer.
-
-For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.
-
-Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.
-
-If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Limit audio playback quality*
--   GP name: *TS_CLIENT_AUDIO_QUALITY*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.
-
-You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.
-
-If you enable this policy setting, users cannot redirect Clipboard data.
-
-If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.
-
-If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow Clipboard redirection*
--   GP name: *TS_CLIENT_CLIPBOARD*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_COM**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.
-
-You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.
-
-If you enable this policy setting, users cannot redirect server data to the local COM port.
-
-If you disable this policy setting, Remote Desktop Services always allows COM port redirection.
-
-If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow COM port redirection*
--   GP name: *TS_CLIENT_COM*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.
-
-By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.
-
-If you enable this policy setting, the default printer is the printer specified on the remote computer.  If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.
-
-If you do not configure this policy setting, the default printer is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not set default client printer to be default printer in a session*
--   GP name: *TS_CLIENT_DEFAULT_M*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. If you use this setting, the Remote Desktop Client will use only software decoding.
-
-For example, if you have a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow hardware accelerated decoding*
--   GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Controls whether a user can save passwords using Remote Desktop Connection.
-
-If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.
-
-If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow passwords to be saved*
--   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_LPT**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.
-
-You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.
-
-If you enable this policy setting, users in a Remote Desktop Services session cannot redirect server data to the local LPT port.
-
-If you disable this policy setting, LPT port redirection is always allowed.
-
-If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow LPT port redirection*
--   GP name: *TS_CLIENT_LPT*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_PNP**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session.
-
-By default, Remote Desktop Services does not allow redirection of supported Plug and Play and RemoteFX USB devices.
-
-If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.
-
-If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is running Windows Server 2012 R2 and earlier versions.
-
-> [!NOTE]
-> You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow supported Plug and Play device redirection*
--   GP name: *TS_CLIENT_PNP*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_PRINTER**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.  You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.
-
-If you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.
-
-If you disable this policy setting, users can redirect print jobs with client printer mapping.  
-
-If you do not configure this policy setting, client printer mapping is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow client printer redirection*
--   GP name: *TS_CLIENT_PRINTER*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
-
-If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.  If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.
-
-> [!NOTE]
-> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
-> 
-> This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting.  If the list contains a string that is not a certificate thumbprint, it is ignored.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
--   GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
-
-If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.  
-
-If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.  
-
-> [!NOTE]
-> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
->
-> This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting.  If the list contains a string that is not a certificate thumbprint, it is ignored.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
--   GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.
-
-If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.
-
-If you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Turn Off UDP On Client*
--   GP name: *TS_CLIENT_TURN_OFF_UDP*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_COLORDEPTH**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections.
-
-You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.
-
-If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.
-
-If you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level.
-
-> [!NOTE]
-> - Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
-> - The value specified in this policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
-> - For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
->
->    - Value specified by this policy setting. 
->    - Maximum color depth supported by the client.
->    - Value requested by the client  If the client does not support at least 16 bits, the connection is terminated.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Limit maximum color depth*
--   GP name: *TS_COLORDEPTH*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive.
-
-This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.
-
-> [!NOTE]
-> If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.
-
-If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. When the size of the entire roaming user profile cache exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.
-
-If you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive.  Note:  This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Limit the size of the entire roaming user profile cache*
--   GP name: *TS_DELETE_ROAMING_USER_PROFILES*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP.
-
-You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session.
-
-If you enable this policy setting, wallpaper is not displayed in a Remote Desktop Services session.
-
-If you disable this policy setting, wallpaper is displayed in a Remote Desktop Services session, depending on the client configuration.
-
-If you do not configure this policy setting, Windows Vista displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2008 do not display wallpaper by default to Remote Desktop Services sessions.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Remove remote desktop wallpaper*
--   GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.
-
-If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.
-
-If you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.
-
-> [!NOTE]
-> The policy setting affects only the default graphics processing unit (GPU) on a computer with more than one GPU installed. All additional GPUs are considered secondary adapters and used as hardware renderers. The GPU configuration of the local session is not affected by this policy setting.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Use the hardware default graphics adapter for all Remote Desktop Services sessions*
--   GP name: *TS_DX_USE_FULL_HWGPU*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_EASY_PRINT**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
-
-If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.
-
-If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session.
-
-> [!NOTE]
-> If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Use Remote Desktop Easy Print printer driver first*
--   GP name: *TS_EASY_PRINT*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_EASY_PRINT_User**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
-
-If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.
-
-If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session.
-
-> [!NOTE]
-> If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Use Remote Desktop Easy Print printer driver first*
--   GP name: *TS_EASY_PRINT_User*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_EnableVirtualGraphics**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
-
-When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.
-
-When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
-
-If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
-
-If you disable this policy setting, RemoteFX will be disabled.
-
-If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure RemoteFX*
--   GP name: *TS_EnableVirtualGraphics*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Session Host server fallback printer driver behavior.
-
-By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.
-
-If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You can choose to change this default behavior. The available options are: 
-
-- "Do nothing if one is not found" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the client's printer is not available. This is the default behavior.
-- "Default to PCL if one is not found" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.
-- "Default to PS if one is not found" - If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver.
-- "Show both PCL and PS if one is not found" - If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.  
-
-If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver.
-
-If you do not configure this policy setting, the fallback printer driver behavior is off by default.
-
-> [!NOTE]
-> If the "Do not allow client printer redirection" setting is enabled, this policy setting is ignored and the fallback printer driver is disabled.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Specify RD Session Host server fallback printer driver behavior*
--   GP name: *TS_FALLBACKPRINTDRIVERTYPE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.
-
-This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost.
-
-If you enable this policy setting, logging off the connected administrator is not allowed.
-
-If you disable or do not configure this policy setting, logging off the connected administrator is allowed.
-
-> [!NOTE]
-> The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Deny logoff of an administrator logged in to the console session*
--   GP name: *TS_FORCIBLE_LOGOFF*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
-
-To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.
-
-If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method is not specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set RD Gateway authentication method*
--   GP name: *TS_GATEWAY_POLICY_AUTH_METHOD*
--   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting.
-
-You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
-
-> [!NOTE]
-> To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
-
-To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default.
-
-If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Enable connection through RD Gateway*
--   GP name: *TS_GATEWAY_POLICY_ENABLE*
--   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
-
-> [!NOTE]
-> It is highly recommended that you also specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
-
-To allow users to overwrite the "Set RD Gateway server address" policy setting and connect to another RD Gateway server, you must select the "Allow users to change this setting" check box and users will be allowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.
-
-> [!NOTE]
-> If you disable or do not configure this policy setting, but enable the "Enable connections through RD Gateway" policy setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set RD Gateway server address*
--   GP name: *TS_GATEWAY_POLICY_SERVER*
--   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.
-
-If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.  If you disable this policy setting, the server does not join a farm in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
-
-If the policy setting is not configured, the policy setting is not specified at the Group Policy level.
-
-> [!NOTE]
-> - If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
-> - For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Join RD Connection Broker*
--   GP name: *TS_JOIN_SESSION_DIRECTORY*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_KEEP_ALIVE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.
-
-After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.
-
-If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.
-
-If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure keep-alive connection interval*
--   GP name: *TS_KEEP_ALIVE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_LICENSE_SECGROUP**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).
-
-You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.
-
-If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server.  By default, the RDS Endpoint Servers group is empty.
-
-If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting.
-
-> [!NOTE]
-> You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *License server security group*
--   GP name: *TS_LICENSE_SECGROUP*
--   GP path: *Windows Components\Remote Desktop Services\RD Licensing*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_LICENSE_SERVERS**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.
-
-If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers cannot be located, the RD Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:
-
-1. Remote Desktop license servers that are published in Active Directory Domain Services.
-2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
-
-If you disable or do not configure this policy setting, the RD Session Host server does not specify a license server at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Use the specified Remote Desktop license servers*
--   GP name: *TS_LICENSE_SERVERS*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_LICENSE_TOOLTIP**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.
-
-By default, notifications are displayed on an RD Session Host server after you log on as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.
-
-If you enable this policy setting, these notifications will not be displayed on the RD Session Host server.
-
-If you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Hide notifications about RD Licensing problems that affect the RD Session Host server*
--   GP name: *TS_LICENSE_TOOLTIP*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_LICENSING_MODE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
-
-You can use this policy setting to select one of two licensing modes: Per User or Per Device.  Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.
-
-Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.
-
-If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server.
-
-If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set the Remote Desktop licensing mode*
--   GP name: *TS_LICENSING_MODE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_MAXDISPLAYRES**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.
-
-If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.
-
-If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Limit maximum display resolution*
--   GP name: *TS_MAXDISPLAYRES*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_MAXMONITOR**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.
-
-If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.
-
-If you disable or do not configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Limit number of monitors*
--   GP name: *TS_MAXMONITOR*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_MAX_CON_POLICY**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.
-
-You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.
-
-To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.
-
-If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.
-
-If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level.
-
-> [!NOTE]
-> This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Limit number of connections*
--   GP name: *TS_MAX_CON_POLICY*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_NoDisconnectMenu**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.
-
-You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.  If you enable this policy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box.
-
-If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog box.
-
-> [!NOTE]
-> This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions" policy setting.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Remove "Disconnect" option from Shut Down dialog*
--   GP name: *TS_NoDisconnectMenu*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_NoSecurityMenu**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.
-
-If the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.
-
-If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Remove Windows Security item from Start menu*
--   GP name: *TS_NoSecurityMenu*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.
-
-If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user will not be prompted to provide credentials.
-
-> [!NOTE]
-> If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.
-
-If you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server.
-
-For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Prompt for credentials on the client computer*
--   GP name: *TS_PROMT_CREDS_CLIENT_COMP*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_PreventLicenseUpgrade**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.
-
-A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.
-
-By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following:
-
-- A client connecting to a Windows Server 2003 terminal server
-- A client connecting to a Windows 2000 terminal server
-
-If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired.
-
-If you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Prevent license upgrade*
--   GP name: *TS_PreventLicenseUpgrade*
--   GP path: *Windows Components\Remote Desktop Services\RD Licensing*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_RADC_DefaultConnection**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.
-
-The default connection URL must be configured in the form of http://contoso.com/rdweb/Feed/webfeed.aspx.
-
-If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL.
-
-If you disable or do not configure this policy setting, the user has no default connection URL.  
-
-> [!NOTE]
-> RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Specify default connection URL*
--   GP name: *TS_RADC_DefaultConnection*
--   GP path: *Windows Components\Remote Desktop Services\RemoteApp and Desktop Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user.  By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.
-
-If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.
-
-If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Suspend user sign-in to complete app registration*
--   GP name: *TS_RDSAppX_WaitForRegistration*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_RemoteControl_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected.
-
-Select the desired level of control and permission from the options list:
-
-1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.
-2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
-3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
-4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.
-5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.  
-
-If you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set rules for remote control of Remote Desktop Services user sessions*
--   GP name: *TS_RemoteControl_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_RemoteControl_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected. 
-
-Select the desired level of control and permission from the options list:
-
-1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.
-2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
-3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
-4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.  
-5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.
-
-If you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set rules for remote control of Remote Desktop Services user sessions*
--   GP name: *TS_RemoteControl_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered.
-
-Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).
-
-If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.
-
-By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior).
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Optimize visual experience when using RemoteFX*
--   GP name: *TS_RemoteDesktopVirtualGraphics*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SD_ClustName**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services.
-
-If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.
-
-If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.  If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level.
-
-> [!NOTE]
-> - This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy.
->- For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure RD Connection Broker farm name*
--   GP name: *TS_SD_ClustName*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.
-
-If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.
-
-If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. 
-
-If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.
-
-> [!NOTE]
-> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Use IP Address Redirection*
--   GP name: *TS_SD_EXPOSE_ADDRESS*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SD_Loc**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.
-
-If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.
-
-If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level.
-
-> [!NOTE]
-> - For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
-> - This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled.
-> - To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure RD Connection Broker server name*
--   GP name: *TS_SD_Loc*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.
-
-If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. The following security methods are available:
-
-- Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended.
-- RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended.
-- SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy.
-
-If you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Require use of specific security layer for remote (RDP) connections*
--   GP name: *TS_SECURITY_LAYER_POLICY*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).  You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.
-
-If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.
-
-If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality.
-
-If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality.
-
-If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Select network detection on the server*
--   GP name: *TS_SELECT_NETWORK_DETECT*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SELECT_TRANSPORT**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
-
-If you enable this policy setting, you must specify if you would like RDP to use UDP.  You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)". If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP.
-
-If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP.
-
-If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Select RDP transport protocols*
--   GP name: *TS_SELECT_TRANSPORT*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions.
-
-If you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.
-
-If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Use advanced RemoteFX graphics for RemoteApp*
--   GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_AUTH**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
-
-If you enable this policy setting, you must specify one of the following settings:
-- Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server.
-- Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
-- Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. 
-
-If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure server authentication for client*
--   GP name: *TS_SERVER_AUTH*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
--   GP name: *TS_SERVER_AVC444_MODE_PREFERRED*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. If you disable or do not configure this policy, we will always use software encoding.
-
-If you set the encoding option to “Always Attempt”, Remote Desktop will always try to use H.264/AVC hardware encoding when available, be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set on the Hyper-V host machine.
-
-If you set the encoding option to “Attempt only for RemoteFX vGPU virtual machines” be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set on the Hyper-V host machine.
-
-If you set the encoding option to “Attempt only for non-RemoteFX vGPU scenarios”, Remote Desktop attempts to use hardware encoding for all scenarios except RemoteFX vGPU.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections*
--   GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_COMPRESSOR**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.
-
-By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.
-
-If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. In Windows  8 only the compression algorithm that balances memory usage and bandwidth is used.
-
-You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.
-
-If you disable or do not configure this policy setting, the default RDP compression algorithm will be used.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure compression for RemoteFX data*
--   GP name: *TS_SERVER_COMPRESSOR*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.
-
-If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.
-
-If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.
-
-If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.  
-
-If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only.
-
-If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure image quality for RemoteFX Adaptive Graphics*
--   GP name: *TS_SERVER_IMAGE_QUALITY*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
-
-When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.
-
-When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
-
-If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
-
-If you disable this policy setting, RemoteFX will be disabled.
-
-If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure RemoteFX*
--   GP name: *TS_SERVER_LEGACY_RFX*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_PROFILE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth.
-
-If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
-1. Let the system choose the experience for the network condition
-2. Optimize for server scalability
-3. Optimize for minimum bandwidth usage
-
-If you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Configure RemoteFX Adaptive Graphics*
--   GP name: *TS_SERVER_PROFILE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_VISEXP**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.
-
-By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.
-
-If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.
-
-If you disable or do not configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Optimize visual experience for Remote Desktop Service Sessions*
--   GP name: *TS_SERVER_VISEXP*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
--   GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.
-
-You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.  When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
-
-If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.
-
-If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
-
-> [!NOTE]
-> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
-
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set time limit for disconnected sessions*
--   GP name: *TS_SESSIONS_Disconnected_Timeout_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.
-
-You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.  When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
-
-If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.
-
-If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
-
-> [!NOTE]
-> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
-
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set time limit for disconnected sessions*
--   GP name: *TS_SESSIONS_Disconnected_Timeout_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.
-
-If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.
-
-If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
-
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.  
-
-> [!NOTE]
-> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set time limit for active but idle Remote Desktop Services sessions*
--   GP name: *TS_SESSIONS_Idle_Limit_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.
-
-If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.
-
-If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default,  Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
-
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
-
-> [!NOTE]
-> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set time limit for active but idle Remote Desktop Services sessions*
--   GP name: *TS_SESSIONS_Idle_Limit_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SESSIONS_Limits_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.
-
-If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.
-
-If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
-
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
-
-> [!NOTE]
-> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set time limit for active Remote Desktop Services sessions*
--   GP name: *TS_SESSIONS_Limits_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SESSIONS_Limits_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.
-
-If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.
-
-If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
-
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
-
-> [!NOTE]
-> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set time limit for active Remote Desktop Services sessions*
--   GP name: *TS_SESSIONS_Limits_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SINGLE_SESSION**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict users to a single Remote Desktop Services session.
-
-If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon.
-
-If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.
-
-If you do not configure this policy setting, this policy setting is not specified at the Group Policy level.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
--   GP name: *TS_SINGLE_SESSION*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_SMART_CARD**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.
-
-If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session.
-
-If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
-
-> [!NOTE]
-> The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow smart card device redirection*
--   GP name: *TS_SMART_CARD*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_START_PROGRAM_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Configures Remote Desktop Services to run a specified program automatically upon connection.
-
-You can use this setting to specify a program to run automatically when a user logs on to a remote computer.
-
-By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.
-
-To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message.
-
-If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program.
-
-If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)  
-
-> [!NOTE]
-> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Start a program on connection*
--   GP name: *TS_START_PROGRAM_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_START_PROGRAM_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Configures Remote Desktop Services to run a specified program automatically upon connection.
-
-You can use this setting to specify a program to run automatically when a user logs on to a remote computer.
-
-By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.
-
-To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message.
-
-If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program.
-
-If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)  
-
-> [!NOTE]
-> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Start a program on connection*
--   GP name: *TS_START_PROGRAM_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_Session_End_On_Limit_1**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
-
-You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.
-
-Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
-
-If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
-
-If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.  If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
-
-> [!NOTE]
-> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *End session when time limits are reached*
--   GP name: *TS_Session_End_On_Limit_1*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_Session_End_On_Limit_2**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
-
-You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.
-
-Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
-
-If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
-
-If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.  If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
-
-> [!NOTE]
-> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *End session when time limits are reached*
--   GP name: *TS_Session_End_On_Limit_2*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_TEMP_DELETE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.
-
-You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user logs off.
-
-If you enable this policy setting, a user's per-session temporary folders are retained when the user logs off from a session.
-
-If you disable this policy setting, temporary folders are deleted when a user logs off, even if the server administrator specifies otherwise.
-
-If you do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator.  
-
-> [!NOTE]
-> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not delete temp folders upon exit*
--   GP name: *TS_TEMP_DELETE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_TEMP_PER_SESSION**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.
-
-You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid.
-
-If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.
-
-If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise.
-
-If you do not configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not use temporary folders per session*
--   GP name: *TS_TEMP_PER_SESSION*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_TIME_ZONE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.
-
-If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).
-
-If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone.
-
-> [!NOTE]
-> Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Allow time zone redirection*
--   GP name: *TS_TIME_ZONE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server.
-
-You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the  RD Session Host server. By default, administrators are able to make such changes.
-
-If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only.
-
-If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.
-
-> [!NOTE]
-> The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Do not allow local administrators to customize permissions*
--   GP name: *TS_TSCC_PERMISSIONS_POLICY*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.
-
-If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.
-
-If you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.
-
-> [!NOTE]
-> If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Always show desktop on connection*
--   GP name: *TS_TURNOFF_SINGLEAPP*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.
-
-If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
-
-If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account.
-
-For this change to take effect, you must restart Windows.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer*
--   GP name: *TS_USB_REDIRECTION_DISABLE*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.
-
-If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server.
-
-To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.
-
-If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server.
-
-If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.
-
-> [!IMPORTANT]
-> Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Require user authentication for remote connections by using Network Level Authentication*
--   GP name: *TS_USER_AUTHENTICATION_POLICY*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_USER_HOME**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user's home directory for a Remote Desktop Services session.
-
-To use this setting, select the location for the home directory (network or local) from the Location drop-down list. If you choose to place the directory on a network share, type the Home Dir Root Path in the form \\Computername\Sharename, and then select the drive letter to which you want the network share to be mapped.
-
-If you choose to keep the home directory on the local computer, type the Home Dir Root Path in the form "Drive:\Path" (without quotes), without environment variables or ellipses. Do not specify a placeholder for user alias, because Remote Desktop Services automatically appends this at logon.
-
-> [!NOTE]
-> The Drive Letter field is ignored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Root Path, Remote Desktop Services places user home directories in the network location.  
-
-If the status is set to Enabled, Remote Desktop Services creates the user's home directory in the specified location on the local computer or the network. The home directory path for each user is the specified Home Dir Root Path and the user's alias.  
-
-If the status is set to Disabled or Not Configured, the user's home directory is as specified at the server.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set Remote Desktop Services User Home Directory*
--   GP name: *TS_USER_HOME*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.
-
-If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.
-
-If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server.
-
-> [!NOTE]
-> For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Use mandatory profiles on the RD Session Host server*
--   GP name: *TS_USER_MANDATORY_PROFILES*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-
-**ADMX_TerminalServer/TS_USER_PROFILES**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

-
-
-

-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-

-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.
-
-By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles.
-
-If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.
-
-To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.
-
-If you disable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.
-
-> [!NOTE]
-> - The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.
-> - To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set path for Remote Desktop Services Roaming User Profile*
--   GP name: *TS_USER_PROFILES*
--   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
--   GP ADMX file name: *TerminalServer.admx*
-
-
-
-

-
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
-

From 41c285334a3e9c3ed8ab92e4d8a211de4be81c4d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 11:42:53 -0800
Subject: [PATCH 196/384] Update evaluation-lab.md

---
 .../microsoft-defender-atp/evaluation-lab.md  | 43 ++++++++-----------
 1 file changed, 19 insertions(+), 24 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
index c16a827f73..64a0179395 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
@@ -1,6 +1,6 @@
 ---
-title: Microsoft Defender ATP evaluation lab
-description: Learn about Microsoft Defender ATP capabilities, run attack simulations, and see how it prevents, detects, and remediates threats.
+title: Microsoft Defender for Endpoint evaluation lab
+description: Learn about Microsoft Defender for Endpoint capabilities, run attack simulations, and see how it prevents, detects, and remediates threats.
 keywords: evaluate mdatp, evaluation, lab, simulation, windows 10, windows server 2019, evaluation lab
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -23,14 +23,13 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and device configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation.
 
-The Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can  focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
+The Microsoft Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can  focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
 
->[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUM]
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUM]
 
 With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Defender for Endpoint performs. 
 
@@ -44,7 +43,7 @@ You can also install threat simulators. Defender for Endpoint has partnered with
     
 
 ## Before you begin
-You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Defender for Endpoint to access the evaluation lab.
+You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Microsoft Defender for Endpoint to access the evaluation lab.
 
 You must have **Manage security settings** permissions to:
 - Create the lab
@@ -56,10 +55,7 @@ If you enabled role-based access control (RBAC) and created at least a one machi
 
 For more information, see [Create and manage roles](user-roles.md).
 
-
-
-
-Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
+Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
 
 
 ## Get started with the lab
@@ -77,7 +73,7 @@ Already have a lab? Make sure to enable the new threat simulators and have activ
 
 ## Setup the evaluation lab
 
-1. In the navigation pane, select **Evaluation and tutorials > Evaluation lab**, then select **Setup lab**.
+1. In the navigation pane, select **Evaluation and tutorials** > **Evaluation lab**, then select **Setup lab**.
 
     ![Image of the evaluation lab welcome page](images/evaluation-lab-setup.png)
 
@@ -114,19 +110,19 @@ If you chose to add a threat simulator during the lab setup, all devices will ha
 
 The device will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side. 
 
-  The following security components are pre-configured in the test devices:
+The following security components are pre-configured in the test devices:
 
-- [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
+- [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
 - [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus)
-- [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
-- [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection)
-- [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
+- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
+- [Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection)
+- [Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
 - [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)
 - [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus)
-- [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
+- [Microsoft Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
 
 >[!NOTE]
-> Microsoft Defender Antivirus will be on (not in audit). If Microsoft Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the device through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus).
+> Microsoft Defender Antivirus will be on (not in audit mode). If Microsoft Defender Antivirus blocks you from running your simulation, you can turn off real-time protection on the device through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus).
 
 Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md).
 
@@ -202,11 +198,11 @@ If you are looking for a pre-made simulation, you can use our ["Do It Yourself"
 If you chose to install any of the supported threat simulators during the lab setup, you can run the built-in simulations on the evaluation lab devices. 
 
 
-Running threat simulations using third-party platforms is a good way to evaluate Defender for Endpoint capabilities within the confines of a lab environment.
+Running threat simulations using third-party platforms is a good way to evaluate Microsoft Defender for Endpoint capabilities within the confines of a lab environment.
 
 >[!NOTE]
 >Before you can run simulations, ensure the following requirements are met:
->- Devices must be added  to the evaluation lab
+>- Devices must be added to the evaluation lab
 >- Threat simulators must be installed in the evaluation lab
 
 1. From the portal select **Create simulation**.
@@ -229,17 +225,16 @@ Running threat simulations using third-party platforms is a good way to evaluate
 
     ![Image of simulations tab](images/simulations-tab.png)
     
-After running your simulations, we encourage you to walk through the lab progress bar and explore Defender for Endpoint triggered an automated investigation and remediation, check out the evidence collected and analyzed by the feature.
+After running your simulations, we encourage you to walk through the lab progress bar and explore **Microsoft Defender for Endpoint triggered an automated investigation and remediation**. Check out the evidence collected and analyzed by the feature.
 
 Hunt for attack evidence through advanced hunting by using the rich query language and raw telemetry and check out some world-wide threats documented in Threat analytics.
 
 
 ## Simulation gallery
-Defender for Endpoint has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal. 
+Microsoft Defender for Endpoint has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal. 
 
 View all the available simulations by going to  **Simulations and tutorials** > **Simulations catalog**  from the menu. 
 
-
 A list of supported third-party threat simulation agents are listed, and specific types of simulations along with detailed descriptions are provided on the catalog. 
 
 You can conveniently run any available simulation right from the catalog.  

From 4bedcfb302ceabaf4a3496c0e8729d243eed83a4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 11:46:13 -0800
Subject: [PATCH 197/384] Update event-error-codes.md

---
 .../event-error-codes.md                      | 70 +++++++++----------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
index b9b993006e..a2b75300ee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
@@ -1,7 +1,7 @@
 ---
 title: Review events and errors using Event Viewer
-description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Microsoft Defender ATP service.
-keywords: troubleshoot, event viewer, log summary, failure code, failed, Microsoft Defender Advanced Threat Protection service, cannot start, broken, can't start
+description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Microsoft Defender for Endpoint service.
+keywords: troubleshoot, event viewer, log summary, failure code, failed, Microsoft Defender for Endpoint service, cannot start, broken, can't start
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -28,7 +28,7 @@ ms.date: 05/21/2018
 
 - Event Viewer
 
-- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual devices.
 
@@ -58,39 +58,39 @@ For example, if devices are not appearing in the **Devices list**, you might nee
 
 
 1
-Defender for Endpoint service started (Version variable).
+Microsoft Defender for Endpoint service started (Version variable).
 Occurs during system start up, shut down, and during onbboarding.
 Normal operating notification; no action required.
 
 
 2
-Defender for Endpoint service shutdown.
+Microsoft Defender for Endpoint service shutdown.
 Occurs when the device is shut down or offboarded.
 Normal operating notification; no action required.
 
 
 3
-Defender for Endpoint service failed to start. Failure code: variable.
+Microsoft Defender for Endpoint service failed to start. Failure code: variable.
 Service did not start.
 Review other messages to determine possible cause and troubleshooting steps.
 
 
 4
-Defender for Endpoint service contacted the server at variable.
+Microsoft Defender for Endpoint service contacted the server at variable.
 Variable = URL of the Defender for Endpoint processing servers.

 This URL will match that seen in the Firewall or network activity.
 Normal operating notification; no action required.
 
 
 5
-Defender for Endpoint service failed to connect to the server at variable.
+Microsoft Defender for Endpoint service failed to connect to the server at variable.
 Variable = URL of the Defender for Endpoint processing servers.

 The service could not contact the external processing servers at that URL.
 Check the connection to the URL. See Configure proxy and Internet connectivity.
 
 
 6
-Defender for Endpoint service is not onboarded and no onboarding parameters were found.
+Microsoft Defender for Endpoint service is not onboarded and no onboarding parameters were found.
 The device did not onboard correctly and will not be reporting to the portal.
 Onboarding must be run before starting the service.

 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -98,14 +98,14 @@ See Onboard Windows 10 devices.
 
 
 8
-Defender for Endpoint service failed to clean its configuration. Failure code: variable.
+Microsoft Defender for Endpoint service failed to clean its configuration. Failure code: variable.
 During onboarding: The service failed to clean its configuration during the onboarding. The onboarding process continues. 

 During offboarding: The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
  
 Onboarding: No action required. 

 Offboarding: Reboot the system.

@@ -113,14 +113,14 @@ See Onboard Windows 10 devices.
 
 
 10
-Defender for Endpoint service failed to persist the onboarding information. Failure code: variable.
+Microsoft Defender for Endpoint service failed to persist the onboarding information. Failure code: variable.
 The device did not onboard correctly and will not be reporting to the portal.
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

 See Onboard Windows 10 devices.
@@ -134,26 +134,26 @@ It may take several hours for the device to appear in the portal.
 
 
 12
-Defender for Endpoint failed to apply the default configuration.
+Microsoft Defender for Endpoint failed to apply the default configuration.
 Service was unable to apply the default configuration.
 This error should resolve after a short period of time.
 
 
 13
-Defender for Endpoint device ID calculated: variable.
+Microsoft Defender for Endpoint device ID calculated: variable.
 Normal operating process.
 Normal operating notification; no action required.
 
 
 15
-Defender for Endpoint cannot start command channel with URL: variable.
+Microsoft Defender for Endpoint cannot start command channel with URL: variable.
 Variable = URL of the Defender for Endpoint processing servers.

 The service could not contact the external processing servers at that URL.
 Check the connection to the URL. See Configure proxy and Internet connectivity.
 
 
 17
-Defender for Endpoint service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable.
+Microsoft Defender for Endpoint service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable.
 An error occurred with the Windows telemetry service.
 Ensure the diagnostic data service is enabled.

 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -180,7 +180,7 @@ If this error persists after a system restart, ensure all Windows updates have f
 
 
 25
-Defender for Endpoint service failed to reset health status in the registry. Failure code: variable.
+Microsoft Defender for Endpoint service failed to reset health status in the registry. Failure code: variable.
 The device did not onboard correctly.
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -188,7 +188,7 @@ See Onboard Windows 10 devices.

@@ -218,7 +218,7 @@ See Onboard Windows 10 devices

@@ -226,26 +226,26 @@ Ensure real-time antimalware protection is running properly.
 
 
 31
-Defender for Endpoint Connected User Experiences and Telemetry service unregistration failed. Failure code: variable.
+Microsoft Defender for Endpoint Connected User Experiences and Telemetry service unregistration failed. Failure code: variable.
 An error occurred with the Windows telemetry service during onboarding. The offboarding process continues.
 Check for errors with the Windows telemetry service.
 
 
 32
-Defender for Endpoint service failed to request to stop itself after offboarding process. Failure code: %1
+Microsoft Defender for Endpoint service failed to request to stop itself after offboarding process. Failure code: %1
 An error occurred during offboarding.
 Reboot the device.
 
 
 33
-Defender for Endpoint service failed to persist SENSE GUID. Failure code: variable.
+Microsoft Defender for Endpoint service failed to persist SENSE GUID. Failure code: variable.
 A unique identifier is used to represent each device that is reporting to the portal.

 If the identifier does not persist, the same device might appear twice in the portal.
 Check registry permissions on the device to ensure the service can update the registry.
 
 
 34
-Defender for Endpoint service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: variable.
+Microsoft Defender for Endpoint service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: variable.
 An error occurred with the Windows telemetry service.
 Ensure the diagnostic data service is enabled.

 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.

@@ -253,56 +253,56 @@ See 
@@ -3407,7 +3407,7 @@ If you disable this setting or do not configure it, the "File name" field includ
 
 This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
 
-To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.
+To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
 
 > [!NOTE]
 > In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
@@ -3965,7 +3965,7 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
 
-To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.
+To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
 
 > [!NOTE]
 > In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
@@ -4037,7 +4037,7 @@ Available in the latest Windows 10 Insider Preview Build. When a file or folder
 
 If you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.
 
-If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recyele Bin.
+If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recycle Bin.
 
 
 > [!TIP]

From 3cf68d613a4b5fb7ddc8dff12408fd9ad8cf0763 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:08:05 -0800
Subject: [PATCH 200/384] Update exploit-protection-reference.md

---
 .../exploit-protection-reference.md           | 124 +++++++++---------
 1 file changed, 62 insertions(+), 62 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
index 8776de4b02..8e0b432b66 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
@@ -1,7 +1,7 @@
 ---
-title: Exploit Protection Reference
+title: Exploit protection reference
 keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
-description: Details on how the Exploit Protection feature works in Windows 10
+description: Details on how the exploit protection feature works in Windows 10
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -26,9 +26,9 @@ ms.custom: asr
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Exploit Protection provides advanced protections for applications which the IT Pro can apply after the developer has compiled and distributed the software.
+Exploit protection provides advanced protections for applications that the IT Pro can apply after the developer has compiled and distributed the software.
 
-This article helps you understand how Exploit Protection works, both at the policy level and at the individual mitigation level, to help you successfully build and apply Exploit Protection policies.
+This article helps you understand how exploit protection works, both at the policy level and at the individual mitigation level, to help you successfully build and apply Exploit Protection policies.
 
 ## How mitigations are applied
 
@@ -39,11 +39,11 @@ Mitigations are configured via a registry entry for each program that you config
 > [!IMPORTANT]
 > Image File Execution Options only allows you to specify a file name or path, and not a version number, architecture, or any other differentiator. Be careful to target mitigations to apps which have unique names or paths, applying them only on devices where you have tested that version and that architecture of the application.
 
-If you configure Exploit Protection mitigations using an XML configuration file, either via PowerShell, Group Policy, or MDM, when processing this XML configuration file, individual registry settings will be configured for you.
+If you configure exploit protection mitigations using an XML configuration file, either via PowerShell, Group Policy, or MDM, when processing this XML configuration file, individual registry settings will be configured for you.
 
 When the policy distributing the XML file is no longer enforced, settings deployed by this XML configuration file will not be automatically removed. To remove Exploit Protection settings, export the XML configuration from a clean Windows 10 device, and deploy this new XML file. Alternately, Microsoft provides an XML file as part of the Windows Security Baselines for resetting Exploit Protection settings.
 
-To reset Exploit Protection settings using PowerShell, you could use the following command:
+To reset exploit protection settings using PowerShell, you could use the following command:
 
 ```powershell
 Set-ProcessMitigation -PolicyFilePath EP-reset.xml
@@ -181,21 +181,21 @@ Following is the EP-reset.xml distributed with the Windows Security Baselines:
 
 ## Mitigation Reference
 
-The below sections detail the protections provided by each Exploit Protection mitigation, the compatibility considerations for the mitigation, and the configuration options available.
+The following sections detail the protections provided by each exploit protection mitigation, the compatibility considerations for the mitigation, and the configuration options available.
 
 ## Arbitrary code guard
 
 ### Description
 
-Arbitrary Code Guard helps protect against a malicious attacker loading the code of their choice into memory through a memory safety vulnerability and being able to execute that code.
+Arbitrary code guard helps protect against a malicious attacker loading the code of their choice into memory through a memory safety vulnerability and being able to execute that code.
 
-Arbitrary Code Guard protects an application from executing dynamically generated code (code that is not loaded, for example, from the exe itself or a dll). Arbitrary Code Guard works by preventing memory from being marked as executable. When an application attempts to [allocate memory](https://docs.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc), we check the protection flags. (Memory can be allocated with read, write, and/or execute protection flags.) If the allocation attempts to include the [*execute*](https://docs.microsoft.com/windows/win32/memory/memory-protection-constants) protection flag, then the memory allocation fails and returns an error code (STATUS_DYNAMIC_CODE_BLOCKED). Similarly, if an application attempts to [change the protection flags of memory](https://docs.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-virtualprotect) that has already been allocated and includes the [*execute*](https://docs.microsoft.com/windows/win32/memory/memory-protection-constants) protection flag, then the permission change fails and returns an error code (STATUS_DYNAMIC_CODE_BLOCKED).
+Arbitrary code guard protects an application from executing dynamically generated code (code that is not loaded, for example, from the exe itself or a dll). Arbitrary code guard works by preventing memory from being marked as executable. When an application attempts to [allocate memory](https://docs.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc), we check the protection flags. (Memory can be allocated with read, write, and/or execute protection flags.) If the allocation attempts to include the [*execute*](https://docs.microsoft.com/windows/win32/memory/memory-protection-constants) protection flag, then the memory allocation fails and returns an error code (STATUS_DYNAMIC_CODE_BLOCKED). Similarly, if an application attempts to [change the protection flags of memory](https://docs.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-virtualprotect) that has already been allocated and includes the [*execute*](https://docs.microsoft.com/windows/win32/memory/memory-protection-constants) protection flag, then the permission change fails and returns an error code (STATUS_DYNAMIC_CODE_BLOCKED).
 
-By preventing the *execute* flag from being set, the Data Execution Prevention feature of Windows 10 can then protect against the instruction pointer being set to that memory and running that code.
+By preventing the *execute* flag from being set, the data execution prevention feature of Windows 10 can then protect against the instruction pointer being set to that memory and running that code.
 
 ### Compatibility considerations
 
-Arbitrary Code Guard prevents allocating any memory as executable, which presents a compatibility issue with approaches such as Just-in-Time (JIT) compilers. Most modern browsers, for example, will compile JavaScript into native code in order to optimize performance. In order to support this mitigation, they will need to be rearchitected to move the JIT compilation outside of the protected process. Other applications whose design dynamically generates code from scripts or other intermediate languages will be similarly incompatible with this mitigation.
+Arbitrary code guard prevents allocating any memory as executable, which presents a compatibility issue with approaches such as Just-in-Time (JIT) compilers. Most modern browsers, for example, will compile JavaScript into native code in order to optimize performance. In order to support this mitigation, they will need to be rearchitected to move the JIT compilation outside of the protected process. Other applications whose design dynamically generates code from scripts or other intermediate languages will be similarly incompatible with this mitigation.
 
 ### Configuration options
 
@@ -207,23 +207,23 @@ Arbitrary Code Guard prevents allocating any memory as executable, which present
 
 ### Description
 
-Block low integrity images prevents the application from loading files which are untrusted, typically because they have been downloaded from the internet from a sandboxed browser.
+Block low integrity images prevents the application from loading files that are untrusted, typically because they have been downloaded from the internet from a sandboxed browser.
 
 This mitigation will block image loads if the image has an Access Control Entry (ACE) which grants access to Low IL processes and which does not have a trust label ACE. It is implemented by the memory manager, which blocks the file from being mapped into memory. If an application attempts to map a low integrity image, it will trigger a STATUS_ACCESS_DENIED error. For details on how integrity levels work, see [Mandatory Integrity Control](https://docs.microsoft.com/windows/win32/secauthz/mandatory-integrity-control).
 
 ### Compatibility considerations
 
-Block low integrity images will prevent the application from loading files which were downloaded from the internet. If your application workflow requires loading images which are downloaded, you will want to ensure that they are downloaded from a higher-trust process, or are explicitly relabeled in order to apply this mitigation.
+Block low integrity images will prevent the application from loading files that were downloaded from the internet. If your application workflow requires loading images that are downloaded, you will want to ensure that they are downloaded from a higher-trust process, or are explicitly relabeled in order to apply this mitigation.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Block remote images
 
 ### Description
 
-Block remote images will prevent the application from loading files which are hosted on a remote device, such as a UNC share. This helps protect against loading binaries into memory which are on an external device controlled by the attacker.
+Block remote images will prevent the application from loading files that are hosted on a remote device, such as a UNC share. This helps protect against loading binaries into memory that are on an external device controlled by the attacker.
 
 This mitigation will block image loads if the image is determined to be on a remote device. It is implemented by the memory manager, which blocks the file from being mapped into memory. If an application attempts to map a remote file, it will trigger a STATUS_ACCESS_DENIED error.
 
@@ -233,25 +233,25 @@ Block remote images will prevent the application from loading images from remote
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Block untrusted fonts
 
 ### Description
 
-Block untrusted fonts mitigates the risk of a flaw in font parsing leading to the attacker being able to run code on the device. Only fonts which are installed into the windows\fonts directory will be loaded for processing by GDI.
+Block untrusted fonts mitigates the risk of a flaw in font parsing leading to the attacker being able to run code on the device. Only fonts that are installed into the windows\fonts directory will be loaded for processing by GDI.
 
 This mitigation is implemented within GDI, which validates the location of the file. If the file is not in the system fonts directory, the font will not be loaded for parsing and that call will fail.
 
-Note that this mitigation is in addition to the built-in mitigation provided in Windows 10 1607 and later, which moves font parsing out of the kernel and into a user-mode app container. Any exploit based on font parsing, as a result, happens in a sandboxed and isolated context, which reduces the risk significantly. For details on this mitigation, see the blog [Hardening Windows 10 with zero-day exploit mitigations](https://www.microsoft.com/security/blog/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/).
+This mitigation is in addition to the built-in mitigation provided in Windows 10 1607 and later, which moves font parsing out of the kernel and into a user-mode app container. Any exploit based on font parsing, as a result, happens in a sandboxed and isolated context, which reduces the risk significantly. For details on this mitigation, see the blog [Hardening Windows 10 with zero-day exploit mitigations](https://www.microsoft.com/security/blog/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/).
 
 ### Compatibility considerations
 
-The most common use of fonts outside of the system fonts directory is with [web fonts](https://docs.microsoft.com/typography/fonts/font-faq#web). Modern browsers, such as Microsoft Edge, use DirectWrite instead of GDI, and are not impacted. However, legacy browsers, such as Internet Explorer 11 (and IE mode in the new Microsoft Edge) can be impacted, particularly with applications such as Office 365 which use font glyphs to display UI.
+The most common use of fonts outside of the system fonts directory is with [web fonts](https://docs.microsoft.com/typography/fonts/font-faq#web). Modern browsers, such as Microsoft Edge, use DirectWrite instead of GDI, and are not impacted. However, legacy browsers, such as Internet Explorer 11 (and IE mode in the new Microsoft Edge) can be impacted, particularly with applications such as Office 365, which use font glyphs to display UI.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Code integrity guard
 
@@ -259,17 +259,17 @@ The most common use of fonts outside of the system fonts directory is with [web
 
 Code integrity guard ensures that all binaries loaded into a process are digitally signed by Microsoft. This includes [WHQL](https://docs.microsoft.com/windows-hardware/drivers/install/whql-release-signature) (Windows Hardware Quality Labs) signatures, which will allow WHQL-approved drivers to run within the process.
 
-This mitigation is implemented within the memory manager, which blocks the binary from being mapped into memory. If you attempt to load a binary which is not signed by Microsoft, the memory manger will return the error STATUS_INVALID_IMAGE_HASH. By blocking at the memory manager level, this prevents both binaries loaded by the process and binaries injected into the process.
+This mitigation is implemented within the memory manager, which blocks the binary from being mapped into memory. If you attempt to load a binary that is not signed by Microsoft, the memory manger will return the error STATUS_INVALID_IMAGE_HASH. By blocking at the memory manager level, this prevents both binaries loaded by the process and binaries injected into the process.
 
 ### Compatibility considerations
 
-This mitigation specifically blocks any binary which is not signed by Microsoft. As such, it will be incompatible with most third party software, unless that software is distributed by (and digitally signed by) the Microsoft Store, and the option to allow loading of images signed by the Microsoft Store is selected.
+This mitigation specifically blocks any binary that is not signed by Microsoft. As such, it will be incompatible with most third-party software, unless that software is distributed by (and digitally signed by) the Microsoft Store, and the option to allow loading of images signed by the Microsoft Store is selected.
 
 ### Configuration options
 
-**Also allow loading of images signed by Microsoft Store** - Applications which are distributed by the Microsoft Store will be digitally signed by the Microsoft Store, and adding this configuration will allow binaries which have gone through the store certification process to be loaded by the application.
+**Also allow loading of images signed by Microsoft Store** - Applications that are distributed by the Microsoft Store will be digitally signed by the Microsoft Store, and adding this configuration will allow binaries that have gone through the store certification process to be loaded by the application.
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Control flow guard (CFG)
 
@@ -277,7 +277,7 @@ This mitigation specifically blocks any binary which is not signed by Microsoft.
 
 Control flow guard (CFG) mitigates the risk of attackers leveraging memory corruption vulnerabilities by protecting indirect function calls. For example, an attacker may user a buffer overflow vulnerability to overwrite memory containing a function pointer, and replace that function pointer with a pointer to executable code of their choice (which may also have been injected into the program).
 
-This mitigation is provided by injecting an additional check at compile time. Before each indirect function call, additional instructions are added which verify that the target is a valid call target before it is called. If the target is not a valid call target, then the application is terminated. As such, only applications which are compiled with CFG support can benefit from this mitigation.
+This mitigation is provided by injecting an additional check at compile time. Before each indirect function call, additional instructions are added which verify that the target is a valid call target before it is called. If the target is not a valid call target, then the application is terminated. As such, only applications that are compiled with CFG support can benefit from this mitigation.
 
 The check for a valid target is provided by the Windows kernel. When executable files are loaded, the metadata for indirect call targets is extracted at load time and marked as valid call targets. Additionally, when memory is allocated and marked as executable (such as for generated code), these memory locations are also marked as valid call targets, to support mechanisms such as JIT compilation.
 
@@ -296,19 +296,19 @@ Since applications must be compiled to support CFG, they implicitly declare thei
 
 ### Description
 
-Data Execution Prevention (DEP) prevents memory which was not explicitly allocated as executable from being executed. This helps protect against an attacker injecting malicious code into the process, such as through a buffer overflow, and then executing that code.
+Data execution prevention (DEP) prevents memory that was not explicitly allocated as executable from being executed. This helps protect against an attacker injecting malicious code into the process, such as through a buffer overflow, and then executing that code.
 
 If you attempt to set the instruction pointer to a memory address not marked as executable, the processor will throw an exception (general-protection violation), causing the application to crash.
 
 ### Compatibility considerations
 
-All x64, ARM, and ARM-64 executables have DEP enabled by default, and it cannot be disabled. Since an application will have never been executed without DEP, compatibility is generally assumed.
+All x64, ARM, and ARM-64 executables have DEP enabled by default, and it cannot be disabled. Since an application will have never been executed without DEP, compatibility is assumed.
 
-All x86 (32-bit) binaries will have DEP enabled by default, but it can be disabled per process. Some very old legacy applications, typically applications developed prior to Windows XP SP2, may not be compatible with DEP. These are typically applications that dynamically generate code (e.g. JIT compiling) or link to older libraries (such as older versions of ATL) which dynamically generate code.
+All x86 (32-bit) binaries will have DEP enabled by default, but it can be disabled per process. Some old legacy applications, typically applications developed prior to Windows XP SP2, may not be compatible with DEP. These are typically applications that dynamically generate code (for example, JIT compiling) or link to older libraries (such as older versions of ATL) which dynamically generate code.
 
 ### Configuration options
 
-**Enable ATL Thunk emulation** - This configuration option disables ATL Thunk emulation. ATL, the ActiveX Template Library, is designed to be as small and fast as possible. In order to reduce binary size, it would use a technique called thunking. Thunking is typically thought of for interacting between 32-bit and 16-bit applications, but there are no 16-bit components to ATL here. Rather, in order to optimize for binary size, ATL will store machine code in memory which is not word-aligned (creating a smaller binary), and then invoke that code directly. ATL components compiled with Visual Studio 7.1 or earlier (Visual Studio 2003) do not allocate this memory as executable - thunk emulation resolves that compatibility issue. Applications which have a binary extension model (such as Internet Explorer 11) will often need to have ATL Thunk emulation enabled.
+**Enable ATL Thunk emulation** - This configuration option disables ATL Thunk emulation. ATL, the ActiveX Template Library, is designed to be as small and fast as possible. In order to reduce binary size, it would use a technique called *thunking*. Thunking is typically thought of for interacting between 32-bit and 16-bit applications, but there are no 16-bit components to ATL here. Rather, in order to optimize for binary size, ATL will store machine code in memory that is not word-aligned (creating a smaller binary), and then invoke that code directly. ATL components compiled with Visual Studio 7.1 or earlier (Visual Studio 2003) do not allocate this memory as executable - thunk emulation resolves that compatibility issue. Applications that have a binary extension model (such as Internet Explorer 11) will often need to have ATL Thunk emulation enabled.
 
 ## Disable extension points
 
@@ -318,13 +318,13 @@ This mitigation disables various extension points for an application, which migh
 
 This includes:
 
-- **AppInit DLLs** - Whenever a process starts, the system will load the specified DLL into to context of the newly started process before calling its entry point function. [Details on AppInit DLLs can be found here](https://docs.microsoft.com/windows/win32/winmsg/about-window-classes#application-global-classes). With this mitigation applied, AppInit DLLs are not loaded. Note that, beginning with Windows 7, AppInit DLLs need to be digitally signed, [as described here](https://docs.microsoft.com/windows/win32/win7appqual/appinit-dlls-in-windows-7-and-windows-server-2008-r2). Additionally, beginning with Windows 8, AppInit DLLs will not be loaded if SecureBoot is enabled, [as described here](https://docs.microsoft.com/windows/win32/dlls/secure-boot-and-appinit-dlls).
+- **AppInit DLLs** - Whenever a process starts, the system will load the specified DLL into to context of the newly started process before calling its entry point function. [Details on AppInit DLLs can be found here](https://docs.microsoft.com/windows/win32/winmsg/about-window-classes#application-global-classes). With this mitigation applied, AppInit DLLs are not loaded. Beginning with Windows 7, AppInit DLLs need to be digitally signed, [as described here](https://docs.microsoft.com/windows/win32/win7appqual/appinit-dlls-in-windows-7-and-windows-server-2008-r2). Additionally, beginning with Windows 8, AppInit DLLs will not be loaded if SecureBoot is enabled, [as described here](https://docs.microsoft.com/windows/win32/dlls/secure-boot-and-appinit-dlls).
 - **Legacy IMEs** - An Input Method Editor (IME) allows a user to type text in a language that has more characters than can be represented on a keyboard. Third parties are able to create IMEs. A malicious IME might obtain credentials or other sensitive information from this input capture. Some IMEs, referred to as Legacy IMEs, will only work on Windows Desktop apps, and not UWP apps. This mitigation will also prevent this legacy IME from loading into the specified Windows Desktop app.
 - **Windows Event Hooks** - An application can call the [SetWinEventHook API](https://docs.microsoft.com/windows/win32/api/winuser/nf-winuser-setwineventhook) to register interest in an event taking place. A DLL is specified and can be injected into the process. This mitigation forces the hook to be posted to the registering process rather than running in-process through an injected DLL.
 
 ### Compatibility considerations
 
-Most of these extension points are relatively infrequently used, so compatibility impact is typically small, particularly at an individual application level. The one consideration is if users are using 3rd party Legacy IMEs which will not work with the protected application.
+Most of these extension points are relatively infrequently used, so compatibility impact is typically small, particularly at an individual application level. The one consideration is if users are using third party Legacy IMEs that will not work with the protected application.
 
 ### Configuration options
 
@@ -341,11 +341,11 @@ Win32k.sys provides a broad attack surface for an attacker. As a kernel-mode com
 
 ### Compatibility considerations
 
-This mitigation is designed for processes which are dedicated non-UI processes. For example, many modern browsers will leverage process isolation and incorporate non-UI processes. Any application which displays a GUI using a single process will be impacted by this mitigation.
+This mitigation is designed for processes that are dedicated non-UI processes. For example, many modern browsers will leverage process isolation and incorporate non-UI processes. Any application that displays a GUI using a single process will be impacted by this mitigation.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Do not allow child processes
 
@@ -355,23 +355,23 @@ This mitigation prevents an application from creating new child applications. A
 
 ### Compatibility considerations
 
-If your application launches child applications for any reason, such as supporting hyperlinks which launch a browser or an external browser, or which launch other utilities on the computer, this functionality will be broken with this mitigation applied.
+If your application launches child applications for any reason, such as supporting hyperlinks that launch a browser or an external browser, or which launch other utilities on the computer, this functionality will be broken with this mitigation applied.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Export address filtering
 
 ### Description
 
-Export address filtering (EAF) mitigates the risk of malicious code looking at the export address table of all loaded modules to find modules that contain useful APIs for their attack. This is a common tactic used by shellcode. In order to mitigate the risk of such an attack, this mitigation protects 3 commonly attacked modules:
+Export address filtering (EAF) mitigates the risk of malicious code looking at the export address table of all loaded modules to find modules that contain useful APIs for their attack. This is a common tactic used by shellcode. In order to mitigate the risk of such an attack, this mitigation protects three commonly attacked modules:
 
 - ntdll.dll
 - kernelbase.dll
 - kernel32.dll
 
-The mitigation protects the memory page in the [export directory](https://docs.microsoft.com/windows/win32/debug/pe-format#export-directory-table) which points to the [export address table](https://docs.microsoft.com/windows/win32/debug/pe-format#export-address-table). This memory page will have the [PAGE_GUARD](https://docs.microsoft.com/windows/win32/memory/creating-guard-pages) protection applied to it. When someone tries to access this memory, it will generate a STATUS_GUARD_PAGE_VIOLATION. The mitigation handles this exception, and if the accessing instruction doesn't pass validation, the process will be terminated.
+The mitigation protects the memory page in the [export directory that points to the [export address table](https://docs.microsoft.com/windows/win32/debug/pe-format#export-address-table). This memory page will have the [PAGE_GUARD](https://docs.microsoft.com/windows/win32/memory/creating-guard-pages) protection applied to it. When someone tries to access this memory, it will generate a STATUS_GUARD_PAGE_VIOLATION. The mitigation handles this exception, and if the accessing instruction doesn't pass validation, the process will be terminated.
 
 ### Compatibility considerations
 
@@ -394,7 +394,7 @@ This mitigation is primarily an issue for applications such as debuggers, sandbo
 
 Additionally, by enabling EAF+, this mitigation adds the PAGE_GUARD protection to the page containing the "MZ" header, the first two bytes of the [DOS header in a PE file](https://docs.microsoft.com/windows/win32/debug/pe-format#ms-dos-stub-image-only), which is another aspect of known memory content which shellcode can look for to identify modules potentially of interest in memory.
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Force randomization for images (Mandatory ASLR)
 
@@ -408,11 +408,11 @@ When the memory manager is mapping in the image into the process, Mandatory ASLR
 
 ### Compatibility considerations
 
-This compatibility impact of ASLR is typically constrained to older applications which were built using compilers which made assumptions about the base address of a binary file or have stripped out base relocation information. This can lead to unpredictable errors as the execution flow attempts to jump to the expected, rather than the actual, location in memory.
+This compatibility impact of ASLR is typically constrained to older applications that were built using compilers that made assumptions about the base address of a binary file or have stripped out base relocation information. This can lead to unpredictable errors as the execution flow attempts to jump to the expected, rather than the actual, location in memory.
 
 ### Configuration options
 
-**Do not allow stripped images** - This option blocks the loading of images that have had relocation information stripped. The Windows PE file format contains absolute addresses, and the compiler also generates a [base relocation table](https://docs.microsoft.com/windows/win32/debug/pe-format#the-reloc-section-image-only) which the loader can use to find all relative memory references and their offset, so they can be updated if the binary does not load at its preferred base address. Some older applications strip out this information in production builds, and therefore these binaries cannot be rebased. This mitigation blocks such binaries from being loaded (instead of allowing them to load at their preferred base address).
+**Do not allow stripped images** - This option blocks the loading of images that have had relocation information stripped. The Windows PE file format contains absolute addresses, and the compiler also generates a [base relocation table that the loader can use to find all relative memory references and their offset, so they can be updated if the binary does not load at its preferred base address. Some older applications strip out this information in production builds, and therefore these binaries cannot be rebased. This mitigation blocks such binaries from being loaded (instead of allowing them to load at their preferred base address).
 
 > [!Note]
 > **Force randomization for images (Mandatory ASLR)** has no audit mode.
@@ -421,7 +421,7 @@ This compatibility impact of ASLR is typically constrained to older applications
 
 ### Description
 
-The Import address filtering (IAF) mitigation helps mitigate the risk of an adversary changing the control flow of an application by modifying the import address table (IAT) to redirect to arbitrary code of the attacker's choice when that function is called. An attacker could use this approach to hijack control, or to intercept, inspect, and potentially block calls to sensitive APIs.
+The import address filtering (IAF) mitigation helps mitigate the risk of an adversary changing the control flow of an application by modifying the import address table (IAT) to redirect to arbitrary code of the attacker's choice when that function is called. An attacker could use this approach to hijack control, or to intercept, inspect, and potentially block calls to sensitive APIs.
 
 The memory pages for all protected APIs will have the [PAGE_GUARD](https://docs.microsoft.com/windows/win32/memory/creating-guard-pages) protection applied to them. When someone tries to access this memory, it will generate a STATUS_GUARD_PAGE_VIOLATION. The mitigation handles this exception, and if the accessing instruction doesn't pass validation, the process will be terminated.
 
@@ -455,11 +455,11 @@ This mitigation protects the following Windows APIs:
 
 ### Compatibility considerations
 
-Legitimate applications which perform API interception may be detected by this mitigation and cause some applications to crash. Examples include security software and application compatibility shims.
+Legitimate applications that perform API interception may be detected by this mitigation and cause some applications to crash. Examples include security software and application compatibility shims.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Randomize memory allocations (Bottom-up ASLR)
 
@@ -467,15 +467,15 @@ Legitimate applications which perform API interception may be detected by this m
 
 Randomize memory allocations (Bottom-up ASLR) adds entropy to relocations, so their location is randomized and therefore less predictable. This mitigation requires Mandatory ASLR to take effect.
 
-Note that the size of the 32-bit address space places practical constraints on the entropy that can be added, and therefore 64-bit applications make it significantly more difficult for an attacker to guess a location in memory.
+The size of the 32-bit address space places practical constraints on the entropy that can be added, and therefore 64-bit applications make it more difficult for an attacker to guess a location in memory.
 
 ### Compatibility considerations
 
-Most applications which are compatible with Mandatory ASLR (rebasing) will also be compatible with the additional entropy of Bottom-up ASLR. Some applications may have pointer-truncation issues if they are saving local pointers in 32-bit variables (expecting a base address below 4GB), and thus will be incompatible with the high entropy option (which can be disabled).
+Most applications that are compatible with Mandatory ASLR (rebasing) will also be compatible with the additional entropy of Bottom-up ASLR. Some applications may have pointer-truncation issues if they are saving local pointers in 32-bit variables (expecting a base address below 4 GB), and thus will be incompatible with the high entropy option (which can be disabled).
 
 ### Configuration options
 
-**Don't use high entropy** - this option disables the use of high-entropy ASLR, which adds 24 bits of entropy (1TB of variance) into the bottom-up allocation for 64-bit applications.
+**Don't use high entropy** - this option disables the use of high-entropy ASLR, which adds 24 bits of entropy (1 TB of variance) into the bottom-up allocation for 64-bit applications.
 
 > [!Note]
 > **Randomize memory allocations (Bottom-up ASLR)** has no audit mode.
@@ -484,7 +484,7 @@ Most applications which are compatible with Mandatory ASLR (rebasing) will also
 
 ### Description
 
-Simulate execution (SimExec) is a mitigation for 32-bit applications only which helps validate that calls to sensitive APIs will return to legitimate caller functions. It does this by intercepting calls into sensitive APIs, and then simulating the execution of those APIs by walking through the encoded assembly language instructions looking for the RET instruction, which should return to the caller. It then inspects that function and walks backwards in memory to find the preceding CALL instruction to compare if the two match and that the RET hasn't been intercepted.
+Simulate execution (SimExec) is a mitigation for 32-bit applications only. This helps validate that calls to sensitive APIs will return to legitimate caller functions. It does this by intercepting calls into sensitive APIs, and then simulating the execution of those APIs by walking through the encoded assembly language instructions looking for the RET instruction, which should return to the caller. It then inspects that function and walks backwards in memory to find the preceding CALL instruction to determine whether the function and CALL instruction match, and that the RET hasn't been intercepted.
 
 The APIs intercepted by this mitigation are:
 
@@ -527,19 +527,19 @@ If a ROP gadget is detected, the process is terminated.
 
 ### Compatibility considerations
 
-Applications which perform API interception, particularly security software, can cause compatibility problems with this mitigation.
+Applications that perform API interception, particularly security software, can cause compatibility problems with this mitigation.
 
 This mitigation is incompatible with the Arbitrary Code Guard mitigation.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Validate API invocation (CallerCheck)
 
 ### Description
 
-Validate API invocation (CallerCheck) is a mitigation for return oriented programming (ROP) techniques which validates that sensitive APIs were called from a valid caller. This mitigation inspects the passed return address, and then heuristically disassembles backwards to find a call above the return address to determine if the call target matches the parameter passed into the function.
+Validate API invocation (CallerCheck) is a mitigation for return-oriented programming (ROP) techniques that validates that sensitive APIs were called from a valid caller. This mitigation inspects the passed return address, and then heuristically disassembles backwards to find a call above the return address to determine if the call target matches the parameter passed into the function.
 
 The APIs intercepted by this mitigation are:
 
@@ -582,19 +582,19 @@ If a ROP gadget is detected, the process is terminated.
 
 ### Compatibility considerations
 
-Applications which perform API interception, particularly security software, can cause compatibility problems with this mitigation.
+Applications that perform API interception, particularly security software, can cause compatibility problems with this mitigation.
 
 This mitigation is incompatible with the Arbitrary Code Guard mitigation.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender ATP](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Validate exception chains (SEHOP)
 
 ### Description
 
-Validate exception chains (SEHOP) is a mitigation against the *Structured Exception Handler (SEH) overwrite* exploitation technique. [Structured Exception Handling](https://docs.microsoft.com/windows/win32/debug/structured-exception-handling) is the process by which an application can ask to handle a particular exception. Exception handlers are chained together, so that if one exception handler chooses not to handle a particular exception, it can be passed on to the next exception handler in the chain until one decides to handle it. Because the list of handler is dynamic, it is stored on the stack. An attacker can leverage a stack overflow vulnerability to then overwrite the exception handler with a pointer to the code of the attacker's choice.
+Validate exception chains (SEHOP) is a mitigation against the *Structured Exception Handler (SEH) overwrite* exploitation technique. [Structured exception handling](https://docs.microsoft.com/windows/win32/debug/structured-exception-handling) is the process by which an application can ask to handle a particular exception. Exception handlers are chained together, so that if one exception handler chooses not to handle a particular exception, it can be passed on to the next exception handler in the chain until one decides to handle it. Because the list of handler is dynamic, it is stored on the stack. An attacker can leverage a stack overflow vulnerability to then overwrite the exception handler with a pointer to the code of the attacker's choice.
 
 This mitigation relies on the design of SEH, where each SEH entry contains both a pointer to the exception handler, as well as a pointer to the next handler in the exception chain. This mitigation is called by the exception dispatcher, which validates the SEH chain when an exception is invoked. It verifies that:
 
@@ -619,13 +619,13 @@ Compatibility issues with SEHOP are relatively rare. It's uncommon for an applic
 
 ### Description
 
-*Validate handle usage* is a mitigation which helps protect against an attacker leveraging an existing handle to access a protected object. A [handle](https://docs.microsoft.com/windows/win32/sysinfo/handles-and-objects) is a reference to a protected object. If application code is referencing an invalid handle, that could indicate that an adversary is attempting to use a handle it has previously recorded (but which application reference counting wouldn't be aware of). If the application attempts to use an invalid object, instead of simply returning null, the application will raise an exception (STATUS_INVALID_HANDLE).
+*Validate handle usage* is a mitigation that helps protect against an attacker leveraging an existing handle to access a protected object. A [handle](https://docs.microsoft.com/windows/win32/sysinfo/handles-and-objects) is a reference to a protected object. If application code is referencing an invalid handle, that could indicate that an adversary is attempting to use a handle it has previously recorded (but which application reference counting wouldn't be aware of). If the application attempts to use an invalid object, instead of simply returning null, the application will raise an exception (STATUS_INVALID_HANDLE).
 
 This mitigation is automatically applied to Windows Store applications.
 
 ### Compatibility considerations
 
-Applications which were not accurately tracking handle references, and which were not wrapping these operations in exception handlers, will potentially be impacted by this mitigation.
+Applications that were not accurately tracking handle references, and which were not wrapping these operations in exception handlers, will potentially be impacted by this mitigation.
 
 ### Configuration options
 
@@ -656,21 +656,21 @@ This mitigation is already applied by default for 64-bit applications and for 32
 
 ### Description
 
-The *validate image dependency* mitigation helps protect against attacks which attempt to substitute code for dlls which are statically linked by Windows binaries. The technique of DLL planting abuses the loader's search mechanism to inject malicious code, which can be used to get malicious code running in an elevated context. When the loader is loading a Windows signed binary, and then loads up any dlls that the binary depends on, these binaries will be verified to ensure that they are also digitally signed as a Windows binary. If they fail the signature check, the dll will not be loaded, and will throw an exception, returning a status of STATUS_INVALID_IMAGE_HASH.
+The *validate image dependency* mitigation helps protect against attacks that attempt to substitute code for dlls that are statically linked by Windows binaries. The technique of DLL planting abuses the loader's search mechanism to inject malicious code, which can be used to get malicious code running in an elevated context. When the loader is loading a Windows signed binary, and then loads up any dlls that the binary depends on, these binaries will be verified to ensure that they are also digitally signed as a Windows binary. If they fail the signature check, the dll will not be loaded, and will throw an exception, returning a status of STATUS_INVALID_IMAGE_HASH.
 
 ### Compatibility considerations
 
-Compatibility issues are uncommon. Applications which depend on replacing Windows binaries with local private versions will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications.
+Compatibility issues are uncommon. Applications that depend on replacing Windows binaries with local private versions will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
 
 ## Validate stack integrity (StackPivot)
 
 ### Description
 
-The *validate stack integrity (StackPivot)* mitigation helps protect against the Stack Pivot attack, a ROP attack where an attacker creates a fake stack in heap memory, and then tricks the application into returning into the fake stack which controls the flow of execution.
+The *validate stack integrity (StackPivot)* mitigation helps protect against the Stack Pivot attack, a ROP attack where an attacker creates a fake stack in heap memory, and then tricks the application into returning into the fake stack that controls the flow of execution.
 
 This mitigation intercepts a number of Windows APIs, and inspects the value of the stack pointer. If the address of the stack pointer does not fall between the bottom and the top of the stack, then an event is recorded and, if not in audit mode, the process will be terminated.
 
@@ -713,11 +713,11 @@ The APIs intercepted by this mitigation are:
 
 ### Compatibility considerations
 
-Applications which are leveraging fake stacks will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications.
-Applications which perform API interception, particularly security software, can cause compatibility problems with this mitigation.
+Applications that are leveraging fake stacks will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications.
+Applications that perform API interception, particularly security software, can cause compatibility problems with this mitigation.
 
 This mitigation is incompatible with the Arbitrary Code Guard mitigation.
 
 ### Configuration options
 
-**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).
+**Audit Only** - You can enable this mitigation in audit mode in order to measure the potential compatibility impact on an application. Audit events can then be viewed either in the event viewer or using Advanced Hunting in [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview).

From 6f5ff926272f51892f0708291189bd18f4784778 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:12:21 -0800
Subject: [PATCH 201/384] Update exposed-apis-create-app-nativeapp.md

---
 .../exposed-apis-create-app-nativeapp.md               | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index a8b84f7619..a71727d746 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -1,7 +1,7 @@
 ---
-title: Use Microsoft Defender Advanced Threat Protection APIs  
+title: Use Microsoft Defender for Endpoint APIs  
 ms.reviewer: 
-description: Learn how to design a native Windows app to get programmatic access to Microsoft Defender ATP without a user.
+description: Learn how to design a native Windows app to get programmatic access to Microsoft Defender for Endpoint without a user.
 keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -24,15 +24,15 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 This page describes how to create an application to get programmatic access to Defender for Endpoint on behalf of a user.
 
-If you need programmatic access Defender for Endpoint without a user, refer to [Access Defender for Endpoint with application context](exposed-apis-create-app-webapp.md).
+If you need programmatic access Microsoft Defender for Endpoint without a user, refer to [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md).
 
 If you are not sure which access you need, read the [Introduction page](apis-intro.md).
 
-Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application

From 7ddf4a7dc22b24aa79f039694dc52ea0162f0583 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:14:04 -0800
Subject: [PATCH 202/384] Update exposed-apis-create-app-nativeapp.md

---
 .../exposed-apis-create-app-nativeapp.md       | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index a71727d746..36d9d46439 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -32,18 +32,18 @@ If you need programmatic access Microsoft Defender for Endpoint without a user,
 
 If you are not sure which access you need, read the [Introduction page](apis-intro.md).
 
-Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Microsoft Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application
 - Get an access token using this application
 - Use the token to access Defender for Endpoint API
 
-This page explains how to create an AAD application, get an access token to Defender for Endpoint and validate the token.
+This page explains how to create an AAD application, get an access token to Microsoft Defender for Endpoint and validate the token.
 
 >[!NOTE]
-> When accessing Defender for Endpoint API on behalf of a user, you will need the correct Application permission and user permission.
-> If you are not familiar with user permissions on Defender for Endpoint, see [Manage portal access using role-based access control](rbac.md).
+> When accessing Microsoft Defender for Endpoint API on behalf of a user, you will need the correct Application permission and user permission.
+> If you are not familiar with user permissions on Microsoft Defender for Endpoint, see [Manage portal access using role-based access control](rbac.md).
 
 >[!TIP]
 > If you have the permission to perform an action in the portal, you have the permission to perform the action in the API.
@@ -63,11 +63,11 @@ This page explains how to create an AAD application, get an access token to Defe
    - **Name:** -Your application name-
    - **Application type:** Public client
 
-4. Allow your Application to access Defender for Endpoint and assign it 'Read alerts' permission:
+4. Allow your Application to access Microsoft Defender for Endpoint and assign it 'Read alerts' permission:
 
     - On your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and select on **WindowsDefenderATP**.
 
-    - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
+    - **Note**: *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
 
       ![Image of API access and API selection](images/add-permission.png)
 
@@ -98,7 +98,7 @@ This page explains how to create an AAD application, get an access token to Defe
 
 ## Get an access token
 
-For more information on AAD token, see [Azure AD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds)
+For more information on AAD tokens, see [Azure AD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds)
 
 ### Using C#
 
@@ -172,6 +172,6 @@ Verify to make sure you got a correct token:
     // Do something useful with the response
     ```
 
-## Related topics
+## See also
 - [Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
-- [Access Defender for Endpoint with application context](exposed-apis-create-app-webapp.md)
+- [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md)

From 20599084831e1bc38ac7da0b3b2d1c5a1efb9aec Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:16:00 -0800
Subject: [PATCH 203/384] Update exposed-apis-create-app-partners.md

---
 .../exposed-apis-create-app-partners.md        | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
index 06355fd20a..638347246b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
@@ -1,7 +1,7 @@
 ---
-title: Create an Application to access Microsoft Defender ATP without a user
+title: Create an Application to access  Microsoft Defender for Endpoint without a user
 ms.reviewer: 
-description: Learn how to design a web app to get programmatic access to Microsoft Defender ATP without a user.
+description: Learn how to design a web app to get programmatic access to  Microsoft Defender for Endpoint without a user.
 keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -24,17 +24,17 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Defender for Endpoint on behalf of your customers.
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Microsoft Defender for Endpoint on behalf of your customers.
 
 
-Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Microsoft Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create a **multi-tenant** Azure AD application.
 - Get authorized(consent) by your customer administrator for your application to access Defender for Endpoint resources it needs.
 - Get an access token using this application.
-- Use the token to access Microsoft Defender ATP API.
+- Use the token to access Microsoft Defender for Endpoint API.
 
 The following steps will guide you how to create an Azure AD application, get an access token to Microsoft Defender for Endpoint and validate the token.
 
@@ -61,7 +61,7 @@ The following steps will guide you how to create an Azure AD application, get an
 
    - On your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and select on **WindowsDefenderATP**.
 
-   - **Note**: WindowsDefenderATP does not appear in the original list. Start writing its name in the text box to see it appear.
+   - **Note**: *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
 
    ![Image of API access and API selection](images/add-permission.png)
    
@@ -212,7 +212,7 @@ You will get an answer of the form:
 Sanity check to make sure you got a correct token:
 - Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it
 - Validate you get a 'roles' claim with the desired permissions
-- In the screenshot below, you can see a decoded token acquired from an Application with multiple permissions to Microsoft Defender ATP:
+- In the screenshot below, you can see a decoded token acquired from an Application with multiple permissions to  Microsoft Defender for Endpoint:
 - The "tid" claim is the tenant ID the token belongs to.
 
 ![Image of token validation](images/webapp-decoded-token.png)
@@ -236,6 +236,6 @@ Sanity check to make sure you got a correct token:
     // Do something useful with the response
     ```
 
-## Related topics
+## See also
 - [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
 - [Access Microsoft Defender for Endpoint on behalf of a user](exposed-apis-create-app-nativeapp.md)

From 3a5f7d06b3499683cb50c6837b65f5dd2454cd45 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:16:49 -0800
Subject: [PATCH 204/384] Update exposed-apis-create-app-webapp.md

---
 .../exposed-apis-create-app-webapp.md                  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
index 5223dab678..ef6b72f749 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@@ -1,7 +1,7 @@
 ---
-title: Create an app to access Microsoft Defender ATP without a user
+title: Create an app to access Microsoft Defender for Endpoint without a user
 ms.reviewer: 
-description: Learn how to design a web app to get programmatic access to Microsoft Defender ATP without a user.
+description: Learn how to design a web app to get programmatic access to Microsoft Defender for Endpoint without a user.
 keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -24,11 +24,11 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 This page describes how to create an application to get programmatic access to Defender for Endpoint without a user. If you need programmatic access to Defender for Endpoint on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md). If you are not sure which access you need, see [Get started](apis-intro.md).
 
-Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an Azure Active Directory (Azure AD) application.
@@ -190,7 +190,7 @@ Ensure that you got the correct token:
 
 1. Copy and paste the token you got in the previous step into [JWT](https://jwt.ms) in order to decode it.
 1. Validate that you get a 'roles' claim with the desired permissions
-1. In the following image, you can see a decoded token acquired from an app with permissions to all of Microsoft Defender ATP's roles:
+1. In the following image, you can see a decoded token acquired from an app with permissions to all of  Microsoft Defender for Endpoint's roles:
 
 ![Image of token validation](images/webapp-decoded-token.png)
 

From ed09a7ad6dc7946d05e6f655562d4f3f00c14bac Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:18:14 -0800
Subject: [PATCH 205/384] Update exposed-apis-create-app-webapp.md

---
 .../exposed-apis-create-app-webapp.md            | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
index ef6b72f749..c8dad3ff8d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@@ -35,7 +35,7 @@ In general, you’ll need to take the following steps to use the APIs:
 - Get an access token using this application.
 - Use the token to access Defender for Endpoint API.
 
-This article explains how to create an Azure AD application, get an access token to Defender for Endpoint, and validate the token.
+This article explains how to create an Azure AD application, get an access token to Microsoft Defender for Endpoint, and validate the token.
 
 ## Create an app
 
@@ -50,7 +50,7 @@ This article explains how to create an Azure AD application, get an access token
 4. To enable your app to access Defender for Endpoint and assign it **'Read all alerts'** permission, on your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** >, type **WindowsDefenderATP**, and then select **WindowsDefenderATP**.
 
    > [!NOTE]
-   > WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
+   > *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
 
    ![Image of API access and API selection](images/add-permission.png)
 
@@ -82,9 +82,9 @@ This article explains how to create an Azure AD application, get an access token
 
    ![Image of created app id](images/app-and-tenant-ids.png)
 
-8. **For Defender for Endpoint Partners only**. Set your app to be multi-tenanted (available in all tenants after consent). This is **required** for third-party apps (for example, if you create an app that is intended to run in multiple customers' tenant). This is **not required** if you create a service that you want to run in your tenant only (for example, if you create an application for your own usage that will only interact with your own data). To set your app to be multi-tenanted:
+8. **For Microsoft Defender for Endpoint Partners only**. Set your app to be multi-tenanted (available in all tenants after consent). This is **required** for third-party apps (for example, if you create an app that is intended to run in multiple customers' tenant). This is **not required** if you create a service that you want to run in your tenant only (for example, if you create an application for your own usage that will only interact with your own data). To set your app to be multi-tenanted:
 
-    - Go to **Authentication**, and add https://portal.azure.com as the **Redirect URI**.
+    - Go to **Authentication**, and add `https://portal.azure.com` as the **Redirect URI**.
 
     - On the bottom of the page, under **Supported account types**, select the **Accounts in any organizational directory** application consent for your multi-tenant app.
 
@@ -194,7 +194,7 @@ Ensure that you got the correct token:
 
 ![Image of token validation](images/webapp-decoded-token.png)
 
-## Use the token to access Defender for Endpoint API
+## Use the token to access Microsoft Defender for Endpoint API
 
 1. Choose the API you want to use. For more information, see [Supported Defender for Endpoint APIs](exposed-apis-list.md).
 1. Set the authorization header in the http request you send to "Bearer {token}" (Bearer is the authorization scheme).
@@ -213,6 +213,6 @@ The following is an example of sending a request to get a list of alerts **using
     // Do something useful with the response
 ```
 
-## Related topics
-- [Supported Defender for Endpoint APIs](exposed-apis-list.md)
-- [Access Defender for Endpoint on behalf of a user](exposed-apis-create-app-nativeapp.md)
+## See also
+- [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
+- [Access Microsoft Defender for Endpoint on behalf of a user](exposed-apis-create-app-nativeapp.md)

From 09425c9a1dbbb830617857e154e2db7e954160b6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:19:55 -0800
Subject: [PATCH 206/384] Update exposed-apis-create-app-webapp.md

---
 .../exposed-apis-create-app-webapp.md                | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
index c8dad3ff8d..0e4b4ed677 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@@ -58,11 +58,11 @@ This article explains how to create an Azure AD application, get an access token
 
    ![Image of API access and API selection](images/application-permissions.png)
 
-     Note that you need to select the relevant permissions. 'Read All Alerts' is only an example. For instance:
+     You need to select the relevant permissions. 'Read All Alerts' is only an example. For instance:
 
      - To [run advanced queries](run-advanced-query-api.md), select the 'Run advanced queries' permission.
      - To [isolate a device](isolate-machine.md), select the 'Isolate machine' permission.
-     - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
+     - To determine which permission you need, look at the **Permissions** section in the API you are interested to call.
 
 5. Select **Grant consent**.
 
@@ -105,7 +105,7 @@ This article explains how to create an Azure AD application, get an access token
 
 ## Get an access token
 
-For more details on Azure AD tokens, see the [Azure AD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds).
+For more information on Azure AD tokens, see the [Azure AD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds).
 
 ### Use PowerShell
 
@@ -133,10 +133,10 @@ return $token
 
 ### Use C#:
 
-The following code was tested with Nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8.
+The following code was tested with NuGet Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8.
 
 1. Create a new console application.
-1. Install Nuget [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/).
+1. Install NuGet [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/).
 1. Add the following:
 
     ```
@@ -198,7 +198,7 @@ Ensure that you got the correct token:
 
 1. Choose the API you want to use. For more information, see [Supported Defender for Endpoint APIs](exposed-apis-list.md).
 1. Set the authorization header in the http request you send to "Bearer {token}" (Bearer is the authorization scheme).
-1. The expiration time of the token is one hour. You can send more then one request with the same token.
+1. The expiration time of the token is one hour. You can send more than one request with the same token.
 
 The following is an example of sending a request to get a list of alerts **using C#**: 
 ```

From aab0177275050204d7c57baddc04c979ce5bfa40 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:21:48 -0800
Subject: [PATCH 207/384] Update exposed-apis-full-sample-powershell.md

---
 .../exposed-apis-full-sample-powershell.md                | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
index 06358c5580..31142c2936 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: Advanced Hunting with PowerShell API Guide
 ms.reviewer: 
-description: Use these code samples, querying several Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs.
+description: Use these code samples, querying several Microsoft Defender for Endpoint APIs.
 keywords: apis, supported apis, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -26,11 +26,11 @@ ms.date: 09/24/2018
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Full scenario using multiple APIs from Defender for Endpoint.
+Full scenario using multiple APIs from Microsoft Defender for Endpoint.
 
 In this section, we share PowerShell samples to 
 - Retrieve a token 
-- Use token to retrieve the latest alerts in Defender for Endpoint
+- Use token to retrieve the latest alerts in Microsoft Defender for Endpoint
 - For each alert, if the alert has medium or high priority and is still in progress, check how many times the device has connected to suspicious URL.
 
 **Prerequisite**: You first need to [create an app](apis-intro.md).
@@ -117,7 +117,7 @@ $response
 ```
 
 
-## Related topic
+## See also
 - [Microsoft Defender for Endpoint APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using Python](run-advanced-query-sample-python.md)

From 7a189b295256c526dab0edf6002de3f15b8bfb8c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:23:46 -0800
Subject: [PATCH 208/384] Update exposed-apis-list.md

---
 .../exposed-apis-list.md                      | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
index 878180dc45..785ac39e0d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
@@ -1,7 +1,7 @@
 ---
-title: Supported Microsoft Defender Advanced Threat Protection APIs  
+title: Supported Microsoft Defender for Endpoint APIs  
 ms.reviewer: 
-description: Learn about the specific supported Microsoft Defender Advanced Threat Protection entities where you can create API calls to. 
+description: Learn about the specific supported Microsoft Defender for Endpoint entities where you can create API calls to. 
 keywords: apis, supported apis, actor, alerts, device, user, domain, ip, file, advanced queries, advanced hunting
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -24,11 +24,11 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-## End Point URI and Versioning
+## Endpoint URI and versioning
 
-### End Point URI:
+### Endpoint URI:
 
 > The service base URI is: https://api.securitycenter.windows.com
 > 
@@ -40,7 +40,7 @@ ms.topic: article
 > 
 > The current version is **V1.0**.
 > 
-> To use a specific version, use this format: https://api.securitycenter.windows.com/api/{Version}. For example: https://api.securitycenter.windows.com/api/v1.0/alerts
+> To use a specific version, use this format: `https://api.securitycenter.windows.com/api/{Version}`. For example: `https://api.securitycenter.windows.com/api/v1.0/alerts`
 > 
 > If you don't specify any version (e.g. https://api.securitycenter.windows.com/api/alerts ) you will get to the latest version.
 
@@ -53,17 +53,17 @@ Topic | Description
 :---|:---
 Advanced Hunting | Run queries from API.
 Alerts | Run API calls such as get alerts, create alert, update alert and more.
-Domains | Run API calls such as get domain related devices, domain statistics and more.
+Domains | Run API calls such as get domain-related devices, domain statistics and more.
 Files | Run API calls such as get file information, file related alerts, file related devices, and file statistics.
-IPs | Run API calls such as get IP related alerts and get IP statistics.
+IPs | Run API calls such as get IP-related alerts and get IP statistics.
 Machines | Run API calls such as get devices, get devices by ID, information about logged on users, edit tags and more.
 Machine Actions | Run API call such as Isolation, Run anti-virus scan and more.
 Indicators | Run API call such as create Indicator, get Indicators and delete Indicators.
-Users | Run API calls such as get user related alerts and user related devices.
+Users | Run API calls such as get user-related alerts and user-related devices.
 Score | Run API calls such as get exposure score or get device secure score.
 Software | Run API calls such as list vulnerabilities by software.
 Vulnerability | Run API calls such as list devices by vulnerability.
-Recommendation | Run API calls such as Get recommendation by Id.
+Recommendation | Run API calls such as Get recommendation by ID.
 
-## Related topic
+## See also
 - [Microsoft Defender for Endpoint APIs](apis-intro.md)

From df11b00d33ada7f1374e76edde17048fb15fb6fd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:26:18 -0800
Subject: [PATCH 209/384] Update exposed-apis-odata-samples.md

---
 .../exposed-apis-odata-samples.md                      | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index 9bf1f16482..b4a487ffbe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -1,7 +1,7 @@
 ---
-title: OData queries with Microsoft Defender ATP
+title: OData queries with Microsoft Defender for Endpoint
 ms.reviewer: 
-description: Use these examples of Open Data Protocol (OData) queries to help with data access protocols in Microsoft Defender ATP.
+description: Use these examples of Open Data Protocol (OData) queries to help with data access protocols in Microsoft Defender for Endpoint.
 keywords: apis, supported apis, odata, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -320,7 +320,7 @@ HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=lastSeen g
 
 ### Example 6
 
-Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender ATP
+Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender for Endpoint
 
 ```http
 HTTP GET  https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan'
@@ -364,5 +364,5 @@ HTTP GET  https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415
 4
 ```
 
-## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+## See also
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)

From c9228e8b401399504fc6ff7b0441fa062c93e479 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:27:51 -0800
Subject: [PATCH 210/384] Update feedback-loop-blocking.md

---
 .../microsoft-defender-atp/feedback-loop-blocking.md   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
index f8a0036aa3..b5ac0c1ea5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
@@ -1,7 +1,7 @@
 ---
 title: Feedback-loop blocking
-description: Feedback-loop blocking, also called rapid protection, is part of behavioral blocking and containment capabilities in Microsoft Defender ATP
-keywords: behavioral blocking, rapid protection, feedback blocking, Microsoft Defender ATP
+description: Feedback-loop blocking, also called rapid protection, is part of behavioral blocking and containment capabilities in Microsoft Defender for Endpoint
+keywords: behavioral blocking, rapid protection, feedback blocking, Microsoft Defender for Endpoint
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 author: denisebmsft
@@ -29,7 +29,7 @@ ms.collection:
 
 ## Overview
 
-Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices across your organization are better protected from attacks. 
+Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices across your organization are better protected from attacks. 
 
 ## How feedback-loop blocking works
 
@@ -42,9 +42,9 @@ With rapid protection in place, an attack can be stopped on a device, other devi
 
 If your organization is using Defender for Endpoint, feedback-loop blocking is enabled by default. However, rapid protection occurs through a combination of Defender for Endpoint capabilities, machine learning protection features, and signal-sharing across Microsoft security services. Make sure the following features and capabilities of Defender for Endpoint are enabled and configured:
 
-- [Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
+- [Microsoft Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
 
-- [Devices onboarded to Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
+- [Devices onboarded to Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
 
 - [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode)
 

From 31e27dd219cb1a6608fb4ab5066acd525ac9040f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:30:29 -0800
Subject: [PATCH 211/384] Update fetch-alerts-mssp.md

---
 .../fetch-alerts-mssp.md                      | 21 ++++++-------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md b/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
index 3838221082..a4f175566c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
@@ -26,7 +26,7 @@ ms.topic: article
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 >[!NOTE]
@@ -39,7 +39,7 @@ There are two ways you can fetch alerts:
 
 ## Fetch alerts into your SIEM
 
-To fetch alerts into your SIEM system you'll need to take the following steps:
+To fetch alerts into your SIEM system, you'll need to take the following steps:
 
 Step 1: Create a third-party application
 
@@ -47,21 +47,15 @@ Step 2: Get access and refresh tokens from your customer's tenant
  
 Step 3: allow your application on Microsoft Defender Security Center
  
-
-
-
 ### Step 1: Create an application in Azure Active Directory (Azure AD)
  
-You'll need to create an application and grant it permissions to fetch alerts from your customer's Defender for Endpoint tenant.
- 
+You'll need to create an application and grant it permissions to fetch alerts from your customer's Microsoft Defender for Endpoint tenant.
 
 1. Sign in to the [Azure AD portal](https://aad.portal.azure.com/).
 
 2. Select **Azure Active Directory** > **App registrations**.
-
  
 3. Click **New registration**.
- 
 
 4. Specify the following values:
 
@@ -80,7 +74,6 @@ You'll need to create an application and grant it permissions to fetch alerts fr
 
 9. Click **New client secret**.
 
-
     - Description: Enter a description for the key.
     - Expires: Select **In 1 year**
 
@@ -163,12 +156,10 @@ After providing your credentials, you'll need to grant consent to the applicatio
 7. You'll be asked to provide your credentials and consent. Ignore the page redirect.
 
 8. In the PowerShell window, you'll receive an access token and a refresh token. Save the refresh token to configure your SIEM connector. 
-
  
 ### Step 3: Allow your application on Microsoft Defender Security Center
 You'll need to allow the application you created in Microsoft Defender Security Center.
  
-
 You'll need to have **Manage portal system settings** permission to allow the application. Otherwise, you'll need to request your customer to allow the application for you.
 
 1. Go to `https://securitycenter.windows.com?tid=` (replace \ with the customer's tenant ID.
@@ -182,10 +173,10 @@ You'll need to have **Manage portal system settings** permission to allow the ap
 5. Click **Authorize application**. 
 
  
-You can now download the relevant configuration file for your SIEM and connect to the Defender for Endpoint API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md).
+You can now download the relevant configuration file for your SIEM and connect to the Defender for Endpoint API. For more information, see, [Pull alerts to your SIEM tools](configure-siem.md).
  
 
-- In the ArcSight configuration file / Splunk Authentication Properties file ? you will have to write your application key manually by settings the secret value.
+- In the ArcSight configuration file / Splunk Authentication Properties file, write your application key manually by setting the secret value.
 - Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means).
 
 ## Fetch alerts from MSSP customer's tenant using APIs
@@ -193,7 +184,7 @@ You can now download the relevant configuration file for your SIEM and connect t
 For information on how to fetch alerts using REST API, see [Pull alerts using REST API](pull-alerts-using-rest-api.md).
 
 
-## Related topics
+## See also
 - [Grant MSSP access to the portal](grant-mssp-access.md)
 - [Access the MSSP customer portal](access-mssp-portal.md)
 - [Configure alert notifications](configure-mssp-notifications.md)

From c722e10fc87927b8f89a0c16c4c109bbb427d0d3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:34:11 -0800
Subject: [PATCH 212/384] Update files.md

---
 .../microsoft-defender-atp/files.md           | 40 +++++++++----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md
index 73860bca59..6289c8645b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/files.md
@@ -1,6 +1,6 @@
 ---
 title: File resource type
-description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts related to files.
+description: Retrieve recent Microsoft Defender for Endpoint alerts related to files.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -23,7 +23,7 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 Represent a file entity in Defender for Endpoint.
 
@@ -37,24 +37,24 @@ Method|Return Type |Description
 
 
 ## Properties
-Property |	Type	|	Description
-:---|:---|:---
-sha1 | String | Sha1 hash of the file content
-sha256 | String | Sha256 hash of the file content
-globalPrevalence | Nullable long | File prevalence across organization
-globalFirstObserved | DateTimeOffset | First time the file was observed.
-globalLastObserved | DateTimeOffset | Last time the file was observed.
-size | Nullable long | Size of the file.
-fileType | String | Type of the file. 
-isPeFile | Boolean | true if the file is portable executable (e.g. "DLL", "EXE", etc.)
-filePublisher | String | File publisher.
-fileProductName | String | Product name.
-signer | String | File signer.
-issuer | String | File issuer.
-signerHash | String | Hash of the signing certificate.
-isValidCertificate | Boolean | Was signing certificate successfully verified by Defender for Endpoint agent.
-determinationType | String | The determination type of the file.
-determinationValue | String | Determination value.
+|Property |	Type	|	Description |
+|:---|:---|:---|
+|sha1 | String | Sha1 hash of the file content |
+|sha256 | String | Sha256 hash of the file content |
+|globalPrevalence | Nullable long | File prevalence across organization |
+|globalFirstObserved | DateTimeOffset | First time the file was observed |
+|globalLastObserved | DateTimeOffset | Last time the file was observed |
+|size | Nullable long | Size of the file |
+|fileType | String | Type of the file |
+|isPeFile | Boolean | true if the file is portable executable (e.g. "DLL", "EXE", etc.) |
+|filePublisher | String | File publisher |
+|fileProductName | String | Product name |
+|signer | String | File signer |
+|issuer | String | File issuer |
+|signerHash | String | Hash of the signing certificate |
+|isValidCertificate | Boolean | Was signing certificate successfully verified by Microsoft Defender for Endpoint agent |
+|determinationType | String | The determination type of the file |
+|determinationValue | String | Determination value |
 
 
 ## Json representation

From 850275ae10ad5b749884034f1abd13d3b3173b9d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:35:00 -0800
Subject: [PATCH 213/384] Update find-machines-by-ip.md

---
 .../microsoft-defender-atp/find-machines-by-ip.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
index 5b69969d33..3db35c6164 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
@@ -36,7 +36,7 @@ Find [Machines](machine.md) seen with the requested internal IP in the time rang
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---

From 6029b01526cbffe74f7798c440bc5e15d4cecaa1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:37:25 -0800
Subject: [PATCH 214/384] Update fix-unhealthy-sensors.md

---
 .../fix-unhealthy-sensors.md                  | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index 30dff867d7..10e0e3eb28 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -1,5 +1,5 @@
 ---
-title: Fix unhealthy sensors in Microsoft Defender ATP
+title: Fix unhealthy sensors in Microsoft Defender for Endpoint
 description: Fix device sensors that are reporting as misconfigured or inactive so that the service receives data from the device.
 keywords: misconfigured, inactive, fix sensor, sensor health,  no sensor data, sensor data, impaired communications, communication
 search.product: eADQiWindows 10XVcnh
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 10/23/2017
+ms.date: 11/06/2020
 ---
 
 # Fix unhealthy sensors in Microsoft Defender for Endpoint
@@ -29,8 +29,7 @@ ms.date: 10/23/2017
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
+Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
 
 Devices that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a device to be categorized as inactive or misconfigured.
 
@@ -38,17 +37,18 @@ Devices that are categorized as misconfigured or inactive can be flagged due to
 
 An inactive device is not necessarily flagged due to an issue. The following actions taken on a device can cause a device to be categorized as inactive:
 
-**Device is not in use**

+### Device is not in use
+
 If the device has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
 
-**Device was reinstalled or renamed**

+### Device was reinstalled or renamed
 A reinstalled or renamed device will generate a new device entity in Microsoft Defender Security Center. The previous device entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a device and deployed the Defender for Endpoint package, search for the new device name to verify that the device is reporting normally.
 
-**Device was offboarded**

+### Device was offboarded
 If the device was offboarded it will still appear in devices list. After 7 days, the device health state should change to inactive.
 
 
-**Device is not sending signals**
+### Device is not sending signals
 If the device is not sending any signals for more than 7 days to any of the Defender for Endpoint channels for any reason including conditions that fall under misconfigured devices classification, a device can be considered inactive. 
 
 
@@ -65,7 +65,7 @@ This status indicates that there's limited communication between the device and
 The following suggested actions can help fix issues related to a misconfigured device with impaired communications:
 
 - [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)

-  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
+  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender for Endpoint service.
 
 - [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

   Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the  Defender for Endpoint service URLs.
@@ -77,10 +77,10 @@ A misconfigured device with status ‘No sensor data’ has communication with t
 Follow theses actions to correct known issues related to a misconfigured device with status ‘No sensor data’:
 
 - [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)

-  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
+  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender for Endpoint service.
 
 - [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

-  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
+  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender for Endpoint service URLs.
 
 - [Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled)

 If the devices aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
@@ -90,5 +90,5 @@ If your devices are running a third-party antimalware client, the Defender for E
 
 If you took corrective actions and the device status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 
-## Related topic
-- [Check sensor health state in Defender for Endpoint](check-sensor-status.md)
+## See also
+- [Check sensor health state in Microsoft Defender for Endpoint](check-sensor-status.md)

From 3520b68b545fdbede1ee677c792603bb11125062 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:38:52 -0800
Subject: [PATCH 215/384] Update fix-unhealthy-sensors.md

---
 .../microsoft-defender-atp/fix-unhealthy-sensors.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index 10e0e3eb28..df09d1f6f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -39,17 +39,17 @@ An inactive device is not necessarily flagged due to an issue. The following act
 
 ### Device is not in use
 
-If the device has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
+If the device has not been in use for more than seven days for any reason, it will remain in an ‘Inactive’ status in the portal.
 
 ### Device was reinstalled or renamed
 A reinstalled or renamed device will generate a new device entity in Microsoft Defender Security Center. The previous device entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a device and deployed the Defender for Endpoint package, search for the new device name to verify that the device is reporting normally.
 
 ### Device was offboarded
-If the device was offboarded it will still appear in devices list. After 7 days, the device health state should change to inactive.
+If the device was offboarded, it will still appear in devices list. After seven days, the device health state should change to inactive.
 
 
 ### Device is not sending signals
-If the device is not sending any signals for more than 7 days to any of the Defender for Endpoint channels for any reason including conditions that fall under misconfigured devices classification, a device can be considered inactive. 
+If the device is not sending any signals for more than seven days to any of the Microsoft Defender for Endpoint channels for any reason including conditions that fall under misconfigured devices classification, a device can be considered inactive. 
 
 
 Do you expect a device to be in ‘Active’ status? [Open a support ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).

From ce2bf055d879affdebccb9e35614e75388048784 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:44:43 -0800
Subject: [PATCH 216/384] fixes

---
 .../microsoft-defender-atp/exploit-protection-reference.md    | 2 +-
 .../exposed-apis-create-app-nativeapp.md                      | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
index 8e0b432b66..ba855cf88a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
@@ -402,7 +402,7 @@ Additionally, by enabling EAF+, this mitigation adds the PAGE_GUARD protection t
 
 Address Space Layout Randomization (ASLR) mitigates the risk of an attacker using their knowledge of the memory layout of the system in order to execute code that is already present in process memory and already marked as executable. This can mitigate the risk of an attacker leveraging techniques such as return-to-libc attacks, where the adversary sets the context and then modifies the return address to execute existing code with context that suits the adversary's purpose.
 
-Mandatory ASLR forces a rebase of all DLLs within the process. A developer can enable ASLR using the [/DYNAMICBASE](https://docs.microsoft.com/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019) linker option, and this mitigation has the same effect.
+Mandatory ASLR forces a rebase of all DLLs within the process. A developer can enable ASLR using the [/DYNAMICBASE](https://docs.microsoft.com/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019&preserve-view=true) linker option, and this mitigation has the same effect.
 
 When the memory manager is mapping in the image into the process, Mandatory ASLR will forcibly rebase DLLs and EXEs that have not opted in to ASLR. Note, however, that this rebasing has no entropy, and can therefore be placed at a predictable location in memory. For rebased and randomized location of binaries, this mitigation should be paired with [Randomize memory allocations (Bottom-up ASLR)](#randomize-memory-allocations-bottom-up-aslr).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index 36d9d46439..4bbd942ec8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -69,11 +69,11 @@ This page explains how to create an AAD application, get an access token to Micr
 
     - **Note**: *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
 
-      ![Image of API access and API selection](images/add-permission.png)
+      ![add permission](images/add-permission.png)
 
     - Choose **Delegated permissions** > **Alert.Read** > select **Add permissions**
 
-      ![Image of API access and API selection](images/application-permissions-public-client.png)
+      ![application permissions](images/application-permissions-public-client.png)
 
     - **Important note**: Select the relevant permissions. Read alerts is only an example.
 

From 6f2c538b4c9ba2c714f4f9340a49a88e4dda209a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 12:47:42 -0800
Subject: [PATCH 217/384] fixes

---
 .../exposed-apis-create-app-partners.md                     | 4 ++--
 .../exposed-apis-create-app-webapp.md                       | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
index 638347246b..e2de608fbd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
@@ -63,7 +63,7 @@ The following steps will guide you how to create an Azure AD application, get an
 
    - **Note**: *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
 
-   ![Image of API access and API selection](images/add-permission.png)
+   ![add permission](images/add-permission.png)
    
    ### Request API permissions
 
@@ -77,7 +77,7 @@ The following steps will guide you how to create an Azure AD application, get an
 
    Choose **Application permissions** > **Alert.Read.All** > select on **Add permissions**
 
-   ![Image of API access and API selection](images/application-permissions.png)
+   ![app permissions](images/application-permissions.png)
 
 
 5. Select **Grant consent**
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
index 0e4b4ed677..a7584847f9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@@ -52,11 +52,11 @@ This article explains how to create an Azure AD application, get an access token
    > [!NOTE]
    > *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
 
-   ![Image of API access and API selection](images/add-permission.png)
+   ![add permission](images/add-permission.png)
 
    - Select **Application permissions** > **Alert.Read.All**, and then select **Add permissions**.
 
-   ![Image of API access and API selection](images/application-permissions.png)
+   ![app permission](images/application-permissions.png)
 
      You need to select the relevant permissions. 'Read All Alerts' is only an example. For instance:
 
@@ -69,7 +69,7 @@ This article explains how to create an Azure AD application, get an access token
      > [!NOTE]
      > Every time you add a permission, you must select **Grant consent** for the new permission to take effect.
 
-    ![Image of Grant permissions](images/grant-consent.png)
+    ![Grant permissions](images/grant-consent.png)
 
 6. To add a secret to the application, select **Certificates & secrets**, add a description to the secret, and then select **Add**.
 

From 56ac0129f87b221d5d29cac243aa69262003c6c0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 13:42:47 -0800
Subject: [PATCH 218/384] Update microsoft-defender-antivirus-compatibility.md

---
 ...rosoft-defender-antivirus-compatibility.md | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 8facb0d850..e725cbb281 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer:
 manager: dansimp
-ms.date: 09/28/2020
+ms.date: 11/06/2020
 ---
 
 # Microsoft Defender Antivirus compatibility
@@ -27,20 +27,20 @@ ms.date: 09/28/2020
 
 ## Overview
 
-Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection.
-- If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode.
-- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.)
-- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in preview) enabled, then whenever a malicious artifact is detected, Microsoft Defender ATP takes action to block and remediate the artifact.
+Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection.
+- If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender for Endpoint is not used, then Microsoft Defender Antivirus automatically goes into disabled mode.
+- If your organization is using Microsoft Defender for Endpoint together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.)
+- If your organization is using Microsoft Defender for Endpoint together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) enabled, then whenever a malicious artifact is detected, Microsoft Defender for Endpoint takes action to block and remediate the artifact.
 
 ## Antivirus and Microsoft Defender ATP
 
-The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender ATP.
+The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender for Endpoint.
 
 
-| Windows version   | Antimalware protection offered by  | Organization enrolled in Microsoft Defender ATP | Microsoft Defender Antivirus state     |
+| Windows version   | Antimalware protection  | Microsoft Defender for Endpoint enrollment | Microsoft Defender Antivirus state     |
 |------|------|-------|-------|
 | Windows 10      | A third-party product that is not offered or developed by Microsoft |                       Yes                       |           Passive mode            |
-| Windows 10      | A third-party product that is not offered or developed by Microsoft |                       No                        |      Automatic disabled mode      |
+| Windows 10      | A third-party product that is not offered or developed by Microsoft |                       No                        |      Automatic disabled mode     |
 | Windows 10      |                         Microsoft Defender Antivirus                         |                       Yes                       |            Active mode            |
 | Windows 10      |                         Microsoft Defender Antivirus                         |                       No                        |            Active mode            |
 | Windows Server 2016 or 2019 | A third-party product that is not offered or developed by Microsoft |                       Yes                       | Active mode[[1](#fn1)] |
@@ -72,12 +72,12 @@ The following table summarizes the functionality and features that are available
 |State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) |
 |--|--|--|--|--|--|
 |Active mode 

  |Yes |No |Yes |Yes |Yes |
-|Passive mode  |No |No |Yes |No |Yes |
+|Passive mode  |No |No |Yes |No; however, you can use or schedule on-demand scans |Yes |
 |[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md)  |No |No |Yes |Yes |Yes |
 |Automatic disabled mode  |No |Yes |No |No |No |
 
 - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
-- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
+- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
 - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
 - In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
 

From cd95acedbd740a9cbc48027c66437a4081480754 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 13:48:18 -0800
Subject: [PATCH 219/384] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index e725cbb281..e952349c61 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -32,7 +32,7 @@ Microsoft Defender Antivirus is automatically enabled and installed on endpoints
 - If your organization is using Microsoft Defender for Endpoint together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.)
 - If your organization is using Microsoft Defender for Endpoint together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) enabled, then whenever a malicious artifact is detected, Microsoft Defender for Endpoint takes action to block and remediate the artifact.
 
-## Antivirus and Microsoft Defender ATP
+## Antivirus and Microsoft Defender for Endpoint
 
 The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender for Endpoint.
 
@@ -77,25 +77,25 @@ The following table summarizes the functionality and features that are available
 |Automatic disabled mode  |No |Yes |No |No |No |
 
 - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
-- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
+- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
 - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
 - In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
 
 ## Keep the following points in mind
 
-If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
+If you are enrolled in Microsoft Defender for Endpoint and you are using a third-party antimalware product, then passive mode is enabled. [The service requires common information sharing from Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
 
-When Microsoft Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.
+When Microsoft Defender Antivirus is automatically disabled, it can automatically re-enabled if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.
 
 In passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
 
 If you uninstall the other product, and choose to use Microsoft Defender Antivirus to provide protection to your endpoints, Microsoft Defender Antivirus will automatically return to its normal active mode.
 
 > [!WARNING]
-> You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
+> You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
 
 > [!IMPORTANT]
-> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate.
+> If you are using [Microsoft Endpoint DLP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate.
 
 ## Related topics
 

From d1c27052e88a4089900f82c6dae1fcefc4e497ed Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 13:51:59 -0800
Subject: [PATCH 220/384] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index e952349c61..858d953295 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -79,7 +79,7 @@ The following table summarizes the functionality and features that are available
 - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
 - In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
 - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
-- In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
+- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
 
 ## Keep the following points in mind
 
@@ -95,9 +95,9 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir
 > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
 
 > [!IMPORTANT]
-> If you are using [Microsoft Endpoint DLP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate.
+> If you are using [Microsoft Endpoint DLP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled, even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate.
 
-## Related topics
+## See also
 
 - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
 - [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md)

From 827e503f0b6686f64e529347fb0e0266b81bafe7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 6 Nov 2020 14:13:13 -0800
Subject: [PATCH 221/384] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 858d953295..09984de193 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -72,7 +72,7 @@ The following table summarizes the functionality and features that are available
 |State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) |
 |--|--|--|--|--|--|
 |Active mode 

  |Yes |No |Yes |Yes |Yes |
-|Passive mode  |No |No |Yes |No; however, you can use or schedule on-demand scans |Yes |
+|Passive mode  |No |No |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes |
 |[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md)  |No |No |Yes |Yes |Yes |
 |Automatic disabled mode  |No |Yes |No |No |No |
 

From a886efe0b1106c8bddc2c0d045dd79ec9b05f019 Mon Sep 17 00:00:00 2001
From: Peter Smith 
Date: Fri, 6 Nov 2020 15:56:48 -0800
Subject: [PATCH 222/384] Update vpnv2-csp.md to fix minor type (Inbound was
 missing the I)

---
 windows/client-management/mdm/vpnv2-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 5f3d865cbd..125734b5c8 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -241,7 +241,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following:
 
 - Outbound - The rule applies to all outbound traffic
-- nbound - The rule applies to all inbound traffic
+- Inbound - The rule applies to all inbound traffic
 
 If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked.
 

From 9cf77e70111abd7e62df26a76dde795b21bbe71b Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sat, 7 Nov 2020 19:45:23 +0500
Subject: [PATCH 223/384] Update
 windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 ...l-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index a6e3ec2b41..a30934a529 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -33,7 +33,7 @@ As of Windows 10, version 1703, you can use WDAC policies not only to control ap
 
 To work with these options, the typical method is to create a policy that only affects plug-ins, add-ins, and modules, then merge it into your 'master' policy (merging is described in the next section).
 
-For example, to create a WDAC policy that allows **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable:
+For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable:
 
 ```powershell
 $rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'

From be9e630af24ee289711b5467e0b70bea0ee65213 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sat, 7 Nov 2020 19:46:02 +0500
Subject: [PATCH 224/384] Update
 use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md

minor changes.
---
 ...l-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index a30934a529..fc7de322fe 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -36,7 +36,7 @@ To work with these options, the typical method is to create a policy that only a
 For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable:
 
 ```powershell
-$rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
+$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
 $rule += New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
 New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs
 ```

From a8b5947f4d25f55c561de1421f76f0607035b88e Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sat, 7 Nov 2020 19:49:06 +0500
Subject: [PATCH 225/384] Update exposed-apis-create-app-nativeapp.md

minor tweak.
---
 .../microsoft-defender-atp/exposed-apis-create-app-nativeapp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index aa97239067..0767f473d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -50,7 +50,7 @@ This page explains how to create an AAD application, get an access token to Micr
 
 ## Create an app
 
-1. Log on to [Azure](https://portal.azure.com) with user that has **Global Administrator** role.
+1. Log on to [Azure](https://portal.azure.com) with user account that has **Global Administrator** role.
 
 2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**. 
 

From 30bedf7c74e426fdb6b56e9c3d407e11a54fd4b9 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 8 Nov 2020 07:44:42 +0500
Subject: [PATCH 226/384] Update
 windows/client-management/mdm/policy-csp-servicecontrolmanager.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../client-management/mdm/policy-csp-servicecontrolmanager.md  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index b220e10a02..8f43acb2ab 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -79,7 +79,7 @@ If you enable this policy setting, built-in system services hosted in svchost.ex
 This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code.  
 
 > [!IMPORTANT]
-> Enabling of this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software).
+> Enabling this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software).
 
 If you disable or do not configure this policy setting, the stricter security settings will not be applied.
 
@@ -125,4 +125,3 @@ Footnotes:
 - 8 - Available in Windows 10, version 2004.
 
 
-

From 29f1b2b0a51760c17d3d05966edb8fdb9354d80d Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 8 Nov 2020 08:11:07 +0500
Subject: [PATCH 227/384] Update
 microsoft-defender-advanced-threat-protection.md

---
 .../microsoft-defender-advanced-threat-protection.md            | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index c25bf6630c..b37274b4cb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -22,8 +22,6 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
->
 > For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
 
 Microsoft Defender Advanced Threat Protection is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

From 29bb6fc16b81301fa6bb971a257988a42f9edc84 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 8 Nov 2020 08:15:47 +0500
Subject: [PATCH 228/384] Update secure-the-windows-10-boot-process.md

---
 .../secure-the-windows-10-boot-process.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index 017eb64762..d3ff0fb615 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -84,7 +84,7 @@ These requirements help protect you from rootkits while allowing you to run any
 -  **Configure UEFI to trust your custom bootloader.** All Certified For Windows 10 PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
 -  **Turn off Secure Boot.** All Certified For Windows 10 PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however.
 
-To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software cannot change the Secure Boot settings. For more information about Secure Boot, read the blog, [Protecting the pre-OS environment with UEFI](https://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx).
+To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software cannot change the Secure Boot settings.
 
 Like most mobile devices, ARM-based Certified For Windows RT devices, such as the Microsoft Surface RT device, are designed to run only Windows 8.1. Therefore, Secure Boot cannot be turned off, and you cannot load a different operating system. Fortunately, there is a large market of ARM devices designed to run other operating systems.
 

From e4003af0132bc301b9a9835945b47f78f6660a81 Mon Sep 17 00:00:00 2001
From: schmurky 
Date: Mon, 9 Nov 2020 12:06:38 +0800
Subject: [PATCH 229/384] Updates for GA

---
 .../microsoft-defender-atp/investigate-files.md    |  1 -
 .../microsoft-defender-atp/review-alerts.md        | 14 ++++----------
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
index 599bf6a2fd..a9e415015a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
@@ -29,7 +29,6 @@ ms.date: 04/24/2018
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-[!include[Prerelease information](../../includes/prerelease.md)]
 
 >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
index 7188c9c212..821c82fed3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
@@ -29,9 +29,11 @@ ms.date: 5/1/2020
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
 
-The new alert page in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story.
+The alert page in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story.
 
-Quickly triage, investigate, and take effective action on alerts that affect your organization. Understand why they were triggered, and their impact from one location.
+Quickly triage, investigate, and take effective action on alerts that affect your organization. Understand why they were triggered, and their impact from one location. Learn more in this overview.
+
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4yiO5]
 
 ## Getting started with an alert
 
@@ -90,14 +92,6 @@ If you are experiencing a false alert with a line-of-business application, creat
 > [!TIP]
 > If you're experiencing any issues not described above, use the 🙂 button to provide feedback or open a support ticket.
 
-## Transitioning to the new alert page
-
-When making the move to the new alert page you will notice that we have centralized information from the alert process tree, the incident graph, and the artifact timeline into the [alert story](#investigate-using-the-alert-story), with some information available through the [affected assets](#review-affected-assets) section. Any additional information has been consolidated into the details pane for the relevant entities.
-
-## Video overview of the new alert page
-
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4yiO5]
-
 ## Related topics
 
 - [View and organize the incidents queue](view-incidents-queue.md)

From b374e475c2c0ac1c6b363748b32a1aa365c12d25 Mon Sep 17 00:00:00 2001
From: Anna-Li <70676128+xl989@users.noreply.github.com>
Date: Mon, 9 Nov 2020 16:15:44 +0800
Subject: [PATCH 230/384] CI_124865_Update delete-an-applocker-rule.md

update some info in the Note part
---
 .../applocker/delete-an-applocker-rule.md                    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
index be00ebc127..6dd939b657 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@@ -40,7 +40,10 @@ These steps apply only for locally managed devices. If the device has AppLocker
 2.  Click the appropriate rule collection for which you want to delete the rule.
 3.  In the details pane, right-click the rule to delete, click **Delete**, and then click **Yes**.
 
->**Note:**  When using Group Policy, for the rule deletion to take effect on computers within the domain, the GPO must be distributed or refreshed.
+> [!Note]
+>
+> - When using Group Policy, for the rule deletion to take effect on computers within the domain, the GPO must be distributed or refreshed.
+> - Application Identity service needs to be running for deleting Applocker rules. If you disable Applocker and delete Applocker rules, please stop Application Identity service after deleting Applocker rules. If the Application Identity service was stopped before deleting Applocker rules and if Applocker blocks apps despite being disabled, delete all files under C:\Windows\System32\AppLocker. 
 
 When this procedure is performed on the local device, the AppLocker policy takes effect immediately.
 

From 12d425ac9befa35944f2631e99b4f1022e0d7731 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Mon, 9 Nov 2020 15:50:43 +0530
Subject: [PATCH 231/384] updated-4567381-Batch10

rebranding activity
---
 .../mac-install-jamfpro-login.md              |  2 +-
 .../mac-install-manually.md                   | 20 +++----
 .../mac-install-with-intune.md                | 38 ++++++------
 .../mac-install-with-jamf.md                  | 12 ++--
 .../mac-install-with-other-mdm.md             | 20 +++----
 .../mac-jamfpro-device-groups.md              |  6 +-
 .../mac-jamfpro-enroll-devices.md             |  4 +-
 .../mac-jamfpro-policies.md                   | 44 +++++++-------
 .../microsoft-defender-atp/mac-preferences.md | 60 +++++++++----------
 .../microsoft-defender-atp/mac-privacy.md     | 38 ++++++------
 .../microsoft-defender-atp/mac-pua.md         | 16 ++---
 .../microsoft-defender-atp/mac-resources.md   | 14 ++---
 .../mac-schedule-scan-atp.md                  |  4 +-
 .../mac-support-install.md                    |  4 +-
 .../mac-support-kext.md                       | 10 ++--
 .../mac-support-license.md                    |  6 +-
 .../mac-support-perf.md                       | 20 +++----
 .../mac-sysext-policies.md                    | 10 ++--
 .../mac-sysext-preview.md                     |  8 +--
 .../microsoft-defender-atp/mac-updates.md     | 10 ++--
 .../microsoft-defender-atp/mac-whatsnew.md    | 24 ++++----
 .../microsoft-defender-atp/machine-groups.md  |  4 +-
 .../microsoft-defender-atp/machine-reports.md |  4 +-
 .../microsoft-defender-atp/machine.md         | 12 ++--
 .../microsoft-defender-atp/machineaction.md   |  6 +-
 25 files changed, 198 insertions(+), 198 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md
index 59d65172e9..d1f6337306 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
 1. Enter your credentials.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
index 3f720e90e8..a43be90cac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@@ -19,16 +19,16 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Manual deployment for Microsoft Defender ATP for macOS
+# Manual deployment for Microsoft Defender for Endpoint for macOS
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for macOS](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for macOS](microsoft-defender-atp-mac.md)
 
-This topic describes how to deploy Microsoft Defender ATP for macOS manually. A successful deployment requires the completion of all of the following steps:
+This topic describes how to deploy Defender for Endpoint for macOS manually. A successful deployment requires the completion of all of the following steps:
 - [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
 - [Application installation (macOS 10.15 and older versions)](#application-installation-macos-1015-and-older-versions)
 - [Application installation (macOS 11 and newer versions)](#application-installation-macos-11-and-newer-versions)
@@ -36,7 +36,7 @@ This topic describes how to deploy Microsoft Defender ATP for macOS manually. A
 
 ## Prerequisites and system requirements
 
-Before you get started, see [the main Microsoft Defender ATP for macOS page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender for Endpoint for macOS page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
 
 ## Download installation and onboarding packages
 
@@ -98,9 +98,9 @@ To complete this process, you must have admin privileges on the device.
 
     ![System extension security preferences](images/big-sur-install-3.png)
 
-5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender ATP for Mac.
+5. Repeat steps 3 & 4 for all system extensions distributed with Defender for Endpoint for Mac.
 
-6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender ATP permissions to filter network traffic, select **Allow**.
+6. As part of the Endpoint Detection and Response capabilities, Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Defender for Endpoint permissions to filter network traffic, select **Allow**.
 
     ![System extension security preferences](images/big-sur-install-4.png)
 
@@ -110,7 +110,7 @@ To complete this process, you must have admin privileges on the device.
 
 ## Client configuration
 
-1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Microsoft Defender ATP for macOS.
+1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Defender for Endpoint for macOS.
 
     The client device is not associated with orgId. Note that the *orgId* attribute is blank.
 
@@ -138,9 +138,9 @@ After installation, you'll see the Microsoft Defender icon in the macOS status b
 ## How to Allow Full Disk Access
 
 > [!CAUTION]
-> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device.
+> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.
 
-To grant consent, open System Preferences -> Security & Privacy -> Privacy -> Full Disk Access. Click the lock icon to make changes (bottom of the dialog box). Select Microsoft Defender ATP.
+To grant consent, open System Preferences -> Security & Privacy -> Privacy -> Full Disk Access. Click the lock icon to make changes (bottom of the dialog box). Select Microsoft Defender for Endpoint.
 
 ## Logging installation issues
 
@@ -148,4 +148,4 @@ See [Logging installation issues](mac-resources.md#logging-installation-issues)
 
 ## Uninstallation
 
-See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for macOS from client devices.
+See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender for Endpoint for macOS from client devices.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
index a1fd86434f..1f7cd93531 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@@ -19,20 +19,20 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Intune-based deployment for Microsoft Defender ATP for Mac
+# Intune-based deployment for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 > [!NOTE]
-> This documentation explains the legacy method for deploying and configuring Microsoft Defender ATP on macOS devices. The native experience is now available in the MEM console. The release of the native UI in the MEM console provide admins with a much simpler way to configure and deploy the application and send it down to macOS devices. 
 

->The blog post [MEM simplifies deployment of Microsoft Defender ATP for macOS](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-simplifies-deployment-of-microsoft/ba-p/1322995) explains the new features. To configure the app, go to [Settings for Microsoft Defender ATP for Mac in Microsoft InTune](https://docs.microsoft.com/mem/intune/protect/antivirus-microsoft-defender-settings-macos). To deploy the app, go to [Add Microsoft Defender ATP to macOS devices using Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/apps-advanced-threat-protection-macos).
+> This documentation explains the legacy method for deploying and configuring Microsoft Defender for Endpoint on macOS devices. The native experience is now available in the MEM console. The release of the native UI in the MEM console provide admins with a much simpler way to configure and deploy the application and send it down to macOS devices. 
 

+>The blog post [MEM simplifies deployment of Microsoft Defender for Endpoint for macOS](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-simplifies-deployment-of-microsoft/ba-p/1322995) explains the new features. To configure the app, go to [Settings for Microsoft Defender for Endpoint for Mac in Microsoft InTune](https://docs.microsoft.com/mem/intune/protect/antivirus-microsoft-defender-settings-macos). To deploy the app, go to [Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/apps-advanced-threat-protection-macos).
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-This topic describes how to deploy Microsoft Defender ATP for Mac through Intune. A successful deployment requires the completion of all of the following steps:
+This topic describes how to deploy Defender for Endpoint for Mac through Intune. A successful deployment requires the completion of all of the following steps:
 
 1. [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
 1. [Client device setup](#client-device-setup)
@@ -42,22 +42,22 @@ This topic describes how to deploy Microsoft Defender ATP for Mac through Intune
 
 ## Prerequisites and system requirements
 
-Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main MIcrosoft Defender for EndpointP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
 
 ## Overview
 
-The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender ATP for Macs, via Intune. More detailed steps are available below.
+The following table summarizes the steps you would need to take to deploy and manage Defender for Endpoint for Macs, via Intune. More detailed steps are available below.
 
 | Step | Sample file names | BundleIdentifier |
 |-|-|-|
 | [Download installation and onboarding packages](#download-installation-and-onboarding-packages) | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp |
-| [Approve System Extension for Microsoft Defender ATP](#approve-system-extensions) | MDATP_SysExt.xml | N/A |
-| [Approve Kernel Extension for Microsoft Defender ATP](#download-installation-and-onboarding-packages) | MDATP_KExt.xml | N/A |
-| [Grant full disk access to Microsoft Defender ATP](#create-system-configuration-profiles-step-8) | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc |
+| [Approve System Extension for Microsoft Defender for Endpoint](#approve-system-extensions) | MDATP_SysExt.xml | N/A |
+| [Approve Kernel Extension for Microsoft Defender for Endpoint](#download-installation-and-onboarding-packages) | MDATP_KExt.xml | N/A |
+| [Grant full disk access to Microsoft Defender for Endpoint](#create-system-configuration-profiles-step-8) | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc |
 | [Network Extension policy](#create-system-configuration-profiles-step-9) | MDATP_NetExt.xml | N/A |
 | [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#intune) | MDATP_Microsoft_AutoUpdate.xml | com.microsoft.autoupdate2 |
-| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)

 **Note:** If you are planning to run a third party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
-| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-10) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
+| [Microsoft Defender for Endpoint configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)

 **Note:** If you are planning to run a third party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
+| [Configure Microsoft Defender for Endpoint and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-10) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
 
 ## Download installation and onboarding packages
 
@@ -191,13 +191,13 @@ To approve the system extensions:
 8. Download `fulldisk.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/fulldisk.mobileconfig) and save it as `tcc.xml`. Create another profile, give it any name and upload this file to it.
 
    > [!CAUTION]
-   > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device.
+   > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Defender for Endpoint is not able to fully protect your device.
    >
-   > This configuration profile grants Full Disk Access to Microsoft Defender ATP. If you previously configured Microsoft Defender ATP through Intune, we recommend you update the deployment with this configuration profile.
+   > This configuration profile grants Full Disk Access to Defender for Endpoint. If you previously configured Defender for Endpoint through Intune, we recommend you update the deployment with this configuration profile.
 
-9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. 
+9. As part of the Endpoint Detection and Response capabilities, Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. 
 
-10. To allow Microsoft Defender ATP for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. 
+10. To allow Defender for Endpoint for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. 
 
 11. Select **Manage > Assignments**.  In the **Include** tab, select **Assign to All Users & All devices**.
 
@@ -221,9 +221,9 @@ Once the Intune changes are propagated to the enrolled devices, you can see them
 6. Set *Ignore app version* to **Yes**. Other settings can be any arbitrary value.
 
     > [!CAUTION]
-    > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated.
+    > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated.
     >
-    > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Defender. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client device, then uninstall Defender and push the updated policy.
+    > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Defender. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client device, then uninstall Defender and push the updated policy.
     
     > [!div class="mx-imgBorder"]
     > ![Device status blade screenshot](../microsoft-defender-antivirus/images/MDATP-8-IntuneAppInfo.png)
@@ -277,4 +277,4 @@ For more information on how to find the automatically generated log that is crea
 
 ## Uninstallation
 
-See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices.
+See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Defender for Endpoint for Mac from client devices.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
index b02fdd72d5..1585ac5850 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
@@ -19,23 +19,23 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Deploying Microsoft Defender ATP for macOS with Jamf Pro
+# Deploying Microsoft Defender for Endpoint for macOS with Jamf Pro
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-Learn how to deploy Microsoft Defender ATP for macOS with Jamf Pro.
+Learn how to deploy Microsoft Defender for Endpoint for macOS with Jamf Pro.
 
 This is a multi step process. You'll need to complete all of the following steps:
 
 - [Login to the Jamf Portal](mac-install-jamfpro-login.md)
-- [Setup the Microsoft Defender ATP for macOS device groups in Jamf Pro](mac-jamfpro-device-groups.md)
-- [Setup the Microsoft Defender ATP for macOS policies in Jamf Pro](mac-jamfpro-policies.md)
-- [Enroll the Microsoft Defender ATP for macOS devices into Jamf Pro](mac-jamfpro-enroll-devices.md)
+- [Setup the Microsoft Defender for Endpoint for macOS device groups in Jamf Pro](mac-jamfpro-device-groups.md)
+- [Setup the Microsoft Defender for Endpoint for macOS policies in Jamf Pro](mac-jamfpro-policies.md)
+- [Enroll the Microsoft Defender for Endpoint for macOS devices into Jamf Pro](mac-jamfpro-enroll-devices.md)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
index 1e43a13d07..68a77f3f8f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
@@ -19,27 +19,27 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender ATP for Mac
+# Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
  
 ## Prerequisites and system requirements
 
-Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender for Endpoint for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
 
 ## Approach
 
 > [!CAUTION]
-> Currently, Microsoft oficially supports only Intune and JAMF for the deployment and management of Microsoft Defender ATP for Mac. Microsoft makes no warranties, express or implied, with respect to the information provided below.
+> Currently, Microsoft oficially supports only Intune and JAMF for the deployment and management of Microsoft Defender for Endpoint for Mac. Microsoft makes no warranties, express or implied, with respect to the information provided below.
 
-If your organization uses a Mobile Device Management (MDM) solution that is not officially supported, this does not mean you are unable to deploy or run Microsoft Defender ATP for Mac.
+If your organization uses a Mobile Device Management (MDM) solution that is not officially supported, this does not mean you are unable to deploy or run Microsoft Defender for Endpoint for Mac.
 
-Microsoft Defender ATP for Mac does not depend on any vendor-specific features. It can be used with any MDM solution that supports the following features:
+Microsoft Defender for Endpoint for Mac does not depend on any vendor-specific features. It can be used with any MDM solution that supports the following features:
 
 - Deploy a macOS .pkg to managed devices.
 - Deploy macOS system configuration profiles to managed devices.
@@ -66,7 +66,7 @@ In order to deploy the package to your enterprise, use the instructions associat
 ### License settings
 
 Set up [a system configuration profile](mac-install-with-jamf.md). 
-Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender ATP for Mac is not part of macOS.
+Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender for Endpoint for Mac is not part of macOS.
 
 Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md).
 Your system may support an arbitrary property list in XML format. You can upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case.
@@ -90,19 +90,19 @@ Set up a system extension policy. Use team identifier **UBF8T346G9** and approve
 
 Grant Full Disk Access to the following components:
 
-- Microsoft Defender ATP
+- Microsoft Defender for Endpoint
     - Identifier: `com.microsoft.wdav`
     - Identifier Type: Bundle ID
     - Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists \*/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /\* exists \*/ and certificate leaf[subject.OU] = UBF8T346G9
 
-- Microsoft Defender ATP Endpoint Security Extension
+- Microsoft Defender for Endpoint Endpoint Security Extension
     - Identifier: `com.microsoft.wdav.epsext`
     - Identifier Type: Bundle ID
     - Code Requirement: identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
 
 ### Network extension policy
 
-As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
 
 - Filter type: Plugin
 - Plugin bundle identifier: `com.microsoft.wdav`
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
index 04cb07cd04..d0bde6a3d1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
@@ -19,14 +19,14 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Set up Microsoft Defender ATP for macOS device groups in Jamf Pro
+# Set up Microsoft c for macOS device groups in Jamf Pro
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
 Set up the device groups similar to Group policy  organizational unite (OUs), Microsoft Endpoint Configuration Manager's device collection, and Intune's device groups.
 
@@ -45,4 +45,4 @@ Set up the device groups similar to Group policy  organizational unite (OUs), Mi
     ![Image of Jamf Pro](images/contoso-machine-group.png)
 
 ## Next step
-- [Set up Microsoft Defender ATP for macOS policies in Jamf Pro](mac-jamfpro-policies.md)
+- [Set up Microsoft Defender for Endpoint for macOS policies in Jamf Pro](mac-jamfpro-policies.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md
index ffd3980a4a..d6954e0d90 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md
@@ -19,14 +19,14 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Enroll Microsoft Defender ATP for macOS devices into Jamf Pro 
+# Enroll Microsoft Defender for Endpoint for macOS devices into Jamf Pro 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
 ## Enroll macOS devices
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index 9a095843cc..0c8f25cce1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -19,43 +19,43 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Set up the Microsoft Defender ATP for macOS policies in Jamf Pro
+# Set up the Microsoft Defender for Endpoint for macOS policies in Jamf Pro
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
 This page will guide you through the steps you need to take to set up macOS policies in Jamf Pro.
 
 You'll need to take the following steps:
 
-1. [Get the Microsoft Defender ATP onboarding package](#step-1-get-the-microsoft-defender-atp-onboarding-package)
+1. [Get the Microsoft Defender for Endpoint onboarding package](#step-1-get-the-microsoft-defender-atp-onboarding-package)
 
 2. [Create a configuration profile in Jamf Pro using the onboarding package](#step-2-create-a-configuration-profile-in-jamf-pro-using-the-onboarding-package)
 
-3. [Configure Microsoft  Defender ATP settings](#step-3-configure-microsoft-defender-atp-settings)
+3. [Configure Microsoft Defender for Endpoint settings](#step-3-configure-microsoft-defender-atp-settings)
 
-4. [Configure Microsoft Defender ATP notification settings](#step-4-configure-notifications-settings)
+4. [Configure Microsoft Defender for Endpoint notification settings](#step-4-configure-notifications-settings)
 
 5. [Configure Microsoft AutoUpdate (MAU)](#step-5-configure-microsoft-autoupdate-mau)
 
-6. [Grant full disk access to Microsoft Defender ATP](#step-6-grant-full-disk-access-to-microsoft-defender-atp)
+6. [Grant full disk access to Microsoft Defender for Endpoint](#step-6-grant-full-disk-access-to-microsoft-defender-atp)
 
-7. [Approve Kernel extension for Microsoft Defender ATP](#step-7-approve-kernel-extension-for-microsoft-defender-atp)
+7. [Approve Kernel extension for Microsoft Defender for Endpoint](#step-7-approve-kernel-extension-for-microsoft-defender-atp)
 
-8. [Approve System extensions for Microsoft Defender ATP](#step-8-approve-system-extensions-for-microsoft-defender-atp)
+8. [Approve System extensions for Microsoft Defender for Endpoint](#step-8-approve-system-extensions-for-microsoft-defender-atp)
 
 9. [Configure Network Extension](#step-9-configure-network-extension)
 
-10. [Schedule scans with Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp)
+10. [Schedule scans with Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp)
 
-11. [Deploy Microsoft Defender ATP for macOS](#step-11-deploy-microsoft-defender-atp-for-macos)
+11. [Deploy Microsoft Defender for Endpoint for macOS](#step-11-deploy-microsoft-defender-atp-for-macos)
 
 
-## Step 1: Get the Microsoft Defender ATP onboarding package
+## Step 1: Get the Microsoft Defender for Endpoint onboarding package
 
 1. In [Microsoft Defender Security Center](https://securitycenter.microsoft.com ), navigate to **Settings > Onboarding**. 
 
@@ -131,9 +131,9 @@ You'll need to take the following steps:
 
     ![List of configuration profiles](images/jamfpro-configuration-policies.png)
 
-## Step 3: Configure Microsoft Defender ATP settings
+## Step 3: Configure Microsoft Defender for Endpoint settings
 
-1.  Use the following Microsoft Defender ATP configuration settings:
+1.  Use the following Microsoft Defender for Endpoint configuration settings:
 
     - enableRealTimeProtection
     - passiveMode
@@ -401,7 +401,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
 
 ## Step 5: Configure Microsoft AutoUpdate (MAU)
 
-1. Use the following Microsoft Defender ATP configuration settings:
+1. Use the following Microsoft Defender for Endpoint configuration settings:
 
       ```XML
    
@@ -483,7 +483,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
     
     ![Image of configuration setting](images/ba44cdb77e4781aa8b940fb83e3c21f7.png)
 
-## Step 6: Grant full disk access to Microsoft Defender ATP
+## Step 6: Grant full disk access to Microsoft Defender for Endpoint
 
 1. In the Jamf Pro dashboard, select **Configuration Profiles**.
 
@@ -573,7 +573,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
     ![Image of configuration setting](images/6c8b406ee224335a8c65d06953dc756e.png)
 
 
-## Step 7: Approve Kernel extension for Microsoft Defender ATP
+## Step 7: Approve Kernel extension for Microsoft Defender for Endpoint
 
 1. In the **Configuration Profiles**, select **+ New**.
 
@@ -624,7 +624,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
     ![Image of configuration settings](images/1c9bd3f68db20b80193dac18f33c22d0.png)
 
 
-## Step 8: Approve System extensions for Microsoft Defender ATP
+## Step 8: Approve System extensions for Microsoft Defender for Endpoint
 
 1. In the **Configuration Profiles**, select **+ New**.
 
@@ -679,10 +679,10 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
 
 ## Step 9: Configure Network Extension
 
-As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
 
 >[!NOTE]
->JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
+>JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender for Endpoint for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
 >As such, the following steps provide a workaround that involve signing the configuration profile.
 
 1. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig) to your device and save it as `com.microsoft.network-extension.mobileconfig`
@@ -733,10 +733,10 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender
 
     ![Image of configuration settings](images/netext-final.png)
 
-## Step 10: Schedule scans with Microsoft Defender ATP for Mac
-Follow the instructions on [Schedule scans with Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp).
+## Step 10: Schedule scans with Microsoft Defender for Endpoint for Mac
+Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp).
 
-## Step 11: Deploy Microsoft Defender ATP for macOS
+## Step 11: Deploy Microsoft Defender for Endpoint for macOS
 
 1. Navigate to where you saved `wdav.pkg`.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index e6f713160f..2a00d8e4b7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -19,21 +19,21 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Set preferences for Microsoft Defender ATP for Mac
+# Set preferences for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
 >[!IMPORTANT]
->This article contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise organizations. To configure Microsoft Defender ATP for Mac using the command-line interface, see [Resources](mac-resources.md#configuring-from-the-command-line).
+>This article contains instructions for how to set preferences for Microsoft Defender for Endpoint for Mac in enterprise organizations. To configure Microsoft Defender for Endpoint for Mac using the command-line interface, see [Resources](mac-resources.md#configuring-from-the-command-line).
 
 ## Summary
 
-In enterprise organizations, Microsoft Defender ATP for Mac can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Changing the preferences that are set through the configuration profile requires escalated privileges and is not available for users without administrative permissions.
+In enterprise organizations, Microsoft Defender for Endpoint for Mac can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Changing the preferences that are set through the configuration profile requires escalated privileges and is not available for users without administrative permissions.
 
 This article describes the structure of the configuration profile, includes a recommended profile that you can use to get started, and provides instructions on how to deploy the profile.
 
@@ -44,11 +44,11 @@ The configuration profile is a *.plist* file that consists of entries identified
 >[!CAUTION]
 >The layout of the configuration profile depends on the management console that you are using. The following sections contain examples of configuration profiles for JAMF and Intune.
 
-The top level of the configuration profile includes product-wide preferences and entries for subareas of Microsoft Defender ATP, which are explained in more detail in the next sections.
+The top level of the configuration profile includes product-wide preferences and entries for subareas of Microsoft Defender for Endpoint, which are explained in more detail in the next sections.
 
 ### Antivirus engine preferences
 
-The *antivirusEngine* section of the configuration profile is used to manage the preferences of the antivirus component of Microsoft Defender ATP.
+The *antivirusEngine* section of the configuration profile is used to manage the preferences of the antivirus component of Microsoft Defender for Endpoint.
 
 |||
 |:---|:---|
@@ -83,7 +83,7 @@ Specify whether the antivirus engine runs in passive mode. Passive mode has the
 | **Key** | passiveMode |
 | **Data type** | Boolean |
 | **Possible values** | false (default) 
 true |
-| **Comments** | Available in Microsoft Defender ATP version 100.67.60 or higher. |
+| **Comments** | Available in Microsoft Defender for Endpoint version 100.67.60 or higher. |
 
 #### Exclusion merge policy
 
@@ -95,7 +95,7 @@ Specify the merge policy for exclusions. This can be a combination of administra
 | **Key** | exclusionsMergePolicy |
 | **Data type** | String |
 | **Possible values** | merge (default) 
 admin_only |
-| **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
+| **Comments** | Available in Microsoft Defender for Endpoint version 100.83.73 or higher. |
 
 #### Scan exclusions
 
@@ -169,7 +169,7 @@ Specify a process for which all file activity is excluded from scanning. The pro
 
 #### Allowed threats
 
-Specify threats by name that are not blocked by Microsoft Defender ATP for Mac. These threats will be allowed to run.
+Specify threats by name that are not blocked by Defender for Endpoint for Mac. These threats will be allowed to run.
 
 |||
 |:---|:---|
@@ -187,11 +187,11 @@ Restricts the actions that the local user of a device can take when threats are
 | **Key** | disallowedThreatActions |
 | **Data type** | Array of strings |
 | **Possible values** | allow (restricts users from allowing threats) 
 restore (restricts users from restoring threats from the quarantine) |
-| **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
+| **Comments** | Available in Defender for Endpoint version 100.83.73 or higher. |
 
 #### Threat type settings
 
-Specify how certain threat types are handled by Microsoft Defender ATP for Mac.
+Specify how certain threat types are handled by Defender for Endpoint for Mac.
 
 |||
 |:---|:---|
@@ -236,7 +236,7 @@ Specify the merge policy for threat type settings. This can be a combination of
 | **Key** | threatTypeSettingsMergePolicy |
 | **Data type** | String |
 | **Possible values** | merge (default) 
 admin_only |
-| **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
+| **Comments** | Available in Defender for Endpoint version 100.83.73 or higher. |
 
 #### Antivirus scan history retention (in days)
 
@@ -248,7 +248,7 @@ Specify the number of days that results are retained in the scan history on the
 | **Key** | scanResultsRetentionDays |
 | **Data type** | String |
 | **Possible values** | 90 (default). Allowed values are from 1 day to 180 days. |
-| **Comments** | Available in Microsoft Defender ATP version 101.07.23 or higher. |
+| **Comments** | Available in Defender for Endpoint version 101.07.23 or higher. |
 
 #### Maximum number of items in the antivirus scan history
 
@@ -260,11 +260,11 @@ Specify the maximum number of entries to keep in the scan history. Entries inclu
 | **Key** | scanHistoryMaximumItems |
 | **Data type** | String |
 | **Possible values** | 10000 (default). Allowed values are from 5000 items to 15000 items. |
-| **Comments** | Available in Microsoft Defender ATP version 101.07.23 or higher. |
+| **Comments** | Available in Defender for Endpoint version 101.07.23 or higher. |
 
 ### Cloud-delivered protection preferences
 
-Configure the cloud-driven protection features of Microsoft Defender ATP for Mac.
+Configure the cloud-driven protection features of Defender for Endpoint for Mac.
 
 |||
 |:---|:---|
@@ -286,7 +286,7 @@ Specify whether to enable cloud-delivered protection the device or not. To impro
 
 #### Diagnostic collection level
 
-Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by Microsoft Defender ATP to Microsoft.
+Diagnostic data is used to keep Defender for Endpoint secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by Defender for Endpoint to Microsoft.
 
 |||
 |:---|:---|
@@ -318,7 +318,7 @@ Determines whether security intelligence updates are installed automatically:
 
 ### User interface preferences
 
-Manage the preferences for the user interface of Microsoft Defender ATP for Mac.
+Manage the preferences for the user interface of Defender for Endpoint for Mac.
 
 |||
 |:---|:---|
@@ -348,11 +348,11 @@ Specify whether users can submit feedback to Microsoft by going to `Help` > `Sen
 | **Key** | userInitiatedFeedback |
 | **Data type** | String |
 | **Possible values** | enabled (default) 
 disabled |
-| **Comments** | Available in Microsoft Defender ATP version 101.19.61 or higher. |
+| **Comments** | Available in Defender for Endpoint version 101.19.61 or higher. |
 
 ### Endpoint detection and response preferences
 
-Manage the preferences of the endpoint detection and response (EDR) component of Microsoft Defender ATP for Mac.
+Manage the preferences of the endpoint detection and response (EDR) component of Defender for Endpoint for Mac.
 
 |||
 |:---|:---|
@@ -402,13 +402,13 @@ Specifies the value of tag
 
 ## Recommended configuration profile
 
-To get started, we recommend the following configuration for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
+To get started, we recommend the following configuration for your enterprise to take advantage of all protection features that Defender for Endpoint provides.
 
 The following configuration profile (or, in case of JAMF, a property list that could be uploaded into the custom settings configuration profile) will:
 - Enable real-time protection (RTP)
 - Specify how the following threat types are handled:
   - **Potentially unwanted applications (PUA)** are blocked
-  - **Archive bombs** (file with a high compression rate) are audited to Microsoft Defender ATP logs
+  - **Archive bombs** (file with a high compression rate) are audited to Defender for Endpoint logs
 - Enable automatic security intelligence updates
 - Enable cloud-delivered protection
 - Enable automatic sample submission
@@ -469,9 +469,9 @@ The following configuration profile (or, in case of JAMF, a property list that c
         PayloadIdentifier
         com.microsoft.wdav
         PayloadDisplayName
-        Microsoft Defender ATP settings
+        Microsoft Defender for Endpoint settings
         PayloadDescription
-        Microsoft Defender ATP configuration settings
+        Microsoft Defender for Endpoint configuration settings
         PayloadVersion
         1
         PayloadEnabled
@@ -492,7 +492,7 @@ The following configuration profile (or, in case of JAMF, a property list that c
                 PayloadIdentifier
                 com.microsoft.wdav
                 PayloadDisplayName
-                Microsoft Defender ATP configuration settings
+                Microsoft Defender for Endpoint configuration settings
                 PayloadDescription
                 
                 PayloadVersion
@@ -536,7 +536,7 @@ The following configuration profile (or, in case of JAMF, a property list that c
 
 ## Full configuration profile example
 
-The following templates contain entries for all settings described in this document and can be used for more advanced scenarios where you want more control over Microsoft Defender ATP for Mac.
+The following templates contain entries for all settings described in this document and can be used for more advanced scenarios where you want more control over Microsoft Defender for Endpoint for Mac.
 
 ### Property list for JAMF configuration profile
 
@@ -657,9 +657,9 @@ The following templates contain entries for all settings described in this docum
         PayloadIdentifier
         C4E6A782-0C8D-44AB-A025-EB893987A295
         PayloadDisplayName
-        Microsoft Defender ATP settings
+        Microsoft Defender for Endpoint settings
         PayloadDescription
-        Microsoft Defender ATP configuration settings
+        Microsoft Defender for Endpoint configuration settings
         PayloadVersion
         1
         PayloadEnabled
@@ -680,7 +680,7 @@ The following templates contain entries for all settings described in this docum
                 PayloadIdentifier
                 99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295
                 PayloadDisplayName
-                Microsoft Defender ATP configuration settings
+                Microsoft Defender for Endpoint configuration settings
                 PayloadDescription
                 
                 PayloadVersion
@@ -809,7 +809,7 @@ Once you've built the configuration profile for your enterprise, you can deploy
 From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**. Create an entry with `com.microsoft.wdav` as the preference domain and upload the *.plist* produced earlier.
 
 >[!CAUTION]
->You must enter the correct preference domain (`com.microsoft.wdav`); otherwise, the preferences will not be recognized by Microsoft Defender ATP.
+>You must enter the correct preference domain (`com.microsoft.wdav`); otherwise, the preferences will not be recognized by Defender for Endpoint.
 
 ### Intune deployment
 
@@ -828,7 +828,7 @@ From the JAMF console, open **Computers** > **Configuration Profiles**, navigate
 7. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
 
 >[!CAUTION]
->You must enter the correct custom configuration profile name; otherwise, these preferences will not be recognized by Microsoft Defender ATP.
+>You must enter the correct custom configuration profile name; otherwise, these preferences will not be recognized by Defender for Endpoint.
 
 ## Resources
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
index 42d1a1e3fd..1d9e6dd60d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
@@ -19,32 +19,32 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Privacy for Microsoft Defender ATP for Mac
+# Privacy for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Microsoft Defender ATP for Mac.
+Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Defender for Endpoint for Mac.
 
 This topic describes the privacy controls available within the product, how to manage these controls with policy settings and more details on the data events that are collected.
 
-## Overview of privacy controls in Microsoft Defender ATP for Mac
+## Overview of privacy controls in Microsoft Defender for Endpoint for Mac
 
-This section describes the privacy controls for the different types of data collected by Microsoft Defender ATP for Mac.
+This section describes the privacy controls for the different types of data collected by Microsoft Defender for Endpoint for Mac.
 
 ### Diagnostic data
 
-Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements.
+Diagnostic data is used to keep Microsoft Defender for Endpoint secure and up-to-date, detect, diagnose and fix problems, and also make product improvements.
 
 Some diagnostic data is required, while some diagnostic data is optional. We give you the ability to choose whether to send us required or optional diagnostic data through the use of privacy controls, such as policy settings for organizations.
 
-There are two levels of diagnostic data for Microsoft Defender ATP client software that you can choose from:
+There are two levels of diagnostic data for Microsoft Defender for Endpoint client software that you can choose from:
 
-* **Required**: The minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on.
+* **Required**: The minimum data necessary to help keep Defender for Endpoint secure, up-to-date, and performing as expected on the device it’s installed on.
 
 * **Optional**: Additional data that helps Microsoft make product improvements and provides enhanced information to help detect, diagnose, and remediate issues.
 
@@ -66,7 +66,7 @@ When this feature is enabled and the sample that is collected is likely to conta
 
 If you're an IT administrator, you might want to configure these controls at the enterprise level. 
 
-The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
+The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
 
 As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings that you configure have the desired effect before you implement the policy settings more widely in your organization.
 
@@ -87,7 +87,7 @@ The following fields are considered common for all events:
 | org_id                  | Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. |
 | hostname                | Local device name (without DNS suffix). Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. |
 | product_guid            | Unique identifier of the product. Allows Microsoft to differentiate issues impacting different flavors of the product. |
-| app_version             | Version of the Microsoft Defender ATP for Mac application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.|
+| app_version             | Version of the Defender for Endpoint for Mac application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.|
 | sig_version             | Version of security intelligence database. Allows Microsoft to identify which versions of the security intelligence are showing an issue so that it can correctly be prioritized. |
 | supported_compressions  | List of compression algorithms supported by the application, for example `['gzip']`. Allows Microsoft to understand what types of compressions can be used when it communicates with the application. |
 | release_ring            | Ring that the device is associated with (for example Insider Fast, Insider Slow, Production). Allows Microsoft to identify on which release ring an issue may be occurring so that it can correctly be prioritized. |
@@ -95,13 +95,13 @@ The following fields are considered common for all events:
 
 ### Required diagnostic data
 
-**Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and perform as expected on the device it’s installed on.
+**Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender for Endpoint secure, up-to-date, and perform as expected on the device it’s installed on.
 
-Required diagnostic data helps to identify problems with Microsoft Defender ATP that may be related to a device or software configuration. For example, it can help determine if a Microsoft Defender ATP feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Microsoft Defender ATP features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced.
+Required diagnostic data helps to identify problems with Microsoft Defender for Endpoint that may be related to a device or software configuration. For example, it can help determine if a Microsoft Defender for Endpoint feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Defender for Endpoint features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced.
 
 #### Software setup and inventory data events
 
-**Microsoft Defender ATP installation / uninstallation**
+**Microsoft Defender for Endpoint installation / uninstallation**
 
 The following fields are collected:
 
@@ -113,7 +113,7 @@ The following fields are collected:
 | code             | Code that describes the operation. |
 | text             | Additional information associated with the product installation. |
 
-**Microsoft Defender ATP configuration**
+**Microsoft Defender for Endpoint configuration**
 
 The following fields are collected:
 
@@ -122,7 +122,7 @@ The following fields are collected:
 | antivirus_engine.enable_real_time_protection        | Whether real-time protection is enabled on the device or not. |
 | antivirus_engine.passive_mode                       | Whether passive mode is enabled on the device or not. |
 | cloud_service.enabled                               | Whether cloud delivered protection is enabled on the device or not. |
-| cloud_service.timeout                               | Time out when the application communicates with the Microsoft Defender ATP cloud. |
+| cloud_service.timeout                               | Time out when the application communicates with the Defender for Endpoint cloud. |
 | cloud_service.heartbeat_interval                    | Interval between consecutive heartbeats sent by the product to the cloud. |
 | cloud_service.service_uri                           | URI used to communicate with the cloud. |
 | cloud_service.diagnostic_level                      | Diagnostic level of the device (required, optional). |
@@ -155,7 +155,7 @@ The following fields are collected:
 
 | Field            | Description |
 | ---------------- | ----------- |
-| version          | Version of Microsoft Defender ATP for Mac. |
+| version          | Version of Defender for Endpoint for Mac. |
 | instance_id      | Unique identifier generated on kernel extension startup. |
 | trace_level      | Trace level of the kernel extension. |
 | subsystem        | The underlying subsystem used for real-time protection. |
@@ -170,8 +170,8 @@ The following fields are collected:
 Diagnostic logs are collected only with the consent of the user as part of the feedback submission feature. The following files are collected as part of the support logs:
 
 - All files under */Library/Logs/Microsoft/mdatp/*
-- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender ATP for Mac
-- Subset of files under */Library/Managed Preferences* that are used by Microsoft Defender ATP for Mac
+- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Defender for Endpoint for Mac
+- Subset of files under */Library/Managed Preferences* that are used by Defender for Endpoint for Mac
 - /Library/Logs/Microsoft/autoupdate.log
 - $HOME/Library/Preferences/com.microsoft.autoupdate2.plist
 
@@ -185,7 +185,7 @@ Examples of optional diagnostic data include data Microsoft collects about produ
 
 #### Software setup and inventory data events
 
-**Microsoft Defender ATP configuration**
+**Microsoft Defender for Endpoint configuration**
 
 The following fields are collected:
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
index 266a05a30f..c0dfe86d22 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
@@ -19,16 +19,16 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Detect and block potentially unwanted applications with Microsoft Defender ATP for Mac
+# Detect and block potentially unwanted applications with Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-The potentially unwanted application (PUA) protection feature in Microsoft Defender ATP for Mac can detect and block PUA files on endpoints in your network.
+The potentially unwanted application (PUA) protection feature in Defender for Endpoint for Mac can detect and block PUA files on endpoints in your network.
 
 These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.
 
@@ -36,13 +36,13 @@ These applications can increase the risk of your network being infected with mal
 
 ## How it works
 
-Microsoft Defender ATP for Mac can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine.
+Defender for Endpoint for Mac can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine.
 
-When a PUA is detected on an endpoint, Microsoft Defender ATP for Mac presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application".
+When a PUA is detected on an endpoint, Defender for Endpoint for Mac presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application".
 
 ## Configure PUA protection
 
-PUA protection in Microsoft Defender ATP for Mac can be configured in one of the following ways:
+PUA protection in Defender for Endpoint for Mac can be configured in one of the following ways:
 
 - **Off**: PUA protection is disabled.
 - **Audit**: PUA files are reported in the product logs, but not in Microsoft Defender Security Center. No notification is presented to the user and no action is taken by the product.
@@ -63,8 +63,8 @@ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block
 
 ### Use the management console to configure PUA protection:
 
-In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, see the [Threat type settings](mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md) topic.
+In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, see the [Threat type settings](mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md) topic.
 
 ## Related topics
 
-- [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md)
+- [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
index 83030035f2..825a5600a6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
@@ -19,14 +19,14 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Resources for Microsoft Defender ATP for Mac
+# Resources for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
 ## Collecting diagnostic information
 
@@ -44,7 +44,7 @@ If you can reproduce a problem, increase the logging level, run the system for s
 
 2. Reproduce the problem
 
-3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
+3. Run `sudo mdatp diagnostic create` to back up Defender for Endpoint's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
 
   > [!TIP]
   > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory.
@@ -73,7 +73,7 @@ The detailed log will be saved to `/Library/Logs/Microsoft/mdatp/install.log`. I
 
 ## Uninstalling
 
-There are several ways to uninstall Microsoft Defender ATP for Mac. Note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
+There are several ways to uninstall Defender for Endpoint for Mac. Note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
 
 ### Interactive uninstallation
 
@@ -137,7 +137,7 @@ To enable autocompletion in `zsh`:
    echo "autoload -Uz compinit && compinit" >> ~/.zshrc
    ```
 
-- Run the following commands to enable autocompletion for Microsoft Defender ATP for Mac and restart the Terminal session:
+- Run the following commands to enable autocompletion for Defender for Endpoint for Mac and restart the Terminal session:
 
    ```zsh
    sudo mkdir -p /usr/local/share/zsh/site-functions
@@ -146,10 +146,10 @@ To enable autocompletion in `zsh`:
    sudo ln -svf "/Applications/Microsoft Defender ATP.app/Contents/Resources/Tools/mdatp_completion.zsh" /usr/local/share/zsh/site-functions/_mdatp
    ```
 
-## Client Microsoft Defender ATP quarantine directory
+## Client Microsoft Defender for Endpoint quarantine directory
 
 `/Library/Application Support/Microsoft/Defender/quarantine/` contains the files quarantined by `mdatp`. The files are named after the threat trackingId. The current trackingIds is shown with `mdatp --threat --list --pretty`.
 
-## Microsoft Defender ATP portal information
+## Microsoft Defender for Endpoint portal information
 
 [This blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801) provides detailed guidance on what to expect in Microsoft Defender ATP Security Center.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
index fdad212625..98d0151efc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
@@ -19,12 +19,12 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Schedule scans with Microsoft Defender ATP for Mac
+# Schedule scans with Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. 
+While you can start a threat scan at any time with Microsoft Defender for Endpoint, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. 
 
 ## Schedule a scan with *launchd*
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
index f4a32380f3..4df09099cf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
@@ -19,14 +19,14 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Troubleshoot installation issues for Microsoft Defender ATP for Mac
+# Troubleshoot installation issues for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
 ## Installation failed
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
index d369e94d36..9241a56fdf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
@@ -19,20 +19,20 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Troubleshoot kernel extension issues in Microsoft Defender ATP for Mac
+# Troubleshoot kernel extension issues in Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-This article provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender ATP for Mac.
+This article provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender for Endpoint for Mac.
 
 Starting with macOS High Sierra (10.13), macOS requires all kernel extensions to be explicitly approved before they are allowed to run on the device.
 
-If you did not approve the kernel extension during the deployment/installation of Microsoft Defender ATP for Mac, the application displays a banner prompting you to enable it:
+If you did not approve the kernel extension during the deployment/installation of Microsoft Defender for Endpoint for Mac, the application displays a banner prompting you to enable it:
 
    ![RTP disabled screenshot](../microsoft-defender-antivirus/images/MDATP-32-Main-App-Fix.png)
 
@@ -48,7 +48,7 @@ realTimeProtectionEnabled               : true
 ...
 ```
 
-The following sections provide guidance on how to address this issue, depending on the method that you used to deploy Microsoft Defender ATP for Mac.
+The following sections provide guidance on how to address this issue, depending on the method that you used to deploy Microsoft Defender for Endpoint for Mac.
 
 ## Managed deployment
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md
index a05f815303..742a7507d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md
@@ -19,16 +19,16 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Troubleshoot license issues for Microsoft Defender ATP for Mac
+# Troubleshoot license issues for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-While you are going through [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md) and [Manual deployment](mac-install-manually.md) testing or a Proof Of Concept (PoC), you might get the following error:
+While you are going through [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) and [Manual deployment](mac-install-manually.md) testing or a Proof Of Concept (PoC), you might get the following error:
 
 ![Image of license error](images/no-license-found.png)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
index 385a3fddb2..5f92d3e415 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
@@ -19,28 +19,28 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Troubleshoot performance issues for Microsoft Defender ATP for Mac
+# Troubleshoot performance issues for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender ATP for Mac.
+This topic provides some general steps that can be used to narrow down performance issues related to Defender for Endpoint for Mac.
 
-Real-time protection (RTP) is a feature of Microsoft Defender ATP for Mac that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
+Real-time protection (RTP) is a feature of Defender for Endpoint for Mac that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
 
-Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Microsoft Defender ATP for Mac. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender ATP for Mac.
+Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Defender for Endpoint for Mac. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Defender for Endpoint for Mac.
 
 The following steps can be used to troubleshoot and mitigate these issues:
 
-1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender ATP for Mac is contributing to the performance issues.
+1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Defender for Endpoint for Mac is contributing to the performance issues.
 
     If your device is not managed by your organization, real-time protection can be disabled using one of the following options:
 
-    - From the user interface. Open Microsoft Defender ATP for Mac and navigate to **Manage settings**.
+    - From the user interface. Open Defender for Endpoint for Mac and navigate to **Manage settings**.
 
     ![Manage real-time protection screenshot](../microsoft-defender-antivirus/images/mdatp-36-rtp.png)
 
@@ -50,10 +50,10 @@ The following steps can be used to troubleshoot and mitigate these issues:
     mdatp --config realTimeProtectionEnabled false
     ```
 
-    If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
+    If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
 
 2. Open Finder and navigate to **Applications** > **Utilities**. Open **Activity Monitor** and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers.
 
-3. Configure Microsoft Defender ATP for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
+3. Configure Defender for Endpoint for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
 
-    See [Configure and validate exclusions for Microsoft Defender ATP for Mac](mac-exclusions.md) for details.
+    See [Configure and validate exclusions for Microsoft Defender for Endpoint for Mac](mac-exclusions.md) for details.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
index f53075c405..c1f73eb4e9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@@ -25,9 +25,9 @@ ROBOTS: noindex,nofollow
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
+In alignment with macOS evolution, we are preparing a Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
 
-If you have deployed Microsoft Defender ATP for Mac in a managed environment (through JAMF, Intune, or another MDM solution), you must deploy new configuration profiles. Failure to do these steps will result in users getting approval prompts to run these new components.
+If you have deployed Defender for Endpoint for Mac in a managed environment (through JAMF, Intune, or another MDM solution), you must deploy new configuration profiles. Failure to do these steps will result in users getting approval prompts to run these new components.
 
 ## JAMF
 
@@ -47,7 +47,7 @@ To approve the system extensions, create the following payload:
 
 ### Privacy Preferences Policy Control
 
-Add the following JAMF payload to grant Full Disk Access to the Microsoft Defender ATP Endpoint Security Extension. This policy is a pre-requisite for running the extension on your device.
+Add the following JAMF payload to grant Full Disk Access to the Defender for Endpoint Endpoint Security Extension. This policy is a pre-requisite for running the extension on your device.
 
 1. Select **Options** > **Privacy Preferences Policy Control**.
 2. Use `com.microsoft.wdav.epsext` as the **Identifier** and `Bundle ID` as **Bundle type**.
@@ -58,10 +58,10 @@ Add the following JAMF payload to grant Full Disk Access to the Microsoft Defend
 
 ### Network Extension Policy
 
-As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
+As part of the Endpoint Detection and Response capabilities, Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
 
 >[!NOTE]
->JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
+>JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Defender for Endpoint for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
 >As such, the following steps provide a workaround that involve signing the configuration profile.
 
 1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
index 86a435cc65..9eacf9f1c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
@@ -20,16 +20,16 @@ ms.topic: conceptual
 ROBOTS: noindex,nofollow
 ---
 
-# Microsoft Defender ATP for Mac - System Extensions (Public Preview)
+# Microsoft Defender for Endpoint for Mac - System Extensions (Public Preview)
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
+In alignment with macOS evolution, we are preparing a Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
 
 This functionality is currently in public preview. This article contains instructions for enabling this functionality on your device. You can choose to try out this feature locally on your own device or configure it remotely through a management tool.
 
-These steps assume you already have Microsoft Defender ATP running on your device. For more information, see [this page](microsoft-defender-atp-mac.md).
+These steps assume you already have Defender for Endpoint running on your device. For more information, see [this page](microsoft-defender-atp-mac.md).
 
 ## Known issues
 
@@ -65,7 +65,7 @@ Select the deployment steps corresponding to your environment and your preferred
 
 Once all deployment prerequisites are met, restart your device to start the system extension approval and activation process.
 
-You will be presented series of system prompts to approve the Microsoft Defender ATP system extensions. You must approve ALL prompts from the series, because macOS requires an explicit approval for each extension that Microsoft Defender ATP for Mac installs on the device.
+You will be presented series of system prompts to approve the Defender for Endpoint system extensions. You must approve ALL prompts from the series, because macOS requires an explicit approval for each extension that Defender for Endpoint for Mac installs on the device.
 
 For each approval, click **Open Security Preferences** and then click **Allow** to allow the system extension to run.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
index 740aaacb77..d9f83fa462 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
@@ -19,18 +19,18 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Deploy updates for Microsoft Defender ATP for Mac
+# Deploy updates for Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
 Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
 
-To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
+To update Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
 
 ![MAU screenshot](../microsoft-defender-antivirus/images/MDATP-34-MAU.png)
 
@@ -40,7 +40,7 @@ If you decide to deploy updates by using your software distribution tools, you s
 
 MAU includes a command-line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate).
 
-In MAU, the application identifier for Microsoft Defender ATP for Mac is *WDAV00*. To download and install the latest updates for Microsoft Defender ATP for Mac, execute the following command from a Terminal window:
+In MAU, the application identifier for Defender for Endpoint for Mac is *WDAV00*. To download and install the latest updates for Defender for Endpoint for Mac, execute the following command from a Terminal window:
 
 ```
 ./msupdate --install --apps wdav00
@@ -67,7 +67,7 @@ The `Production` channel contains the most stable version of the product.
 | **Possible values** | InsiderFast 
 External 
 Production |
 
 >[!WARNING]
->This setting changes the channel for all applications that are updated through Microsoft AutoUpdate. To change the channel only for Microsoft Defender ATP for Mac, execute the following command after replacing `[channel-name]` with the desired channel:
+>This setting changes the channel for all applications that are updated through Microsoft AutoUpdate. To change the channel only for Defender for Endpoint for Mac, execute the following command after replacing `[channel-name]` with the desired channel:
 > ```bash
 > defaults write com.microsoft.autoupdate2 Applications -dict-add "/Applications/Microsoft Defender ATP.app" " { 'Application ID' = 'WDAV00' ; 'App Domain' = 'com.microsoft.wdav' ; LCID = 1033 ; ChannelName = '[channel-name]' ; }"
 > ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index bccb1bed4f..ec2cea0291 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -19,26 +19,26 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# What's new in Microsoft Defender Advanced Threat Protection for Mac
+# What's new in Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 > [!IMPORTANT]
-> In preparation for macOS 11 Big Sur, we are getting ready to release an update to Microsoft Defender ATP for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender ATP for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
+> In preparation for macOS 11 Big Sur, we are getting ready to release an update to Defender for Endpoint for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Defender for Endpoint for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
 > 
 > The update is applicable to devices running macOS version 10.15.4 or later.
 > 
-> To ensure that the Microsoft Defender ATP for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Microsoft Defender ATP for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
+> To ensure that the Defender for Endpoint for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Defender for Endpoint for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
 > 
 > Timing: 
-> - Organizations that previously opted into Microsoft Defender ATP preview features in Microsoft Defender Security Center, must be ready for Microsoft Defender ATP for Mac agent update **by August 10, 2020**.
+> - Organizations that previously opted into Defender for Endpoint preview features in Microsoft Defender Security Center, must be ready for Defender for Endpoint for Mac agent update **by August 10, 2020**.
 > - Organizations that do not participate in public previews for Microsoft Defender ATP features, must be ready **by September 07, 2020**.
 > 
 > Action is needed by IT administrator. Review the steps below and assess the impact on your organization:
 > 
 > 1. Deploy the specified remote configuration to eligible macOS devices before Microsoft publishes the new agent version. 

-> Even though Microsoft Defender ATP for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Microsoft Defender ATP for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
+> Even though Defender for Endpoint for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Defender for Endpoint for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
 > 
 > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
 > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
@@ -60,7 +60,7 @@ ms.topic: conceptual
   > [!IMPORTANT]
   > Extensive testing of MDE (Microsoft Defender for Endpoint) with new macOS system extensions revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
 
-- The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender ATP for Mac](mac-resources.md#configuring-from-the-command-line)
+- The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md#configuring-from-the-command-line)
 
   > [!NOTE]
   > The old command-line tool syntax will be removed from the product on **January 1st, 2021**.
@@ -119,13 +119,13 @@ ms.topic: conceptual
 
 - Improved [product onboarding experience for Intune users](https://docs.microsoft.com/mem/intune/apps/apps-advanced-threat-protection-macos)
 - Antivirus [exclusions now support wildcards](mac-exclusions.md#supported-exclusion-types)
-- Added the ability to trigger antivirus scans from the macOS contextual menu. You can now right-click a file or a folder in Finder and select **Scan with Microsoft Defender ATP**
+- Added the ability to trigger antivirus scans from the macOS contextual menu. You can now right-click a file or a folder in Finder and select **Scan with Microsoft Defender for Endpoint**
 - In-place product downgrades are now explicitly disallowed by the installer. If you need to downgrade, first uninstall the existing version and reconfigure your device
 - Other performance improvements & bug fixes
 
 ## 100.90.27
 
-- You can now [set an update channel](mac-updates.md#set-the-channel-name) for Microsoft Defender ATP for Mac that is different from the system-wide update channel
+- You can now [set an update channel](mac-updates.md#set-the-channel-name) for Defender for Endpoint for Mac that is different from the system-wide update channel
 - New product icon
 - Other user experience improvements
 - Bug fixes
@@ -162,7 +162,7 @@ ms.topic: conceptual
 
 ## 100.79.42
 
-- Fixed an issue where Microsoft Defender ATP for Mac was sometimes interfering with Time Machine
+- Fixed an issue where Defender for Endpoint for Mac was sometimes interfering with Time Machine
 - Added a new switch to the command-line utility for testing the connectivity with the backend service
   ```bash
   mdatp --connectivity-test
@@ -176,7 +176,7 @@ ms.topic: conceptual
 
 ## 100.70.99
 
-- Addressed an issue that impacts the ability of some users to upgrade to macOS Catalina when real-time protection is enabled. This sporadic issue was caused by Microsoft Defender ATP locking files within Catalina upgrade package while scanning them for threats, which led to failures in the upgrade sequence.
+- Addressed an issue that impacts the ability of some users to upgrade to macOS Catalina when real-time protection is enabled. This sporadic issue was caused by Defender for Endpoint locking files within Catalina upgrade package while scanning them for threats, which led to failures in the upgrade sequence.
 
 ## 100.68.99
 
@@ -188,9 +188,9 @@ ms.topic: conceptual
 - Added support for macOS Catalina
 
   > [!CAUTION]
-  > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device.
+  > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Defender for Endpoint is not able to fully protect your device.
   >
-  > The mechanism for granting this consent depends on how you deployed Microsoft Defender ATP:
+  > The mechanism for granting this consent depends on how you deployed Defender for Endpoint:
   >
   > - For manual deployments, see the updated instructions in the [Manual deployment](mac-install-manually.md#how-to-allow-full-disk-access) topic.
   > - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
index 1ec1962585..554b5877df 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
@@ -26,11 +26,11 @@ ms.topic: article
 
 - Azure Active Directory
 - Office 365
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 In an enterprise scenario, security operation teams are typically assigned a set of devices. These devices are grouped together based on a set of attributes such as their domains, computer names, or designated tags.
 
-In Microsoft Defender ATP, you can create device groups and use them to:
+In Defender for Endpoint, you can create device groups and use them to:
 - Limit access to related alerts and data to specific Azure AD user groups with [assigned RBAC roles](rbac.md) 
 - Configure different auto-remediation settings for different sets of devices
 - Assign specific remediation levels to apply during automated investigations
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
index 0f50126e3f..45864dd1d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
@@ -17,13 +17,13 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Device health and compliance report in Microsoft Defender ATP
+# Device health and compliance report in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 The devices status report provides high-level information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, and Windows 10 versions.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index e2c6f6756f..2dc1ae481f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
@@ -49,8 +49,8 @@ Property |   Type   |   Description
 :---|:---|:---
 id | String | [machine](machine.md) identity.
 computerDnsName | String | [machine](machine.md) fully qualified name.
-firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
-lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
+firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Defender for Endpoint.
+lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Defender for Endpoint.
 osPlatform | String | Operating system platform.
 version | String | Operating system Version.
 osBuild | Nullable long | Operating system build number.
@@ -60,9 +60,9 @@ healthStatus | Enum | [machine](machine.md) health status. Possible values are:
 rbacGroupName | String | Machine group Name.
 rbacGroupId | Int | Machine group unique ID.
 riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
-exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined).
 machineTags | String collection | Set of [machine](machine.md) tags.
-exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+exposureLevel | Nullable Enum | Exposure level as evaluated by Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 deviceValue | Nullable Enum | The [value of the device](tvm-assign-device-value.md). Possible values are: 'Normal', 'Low' and 'High'.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
index 90bf8cebb8..7871debd9c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 - For more information, see [Response Actions](respond-machine-alerts.md). 
 
@@ -38,7 +38,7 @@ ms.topic: article
 | [Restrict app execution](restrict-code-execution.md)              | [Machine Action](machineaction.md) | Restrict application execution.                             |
 | [Remove app restriction](unrestrict-code-execution.md)            | [Machine Action](machineaction.md) | Remove application execution restriction.                   |
 | [Run antivirus scan](run-av-scan.md)                              | [Machine Action](machineaction.md) | Run an AV scan using Windows Defender (when applicable).    |
-| [Offboard machine](offboard-machine-api.md)                       | [Machine Action](machineaction.md) | Offboard [machine](machine.md) from Microsoft Defender ATP. |
+| [Offboard machine](offboard-machine-api.md)                       | [Machine Action](machineaction.md) | Offboard [machine](machine.md) from Defender for Endpoint. |
 | [Stop and quarantine file](stop-and-quarantine-file.md)           | [Machine Action](machineaction.md) | Stop execution of a file on a machine and delete it.        |
 
 


From 66498185beb06e200089e0c58a218d832e65c3de Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi 
Date: Mon, 9 Nov 2020 16:35:20 +0530
Subject: [PATCH 232/384] Task 4611644-Rebranding task for Windows-docs-pr-
 Branch-1

Rebranding work of Folder (Files under the Path): windows-docs-pr\windows\security\threat-protection\microsoft-defender-antivirus
---
 .../antivirus-false-positives-negatives.md    |  6 ++---
 ...irst-sight-microsoft-defender-antivirus.md |  4 ++--
 ...exclusions-microsoft-defender-antivirus.md |  2 +-
 ...onnections-microsoft-defender-antivirus.md |  4 ++--
 ...age-report-microsoft-defender-antivirus.md |  4 ++--
 ...oyment-vdi-microsoft-defender-antivirus.md |  2 +-
 ...anted-apps-microsoft-defender-antivirus.md |  6 ++---
 ...protection-microsoft-defender-antivirus.md |  8 +++----
 .../evaluate-microsoft-defender-antivirus.md  |  2 +-
 ...on-updates-microsoft-defender-antivirus.md |  2 +-
 ...rosoft-defender-antivirus-in-windows-10.md |  6 ++---
 ...fender-antivirus-on-windows-server-2016.md |  2 +-
 ...soft-defender-security-center-antivirus.md |  2 +-
 ...office-365-microsoft-defender-antivirus.md | 18 +++++++--------
 ...nteraction-microsoft-defender-antivirus.md |  2 +-
 ...osoft-defender-antivirus-when-migrating.md |  6 ++---
 ...oubleshoot-microsoft-defender-antivirus.md |  2 +-
 .../troubleshoot-reporting.md                 |  4 ++--
 ...oup-policy-microsoft-defender-antivirus.md |  2 +-
 .../use-wmi-microsoft-defender-antivirus.md   |  2 +-
 ...protection-microsoft-defender-antivirus.md |  2 +-
 .../why-use-microsoft-defender-antivirus.md   | 22 +++++++++----------
 22 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
index cd9480eafa..273298bf6c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
@@ -44,7 +44,7 @@ What if something gets detected wrongly as malware, or something is missed? We c
 
 ## Create an "Allow" indicator to prevent a false positive from recurring
 
-If a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can create an "Allow" indicator. This indicator tells Microsoft Defender Antivirus (and Microsoft Defender Advanced Threat Protection) that the item is safe.
+If a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can create an "Allow" indicator. This indicator tells Microsoft Defender Antivirus (and Microsoft Defender for Endpoint) that the item is safe.
 
 To set up your "Allow" indicator, follow the guidance in [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
 
@@ -72,6 +72,6 @@ To learn more, see:
 
 ## Related articles
 
-[What is Microsoft Defender Advanced Threat Protection?](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection)
+[What is Microsoft Defender for Endpoint?](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection)
 
-[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
+[Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
index 75752637b1..43aa53b445 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
@@ -29,13 +29,13 @@ Block at first sight provides a way to detect and block new malware within secon
 You can [specify how long a file should be prevented from running](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) while the cloud-based protection service analyzes the file. And, you can [customize the message displayed on users' desktops](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL.
 
 >[!TIP]
->Visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
+>Visit the Microsoft Defender for Endpoint demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
 
 ## How it works
 
 When Microsoft Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or not a threat.
 
-Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, intelligent, and real-time protection. To learn more, see this blog: [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
+Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, intelligent, and real-time protection. To learn more, see this blog: [Get to know the advanced technologies at the core of Microsoft Defender for Endpoint next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
 ![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png)  
 
 In Windows 10, version 1803 or later, block at first sight can block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 7212b18c2f..88a2e71534 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -25,7 +25,7 @@ ms.date: 10/21/2020
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 > [!IMPORTANT]
-> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender ATP capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender ATP [custom indicators](../microsoft-defender-atp/manage-indicators.md).
+> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender for Endpoint [custom indicators](../microsoft-defender-atp/manage-indicators.md).
 
 ## Exclusion lists
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
index f19baf44aa..8ee17ca054 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
@@ -32,7 +32,7 @@ This article lists the connections that must be allowed, such as by using firewa
 See the blog post [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) for some details about network connectivity.
 
 >[!TIP]
->You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
+>You can also visit the Microsoft Defender for Endpoint demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
 >
 >- Cloud-delivered protection
 >- Fast learning (including block at first sight)
@@ -49,7 +49,7 @@ See [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defend
 
 After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints.
 
-Because your protection is a cloud service, computers must have access to the internet and reach the ATP machine learning services. Do not exclude the URL `*.blob.core.windows.net` from any kind of network inspection. 
+Because your protection is a cloud service, computers must have access to the internet and reach the Microsoft Defender for Office 365 machine learning services. Do not exclude the URL `*.blob.core.windows.net` from any kind of network inspection. 
 
 The table below lists the services and their associated URLs. Make sure that there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL `*.blob.core.windows.net`). Below mention URLs are using port 443 for communication.
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
index 5faf7d7a5b..a543229569 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
@@ -29,7 +29,7 @@ You can deploy, manage, and report on Microsoft Defender Antivirus in a number o
 
 Because the Microsoft Defender Antivirus client is installed as a core part of Windows 10, traditional deployment of a client to your endpoints does not apply.
 
-However, in most cases you will still need to enable the protection service on your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Azure Security Center, or Group Policy Objects, which is described in the following table.
+However, in most cases you will still need to enable the protection service on your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Azure Defender*, or Group Policy Objects, which is described in the following table.
 
 You'll also see additional links for:
 
@@ -46,7 +46,7 @@ Microsoft Endpoint Configuration Manager ([1](#fn1))|Use the [Endpoint Protectio
 Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Microsoft Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Microsoft Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][]
 PowerShell|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference] and [Update-MpSignature] cmdlets available in the Defender module.|Use the appropriate [Get- cmdlets available in the Defender module][]
 Windows Management Instrumentation|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][]
-Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Microsoft Defender Antivirus events][] and add that tool as an app in AAD.
+Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Defender*](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Microsoft Defender Antivirus events][] and add that tool as an app in AAD.
 
 1. The availability of some functions and features, especially related to cloud-delivered protection, differ between Microsoft Endpoint Configuration Manager (Current Branch) and System Center 2012 Configuration Manager. In this library, we've focused on Windows 10, Windows Server 2016, and Microsoft Endpoint Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2)
   
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
index 3f783ede5b..a5a51e53c9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
@@ -28,7 +28,7 @@ In addition to standard on-premises or hardware configurations, you can also use
 
 See [Windows Virtual Desktop Documentation](https://docs.microsoft.com/azure/virtual-desktop) for more details on Microsoft Remote Desktop Services and VDI support.
 
-For Azure-based virtual machines, you can also review the [Install Endpoint Protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection) topic.
+For Azure-based virtual machines, you can also review the [Install Endpoint Protection in Azure Defender*](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection) topic.
 
 With the ability to easily deploy updates to VMs running in VDIs, we've shortened this guide to focus on how you can get updates on your machines quickly and easily. You no longer need to create and seal golden images on a periodic basis, as updates are expanded into their component bits on the host server and then downloaded directly to the VM when it's turned on.
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 142782c145..4c9c47828e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -29,7 +29,7 @@ manager: dansimp
 > [!NOTE]
 > Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices.
 
-Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.
+Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender for Endpoint, due to certain kinds of undesirable behavior.
 
 For example:
 
@@ -66,7 +66,7 @@ Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft
 Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can
 [configure Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Windows Defender SmartScreen on or off.
 
-Although Microsoft Defender ATP has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender ATP portal, Windows Defender SmartScreen will respect the new settings.
+Although Microsoft Defender for Endpoint has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender for Endpoint portal, Windows Defender SmartScreen will respect the new settings.
 
 ### Microsoft Defender Antivirus
 
@@ -88,7 +88,7 @@ You can enable PUA protection with Microsoft Intune, Microsoft Endpoint Configur
 You can also use the PUA audit mode to detect PUAs without blocking them. The detections will be captured in the Windows event log.
 
 > [!TIP]
-> You can visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com/Page/UrlRep) to confirm that the feature is working, and see it in action.
+> You can visit the Microsoft Defender for Endpoint demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com/Page/UrlRep) to confirm that the feature is working, and see it in action.
 
 PUA audit mode is useful if your company is conducting an internal software security compliance check and you'd like to avoid any false positives.
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
index e62fd3c943..7e6ac508a9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
@@ -26,7 +26,7 @@ ms.custom: nextgen
 > [!NOTE]
 > The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
 
-Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
+Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender for Endpoint next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
 ![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png)  
 
 You can enable or disable Microsoft Defender Antivirus cloud-delivered protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app.
@@ -55,7 +55,7 @@ There are specific network-connectivity requirements to ensure your endpoints ca
         > The **Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
 
         > [!WARNING]
-        > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work.
+        > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender for Endpoint won't work.
 
 8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.
 
@@ -86,7 +86,7 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht
         > The **Send safe samples** (1) option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
 
         > [!WARNING]
-        > Setting the option to **Always Prompt** (0) will lower the protection state of the device. Setting it to **Never send** (2) means that the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work.
+        > Setting the option to **Always Prompt** (0) will lower the protection state of the device. Setting it to **Never send** (2) means that the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender for Endpoint won't work.
 
 7. Click **OK**.
 
@@ -105,7 +105,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 > You can also set **-SubmitSamplesConsent** to `SendSafeSamples` (the default setting), `NeverSend`, or `AlwaysPrompt`. The `SendSafeSamples` setting means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
 
 >[!WARNING]
-> Setting **-SubmitSamplesConsent** to `NeverSend` or `AlwaysPrompt` will lower the protection level of the device. In addition, setting it to `NeverSend` means that the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work.
+> Setting **-SubmitSamplesConsent** to `NeverSend` or `AlwaysPrompt` will lower the protection level of the device. In addition, setting it to `NeverSend` means that the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender for Endpoint won't work.
 
 ## Use Windows Management Instruction (WMI) to enable cloud-delivered protection
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
index 6f1c2b1ce8..0cba7e0b50 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
@@ -27,7 +27,7 @@ manager: dansimp
 Use this guide to determine how well Microsoft Defender Antivirus protects you from viruses, malware, and potentially unwanted applications.
 
 >[!TIP]
->You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work:
+>You can also visit the Microsoft Defender for Endpoint demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work:
 >- Cloud-delivered protection
 >- Fast learning (including Block at first sight)
 >- Potentially unwanted application blocking
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
index 2ac2800429..604fc20a9a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
@@ -22,7 +22,7 @@ ms.custom: nextgen
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
index e9bcff7d72..f141caebc4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
@@ -23,11 +23,11 @@ ms.custom: nextgen
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 ## Microsoft Defender Antivirus: Your next-generation protection
 
-Microsoft Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Next-generation protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your enterprise organization. Next-generation protection services include the following:
+Microsoft Defender Antivirus is the next-generation protection component of Microsoft Defender for Endpoint. Next-generation protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your enterprise organization. Next-generation protection services include the following:
 
 - [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-microsoft-defender-antivirus.md). This includes always-on scanning using file and process behavior monitoring and other heuristics (also known as "real-time protection"). It also includes detecting and blocking apps that are deemed unsafe, but may not be detected as malware.
 - [Cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). This includes near-instant detection and blocking of new and emerging threats.
@@ -35,7 +35,7 @@ Microsoft Defender Antivirus is the next-generation protection component of Micr
 
 ## Try a demo!
 
-Visit the [Microsoft Defender ATP demo website](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following protection features are working and explore them using demo scenarios:
+Visit the [Microsoft Defender for Endpoint demo website](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following protection features are working and explore them using demo scenarios:
 - Cloud-delivered protection
 - Block at first sight (BAFS) protection
 - Potentially unwanted applications (PUA) protection
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
index 76701c22f2..0b7e4ccdd6 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
@@ -179,7 +179,7 @@ If you are using a third-party antivirus solution and you're running into issues
 
 - See the question "Should I run Microsoft security software at the same time as other security products?" on the [Windows Defender Security Intelligence Antivirus and antimalware software FAQ](https://www.microsoft.com/wdsi/help/antimalware-faq#multiple-products).
 
-- See [Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus). This article describes 10 advantages to using Microsoft Defender Antivirus together with Microsoft Defender Advanced Threat Protection.
+- See [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus). This article describes 10 advantages to using Microsoft Defender Antivirus together with Defender for Endpoint.
 
 If you determine you do want to uninstall Microsoft Defender Antivirus, follow the steps in the following sections.
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
index 75153c281f..e4f4d4c952 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
@@ -39,7 +39,7 @@ Settings that were previously part of the Windows Defender client and main Windo
 
 See the [Windows Security article](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center) for more information on other Windows security features that can be monitored in the app.
 
-The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal that is used to review and manage [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md).
+The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal that is used to review and manage [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md).
 
 ## Review virus and threat protection settings in the Windows Security app
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
index 30030fb3b1..eb9a31fb16 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
@@ -32,7 +32,7 @@ You might already know that:
 
 - **Microsoft Defender Antivirus protects your Windows 10 device from software threats, such as viruses, malware, and spyware**. Microsoft Defender Antivirus is your complete, ongoing protection, built into Windows 10 and ready to go. [Microsoft Defender Antivirus is your next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). 
 
-- **Office 365 includes antiphishing, antispam, and antimalware protection**. With your Office 365 subscription, you get premium email and calendars, Office apps, 1 TB of cloud storage (via OneDrive), and advanced security across all your devices. This is true for home and business users. And if you're a business user, and your organization is using Office 365 E5, you get even more protection through Office 365 Advanced Threat Protection. [Protect against threats with Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/protect-against-threats).
+- **Office 365 includes antiphishing, antispam, and antimalware protection**. With your Office 365 subscription, you get premium email and calendars, Office apps, 1 TB of cloud storage (via OneDrive), and advanced security across all your devices. This is true for home and business users. And if you're a business user, and your organization is using Office 365 E5, you get even more protection through Microsoft Defender for Office 365 [Protect against threats with Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/protect-against-threats).
 
 - **OneDrive, included in Office 365, enables you to store your files and folders online, and share them as you see fit**. You can work together with people (for work or fun), and coauthor files that are stored in OneDrive. You can also access your files across all your devices (your PC, phone, and tablet). [Manage sharing in OneDrive](https://docs.microsoft.com/OneDrive/manage-sharing).
 
@@ -48,9 +48,9 @@ Read the following sections to learn more.
 
 When you save your files to [OneDrive](https://docs.microsoft.com/onedrive), and [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) detects a ransomware threat on your device, the following things occur:
 
-1. **You are told about the threat**. (If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (ATP), your security operations team is notified, too.)
+1. **You are told about the threat**. (If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection), your security operations team is notified, too.)
 
-2. **Microsoft Defender Antivirus helps you (and your organization's security team) remove the ransomware** from your device(s). (If your organization is using Microsoft Defender ATP, your security operations team can determine whether other devices are infected and take appropriate action, too.)
+2. **Microsoft Defender Antivirus helps you (and your organization's security team) remove the ransomware** from your device(s). (If your organization is using Microsoft Defender for Endpoint, your security operations team can determine whether other devices are infected and take appropriate action, too.)
 
 3. **You get the option to recover your files in OneDrive**. With the OneDrive Files Restore feature, you can recover your files in OneDrive to the state they were in before the ransomware attack occurred. See [Ransomware detection and recovering your files](https://support.office.com/article/0d90ec50-6bfd-40f4-acc7-b8c12c73637f).
 
@@ -58,19 +58,19 @@ Think of the time and hassle this can save.
 
 ## Integration means better protection
 
-Office 365 Advanced Threat Protection integrated with Microsoft Defender Advanced Threat Protection means better protection for your organization. Here's how:
+Microsoft Defender for Office 365 integrated with Microsoft Defender for Endpoint means better protection for your organization. Here's how:
 
-- [Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-atp) safeguards your organization against malicious threats posed in email messages, email attachments, and links (URLs) in Office documents.
+- [Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-atp) safeguards your organization against malicious threats posed in email messages, email attachments, and links (URLs) in Office documents.
 
     AND
 
-- [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) protects your devices from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves your security posture.
+- [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) protects your devices from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves your security posture.
 
     SO
 
 - Once integration is enabled, your security operations team can see a list of devices that are used by the recipients of any detected URLs or email messages, along with recent alerts for those devices, in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
 
-If you haven't already done so, [integrate Office 365 Advanced Threat Protection with Microsoft Defender ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/integrate-office-365-ti-with-wdatp).
+If you haven't already done so, [integrate Microsoft Defender for Office 365 with Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/office-365-security/integrate-office-365-ti-with-wdatp).
 
 ## More good reasons to use OneDrive
 
@@ -82,8 +82,8 @@ Protection from ransomware is one great reason to put your files in OneDrive. An
 
 [OneDrive](https://docs.microsoft.com/onedrive)
 
-[Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-atp?view=o365-worldwide)
+[Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-atp?view=o365-worldwide)
 
-[Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/)
+[Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/)
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
index e12cd18d65..bc77598593 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
@@ -40,7 +40,7 @@ With the setting set to **Disabled** or not configured:
 ![Screenshot of Windows Security showing the shield icon and virus and threat protection section](images/defender/wdav-headless-mode-off-1703.png)
 
 >[!NOTE]
->Hiding the interface will also prevent Microsoft Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md)
+>Hiding the interface will also prevent Microsoft Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender for Endpoint notifications will still appear. You can also individually [configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md)
 
 In earlier versions of Windows 10, the setting will hide the Windows Defender client interface. If the user attempts to open it, they will receive a warning that says, "Your system administrator has restricted access to this app."
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
index 09535418a1..801706b95c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can find help here if you encounter issues while migrating from a third-party security solution to Microsoft Defender Antivirus.
 
@@ -49,7 +49,7 @@ This issue can manifest in the form of  several different event IDs, all of whic
 
 ### How to tell if Microsoft Defender Antivirus won't start because a third-party antivirus is installed
 
-On a Windows 10 device, if you are not using Microsoft Defender Advanced Threat Protection (ATP), and you have a third-party antivirus installed, then Microsoft Defender Antivirus will be automatically turned off. If you are using Microsoft Defender ATP with a third-party antivirus installed, Microsoft Defender Antivirus will start in passive mode, with reduced functionality.
+On a Windows 10 device, if you are not using Microsoft Defender for Endpoint, and you have a third-party antivirus installed, then Microsoft Defender Antivirus will be automatically turned off. If you are using Microsoft Defender for Endpoint with a third-party antivirus installed, Microsoft Defender Antivirus will start in passive mode, with reduced functionality.
 
 > [!TIP]
 > The scenario just described applies only to Windows 10. Other versions of Windows have [different responses](microsoft-defender-antivirus-compatibility.md) to Microsoft Defender Antivirus being run alongside third-party security software.
@@ -121,7 +121,7 @@ Microsoft Defender Antivirus will automatically turn on if no other antivirus is
 > [!WARNING]
 > Solutions suggesting that you edit the *Windows Defender* start values for *wdboot*, *wdfilter*, *wdnisdrv*, *wdnissvc*, and *windefend* in  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services are unsupported, and may force you to re-image your system.
 
-Passive mode is available if you start using Microsoft Defender ATP and a third-party antivirus together with Microsoft Defender Antivirus. Passive mode allows Microsoft Defender to scan files and update itself, but it will not remediate threats. In addition, behavior monitoring via [Real Time Protection](configure-real-time-protection-microsoft-defender-antivirus.md) is not available under passive mode, unless [Endpoint data loss prevention (DLP)](../microsoft-defender-atp/information-protection-in-windows-overview.md) is deployed.
+Passive mode is available if you start using Microsoft Defender for Endpoint and a third-party antivirus together with Microsoft Defender Antivirus. Passive mode allows Microsoft Defender to scan files and update itself, but it will not remediate threats. In addition, behavior monitoring via [Real Time Protection](configure-real-time-protection-microsoft-defender-antivirus.md) is not available under passive mode, unless [Endpoint data loss prevention (DLP)](../microsoft-defender-atp/information-protection-in-windows-overview.md) is deployed.
 
 Another feature, known as [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), is available to end-users when Microsoft Defender Antivirus is set to automatically turn off. This feature allows Microsoft Defender Antivirus to scan files periodically alongside a third-party antivirus, using a limited number of detections.
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
index 5448d13ec7..ba1346ed98 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
@@ -33,7 +33,7 @@ The tables list:
 - [Internal Microsoft Defender Antivirus client error codes (used by Microsoft during development and testing)](#internal-error-codes)
 
 > [!TIP]
-> You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
+> You can also visit the Microsoft Defender for Endpoint demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
 > 
 > - Cloud-delivered protection
 > - Fast learning (including Block at first sight)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
index a66172ee17..4693016f63 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
@@ -27,7 +27,7 @@ manager: dansimp
 > [!IMPORTANT]
 > On March 31, 2020, the Microsoft Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
 
-You can use Microsoft Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx).
+You can use Microsoft Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender for Endpoint portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx).
 
 When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Microsoft Defender Antivirus, you might encounter problems or issues.
 
@@ -59,7 +59,7 @@ In order for devices to properly show up in Update Compliance, you have to meet
 > - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level).
 > - It has been 3 days since all requirements have been met
 
-“You can use Microsoft Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options"
+“You can use Microsoft Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender for Endpoint portal (https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options"
 
 If the above prerequisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us.
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
index 898e5fcc09..87f46b0cd9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
@@ -1,6 +1,6 @@
 ---
 title: Configure Microsoft Defender Antivirus with Group Policy
-description: Learn how to use a Group Policy to configure and manage Microsoft Defender Antivirus on your endpoints in Microsoft Defender ATP.
+description: Learn how to use a Group Policy to configure and manage Microsoft Defender Antivirus on your endpoints in Microsoft Defender for Endpoint.
 keywords: group policy, GPO, configuration, settings
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
index 6b486451ae..51137f3e9e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
@@ -1,6 +1,6 @@
 ---
 title: Configure Microsoft Defender Antivirus with WMI
-description: Learn how to configure and manage Microsoft Defender Antivirus by using WMI scripts to retrieve, modify, and update settings in Microsoft Defender ATP.
+description: Learn how to configure and manage Microsoft Defender Antivirus by using WMI scripts to retrieve, modify, and update settings in Microsoft Defender for Endpoint.
 keywords: wmi, scripts, windows management instrumentation, configuration
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
index b24a051f44..da103c7192 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
@@ -25,7 +25,7 @@ ms.custom: nextgen
 
 Microsoft next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.  
 
-Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
+Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender for Endpoint next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
 ![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png)  
 
 To take advantage of the power and speed of these next-generation technologies, Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense. 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
index dc28f1eb2f..56c8f7668f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
@@ -1,5 +1,5 @@
 ---
-title: "Why you should use Microsoft Defender Antivirus together with Microsoft Defender Advanced Threat Protection"
+title: "Why you should use Microsoft Defender Antivirus together with Microsoft Defender for Endpoint"
 description: "For best results, use Microsoft Defender Antivirus together with your other Microsoft offerings."
 keywords: windows defender, antivirus, third party av
 search.product: eADQiWindows 10XVcnh
@@ -16,39 +16,39 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection
+# Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
+- [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
 
-Microsoft Defender Antivirus is the next-generation protection component of [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) (Microsoft Defender ATP). 
+Microsoft Defender Antivirus is the next-generation protection component of [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) (Microsoft Defender for Endpoint). 
 
-Although you can use a non-Microsoft antivirus solution with Microsoft Defender ATP, there are advantages to using Microsoft Defender Antivirus together with Microsoft Defender ATP. Not only is Microsoft Defender Antivirus an excellent next-generation antivirus solution, but combined with other Microsoft Defender ATP capabilities, such as [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations), you get better protection that's coordinated across products and services. 
+Although you can use a non-Microsoft antivirus solution with Microsoft Defender for Endpoint, there are advantages to using Microsoft Defender Antivirus together with Defender for Endpoint. Not only is Microsoft Defender Antivirus an excellent next-generation antivirus solution, but combined with other Defender for Endpoint capabilities, such as [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations), you get better protection that's coordinated across products and services. 
 
-## 11 reasons to use Microsoft Defender Antivirus together with Microsoft Defender ATP
+## 11 reasons to use Microsoft Defender Antivirus together with Microsoft Defender for Endpoint
 
 | |Advantage  |Why it matters |
 |--|--|--|
-|1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Microsoft Defender ATP](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). |
+|1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Microsoft Defender for Endpoint](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). |
 |2|Threat analytics and your score for devices |Microsoft Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [Microsoft Secure Score for Devices](../microsoft-defender-atp/tvm-microsoft-secure-score-devices.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
-|3|Performance |Microsoft Defender ATP is designed to work with Microsoft Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Microsoft Defender Antivirus](evaluate-microsoft-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).|
-|4|Details about blocked malware |More details and actions for blocked malware are available with Microsoft Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).|
+|3|Performance |Microsoft Defender for Endpoint is designed to work with Microsoft Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Microsoft Defender Antivirus](evaluate-microsoft-defender-antivirus.md) and [Microsoft Defender for Endpoint](../microsoft-defender-atp/evaluate-atp.md).|
+|4|Details about blocked malware |More details and actions for blocked malware are available with Microsoft Defender Antivirus and Microsoft Defender for Endpoint. [Understand malware & other threats](../intelligence/understanding-malware.md).|
 |5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).|
 |6|File blocking |Your organization's security team can block specific files. [Stop and quarantine files in your network](../microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network).|
 |7|Attack Surface Reduction |Your organization's security team can reduce your vulnerabilities (attack surfaces), giving  attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. [Get an overview of attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction).|
 |8|Auditing events |Auditing event signals are available in [endpoint detection and response capabilities](../microsoft-defender-atp/overview-endpoint-detection-response.md). (These signals are not available with non-Microsoft antivirus solutions.) |
 |9|Geographic data |Compliant with ISO 270001 and data retention, geographic data is provided according to your organization's selected geographic sovereignty. See [Compliance offerings: ISO/IEC 27001:2013 Information Security Management Standards](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27001). |
 |10|File recovery via OneDrive |If you are using Microsoft Defender Antivirus together with [Office 365](https://docs.microsoft.com/Office365/Enterprise), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).|
-|11|Technical support |By using Microsoft Defender ATP together with Microsoft Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](../microsoft-defender-atp/troubleshoot-mdatp.md) and [review event logs and error codes with Microsoft Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md). |
+|11|Technical support |By using Microsoft Defender for Endpoint together with Microsoft Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](../microsoft-defender-atp/troubleshoot-mdatp.md) and [review event logs and error codes with Microsoft Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md). |
 
 
 ## Learn more
 
-[Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
+[Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
 
 [Threat & Vulnerability Management](../microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
 

From 745361d8db4faa5910d90ef623bb1c1d6b34422f Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Mon, 9 Nov 2020 18:01:18 +0530
Subject: [PATCH 233/384] Update mac-jamfpro-policies.md

fixed warnings
---
 .../microsoft-defender-atp/mac-jamfpro-policies.md   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index 0c8f25cce1..5faeec9c8d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -32,27 +32,27 @@ This page will guide you through the steps you need to take to set up macOS poli
 
 You'll need to take the following steps:
 
-1. [Get the Microsoft Defender for Endpoint onboarding package](#step-1-get-the-microsoft-defender-atp-onboarding-package)
+1. [Get the Microsoft Defender for Endpoint onboarding package](#step-1-get-the-microsoft-defender-for-endpoint-onboarding-package)
 
 2. [Create a configuration profile in Jamf Pro using the onboarding package](#step-2-create-a-configuration-profile-in-jamf-pro-using-the-onboarding-package)
 
-3. [Configure Microsoft Defender for Endpoint settings](#step-3-configure-microsoft-defender-atp-settings)
+3. [Configure Microsoft Defender for Endpoint settings](#step-3-configure-microsoft-defender-for-endpoint-settings)
 
 4. [Configure Microsoft Defender for Endpoint notification settings](#step-4-configure-notifications-settings)
 
 5. [Configure Microsoft AutoUpdate (MAU)](#step-5-configure-microsoft-autoupdate-mau)
 
-6. [Grant full disk access to Microsoft Defender for Endpoint](#step-6-grant-full-disk-access-to-microsoft-defender-atp)
+6. [Grant full disk access to Microsoft Defender for Endpoint](#step-6-grant-full-disk-access-to-microsoft-defender-for-endpoint)
 
-7. [Approve Kernel extension for Microsoft Defender for Endpoint](#step-7-approve-kernel-extension-for-microsoft-defender-atp)
+7. [Approve Kernel extension for Microsoft Defender for Endpoint](#step-7-approve-kernel-extension-for-microsoft-defender-for-endpoint)
 
-8. [Approve System extensions for Microsoft Defender for Endpoint](#step-8-approve-system-extensions-for-microsoft-defender-atp)
+8. [Approve System extensions for Microsoft Defender for Endpoint](#step-8-approve-system-extensions-for-microsoft-defender-for-endpoint)
 
 9. [Configure Network Extension](#step-9-configure-network-extension)
 
 10. [Schedule scans with Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp)
 
-11. [Deploy Microsoft Defender for Endpoint for macOS](#step-11-deploy-microsoft-defender-atp-for-macos)
+11. [Deploy Microsoft Defender for Endpoint for macOS](#step-11-deploy-microsoft-defender-for-endpoint-for-macos)
 
 
 ## Step 1: Get the Microsoft Defender for Endpoint onboarding package

From 5678011fa0b2ef4bfbc4f55cf481e4139b74f1e5 Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Mon, 9 Nov 2020 07:47:12 -0800
Subject: [PATCH 234/384] Update
 deploy-manage-report-microsoft-defender-antivirus.md

---
 .../deploy-manage-report-microsoft-defender-antivirus.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
index a543229569..d2339875a5 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
@@ -29,7 +29,7 @@ You can deploy, manage, and report on Microsoft Defender Antivirus in a number o
 
 Because the Microsoft Defender Antivirus client is installed as a core part of Windows 10, traditional deployment of a client to your endpoints does not apply.
 
-However, in most cases you will still need to enable the protection service on your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Azure Defender*, or Group Policy Objects, which is described in the following table.
+However, in most cases you will still need to enable the protection service on your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Azure Defender, or Group Policy Objects, which is described in the following table.
 
 You'll also see additional links for:
 

From 8bebb8ce9893ed0927acdedf80653f6807281fd1 Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Mon, 9 Nov 2020 07:47:39 -0800
Subject: [PATCH 235/384] Update deployment-vdi-microsoft-defender-antivirus.md

---
 .../deployment-vdi-microsoft-defender-antivirus.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
index a5a51e53c9..8139e27e9a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
@@ -28,7 +28,7 @@ In addition to standard on-premises or hardware configurations, you can also use
 
 See [Windows Virtual Desktop Documentation](https://docs.microsoft.com/azure/virtual-desktop) for more details on Microsoft Remote Desktop Services and VDI support.
 
-For Azure-based virtual machines, you can also review the [Install Endpoint Protection in Azure Defender*](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection) topic.
+For Azure-based virtual machines, you can also review the [Install Endpoint Protection in Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection) topic.
 
 With the ability to easily deploy updates to VMs running in VDIs, we've shortened this guide to focus on how you can get updates on your machines quickly and easily. You no longer need to create and seal golden images on a periodic basis, as updates are expanded into their component bits on the host server and then downloaded directly to the VM when it's turned on.
 

From 58e7b8d5bb2d1c7569c9276f39f3d7140aad3948 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 9 Nov 2020 21:04:34 +0500
Subject: [PATCH 236/384] Update
 windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/exposed-apis-create-app-nativeapp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index 0767f473d0..f936483ccd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -50,7 +50,7 @@ This page explains how to create an AAD application, get an access token to Micr
 
 ## Create an app
 
-1. Log on to [Azure](https://portal.azure.com) with user account that has **Global Administrator** role.
+1. Log on to [Azure](https://portal.azure.com) with a user account that has the **Global Administrator** role.
 
 2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**. 
 

From a14da369220a2105d3d35b4d658e4231b2d2e67a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 9 Nov 2020 09:41:32 -0800
Subject: [PATCH 237/384] Update delete-an-applocker-rule.md

---
 .../applocker/delete-an-applocker-rule.md       | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
index 6dd939b657..4db6c41c28 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@@ -1,6 +1,6 @@
 ---
 title: Delete an AppLocker rule (Windows 10)
-description: This topic for IT professionals describes the steps to delete an AppLocker rule.
+description: This article for IT professionals describes the steps to delete an AppLocker rule.
 ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5
 ms.reviewer: 
 ms.author: dansimp
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/02/2018
+ms.date: 11/09/2020
 ---
 
 # Delete an AppLocker rule
@@ -23,7 +23,7 @@ ms.date: 08/02/2018
 - Windows 10
 - Windows Server
 
-This topic for IT professionals describes the steps to delete an AppLocker rule. 
+This article for IT professionals describes the steps to delete an AppLocker rule. 
 
 As older apps are retired and new apps are deployed in your organization, it will be necessary to modify the application control policies. If an app becomes unsupported by the IT department or is no longer allowed due to the organization's security policy, then deleting the rule or rules associated with that app will prevent the app from running.
 
@@ -34,20 +34,19 @@ AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins
 
 These steps apply only for locally managed devices. If the device has AppLocker policies applied by using MDM or a GPO, the local policy will not override those settings.
 
-**To delete a rule in an AppLocker policy**
+## To delete a rule in an AppLocker policy
 
 1.  Open the AppLocker console.
 2.  Click the appropriate rule collection for which you want to delete the rule.
 3.  In the details pane, right-click the rule to delete, click **Delete**, and then click **Yes**.
 
 > [!Note]
->
-> - When using Group Policy, for the rule deletion to take effect on computers within the domain, the GPO must be distributed or refreshed.
-> - Application Identity service needs to be running for deleting Applocker rules. If you disable Applocker and delete Applocker rules, please stop Application Identity service after deleting Applocker rules. If the Application Identity service was stopped before deleting Applocker rules and if Applocker blocks apps despite being disabled, delete all files under C:\Windows\System32\AppLocker. 
+> - When using Group Policy, the Group Policy Object must be distributed or refreshed for rule deletion to take effect on devices.
+> - Application Identity service needs to be running for deleting Applocker rules. If you disable Applocker and delete Applocker rules, make sure to stop the Application Identity service after deleting Applocker rules. If the Application Identity service is stopped before deleting Applocker rules, and if Applocker blocks apps that are disabled, delete all of the files at `C:\Windows\System32\AppLocker`. 
 
-When this procedure is performed on the local device, the AppLocker policy takes effect immediately.
+When the following procedure is performed on the local device, the AppLocker policy takes effect immediately.
 
-**To clear AppLocker policies on a single system or remote systems**
+## To clear AppLocker policies on a single system or remote systems
 Use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter, using an .XML file that contains the following contents:
 
     

From 858fbfad2840a4d2ea7bc53bf9890592cf57e5a3 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:01:39 -0800
Subject: [PATCH 238/384] pencil edit

---
 .../microsoft-defender-atp/fix-unhealthy-sensors.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index 8195b512e5..d99c088bfe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -76,7 +76,7 @@ Follow theses actions to correct known issues related to a misconfigured device
   The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Defender for Endpoint service.
 
 - [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

-  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.
+  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender for Endpoint service URLs.
 
 - [Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled)

 If the devices aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.

From d41871c34f9d2e807c4860eb582efb18111a99cc Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:02:17 -0800
Subject: [PATCH 239/384] pencil edit

---
 .../microsoft-defender-atp/get-alert-info-by-id.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
index 81cd7a519f..14a50992e6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description

From ce3a589c2deb50ea222a75498393f9eb9776d068 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:03:06 -0800
Subject: [PATCH 240/384] pencil edit

---
 .../microsoft-defender-atp/fix-unhealthy-sensors.md         | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index d99c088bfe..a7ba836767 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -23,11 +23,9 @@ ms.date: 11/06/2020
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
 
 Devices that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a device to be categorized as inactive or misconfigured.
 

From 1e4741c480f411848e6dbd9d7ec6e6363b4feb22 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:03:59 -0800
Subject: [PATCH 241/384] pencil edit

---
 .../microsoft-defender-atp/fix-unhealthy-sensors.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index a7ba836767..9fd27bc18b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -71,7 +71,7 @@ A misconfigured device with status ‘No sensor data’ has communication with t
 Follow theses actions to correct known issues related to a misconfigured device with status ‘No sensor data’:
 
 - [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)

-  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Defender for Endpoint service.
+  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender for Endpoint service.
 
 - [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

   Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender for Endpoint service URLs.

From 4e81b7d2fe5a40fbee39ada0354fe62c84261c09 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:04:38 -0800
Subject: [PATCH 242/384] pencil edit

---
 .../microsoft-defender-atp/fix-unhealthy-sensors.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index 9fd27bc18b..56329342d7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -25,7 +25,7 @@ ms.date: 11/06/2020
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
 
 Devices that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a device to be categorized as inactive or misconfigured.
 

From 224218dd3188763879d1bcfc784b5676deb5825a Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:05:23 -0800
Subject: [PATCH 243/384] pencil edit

---
 .../microsoft-defender-atp/fix-unhealthy-sensors.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index 56329342d7..d145c75685 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -59,7 +59,7 @@ This status indicates that there's limited communication between the device and
 The following suggested actions can help fix issues related to a misconfigured device with impaired communications:
 
 - [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)

-  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Defender for Endpoint service.
+  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender for Endpoint service.
 
 - [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

   Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.

From 1a326c04827e7328202c54a7e0c7aa303202bba7 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:07:20 -0800
Subject: [PATCH 244/384] pencil edit

---
 .../microsoft-defender-atp/fix-unhealthy-sensors.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index d145c75685..ce92f63d99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -62,7 +62,7 @@ The following suggested actions can help fix issues related to a misconfigured d
   The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender for Endpoint service.
 
 - [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)

-  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.
+  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender for Endpoint service URLs.
 
 If you took corrective actions and the device status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 

From 9fb01d4e23f2cd53a0d6caf3e57ad2d8f199f01a Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:08:38 -0800
Subject: [PATCH 245/384] pencil edit

---
 .../microsoft-defender-atp/get-alert-related-user-info.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
index 63b8b20872..3e96ce7383 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description

From eb2d95dcd5731f80176fd44d7544c1341be8274b Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:10:41 -0800
Subject: [PATCH 246/384] pencil edit

---
 .../threat-protection/microsoft-defender-atp/get-alerts.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
index c2d2b8b8e3..a7c825d739 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@@ -263,4 +263,4 @@ Here is an example of the response.
 
 
 ## See also
-- [OData queries with Defender for Endpoint](exposed-apis-odata-samples.md)
+- [OData queries with Microsoft Defender for Endpoint](exposed-apis-odata-samples.md)

From ba96a4088330f20d275e86327ba4471d61c9f30b Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:14:02 -0800
Subject: [PATCH 247/384] pencil edit

---
 .../microsoft-defender-atp/get-investigation-collection.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
index 9963f6cf47..1e976abcb0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
@@ -39,7 +39,7 @@ Retrieves a collection of [Investigations](investigation.md).
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---

From 445d926765a8d0b98a73e15cd95d4b045fbf21e0 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:14:45 -0800
Subject: [PATCH 248/384] pencil edit

---
 .../microsoft-defender-atp/get-investigation-collection.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
index 1e976abcb0..296f7c81ce 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
@@ -30,7 +30,7 @@ ms.topic: article
 Retrieves a collection of [Investigations](investigation.md).
 
Supports [OData V4 queries](https://www.odata.org/documentation/).
 
The OData's ```$filter``` query is supported on: ```startTime```, ```state```, ```machineId``` and ```triggeringAlertId``` properties.
-
See examples at [OData queries with Defender for Endpoint](exposed-apis-odata-samples.md)
+
See examples at [OData queries with Microsoft Defender for Endpoint](exposed-apis-odata-samples.md)
 
 
 ## Limitations

From 210805dcac1265129d113de4e3ec2e05edce6339 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:29:02 -0800
Subject: [PATCH 249/384] pencil edits

---
 .../microsoft-defender-atp/mac-install-manually.md   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
index a43be90cac..7f15b5ad73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@@ -28,7 +28,7 @@ ms.topic: conceptual
 
 - [Microsoft Defender for Endpoint for macOS](microsoft-defender-atp-mac.md)
 
-This topic describes how to deploy Defender for Endpoint for macOS manually. A successful deployment requires the completion of all of the following steps:
+This topic describes how to deploy Microsoft Defender for Endpoint for macOS manually. A successful deployment requires the completion of all of the following steps:
 - [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
 - [Application installation (macOS 10.15 and older versions)](#application-installation-macos-1015-and-older-versions)
 - [Application installation (macOS 11 and newer versions)](#application-installation-macos-11-and-newer-versions)
@@ -75,10 +75,10 @@ To complete this process, you must have admin privileges on the device.
    The installation proceeds.
 
    > [!CAUTION]
-   > If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
+   > If you don't select **Allow**, the installation will proceed after 5 minutes. Microsoft Defender for Endpoint will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
 
 > [!NOTE]
-> macOS may request to reboot the device upon the first installation of Microsoft Defender. Real-time protection will not be available until the device is rebooted.
+> macOS may request to reboot the device upon the first installation of Microsoft Defender for Endpoint. Real-time protection will not be available until the device is rebooted.
 
 ## Application installation (macOS 11 and newer versions)
 
@@ -98,9 +98,9 @@ To complete this process, you must have admin privileges on the device.
 
     ![System extension security preferences](images/big-sur-install-3.png)
 
-5. Repeat steps 3 & 4 for all system extensions distributed with Defender for Endpoint for Mac.
+5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender for Endpoint for Mac.
 
-6. As part of the Endpoint Detection and Response capabilities, Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Defender for Endpoint permissions to filter network traffic, select **Allow**.
+6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender for Endpoint permissions to filter network traffic, select **Allow**.
 
     ![System extension security preferences](images/big-sur-install-4.png)
 
@@ -110,7 +110,7 @@ To complete this process, you must have admin privileges on the device.
 
 ## Client configuration
 
-1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Defender for Endpoint for macOS.
+1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Microsoft Defender for Endpoint for macOS.
 
     The client device is not associated with orgId. Note that the *orgId* attribute is blank.
 

From 5eb8d432da413dd0447b14e1b6763dc73dae3758 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:33:02 -0800
Subject: [PATCH 250/384] pencil edits

---
 .../mac-install-with-intune.md                | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
index 1f7cd93531..87c1b96104 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@@ -30,9 +30,9 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-This topic describes how to deploy Defender for Endpoint for Mac through Intune. A successful deployment requires the completion of all of the following steps:
+This topic describes how to deploy Microsoft Defender for Endpoint for Mac through Intune. A successful deployment requires the completion of all of the following steps:
 
 1. [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
 1. [Client device setup](#client-device-setup)
@@ -46,7 +46,7 @@ Before you get started, see [the main MIcrosoft Defender for EndpointP for Mac p
 
 ## Overview
 
-The following table summarizes the steps you would need to take to deploy and manage Defender for Endpoint for Macs, via Intune. More detailed steps are available below.
+The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender for Endpoint for Macs, via Intune. More detailed steps are available below.
 
 | Step | Sample file names | BundleIdentifier |
 |-|-|-|
@@ -191,13 +191,13 @@ To approve the system extensions:
 8. Download `fulldisk.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/fulldisk.mobileconfig) and save it as `tcc.xml`. Create another profile, give it any name and upload this file to it.
 
    > [!CAUTION]
-   > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Defender for Endpoint is not able to fully protect your device.
+   > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.
    >
-   > This configuration profile grants Full Disk Access to Defender for Endpoint. If you previously configured Defender for Endpoint through Intune, we recommend you update the deployment with this configuration profile.
+   > This configuration profile grants Full Disk Access to Microsoft Defender for Endpoint. If you previously configured Microsoft Defender for Endpoint through Intune, we recommend you update the deployment with this configuration profile.
 
-9. As part of the Endpoint Detection and Response capabilities, Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. 
+9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. 
 
-10. To allow Defender for Endpoint for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. 
+10. To allow Microsoft Defender for Endpoint for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. 
 
 11. Select **Manage > Assignments**.  In the **Include** tab, select **Assign to All Users & All devices**.
 
@@ -221,10 +221,10 @@ Once the Intune changes are propagated to the enrolled devices, you can see them
 6. Set *Ignore app version* to **Yes**. Other settings can be any arbitrary value.
 
     > [!CAUTION]
-    > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated.
+    > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated.
     >
-    > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Defender. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client device, then uninstall Defender and push the updated policy.
-    
+    > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Microsoft Defender for Endpoint. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Microsoft Defender for Endpoint with *Ignore app version* set to **No**, please change it to **Yes**. If Microsoft Defender for Endpoint still cannot be installed on a client device, then uninstall Microsoft Defender for Endpoint and push the updated policy.
+     
     > [!div class="mx-imgBorder"]
     > ![Device status blade screenshot](../microsoft-defender-antivirus/images/MDATP-8-IntuneAppInfo.png)
 
@@ -277,4 +277,4 @@ For more information on how to find the automatically generated log that is crea
 
 ## Uninstallation
 
-See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Defender for Endpoint for Mac from client devices.
+See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender for Endpoint for Mac from client devices.

From d2ad45c760001f28124ed254c03869095a236f33 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:50:40 -0800
Subject: [PATCH 251/384] pencil edits

---
 .../microsoft-defender-atp/mac-preferences.md | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index 2a00d8e4b7..615f212fd6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -187,11 +187,11 @@ Restricts the actions that the local user of a device can take when threats are
 | **Key** | disallowedThreatActions |
 | **Data type** | Array of strings |
 | **Possible values** | allow (restricts users from allowing threats) 
 restore (restricts users from restoring threats from the quarantine) |
-| **Comments** | Available in Defender for Endpoint version 100.83.73 or higher. |
+| **Comments** | Available in Microsoft Defender for Endpoint version 100.83.73 or higher. |
 
 #### Threat type settings
 
-Specify how certain threat types are handled by Defender for Endpoint for Mac.
+Specify how certain threat types are handled by Microsoft Defender for Endpoint for Mac.
 
 |||
 |:---|:---|
@@ -236,7 +236,7 @@ Specify the merge policy for threat type settings. This can be a combination of
 | **Key** | threatTypeSettingsMergePolicy |
 | **Data type** | String |
 | **Possible values** | merge (default) 
 admin_only |
-| **Comments** | Available in Defender for Endpoint version 100.83.73 or higher. |
+| **Comments** | Available in Microsoft Defender for Endpoint version 100.83.73 or higher. |
 
 #### Antivirus scan history retention (in days)
 
@@ -248,7 +248,7 @@ Specify the number of days that results are retained in the scan history on the
 | **Key** | scanResultsRetentionDays |
 | **Data type** | String |
 | **Possible values** | 90 (default). Allowed values are from 1 day to 180 days. |
-| **Comments** | Available in Defender for Endpoint version 101.07.23 or higher. |
+| **Comments** | Available in Microsoft Defender for Endpoint version 101.07.23 or higher. |
 
 #### Maximum number of items in the antivirus scan history
 
@@ -260,11 +260,11 @@ Specify the maximum number of entries to keep in the scan history. Entries inclu
 | **Key** | scanHistoryMaximumItems |
 | **Data type** | String |
 | **Possible values** | 10000 (default). Allowed values are from 5000 items to 15000 items. |
-| **Comments** | Available in Defender for Endpoint version 101.07.23 or higher. |
+| **Comments** | Available in Microsoft Defender for Endpoint version 101.07.23 or higher. |
 
 ### Cloud-delivered protection preferences
 
-Configure the cloud-driven protection features of Defender for Endpoint for Mac.
+Configure the cloud-driven protection features of Microsoft Defender for Endpoint for Mac.
 
 |||
 |:---|:---|
@@ -286,7 +286,7 @@ Specify whether to enable cloud-delivered protection the device or not. To impro
 
 #### Diagnostic collection level
 
-Diagnostic data is used to keep Defender for Endpoint secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by Defender for Endpoint to Microsoft.
+Diagnostic data is used to keep Microsoft Defender for Endpoint secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by Microsoft Defender for Endpoint to Microsoft.
 
 |||
 |:---|:---|
@@ -318,7 +318,7 @@ Determines whether security intelligence updates are installed automatically:
 
 ### User interface preferences
 
-Manage the preferences for the user interface of Defender for Endpoint for Mac.
+Manage the preferences for the user interface of Microsoft Defender for Endpoint for Mac.
 
 |||
 |:---|:---|
@@ -348,11 +348,11 @@ Specify whether users can submit feedback to Microsoft by going to `Help` > `Sen
 | **Key** | userInitiatedFeedback |
 | **Data type** | String |
 | **Possible values** | enabled (default) 
 disabled |
-| **Comments** | Available in Defender for Endpoint version 101.19.61 or higher. |
+| **Comments** | Available in Microsoft Defender for Endpoint version 101.19.61 or higher. |
 
 ### Endpoint detection and response preferences
 
-Manage the preferences of the endpoint detection and response (EDR) component of Defender for Endpoint for Mac.
+Manage the preferences of the endpoint detection and response (EDR) component of Microsoft Defender for Endpoint for Mac.
 
 |||
 |:---|:---|
@@ -402,13 +402,13 @@ Specifies the value of tag
 
 ## Recommended configuration profile
 
-To get started, we recommend the following configuration for your enterprise to take advantage of all protection features that Defender for Endpoint provides.
+To get started, we recommend the following configuration for your enterprise to take advantage of all protection features that Microsoft Defender for Endpoint provides.
 
 The following configuration profile (or, in case of JAMF, a property list that could be uploaded into the custom settings configuration profile) will:
 - Enable real-time protection (RTP)
 - Specify how the following threat types are handled:
   - **Potentially unwanted applications (PUA)** are blocked
-  - **Archive bombs** (file with a high compression rate) are audited to Defender for Endpoint logs
+  - **Archive bombs** (file with a high compression rate) are audited to Microsoft Defender for Endpoint logs
 - Enable automatic security intelligence updates
 - Enable cloud-delivered protection
 - Enable automatic sample submission
@@ -809,7 +809,7 @@ Once you've built the configuration profile for your enterprise, you can deploy
 From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**. Create an entry with `com.microsoft.wdav` as the preference domain and upload the *.plist* produced earlier.
 
 >[!CAUTION]
->You must enter the correct preference domain (`com.microsoft.wdav`); otherwise, the preferences will not be recognized by Defender for Endpoint.
+>You must enter the correct preference domain (`com.microsoft.wdav`); otherwise, the preferences will not be recognized by Microsoft Defender for Endpoint.
 
 ### Intune deployment
 
@@ -828,7 +828,7 @@ From the JAMF console, open **Computers** > **Configuration Profiles**, navigate
 7. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
 
 >[!CAUTION]
->You must enter the correct custom configuration profile name; otherwise, these preferences will not be recognized by Defender for Endpoint.
+>You must enter the correct custom configuration profile name; otherwise, these preferences will not be recognized by Microsoft Defender for Endpoint.
 
 ## Resources
 

From 7dd0008e4b4290a0feab102f1ee055a0c070dd7f Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:57:55 -0800
Subject: [PATCH 252/384] pencil edits

---
 .../microsoft-defender-atp/mac-privacy.md        | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
index 1d9e6dd60d..2bf5eaf608 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
@@ -28,7 +28,7 @@ ms.topic: conceptual
 
 - [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Defender for Endpoint for Mac.
+Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Microsoft Defender for Endpoint for Mac.
 
 This topic describes the privacy controls available within the product, how to manage these controls with policy settings and more details on the data events that are collected.
 
@@ -44,7 +44,7 @@ Some diagnostic data is required, while some diagnostic data is optional. We giv
 
 There are two levels of diagnostic data for Microsoft Defender for Endpoint client software that you can choose from:
 
-* **Required**: The minimum data necessary to help keep Defender for Endpoint secure, up-to-date, and performing as expected on the device it’s installed on.
+* **Required**: The minimum data necessary to help keep Microsoft Defender for Endpoint secure, up-to-date, and performing as expected on the device it’s installed on.
 
 * **Optional**: Additional data that helps Microsoft make product improvements and provides enhanced information to help detect, diagnose, and remediate issues.
 
@@ -87,7 +87,7 @@ The following fields are considered common for all events:
 | org_id                  | Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. |
 | hostname                | Local device name (without DNS suffix). Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. |
 | product_guid            | Unique identifier of the product. Allows Microsoft to differentiate issues impacting different flavors of the product. |
-| app_version             | Version of the Defender for Endpoint for Mac application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.|
+| app_version             | Version of the Microsoft Defender for Endpoint for Mac application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.|
 | sig_version             | Version of security intelligence database. Allows Microsoft to identify which versions of the security intelligence are showing an issue so that it can correctly be prioritized. |
 | supported_compressions  | List of compression algorithms supported by the application, for example `['gzip']`. Allows Microsoft to understand what types of compressions can be used when it communicates with the application. |
 | release_ring            | Ring that the device is associated with (for example Insider Fast, Insider Slow, Production). Allows Microsoft to identify on which release ring an issue may be occurring so that it can correctly be prioritized. |
@@ -97,7 +97,7 @@ The following fields are considered common for all events:
 
 **Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender for Endpoint secure, up-to-date, and perform as expected on the device it’s installed on.
 
-Required diagnostic data helps to identify problems with Microsoft Defender for Endpoint that may be related to a device or software configuration. For example, it can help determine if a Microsoft Defender for Endpoint feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Defender for Endpoint features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced.
+Required diagnostic data helps to identify problems with Microsoft Defender for Endpoint that may be related to a device or software configuration. For example, it can help determine if a Microsoft Defender for Endpoint feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Microsoft Defender for Endpoint features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced.
 
 #### Software setup and inventory data events
 
@@ -122,7 +122,7 @@ The following fields are collected:
 | antivirus_engine.enable_real_time_protection        | Whether real-time protection is enabled on the device or not. |
 | antivirus_engine.passive_mode                       | Whether passive mode is enabled on the device or not. |
 | cloud_service.enabled                               | Whether cloud delivered protection is enabled on the device or not. |
-| cloud_service.timeout                               | Time out when the application communicates with the Defender for Endpoint cloud. |
+| cloud_service.timeout                               | Time out when the application communicates with the Microsoft Defender for Endpoint cloud. |
 | cloud_service.heartbeat_interval                    | Interval between consecutive heartbeats sent by the product to the cloud. |
 | cloud_service.service_uri                           | URI used to communicate with the cloud. |
 | cloud_service.diagnostic_level                      | Diagnostic level of the device (required, optional). |
@@ -155,7 +155,7 @@ The following fields are collected:
 
 | Field            | Description |
 | ---------------- | ----------- |
-| version          | Version of Defender for Endpoint for Mac. |
+| version          | Version of Microsoft Defender for Endpoint for Mac. |
 | instance_id      | Unique identifier generated on kernel extension startup. |
 | trace_level      | Trace level of the kernel extension. |
 | subsystem        | The underlying subsystem used for real-time protection. |
@@ -170,8 +170,8 @@ The following fields are collected:
 Diagnostic logs are collected only with the consent of the user as part of the feedback submission feature. The following files are collected as part of the support logs:
 
 - All files under */Library/Logs/Microsoft/mdatp/*
-- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Defender for Endpoint for Mac
-- Subset of files under */Library/Managed Preferences* that are used by Defender for Endpoint for Mac
+- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender for Endpoint for Mac
+- Subset of files under */Library/Managed Preferences* that are used by Microsoft Defender for Endpoint for Mac
 - /Library/Logs/Microsoft/autoupdate.log
 - $HOME/Library/Preferences/com.microsoft.autoupdate2.plist
 

From d8429f2e3efdce51b2867656538f7abd61c9955b Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 10:59:00 -0800
Subject: [PATCH 253/384] pencil edits

---
 .../threat-protection/microsoft-defender-atp/mac-pua.md   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
index c0dfe86d22..7668c4bfd0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
@@ -28,7 +28,7 @@ ms.topic: conceptual
 
 - [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-The potentially unwanted application (PUA) protection feature in Defender for Endpoint for Mac can detect and block PUA files on endpoints in your network.
+The potentially unwanted application (PUA) protection feature in Microsoft Defender for Endpoint for Mac can detect and block PUA files on endpoints in your network.
 
 These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.
 
@@ -36,13 +36,13 @@ These applications can increase the risk of your network being infected with mal
 
 ## How it works
 
-Defender for Endpoint for Mac can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine.
+Microsoft Defender for Endpoint for Mac can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine.
 
-When a PUA is detected on an endpoint, Defender for Endpoint for Mac presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application".
+When a PUA is detected on an endpoint, Microsoft Defender for Endpoint for Mac presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application".
 
 ## Configure PUA protection
 
-PUA protection in Defender for Endpoint for Mac can be configured in one of the following ways:
+PUA protection in Microsoft Defender for Endpoint for Mac can be configured in one of the following ways:
 
 - **Off**: PUA protection is disabled.
 - **Audit**: PUA files are reported in the product logs, but not in Microsoft Defender Security Center. No notification is presented to the user and no action is taken by the product.

From 633830a33c7de154ab5e6292c2d1e4f93940c426 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:01:02 -0800
Subject: [PATCH 254/384] pencil edits

---
 .../microsoft-defender-atp/mac-resources.md               | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
index 825a5600a6..c6833b26ec 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
@@ -44,7 +44,7 @@ If you can reproduce a problem, increase the logging level, run the system for s
 
 2. Reproduce the problem
 
-3. Run `sudo mdatp diagnostic create` to back up Defender for Endpoint's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
+3. Run `sudo mdatp diagnostic create` to back up the Microsoft Defender for Endpoint logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
 
   > [!TIP]
   > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory.
@@ -73,7 +73,7 @@ The detailed log will be saved to `/Library/Logs/Microsoft/mdatp/install.log`. I
 
 ## Uninstalling
 
-There are several ways to uninstall Defender for Endpoint for Mac. Note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
+There are several ways to uninstall Microsoft Defender for Endpoint for Mac. Note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
 
 ### Interactive uninstallation
 
@@ -137,7 +137,7 @@ To enable autocompletion in `zsh`:
    echo "autoload -Uz compinit && compinit" >> ~/.zshrc
    ```
 
-- Run the following commands to enable autocompletion for Defender for Endpoint for Mac and restart the Terminal session:
+- Run the following commands to enable autocompletion for Microsoft Defender for Endpoint for Mac and restart the Terminal session:
 
    ```zsh
    sudo mkdir -p /usr/local/share/zsh/site-functions
@@ -152,4 +152,4 @@ To enable autocompletion in `zsh`:
 
 ## Microsoft Defender for Endpoint portal information
 
-[This blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801) provides detailed guidance on what to expect in Microsoft Defender ATP Security Center.
+[This blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801) provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center.

From 7c0a5120c4e38539e9ae6fe06c1220584f716749 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:02:38 -0800
Subject: [PATCH 255/384] pencil edits

---
 .../microsoft-defender-atp/mac-support-perf.md       | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
index 5f92d3e415..40e8240cbf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
@@ -28,19 +28,19 @@ ms.topic: conceptual
 
 - [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
 
-This topic provides some general steps that can be used to narrow down performance issues related to Defender for Endpoint for Mac.
+This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender for Endpoint for Mac.
 
-Real-time protection (RTP) is a feature of Defender for Endpoint for Mac that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
+Real-time protection (RTP) is a feature of Microsoft Defender for Endpoint for Mac that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
 
-Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Defender for Endpoint for Mac. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Defender for Endpoint for Mac.
+Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Microsoft Defender for Endpoint for Mac. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender for Endpoint for Mac.
 
 The following steps can be used to troubleshoot and mitigate these issues:
 
-1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Defender for Endpoint for Mac is contributing to the performance issues.
+1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender for Endpoint for Mac is contributing to the performance issues.
 
     If your device is not managed by your organization, real-time protection can be disabled using one of the following options:
 
-    - From the user interface. Open Defender for Endpoint for Mac and navigate to **Manage settings**.
+    - From the user interface. Open Microsoft Defender for Endpoint for Mac and navigate to **Manage settings**.
 
     ![Manage real-time protection screenshot](../microsoft-defender-antivirus/images/mdatp-36-rtp.png)
 
@@ -54,6 +54,6 @@ The following steps can be used to troubleshoot and mitigate these issues:
 
 2. Open Finder and navigate to **Applications** > **Utilities**. Open **Activity Monitor** and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers.
 
-3. Configure Defender for Endpoint for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
+3. Configure Microsoft Defender for Endpoint for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
 
     See [Configure and validate exclusions for Microsoft Defender for Endpoint for Mac](mac-exclusions.md) for details.

From 51b89ba93d83f096eee1a269475b70195573e9b4 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:04:07 -0800
Subject: [PATCH 256/384] pencil edits

---
 .../microsoft-defender-atp/mac-sysext-policies.md      | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
index c1f73eb4e9..9b20ff2260 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@@ -25,9 +25,9 @@ ROBOTS: noindex,nofollow
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-In alignment with macOS evolution, we are preparing a Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
+In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
 
-If you have deployed Defender for Endpoint for Mac in a managed environment (through JAMF, Intune, or another MDM solution), you must deploy new configuration profiles. Failure to do these steps will result in users getting approval prompts to run these new components.
+If you have deployed Microsoft Defender for Endpoint for Mac in a managed environment (through JAMF, Intune, or another MDM solution), you must deploy new configuration profiles. Failure to do these steps will result in users getting approval prompts to run these new components.
 
 ## JAMF
 
@@ -47,7 +47,7 @@ To approve the system extensions, create the following payload:
 
 ### Privacy Preferences Policy Control
 
-Add the following JAMF payload to grant Full Disk Access to the Defender for Endpoint Endpoint Security Extension. This policy is a pre-requisite for running the extension on your device.
+Add the following JAMF payload to grant Full Disk Access to the Microsoft Defender for Endpoint Endpoint Security Extension. This policy is a pre-requisite for running the extension on your device.
 
 1. Select **Options** > **Privacy Preferences Policy Control**.
 2. Use `com.microsoft.wdav.epsext` as the **Identifier** and `Bundle ID` as **Bundle type**.
@@ -58,10 +58,10 @@ Add the following JAMF payload to grant Full Disk Access to the Defender for End
 
 ### Network Extension Policy
 
-As part of the Endpoint Detection and Response capabilities, Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
 
 >[!NOTE]
->JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Defender for Endpoint for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
+>JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender for Endpoint for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
 >As such, the following steps provide a workaround that involve signing the configuration profile.
 
 1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor:

From 715f39517269f64430fad21a873aef44af680ab7 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:05:12 -0800
Subject: [PATCH 257/384] pencil edits

---
 .../threat-protection/microsoft-defender-atp/mac-updates.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
index d9f83fa462..7db11e8873 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
@@ -30,7 +30,7 @@ ms.topic: conceptual
 
 Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
 
-To update Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
+To update Microsoft Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
 
 ![MAU screenshot](../microsoft-defender-antivirus/images/MDATP-34-MAU.png)
 
@@ -40,7 +40,7 @@ If you decide to deploy updates by using your software distribution tools, you s
 
 MAU includes a command-line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate).
 
-In MAU, the application identifier for Defender for Endpoint for Mac is *WDAV00*. To download and install the latest updates for Defender for Endpoint for Mac, execute the following command from a Terminal window:
+In MAU, the application identifier for Microsoft Defender for Endpoint for Mac is *WDAV00*. To download and install the latest updates for Microsoft Defender for Endpoint for Mac, execute the following command from a Terminal window:
 
 ```
 ./msupdate --install --apps wdav00
@@ -67,7 +67,7 @@ The `Production` channel contains the most stable version of the product.
 | **Possible values** | InsiderFast 
 External 
 Production |
 
 >[!WARNING]
->This setting changes the channel for all applications that are updated through Microsoft AutoUpdate. To change the channel only for Defender for Endpoint for Mac, execute the following command after replacing `[channel-name]` with the desired channel:
+>This setting changes the channel for all applications that are updated through Microsoft AutoUpdate. To change the channel only for Microsoft Defender for Endpoint for Mac, execute the following command after replacing `[channel-name]` with the desired channel:
 > ```bash
 > defaults write com.microsoft.autoupdate2 Applications -dict-add "/Applications/Microsoft Defender ATP.app" " { 'Application ID' = 'WDAV00' ; 'App Domain' = 'com.microsoft.wdav' ; LCID = 1033 ; ChannelName = '[channel-name]' ; }"
 > ```

From e496f7d0ec8b235cad00a649980d48f4b0ce85ac Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:08:09 -0800
Subject: [PATCH 258/384] pencil edits

---
 .../microsoft-defender-atp/mac-whatsnew.md    | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index ec2cea0291..7c00c8af5a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -25,20 +25,20 @@ ms.topic: conceptual
 
 
 > [!IMPORTANT]
-> In preparation for macOS 11 Big Sur, we are getting ready to release an update to Defender for Endpoint for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Defender for Endpoint for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
+> In preparation for macOS 11 Big Sur, we are getting ready to release an update to Microsoft Defender for Endpoint for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender for Endpoint for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
 > 
 > The update is applicable to devices running macOS version 10.15.4 or later.
 > 
-> To ensure that the Defender for Endpoint for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Defender for Endpoint for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
+> To ensure that the Microsoft Defender for Endpoint for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Microsoft Defender for Endpoint for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
 > 
 > Timing: 
-> - Organizations that previously opted into Defender for Endpoint preview features in Microsoft Defender Security Center, must be ready for Defender for Endpoint for Mac agent update **by August 10, 2020**.
-> - Organizations that do not participate in public previews for Microsoft Defender ATP features, must be ready **by September 07, 2020**.
+> - Organizations that previously opted into Microsoft Defender for Endpoint preview features in Microsoft Defender Security Center, must be ready for Microsoft Defender for Endpoint for Mac agent update **by August 10, 2020**.
+> - Organizations that do not participate in public previews for Microsoft Defender for Endpoint features, must be ready **by September 07, 2020**.
 > 
 > Action is needed by IT administrator. Review the steps below and assess the impact on your organization:
 > 
 > 1. Deploy the specified remote configuration to eligible macOS devices before Microsoft publishes the new agent version. 

-> Even though Defender for Endpoint for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Defender for Endpoint for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
+> Even though Microsoft Defender for Endpoint for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Microsoft Defender for Endpoint for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
 > 
 > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
 > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
@@ -125,7 +125,7 @@ ms.topic: conceptual
 
 ## 100.90.27
 
-- You can now [set an update channel](mac-updates.md#set-the-channel-name) for Defender for Endpoint for Mac that is different from the system-wide update channel
+- You can now [set an update channel](mac-updates.md#set-the-channel-name) for Microsoft Defender for Endpoint for Mac that is different from the system-wide update channel
 - New product icon
 - Other user experience improvements
 - Bug fixes
@@ -162,7 +162,7 @@ ms.topic: conceptual
 
 ## 100.79.42
 
-- Fixed an issue where Defender for Endpoint for Mac was sometimes interfering with Time Machine
+- Fixed an issue where Microsoft Defender for Endpoint for Mac was sometimes interfering with Time Machine
 - Added a new switch to the command-line utility for testing the connectivity with the backend service
   ```bash
   mdatp --connectivity-test
@@ -176,7 +176,7 @@ ms.topic: conceptual
 
 ## 100.70.99
 
-- Addressed an issue that impacts the ability of some users to upgrade to macOS Catalina when real-time protection is enabled. This sporadic issue was caused by Defender for Endpoint locking files within Catalina upgrade package while scanning them for threats, which led to failures in the upgrade sequence.
+- Addressed an issue that impacts the ability of some users to upgrade to macOS Catalina when real-time protection is enabled. This sporadic issue was caused by Microsoft Defender for Endpoint locking files within Catalina upgrade package while scanning them for threats, which led to failures in the upgrade sequence.
 
 ## 100.68.99
 
@@ -188,9 +188,9 @@ ms.topic: conceptual
 - Added support for macOS Catalina
 
   > [!CAUTION]
-  > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Defender for Endpoint is not able to fully protect your device.
+  > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.
   >
-  > The mechanism for granting this consent depends on how you deployed Defender for Endpoint:
+  > The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint:
   >
   > - For manual deployments, see the updated instructions in the [Manual deployment](mac-install-manually.md#how-to-allow-full-disk-access) topic.
   > - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.

From 75874148779327438bc3ba32954fc82565d28704 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:10:38 -0800
Subject: [PATCH 259/384] pencil edit

---
 .../threat-protection/microsoft-defender-atp/machine-groups.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
index 554b5877df..3b19a5d4f9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
@@ -30,7 +30,7 @@ ms.topic: article
 
 In an enterprise scenario, security operation teams are typically assigned a set of devices. These devices are grouped together based on a set of attributes such as their domains, computer names, or designated tags.
 
-In Defender for Endpoint, you can create device groups and use them to:
+In Microsoft Defender for Endpoint, you can create device groups and use them to:
 - Limit access to related alerts and data to specific Azure AD user groups with [assigned RBAC roles](rbac.md) 
 - Configure different auto-remediation settings for different sets of devices
 - Assign specific remediation levels to apply during automated investigations

From ac25c61eb982ad7daca4453f98df742ba6379ba1 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:11:45 -0800
Subject: [PATCH 260/384] pencil edits

---
 .../microsoft-defender-atp/machine.md                  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index 2dc1ae481f..b234d37124 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
@@ -49,8 +49,8 @@ Property |   Type   |   Description
 :---|:---|:---
 id | String | [machine](machine.md) identity.
 computerDnsName | String | [machine](machine.md) fully qualified name.
-firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Defender for Endpoint.
-lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Defender for Endpoint.
+firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint.
+lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint.
 osPlatform | String | Operating system platform.
 version | String | Operating system Version.
 osBuild | Nullable long | Operating system build number.
@@ -60,9 +60,9 @@ healthStatus | Enum | [machine](machine.md) health status. Possible values are:
 rbacGroupName | String | Machine group Name.
 rbacGroupId | Int | Machine group unique ID.
 riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
-exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined).
 machineTags | String collection | Set of [machine](machine.md) tags.
-exposureLevel | Nullable Enum | Exposure level as evaluated by Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 deviceValue | Nullable Enum | The [value of the device](tvm-assign-device-value.md). Possible values are: 'Normal', 'Low' and 'High'.
 

From 6c6fe92b18266261f31c79e8946a1e39591704df Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:13:09 -0800
Subject: [PATCH 261/384] pencil edits

---
 .../threat-protection/microsoft-defender-atp/machineaction.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
index 7871debd9c..94f6a0a86b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 - For more information, see [Response Actions](respond-machine-alerts.md). 
 
@@ -38,7 +38,7 @@ ms.topic: article
 | [Restrict app execution](restrict-code-execution.md)              | [Machine Action](machineaction.md) | Restrict application execution.                             |
 | [Remove app restriction](unrestrict-code-execution.md)            | [Machine Action](machineaction.md) | Remove application execution restriction.                   |
 | [Run antivirus scan](run-av-scan.md)                              | [Machine Action](machineaction.md) | Run an AV scan using Windows Defender (when applicable).    |
-| [Offboard machine](offboard-machine-api.md)                       | [Machine Action](machineaction.md) | Offboard [machine](machine.md) from Defender for Endpoint. |
+| [Offboard machine](offboard-machine-api.md)                       | [Machine Action](machineaction.md) | Offboard [machine](machine.md) from Microsoft Defender for Endpoint. |
 | [Stop and quarantine file](stop-and-quarantine-file.md)           | [Machine Action](machineaction.md) | Stop execution of a file on a machine and delete it.        |
 
 


From 8fbf81d62a31e73168dec9c97e2e71cc6c17690a Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 9 Nov 2020 11:23:18 -0800
Subject: [PATCH 262/384] rename file

---
 .openpublishing.redirection.json                             | 5 +++++
 .../microsoft-defender-atp/{commercial-gov.md => gov.md}     | 0
 2 files changed, 5 insertions(+)
 rename windows/security/threat-protection/microsoft-defender-atp/{commercial-gov.md => gov.md} (100%)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 81696cd310..e6293265fe 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -16069,6 +16069,11 @@
       "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/gov",
+      "redirect_document_id": true
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
rename to windows/security/threat-protection/microsoft-defender-atp/gov.md

From 0c89afc2bada519f53ab1e51ed548b0ba39a3a99 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Mon, 9 Nov 2020 11:27:13 -0800
Subject: [PATCH 263/384] pencil edit

---
 .../applocker/delete-an-applocker-rule.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
index 4db6c41c28..a63318645f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@@ -57,7 +57,7 @@ Use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter, using an .XML
       
     
 
-To use the Set-AppLockerPolicy cmdlet, first import the Applocker modules:
+To use the Set-AppLockerPolicy cmdlet, first import the AppLocker modules:
     
     PS C:\Users\Administrator> import-module AppLocker
 

From 226cccf52940619a134b5b21b2356f15ea4b8b45 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 9 Nov 2020 11:46:12 -0800
Subject: [PATCH 264/384] add field

---
 .../microsoft-defender-atp/indicator-manage.md             | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
index a446f06755..b7fbb4cac8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
@@ -65,8 +65,13 @@ expirationTime | DateTimeOffset | The expiration time of the indicator in the fo
 severity | Enum | The severity of the indicator. Possible values are: "Informational", "Low", "Medium" and "High". **Optional**
 recommendedActions | String | TI indicator alert recommended actions. **Optional**
 rbacGroupNames | String | Comma-separated list of RBAC group names the indicator would be applied to. **Optional**
+category | String | Category of the alert. 
+mitretechniques| String | MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/).
 
-## Related topics
+For more information, see [Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748).
+
+
+## See also
 - [Create indicators](manage-indicators.md)
 - [Create indicators for files](indicator-file.md)
 - [Create indicators for IPs and URLs/domains](indicator-ip-domain.md)

From f6d212195dad0e8bb61e70c413f1cef2c1cca950 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 9 Nov 2020 11:51:15 -0800
Subject: [PATCH 265/384] update keyword

---
 .../microsoft-defender-atp/indicator-manage.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
index b7fbb4cac8..82fe774e42 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
@@ -2,7 +2,7 @@
 title: Manage indicators
 ms.reviewer: 
 description: Manage indicators for a file hash, IP address, URLs, or domains that define the detection, prevention, and exclusion of entities.
-keywords: import, indicator, list, ioc, csv, manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
+keywords: import, indicator, list, ioc, csv, manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10

From 7486b0cdead356c0fe7888f0eb761d2087e0037e Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 9 Nov 2020 13:49:20 -0800
Subject: [PATCH 266/384] Updates for the new multitasking policy

---
 .../mdm/change-history-for-mdm-documentation.md           | 6 ++++++
 .../mdm/new-in-windows-mdm-enrollment-management.md       | 2 +-
 .../mdm/policy-configuration-service-provider.md          | 8 ++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
index 515e6883b2..cd63143ea2 100644
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@@ -16,6 +16,12 @@ ms.date: 10/19/2020
 
 This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues are not listed.
 
+## November 2020
+
+|New or updated article | Description|
+|--- | ---|
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policy:
- [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
+
 ## October 2020
 
 |New or updated article | Description|
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index cfc3df66f0..ee9ee3c5f7 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -26,7 +26,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 
 |New or updated article|Description|
 |-----|-----|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
- [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) |
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
- [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
 | [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
- Settings/AllowWindowsDefenderApplicationGuard |
 
 ## What’s new in MDM for Windows 10, version 2004
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c80a7ea33d..a1a8db3a83 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -5158,6 +5158,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   

 

 
+### Multitasking policies  
+
+

+  

+    Multitasking/BrowserAltTabBlowout
+  

+ 

+
 ### NetworkIsolation policies
 
 


From 8e95d4488f81ddd54b80080cf3852e1873be8673 Mon Sep 17 00:00:00 2001
From: Gary Moore 
Date: Mon, 9 Nov 2020 15:05:45 -0800
Subject: [PATCH 267/384] Acrolinx: "Bitlocker"

---
 windows/client-management/mdm/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 3d138153b0..e875d5d3a7 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -240,7 +240,7 @@
 #### [Audit](policy-csp-audit.md)
 #### [Authentication](policy-csp-authentication.md)
 #### [Autoplay](policy-csp-autoplay.md)
-#### [Bitlocker](policy-csp-bitlocker.md)
+#### [BitLocker](policy-csp-bitlocker.md)
 #### [BITS](policy-csp-bits.md)
 #### [Bluetooth](policy-csp-bluetooth.md)
 #### [Browser](policy-csp-browser.md)

From 022f5705305d19f3f40ac8a07104c9d0082469f9 Mon Sep 17 00:00:00 2001
From: Gary Moore 
Date: Mon, 9 Nov 2020 15:07:05 -0800
Subject: [PATCH 268/384] Acrolinx: "Bitlocker"

---
 .../mdm/change-history-for-mdm-documentation.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
index cd63143ea2..b1d4002955 100644
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@@ -371,7 +371,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
 
 
 
-Bitlocker CSP
+BitLocker CSP
 
Added new node AllowStandardUserEncryption in Windows 10, version 1809.

 
 

From 85cac16c635f9d50cfbf4dfdf2f28401eb38b877 Mon Sep 17 00:00:00 2001
From: Gary Moore 
Date: Mon, 9 Nov 2020 15:11:02 -0800
Subject: [PATCH 269/384] Corrected grammar and note style

---
 windows/client-management/mdm/policy-csp-experience.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 111a35311b..1b1dd1d9a9 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -286,7 +286,7 @@ The following list shows the supported values:
 
 Allows users to turn on/off device discovery UX.
 
-When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on.
+When set to 0, the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on.
 
 Most restricted value is 0.
 
@@ -416,7 +416,7 @@ The following list shows the supported values:
 
 
 
-Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), then disabling the MDM unenrollment has no effect.
+Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g., auto-enrolled), then disabling the MDM unenrollment has no effect.
 
 > [!NOTE]
 > The MDM server can always remotely delete the account.
@@ -569,7 +569,8 @@ Added in Windows 10, version 1703. This policy allows you to prevent Windows fro
 
 Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
 
-> **Note** This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
+> [!NOTE]
+> This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
 
 Most restricted value is 0.
 

From 93d4332bc8f064252add95ce14d2ea2a2d9df951 Mon Sep 17 00:00:00 2001
From: Gary Moore 
Date: Mon, 9 Nov 2020 15:12:07 -0800
Subject: [PATCH 270/384] Grammar fix

---
 windows/client-management/mdm/policy-csp-experience.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 1b1dd1d9a9..7809027bc7 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -510,7 +510,7 @@ Allows or disallows all Windows sync settings on the device. For information abo
 
 The following list shows the supported values:
 
--   0 – Sync settings is not allowed.
+-   0 – Sync settings are not allowed.
 -   1 (default) – Sync settings allowed.
 
 

From 539c1ccd99ef48e314fb4178011a68ed470f801e Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Mon, 9 Nov 2020 17:37:05 -0800
Subject: [PATCH 271/384] updated zeroday

---
 .../microsoft-defender-atp/tvm-security-recommendation.md   | 2 +-
 .../microsoft-defender-atp/tvm-zero-day-vulnerabilities.md  | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index b4ffcd5ce4..cab17aed46 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -95,7 +95,7 @@ From the flyout, you can choose any of the following options:
 
 - **Open software page** - Open the software page to get more context on the software and how it's distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution.
 
-- [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
+- [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT administrator to pick up and address. Track the remediation activity in the Remediation page.
 
 - [**Exception options**](tvm-exception.md) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
index 62b6465eab..f1747bc294 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
@@ -84,10 +84,14 @@ Go to the security recommendation page and select a recommendation with a zero-d
 
 There will be a link to mitigation options and workarounds if they are available. Workarounds may help reduce the risk posed by this zero-day vulnerability until a patch or security update can be deployed.
 
-Open remediation options and choose the attention type. An "attention required" remediation option is recommended for the zero-day vulnerabilities, since an update hasn't been released yet. If there are older vulnerabilities for this software you wish to remediation, you can override the "attention required" remediation option and choose “update.”
+Open remediation options and choose the attention type. An "attention required" remediation option is recommended for the zero-day vulnerabilities, since an update hasn't been released yet. You won't be able to select a due date, since there is no specific action to perform. If there are older vulnerabilities for this software you wish to remediation, you can override the "attention required" remediation option and choose “update.”
 
 ![Zero day flyout example of Windows Server 2016 in the security recommendations page.](images/tvm-zero-day-software-flyout-400.png)
 
+## Track zero-day remediation activities
+
+Go to the threat and vulnerability management [Remediation](tvm-remediation.md) page to view the remediation activity item. If you chose the "attention required" remediation option, there will be no progress bar or ticket status since there is no actual action we can monitor.
+
 ## Patching zero-day vulnerabilities
 
 When a patch is released for the zero-day, the recommendation will be changed to “Update” and a blue label next to it that says “New security update for zero day.” It will no longer consider as a zero-day, the zero-day tag will be removed from all pages.

From f11c8139d7340f866cf435bf471d6dc35133b96f Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Tue, 10 Nov 2020 09:24:57 +0100
Subject: [PATCH 272/384] Update vpn-conditional-access.md

Updating the note describing prerequisites for using SSO with information relevant for AAD only joined devices.
---
 .../identity-protection/vpn/vpn-conditional-access.md         | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index fc09e68a62..002d10e812 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -77,7 +77,9 @@ Two client-side configuration service providers are leveraged for VPN device com
    - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification
    
 > [!NOTE]
-> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. 
+> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources.
+> 
+> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has in Subject and SAN (Subject Alternative Name) the user UPN from AzureAD, the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero).
 
 ## Client connection flow
 

From 8ecbbdad2bb68911f49da71a20918431ae319f09 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi 
Date: Tue, 10 Nov 2020 16:27:45 +0530
Subject: [PATCH 273/384] Rebranding task -4626590

---
 windows/deployment/s-mode.md                  |  2 +-
 .../olympia/olympia-enrollment-guidelines.md  |  2 +-
 ...-diagnostic-data-events-and-fields-2004.md |  2 +-
 .../security/includes/machineactionsnote.md   |  6 +--
 windows/security/includes/prerelease.md       |  4 +-
 .../control-usb-devices-using-intune.md       | 42 +++++++++----------
 ...tion-based-protection-of-code-integrity.md |  2 +-
 .../device-guard/memory-integrity.md          |  2 +-
 ...tion-based-protection-of-code-integrity.md |  2 +-
 .../intelligence/fileless-threats.md          |  2 +-
 .../intelligence/phishing.md                  |  2 +-
 .../intelligence/prevent-malware-infection.md |  6 +--
 .../intelligence/understanding-malware.md     |  2 +-
 .../faq-md-app-guard.md                       |  2 +-
 .../install-md-app-guard.md                   |  2 +-
 .../md-app-guard-overview.md                  |  2 +-
 .../reqs-md-app-guard.md                      |  2 +-
 ...defender-application-control-management.md |  2 +-
 ...events-centrally-using-advanced-hunting.md |  6 +--
 .../types-of-devices.md                       |  2 +-
 ...control-with-intelligent-security-graph.md |  2 +-
 ...r-application-control-operational-guide.md |  4 +-
 .../windows-defender-security-center.md       |  2 +-
 .../ltsc/whats-new-windows-10-2016.md         |  6 +--
 .../ltsc/whats-new-windows-10-2019.md         | 36 ++++++++--------
 25 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index 9223db8e03..ea76222dde 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -58,4 +58,4 @@ The [MSIX Packaging Tool](https://docs.microsoft.com/windows/application-managem
 - [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode)
 - [S mode devices](https://www.microsoft.com/en-us/windows/view-all-devices)
 - [Windows Defender Application Control deployment guide](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
-- [Windows Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
+- [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index 6c713170eb..8997b5e4f9 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -22,7 +22,7 @@ Windows Insider Lab for Enterprise is intended for Windows Insiders who want to
 
 As an Olympia user, you will have an opportunity to: 
 
--   Use various enterprise features like Windows Information Protection (WIP), Advanced Threat Protection (ATP), windows Defender Application Guard (WDAG), and Application Virtualization (APP-V).
+-   Use various enterprise features like Windows Information Protection (WIP), Microsoft Defender for Office 365, Windows Defender Application Guard (WDAG), and Application Virtualization (APP-V).
 -   Learn how Microsoft is preparing for GDPR, as well as enabling enterprise customers to prepare for their own readiness.
 -   Validate and test pre-release software in your environment.
 -   Provide feedback.
diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
index a1832d8486..0b34139584 100644
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@@ -6052,7 +6052,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Sense.Client.PerformanceScript.OnboardingScript
 
-This event is triggered whenever WDATP onboarding script is run. The data collected with this event is used to keep Windows performing properly.
+This event is triggered whenever Microsoft Defender for Endpoint onboarding script is run. The data collected with this event is used to keep Windows performing properly.
 
 The following fields are available:
 
diff --git a/windows/security/includes/machineactionsnote.md b/windows/security/includes/machineactionsnote.md
index 246c89eb92..542eec5756 100644
--- a/windows/security/includes/machineactionsnote.md
+++ b/windows/security/includes/machineactionsnote.md
@@ -1,6 +1,6 @@
 ---
-title: Perform a Machine Action via the Microsoft Defender ATP API
-description: This page focuses on performing a machine action via the Microsoft Defender Advanced Threat Protection (MDATP) API.
+title: Perform a Machine Action via the Microsoft Defender for Endpoint API
+description: This page focuses on performing a machine action via the Microsoft Defender for Endpoint API.
 ms.date: 08/28/2017
 ms.reviewer: 
 manager: dansimp
@@ -10,4 +10,4 @@ ms.prod: w10
 ---
 
 >[!Note]
-> This page focuses on performing a machine action via API. See [take response actions on a machine](../threat-protection/microsoft-defender-atp/respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender ATP.
+> This page focuses on performing a machine action via API. See [take response actions on a machine](../threat-protection/microsoft-defender-atp/respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender for Endpoint.
diff --git a/windows/security/includes/prerelease.md b/windows/security/includes/prerelease.md
index a83544340f..a008aa45d7 100644
--- a/windows/security/includes/prerelease.md
+++ b/windows/security/includes/prerelease.md
@@ -1,6 +1,6 @@
 ---
-title: Microsoft Defender ATP Pre-release Disclaimer
-description: Disclaimer for pre-release version of Microsoft Defender ATP.
+title: Microsoft Defender for Endpoint Pre-release Disclaimer
+description: Disclaimer for pre-release version of Microsoft Defender for Endpoint.
 ms.date: 08/28/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
index add9bc1309..f37748f9d5 100644
--- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
+++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
@@ -13,13 +13,13 @@ manager: dansimp
 audience: ITPro
 ---
 
-# How to control USB devices and other removable media using Microsoft Defender ATP
+# How to control USB devices and other removable media using Microsoft Defender for Endpoint
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Microsoft recommends [a layered approach to securing removable media](https://aka.ms/devicecontrolblog), and Microsoft Defender ATP provides multiple monitoring and control features to help prevent threats in unauthorized peripherals from compromising your devices:
+Microsoft recommends [a layered approach to securing removable media](https://aka.ms/devicecontrolblog), and Microsoft Defender for Endpoint provides multiple monitoring and control features to help prevent threats in unauthorized peripherals from compromising your devices:
 
-1. [Discover plug and play connected events for peripherals in Microsoft Defender ATP advanced hunting](#discover-plug-and-play-connected-events). Identify or investigate suspicious usage activity.
+1. [Discover plug and play connected events for peripherals in Microsoft Defender for Endpoint advanced hunting](#discover-plug-and-play-connected-events). Identify or investigate suspicious usage activity.
 
 2. Configure to allow or block only certain removable devices and prevent threats.
     1. [Allow or block removable devices](#allow-or-block-removable-devices) based on granular configuration to deny write access to removable disks and approve or deny devices by using USB device IDs. Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices.
@@ -28,22 +28,22 @@ Microsoft recommends [a layered approach to securing removable media](https://ak
            - Microsoft Defender Antivirus real-time protection (RTP) to scan removable storage for malware.  
            - The Attack Surface Reduction (ASR) USB rule to block untrusted and unsigned processes that run from USB.  
            - Direct Memory Access (DMA) protection settings to mitigate DMA attacks, including Kernel DMA Protection for Thunderbolt and blocking DMA until a user signs in.  
-3. [Create customized alerts and response actions](#create-customized-alerts-and-response-actions) to monitor usage of removable devices based on these plug and play events or any other Microsoft Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules).
+3. [Create customized alerts and response actions](#create-customized-alerts-and-response-actions) to monitor usage of removable devices based on these plug and play events or any other Microsoft Defender for Endpoint events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules).
 
 4. [Respond to threats](#respond-to-threats) from peripherals in real-time based on properties reported by each peripheral.
 
 >[!Note]
->These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. Additionally, you can [classify and protect files on Windows devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview) (including their mounted USB devices) by using Microsoft Defender ATP and Azure Information Protection.
+>These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. Additionally, you can [classify and protect files on Windows devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview) (including their mounted USB devices) by using Microsoft Defender for Endpoint and Azure Information Protection.
 
 ## Discover plug and play connected events
 
-You can view plug and play connected events in Microsoft Defender ATP advanced hunting to identify suspicious usage activity or perform internal investigations.
-For examples of Microsoft Defender ATP advanced hunting queries, see the [Microsoft Defender ATP hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries).
+You can view plug and play connected events in Microsoft Defender for Endpoint advanced hunting to identify suspicious usage activity or perform internal investigations.
+For examples of Defender for Endpoint advanced hunting queries, see the [Microsoft Defender for Endpoint hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries).
 
-Sample Power BI report templates are available for Microsoft Defender ATP that you can use for Advanced hunting queries. With these sample templates, including one for device control, you can integrate the power of Advanced hunting into Power BI. See the [GitHub repository for PowerBI templates](https://github.com/microsoft/MDATP-PowerBI-Templates) for more information. See [Create custom reports using Power BI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/api-power-bi) to learn more about Power BI integration.
+Sample Power BI report templates are available for Microsoft Defender for Endpoint that you can use for Advanced hunting queries. With these sample templates, including one for device control, you can integrate the power of Advanced hunting into Power BI. See the [GitHub repository for PowerBI templates](https://github.com/microsoft/MDATP-PowerBI-Templates) for more information. See [Create custom reports using Power BI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/api-power-bi) to learn more about Power BI integration.
 
 ## Allow or block removable devices
-The following table describes the ways Microsoft Defender ATP can allow or block removable devices based on granular configuration.
+The following table describes the ways Microsoft Defender for Endpoint can allow or block removable devices based on granular configuration.
 
 | Control  | Description |
 |----------|-------------|
@@ -54,11 +54,11 @@ The following table describes the ways Microsoft Defender ATP can allow or block
 | [Allow installation and usage of specifically approved peripherals with matching device instance IDs](#allow-installation-and-usage-of-specifically-approved-peripherals-with-matching-device-instance-ids) | You can only install and use approved peripherals that match any of these device instance IDs. |
 | [Prevent installation and usage of specifically prohibited peripherals with matching device instance IDs](#prevent-installation-and-usage-of-specifically-prohibited-peripherals-with-matching-device-instance-ids) | You can't install or use prohibited peripherals that match any of these device instance IDs. |
 | [Limit services that use Bluetooth](#limit-services-that-use-bluetooth) | You can limit the services that can use Bluetooth. |
-| [Use Microsoft Defender ATP baseline settings](#use-microsoft-defender-atp-baseline-settings) | You can set the recommended configuration for ATP by using the Microsoft Defender ATP security baseline. |
+| [Use Microsoft Defender for Endpoint baseline settings](#use-microsoft-defender-for-endpoint-baseline-settings) | You can set the recommended configuration for ATP by using the Defender for Endpoint security baseline. |
 
 ### Restrict USB drives and other peripherals
 
-To prevent malware infections or data loss, an organization may restrict USB drives and other peripherals. The following table describes the ways Microsoft Defender ATP can help prevent installation and usage of USB drives and other peripherals.
+To prevent malware infections or data loss, an organization may restrict USB drives and other peripherals. The following table describes the ways Microsoft Defender for Endpoint can help prevent installation and usage of USB drives and other peripherals.
 
 | Control  | Description
 |----------|-------------|
@@ -75,7 +75,7 @@ The above policies can also be set through the [Device Installation CSP settings
 
 > [!Note]
 > Always test and refine these settings with a pilot group of users and devices first before applying them in production.
-For more information about controlling USB devices, see the [Microsoft Defender ATP blog](https://www.microsoft.com/security/blog/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/).
+For more information about controlling USB devices, see the [Microsoft Defender for Endpoint blog](https://www.microsoft.com/security/blog/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/).
 
 #### Allow installation and usage of USB drives and other peripherals
 
@@ -189,7 +189,7 @@ Allowing installation of specific devices requires also enabling [DeviceInstalla
 
 ### Prevent installation of specifically prohibited peripherals
 
-Microsoft Defender ATP blocks installation and usage of prohibited peripherals by using either of these options:
+Microsoft Defender for Endpoint blocks installation and usage of prohibited peripherals by using either of these options:
 
 - [Administrative Templates](https://docs.microsoft.com/intune/administrative-templates-windows) can block any device with a matching hardware ID or setup class.  
 - [Device Installation CSP settings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) with a custom profile in Intune. You can [prevent installation of specific device IDs](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids) or [prevent specific device classes](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses).
@@ -212,26 +212,26 @@ Using Intune, you can limit the services that can use Bluetooth through the ["Bl
 
 ![Bluetooth](images/bluetooth.png)
 
-### Use Microsoft Defender ATP baseline settings
+### Use Microsoft Defender for Endpoint baseline settings
 
-The Microsoft Defender ATP baseline settings represent the recommended configuration for ATP. Configuration settings for baseline are located in the edit profile page of the configuration settings.
+The Microsoft Defender for Endpoint baseline settings represent the recommended configuration for ATP. Configuration settings for baseline are located in the edit profile page of the configuration settings.
 
 ![Baselines](images/baselines.png)
 
 ## Prevent threats from removable storage
   
-Removable storage devices can introduce additional security risk to your organization. Microsoft Defender ATP can help identify and block malicious files on removable storage devices.
+Removable storage devices can introduce additional security risk to your organization. Microsoft Defender for Endpoint can help identify and block malicious files on removable storage devices.
 
-Microsoft Defender ATP can also prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device.
+Microsoft Defender for Endpoint can also prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device.
 
 Note that if you block USB devices or any other device classes using the device installation policies, connected devices, such as phones, can still charge.
 
 >[!NOTE]
 >Always test and refine these settings with a pilot group of users and devices first before widely distributing to your organization. 
 
-The following table describes the ways Microsoft Defender ATP can help prevent threats from removable storage.
+The following table describes the ways Microsoft Defender for Endpoint can help prevent threats from removable storage.
 
-For more information about controlling USB devices, see the [Microsoft Defender ATP blog](https://aka.ms/devicecontrolblog).
+For more information about controlling USB devices, see the [Microsoft Defender for Endpoint blog](https://aka.ms/devicecontrolblog).
 
 | Control  | Description |
 |----------|-------------|
@@ -327,7 +327,7 @@ For information on device control related advance hunting events and examples on
 
 ## Respond to threats
 
-You can create custom alerts and automatic response actions with the [Microsoft Defender ATP Custom Detection Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules). Response actions within the custom detection cover both machine and file level actions. You can also create alerts and automatic response actions using [PowerApps](https://powerapps.microsoft.com/) and [Flow](https://flow.microsoft.com/) with the [Microsoft Defender ATP connector](https://docs.microsoft.com/connectors/wdatp/). The connector supports actions for investigation, threat scanning, and restricting running applications. It is one of over 200 pre-defined connectors including Outlook, Teams, Slack, and more. Custom connectors can also be built. See [Connectors](https://docs.microsoft.com/connectors/) to learn more about connectors.
+You can create custom alerts and automatic response actions with the [Microsoft Defender for Endpoint Custom Detection Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules). Response actions within the custom detection cover both machine and file level actions. You can also create alerts and automatic response actions using [PowerApps](https://powerapps.microsoft.com/) and [Flow](https://flow.microsoft.com/) with the [Microsoft Defender for Endpoint connector](https://docs.microsoft.com/connectors/wdatp/). The connector supports actions for investigation, threat scanning, and restricting running applications. It is one of over 200 pre-defined connectors including Outlook, Teams, Slack, and more. Custom connectors can also be built. See [Connectors](https://docs.microsoft.com/connectors/) to learn more about connectors.
  
 For example, using either approach, you can automatically have the Microsoft Defender Antivirus run when a USB device is mounted onto a machine.
 
diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index 35846937a0..d855eb2606 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -18,7 +18,7 @@ ms.reviewer:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10.
 Some applications, including device drivers, may be incompatible with HVCI.
diff --git a/windows/security/threat-protection/device-guard/memory-integrity.md b/windows/security/threat-protection/device-guard/memory-integrity.md
index 3ebdf7bf95..7183046686 100644
--- a/windows/security/threat-protection/device-guard/memory-integrity.md
+++ b/windows/security/threat-protection/device-guard/memory-integrity.md
@@ -18,7 +18,7 @@ manager: dansimp
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Memory integrity is a feature of Windows that ensures code running in the Windows kernel is securely designed and trustworthy. It uses hardware virtualization and Hyper-V to protect Windows kernel mode processes from the injection and execution of malicious or unverified code. The integrity of code that runs on Windows is validated by memory integrity, making Windows resistant to attacks from malicious software. Memory integrity is a powerful security boundary that helps to block many types of malware from running in Windows 10 and Windows Server 2016 environments.
 
diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index d594900ce7..dcd19d4f9b 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -19,7 +19,7 @@ ms.author: dansimp
 
 **Applies to**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Computers must meet certain hardware, firmware, and software requirements in order to take advantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
 
diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md
index a5f4583231..9be24dcbe2 100644
--- a/windows/security/threat-protection/intelligence/fileless-threats.md
+++ b/windows/security/threat-protection/intelligence/fileless-threats.md
@@ -98,6 +98,6 @@ Besides being vulnerable at the firmware level, CPUs could be manufactured with
 
 ## Defeating fileless malware
 
-At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions to mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender Advanced Threat Protection [(Microsoft Defender ATP)](https://www.microsoft.com/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
+At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions to mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender for Endpoint](https://www.microsoft.com/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
 
 To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/)
diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md
index d70c3f606b..f2cd0a919e 100644
--- a/windows/security/threat-protection/intelligence/phishing.md
+++ b/windows/security/threat-protection/intelligence/phishing.md
@@ -64,7 +64,7 @@ If in doubt, contact the business by known channels to verify if any suspicious
 
 * [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies.  Using various layers of filtering, EOP can provide different controls for spam filtering, such as bulk mail controls and international spam, that will further enhance your protection services.
 
-* Use [Office 365 Advanced Threat Protection (ATP)](https://products.office.com/exchange/online-email-threat-protection?ocid=cx-blog-mmpc) to help protect your email, files, and online storage against malware. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
+* Use [Microsoft Defender for Office 365](https://products.office.com/exchange/online-email-threat-protection?ocid=cx-blog-mmpc) to help protect your email, files, and online storage against malware. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
 
 ## What to do if you've been a victim of a phishing scam
 
diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md
index 3313e1d680..026d1653b0 100644
--- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md
+++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md
@@ -103,11 +103,11 @@ Microsoft provides comprehensive security capabilities that help protect against
 
 * [Microsoft 365](https://docs.microsoft.com/microsoft-365/enterprise/) includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data.
 
-* [Office 365 Advanced Threat Protection](https://docs.microsoft.com/office365/servicedescriptions/office-365-advanced-threat-protection-service-description) includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders.
+* [Microsoft Defender for Office 365](https://docs.microsoft.com/office365/servicedescriptions/office-365-advanced-threat-protection-service-description) includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders.
 
 * [OneDrive for Business](https://support.office.com/article/restore-a-previous-version-of-a-file-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893?ui=en-US&rs=en-US&ad=US) can back up files, which you would then use to restore files in the event of an infection.
 
-* [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Microsoft Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Microsoft Defender ATP free of charge.
+* [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Microsoft Defender for Endpoint alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Microsoft Defender for Endpoint free of charge.
 
 * [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on your devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account.
 
@@ -117,6 +117,6 @@ Microsoft provides comprehensive security capabilities that help protect against
 
 ## What to do with a malware infection
 
-Microsoft Defender ATP antivirus capabilities help reduce the chances of infection and will automatically remove threats that it detects.
+Microsoft Defender for Endpoint antivirus capabilities help reduce the chances of infection and will automatically remove threats that it detects.
 
 In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware).
diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md
index eb417b74dd..87e0080d20 100644
--- a/windows/security/threat-protection/intelligence/understanding-malware.md
+++ b/windows/security/threat-protection/intelligence/understanding-malware.md
@@ -21,7 +21,7 @@ Malware is a term used to describe malicious applications and code that can caus
 
 Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims.
 
-As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)), businesses can stay protected with next-generation protection and other security capabilities.
+As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), businesses can stay protected with next-generation protection and other security capabilities.
 
 For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic.
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 007fa751d5..ab42d2eb12 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -16,7 +16,7 @@ ms.custom: asr
 
 # Frequently asked questions - Microsoft Defender Application Guard 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration.
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
index 1903c17792..2ead755621 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
@@ -17,7 +17,7 @@ ms.custom: asr
 # Prepare to install Microsoft Defender Application Guard
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Review system requirements
  
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index 4acd29aa2d..ead96a7a5d 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -16,7 +16,7 @@ ms.custom: asr
 
 # Microsoft Defender Application Guard overview
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete.
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
index 5757f18c10..81623005a4 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
@@ -16,7 +16,7 @@ ms.custom: asr
 
 # System requirements for Microsoft Defender Application Guard
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
index 61a59f78bf..b64d307ca9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
@@ -65,7 +65,7 @@ Each time that a process is blocked by WDAC, events will be written to either th
 
 Collecting these events in a central location can help you maintain your WDAC policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](https://go.microsoft.com/fwlink/p/?LinkId=145012).
 
-Additionally, WDAC events are collected by [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) and can be queried using the [advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) feature.
+Additionally, WDAC events are collected by [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) and can be queried using the [advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) feature.
 
 ## Application and user support policy
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
index 19bcd021e5..1e729211c5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -22,12 +22,12 @@ ms.date: 12/06/2018
 A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. 
 While Event Viewer helps to see the impact on a single system, IT Pros want to gauge the impact across many systems. 
 
-In November 2018, we added functionality in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) that makes it easy to view WDAC events centrally from all systems that are connected to Microsoft Defender ATP. 
+In November 2018, we added functionality in Microsoft Defender for Endpoint that makes it easy to view WDAC events centrally from all systems that are connected to Defender for Endpoint. 
 
-Advanced hunting in Microsoft Defender ATP allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with “AppControl”. 
+Advanced hunting in Microsoft Defender for Endpoint allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with “AppControl”. 
 This capability is supported beginning with Windows version 1607.
 
-Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender ATP:
+Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint:
 
 ```
 DeviceEvents
diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
index 601d01340e..91a81e3359 100644
--- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
@@ -41,7 +41,7 @@ In the next set of topics, we will explore each of the above scenarios using a f
 
 Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the United States. Lamna employs thousands of people, from doctors and nurses to accountants, in-house lawyers, and IT technicians. Their device use cases are varied and include single-user workstations for their professional staff, shared kiosks used by doctors and nurses to access patient records, dedicated medical devices such as MRI scanners, and many others. Additionally, Lamna has a relaxed, bring-your-own-device policy for many of their professional staff.
 
-Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) (MEM) in hybrid mode with both Configuration Manager (MEMCM) and Intune. Although they use MEM to deploy many applications, Lamna has always had very relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (MDATP) for better endpoint detection and response.
+Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) (MEM) in hybrid mode with both Configuration Manager (MEMCM) and Intune. Although they use MEM to deploy many applications, Lamna has always had very relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response.
 
 > [!NOTE]
 > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager. 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
index 7705229827..5b14874133 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@@ -90,7 +90,7 @@ This step is not required for WDAC policies deployed over MDM using the AppLocke
 
 ## Security considerations with the Intelligent Security Graph 
 
-Since the Microsoft Intelligent Security Graph is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Microsoft Defender Advanced Threat Protection to help provide optics into what users are doing. 
+Since the Microsoft Intelligent Security Graph is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Microsoft Defender for Endpoint to help provide optics into what users are doing. 
 
 Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of WDAC when the Microsoft Intelligent Security Graph option is allowed by circumventing or corrupting the heuristics used to assign reputation to application executables. The Microsoft Intelligent Security Graph option uses the same heuristic tracking as managed installer and so for application installers that include an option to automatically run the application at the end of the installation process the heuristic may over-authorize.  
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
index 8a7ad0700f..b91a1efb4b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
@@ -24,7 +24,7 @@ ms.date: 03/16/2020
 - Windows 10
 - Windows Server 2016 and above
 
-After designing and deploying your Windows Defender Application Control (WDAC) policies, this guide covers understanding the effects your policies are having and troubleshooting when they are not behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender Advanced Threat Protection (MDATP) Advanced Hunting feature.
+After designing and deploying your Windows Defender Application Control (WDAC) policies, this guide covers understanding the effects your policies are having and troubleshooting when they are not behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender for Endpoint Advanced Hunting feature.
 
 ## WDAC Events Overview
 
@@ -42,4 +42,4 @@ WDAC events are generated under two locations:
 | - | - |
 | [Understanding Application Control event IDs](event-id-explanations.md) | This topic explains the meaning of different WDAC event IDs. |
 | [Understanding Application Control event tags](event-tag-explanations.md) | This topic explains the meaning of different WDAC event tags. |
-| [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) | This topic covers how to view WDAC events centrally from all systems that are connected to Microsoft Defender ATP. |
+| [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) | This topic covers how to view WDAC events centrally from all systems that are connected to Microsoft Defender for Endpoint. |
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index a3bf04355b..7f5c78c55f 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -34,7 +34,7 @@ In Windows 10, version 1803, the app has two new areas, **Account protection** a
 ![Screenshot of the Windows Security app showing that the device is protected and five icons for each of the features](images/security-center-home.png)
 
 > [!NOTE]
-> The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
+> The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
 
 You can't uninstall the Windows Security app, but you can do one of the following:
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
index 37619d2d6f..63e15a057b 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@@ -124,11 +124,11 @@ Several new features and management options have been added to Windows Defender
 - [Run a Windows Defender scan from the command line](/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus).
 - [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) during download and install times.
 
-### Windows Defender Advanced Threat Protection (ATP)
+### Microsoft Defender for Endpoint
 
-With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks.
+With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Microsoft Defender for Endpoint is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks.
 
-[Learn more about Windows Defender Advanced Threat Protection (ATP)](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
+[Learn more about Microsoft Defender for Endpoint](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
 
 ### VPN security
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 591f85814f..cee461354f 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -44,11 +44,11 @@ This version of Window 10 includes security improvements for threat protection,
 
 ### Threat protection
 
-#### Windows Defender ATP
+#### Microsoft Defender for Endpoint
 
-The Windows Defender Advanced Threat Protection ([Windows Defender ATP](/windows/security/threat-protection/index)) platform includes the security pillars shown in the following diagram. In this version of Windows, Windows Defender ATP includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. 
+The [Microsoft Defender for Endpoint](/windows/security/threat-protection/index) platform includes the security pillars shown in the following diagram. In this version of Windows, Defender for Endpoint includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. 
 
-![Windows Defender ATP](../images/wdatp.png)
+![Microsoft Defender for Endpoint](../images/wdatp.png)
 
 ##### Attack surface reduction 
 
@@ -72,9 +72,9 @@ But these protections can also be configured separately. And, unlike HVCI, code
 
 ### Endpoint detection and response 
 
-Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Windows Defender ATP portal. 
+Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Microsoft Defender for Endpoint portal. 
 
-   Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between M365 services and interoperates with Windows Defender ATP.  Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). 
+   Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between M365 services and interoperates with Microsoft Defender for Endpoint.  Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). 
     
    We've also [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). The new library includes information on:
 - [Deploying and enabling AV protection](/windows/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus)
@@ -104,20 +104,20 @@ Endpoint detection and response is improved. Enterprise customers can now take a
   - [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file.
 
 Additional capabilities have been added to help you gain a holistic view on **investigations** include:
-- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics) - Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
-- [Query data using Advanced hunting in Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
+- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics) - Threat Analytics is a set of interactive reports published by the Microsoft Defender for Endpoint research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
+- [Query data using Advanced hunting in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
 - [Use Automated investigations to investigate and remediate threats](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)
 - [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials.
 - [Alert process tree](/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection#alert-process-tree) - Aggregates multiple detections and related events into a single view to reduce case resolution time.
-- [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Windows Defender ATP.
+- [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Microsoft Defender for Endpoint.
 
 Other enhanced security features include:
-- [Check sensor health state](/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues.
-- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection) - Windows Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.
-- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center) - Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
-- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration) - Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
-- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019) - Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. 
-- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection) - Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor.
+- [Check sensor health state](/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection) - Check an endpoint's ability to provide sensor data and communicate with the Microsoft Defender for Endpoint service and fix known issues.
+- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection) - Microsoft Defender for Endpoint adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.
+- [Integration with Azure Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center) - Microsoft Defender for Endpoint integrates with Azure Defender to provide a comprehensive server protection solution. With this integration Azure Defender can leverage the power of Defender for Endpoint to provide improved threat detection for Windows Servers.
+- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration) - Microsoft Cloud App Security leverages Microsoft Defender for Endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Defender for Endpoint monitored machines.
+- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019) - Microsoft Defender for Endpoint now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. 
+- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection) - Onboard supported versions of Windows machines so that they can send sensor data to the Microsoft Defender for Endpoint sensor.
 - [Enable conditional access to better protect users, devices, and data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection)
 
 We've also added a new assessment for the Windows time service to the **Device performance & health** section. If we detect that your device’s time is not properly synced with our time servers and the time-syncing service is disabled, we’ll provide the option for you to turn it back on.
@@ -127,15 +127,15 @@ We’re continuing to work on how other security apps you’ve installed show up
 This also means you’ll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you’ll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks).
 
 You can read more about ransomware mitigations and detection capability at:  
-- [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/)
+- [Averting ransomware epidemics in corporate networks with Microsoft Defender for Endpoint](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/)
 - [Ransomware security intelligence](https://docs.microsoft.com/windows/security/threat-protection/intelligence/ransomware-malware)
 - [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/)
 
-Also see [New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97)
+Also see [New capabilities of Microsoft Defender for Endpoint further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97)
 
-Get a quick, but in-depth overview of Windows Defender ATP for Windows 10: [Windows Defender Advanced Threat Protection](/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
+Get a quick, but in-depth overview of Microsoft Defender for Endpoint for Windows 10: [Defender for Endpoint](/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
 
-For more information about features of Windows Defender ATP available in different editions of Windows 10, see the [Windows 10 commercial edition comparison](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf).
+For more information about features of Microsoft Defender for Endpoint available in different editions of Windows 10, see the [Windows 10 commercial edition comparison](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf).
 
 ### Information protection 
 

From bb424a17745a1e383655d0f138719fc7d26a980e Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 10 Nov 2020 16:38:52 +0530
Subject: [PATCH 274/384] updated-4567381-Batch11

rebranding
---
 .../machines-view-overview.md                 | 10 ++--
 .../microsoft-defender-atp/manage-alerts.md   | 26 +++++------
 .../manage-atp-post-migration-intune.md       |  2 +-
 .../manage-auto-investigation.md              |  2 +-
 .../manage-automation-file-uploads.md         |  4 +-
 .../manage-automation-folder-exclusions.md    |  4 +-
 .../manage-incidents.md                       |  4 +-
 .../manage-indicators.md                      | 12 ++---
 .../manage-suppression-rules.md               |  2 +-
 .../microsoft-defender-atp/management-apis.md | 32 ++++++-------
 .../mcafee-to-microsoft-defender-migration.md |  4 +-
 .../mcafee-to-microsoft-defender-setup.md     |  4 +-
 .../microsoft-cloud-app-security-config.md    | 12 ++---
 ...icrosoft-cloud-app-security-integration.md | 12 ++---
 ...oft-defender-advanced-threat-protection.md | 26 +++++------
 .../microsoft-defender-atp-android.md         | 28 +++++------
 .../microsoft-defender-atp-ios.md             | 10 ++--
 .../microsoft-defender-atp-linux.md           | 36 +++++++--------
 .../microsoft-defender-atp-mac.md             | 46 +++++++++----------
 .../microsoft-defender-security-center.md     |  6 +--
 .../microsoft-threat-experts.md               |  4 +-
 .../migration-guides.md                       |  4 +-
 .../minimum-requirements.md                   | 44 +++++++++---------
 .../microsoft-defender-atp/mssp-list.md       |  8 ++--
 .../microsoft-defender-atp/mssp-support.md    |  8 ++--
 25 files changed, 175 insertions(+), 175 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
index c4df93659f..fae0dfc00e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# View and organize the Microsoft Defender ATP Devices list
+# View and organize the Microsoft Defender for Endpoint Devices list
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
 
 The **Devices list** shows a list of the devices in your network where alerts were generated. By default, the queue displays devices with alerts seen in the last 30 days.  
 
@@ -61,7 +61,7 @@ The exposure level reflects the current exposure of the device based on the cumu
 If the exposure level says "No data available," there are a few reasons why this may be the case:
 
 - Device stopped reporting for more than 30 days – in that case it is considered inactive, and the exposure isn't computed
-- Device OS not supported - see [minimum requirements for Microsoft Defender ATP](minimum-requirements.md)
+- Device OS not supported - see [minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md)
 - Device with stale agent (very unlikely)
 
 ### OS Platform
@@ -106,4 +106,4 @@ Filter the list based on the grouping and tagging that you've added to individua
 
 ## Related topics
 
-- [Investigate devices in the Microsoft Defender ATP Devices list](investigate-machines.md)
+- [Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
index 9a210d00da..92810d1d1f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
@@ -17,17 +17,17 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Manage Microsoft Defender Advanced Threat Protection alerts
+# Manage Microsoft Defender for Endpoint alerts
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
 
-Microsoft Defender ATP notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Security operations dashboard**, and you can access all alerts in the **Alerts queue**.
+Defender for Endpoint notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Security operations dashboard**, and you can access all alerts in the **Alerts queue**.
 
 You can manage alerts by selecting an alert in the **Alerts queue**, or the **Alerts** tab of the Device page for an individual device.
 
@@ -43,7 +43,7 @@ If an alert is not yet assigned, you can select **Assign to me** to assign the a
 
 
 ## Suppress alerts
-There might be scenarios where you need to suppress alerts from appearing in Microsoft Defender Security Center. Microsoft Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization.
+There might be scenarios where you need to suppress alerts from appearing in Microsoft Defender Security Center. Defender for Endpoint lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization.
 
 Suppression rules can be created from an existing alert. They can be disabled and reenabled if needed.
 
@@ -82,7 +82,7 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 3. Select the **Triggering IOC**.
     
 4. Specify the action and scope on the alert. 

-   You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue, alert page, and device timeline and will appear as resolved across Microsoft Defender ATP APIs. 

 Alerts that are marked as hidden will be suppressed from the entire system, both on the device's associated alerts and from the dashboard and will not be streamed across Microsoft Defender ATP APIs.
+   You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue, alert page, and device timeline and will appear as resolved across Defender for Endpoint APIs. 

 Alerts that are marked as hidden will be suppressed from the entire system, both on the device's associated alerts and from the dashboard and will not be streamed across Defender for Endpoint APIs.
 
 
 5. Enter a rule name and a comment.
@@ -120,10 +120,10 @@ Added comments instantly appear on the pane.
 
 ## Related topics
 - [Manage suppression rules](manage-suppression-rules.md)
-- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue](alerts-queue.md)
-- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
-- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
-- [Investigate devices in the Microsoft Defender ATP Devices list](investigate-machines.md)
-- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
-- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
-- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
+- [View and organize the Microsoft Defender for Endpoint Alerts queue](alerts-queue.md)
+- [Investigate Microsoft Defender for Endpoint alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender for Endpoint alert](investigate-files.md)
+- [Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender for Endpoint alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender for Endpoint alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender for Endpoint](investigate-user.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
index 36d77dce37..94a77a1007 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
@@ -61,7 +61,7 @@ The following table lists various tasks you can perform to configure Microsoft D
 |**Use Conditional Access** to control the devices and apps that can connect to your email and company resources |[Configure Conditional Access in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access) |
 |**Configure Microsoft Defender Antivirus settings** using the Policy configuration service provider ([Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)) |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus)

[Policy CSP - Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender)  | 
 |**If necessary, specify exclusions for Microsoft Defender Antivirus** 

*Generally, you shouldn't need to apply exclusions. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios.* |[Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows](https://support.microsoft.com/help/822158/virus-scanning-recommendations-for-enterprise-computers)

[Device restrictions: Microsoft Defender Antivirus Exclusions for Windows 10 devices](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions) 

[Configure Microsoft Defender Antivirus exclusions on Windows Server 2016 or 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus)|
-|**Configure your attack surface reduction rules** to target software behaviors that are often abused by attackers

*Configure your attack surface reduction rules in [audit mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender) at first (for at least one week and up to two months). You can monitor status using Power BI ([get our template](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules)), and then set those rules to active mode when you're ready.* |[Audit mode in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender)

[Endpoint protection: Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json#attack-surface-reduction)

[Learn more about attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)

[Tech Community blog post: Demystifying attack surface reduction rules - Part 1](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420) |
+|**Configure your attack surface reduction rules** to target software behaviors that are often abused by attackers

*Configure your attack surface reduction rules in [audit mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender) at first (for at least one week and up to two months). You can monitor status using Power BI ([get our template](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules)), and then set those rules to active mode when you're ready.* |[Audit mode in Microsoft Defender for Endpoint ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender)

[Endpoint protection: Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json#attack-surface-reduction)

[Learn more about attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)

[Tech Community blog post: Demystifying attack surface reduction rules - Part 1](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420) |
 |**Configure your network filtering** to block outbound connections from any app to IP addresses or domains with low reputations  

*Network filtering is also referred to as [network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection).*

*Make sure that Windows 10 devices have the latest [antimalware platform updates](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform) installed.*|[Endpoint protection: Network filtering](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#network-filtering)

[Review network protection events in Windows Event Viewer](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection#review-network-protection-events-in-windows-event-viewer) |
 |**Configure controlled folder access** to protect against ransomware 

*[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders) is also referred to as antiransomware protection.*  |[Endpoint protection: Controlled folder access](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#controlled-folder-access) 

[Enable controlled folder access in Intune](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders#intune)  |
 |**Configure exploit protection** to protect your organization's devices from malware that uses exploits to spread and infect other devices 

 *[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection) is also referred to as Exploit Guard.* |[Endpoint protection: Microsoft Defender Exploit Guard](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-exploit-guard) 

[Enable exploit protection in Intune](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection#intune) |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index ab130cb910..3f4c0af91b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -70,7 +70,7 @@ The following table summarizes remediation actions following an automated invest
 |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. 

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center) |
 |**No automated response** (this is not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) |
 
-In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
+In Microsoft Defender for Endpoint, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 
 > [!TIP]
 > To learn more about remediation actions following an automated investigation, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated). 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
index 0b5d31597f..a82c4c98cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
@@ -25,11 +25,11 @@ ms.topic: article
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
 
 Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection in Automated investigation.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
index 29529c8847..c60093cd86 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
@@ -25,11 +25,11 @@ ms.topic: article
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink)
 
 Automation folder exclusions allow you to specify folders that the Automated investigation will skip. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
index f0cd8403c1..4fa8c2f463 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
@@ -19,13 +19,13 @@ ms.collection:
 ms.topic: article
 ---
 
-# Manage Microsoft Defender ATP incidents
+# Manage Microsoft Defender for Endpoint incidents
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index d5186273e9..a2904c5d62 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -24,22 +24,22 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
 
 Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response).
 
 Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the device group to apply it to.
 
-Currently supported sources are the cloud detection engine of Microsoft Defender ATP, the automated investigation and remediation engine, and the endpoint prevention engine (Microsoft Defender AV).
+Currently supported sources are the cloud detection engine of Defender for Endpoint, the automated investigation and remediation engine, and the endpoint prevention engine (Microsoft Defender AV).
 
 **Cloud detection engine**

-The cloud detection engine of Microsoft Defender ATP regularly scans collected data and tries to match the indicators you set. When there is a match, action will be taken according to the settings you specified for the IoC.
+The cloud detection engine of Defender for Endpoint regularly scans collected data and tries to match the indicators you set. When there is a match, action will be taken according to the settings you specified for the IoC.
 
 **Endpoint prevention engine**

-The same list of indicators is honored by the prevention agent. Meaning, if Microsoft Defender AV is the primary AV configured, the matched indicators will be treated according to the settings. For example, if the action is "Alert and Block", Microsoft Defender AV will prevent file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Microsoft Defender AV  will not detect nor block the file from being run.
+The same list of indicators is honored by the prevention agent. Meaning, if Microsoft Defender AV is the primary AV configured, the matched indicators will be treated according to the settings. For example, if the action is "Alert and Block", Microsoft Defender AV will prevent file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Microsoft Defender AV will not detect nor block the file from being run.
 
 **Automated investigation and remediation engine**

 The automated investigation and remediation behave the same. If an indicator is set to "Allow", Automated investigation and remediation will ignore a "bad" verdict for it. If set to "Block", Automated investigation and remediation will treat it as "bad".
@@ -64,5 +64,5 @@ You can create an indicator for:
 ## Related topics
 
 - [Create contextual IoC](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
-- [Use the Microsoft Defender ATP indicators API](ti-indicator.md)
+- [Use the Microsoft Defender for Endpoint indicators API](ti-indicator.md)
 - [Use partner integrated solutions](partner-applications.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
index d13aa975d2..bf6e43d5b2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
@@ -24,7 +24,7 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. For more information on how to suppress alerts, see [Suppress alerts](manage-alerts.md).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
index c3176ac54a..83cad3a708 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
@@ -24,19 +24,19 @@ ms.topic: conceptual
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mgt-apis-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mgt-apis-abovefoldlink)
 
-Microsoft Defender ATP supports a wide variety of options to ensure that customers can easily adopt the platform. 
+Defender for Endpoint supports a wide variety of options to ensure that customers can easily adopt the platform. 
 
-Acknowledging that customer environments and structures can vary, Microsoft Defender ATP was created with flexibility and granular control to fit varying customer requirements. 
+Acknowledging that customer environments and structures can vary, Defender for Endpoint was created with flexibility and granular control to fit varying customer requirements. 
 
 ## Endpoint onboarding and portal access 
 
 Device onboarding is fully integrated into Microsoft Endpoint Configuration Manager and Microsoft Intune for client devices and Azure Security Center for server devices, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender ATP supports Group Policy and other third-party tools used for devices management.
 
-Microsoft Defender ATP provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure:
+Defender for Endpoint provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure:
 - Globally distributed organizations and security teams
 - Tiered model security operations teams
 - Fully segregated divisions with single centralized global security operations teams 
@@ -44,30 +44,30 @@ Microsoft Defender ATP provides fine-grained control over what users with access
 ## Available APIs
 The Microsoft Defender ATP solution is built on top of an integration-ready platform.
 
-Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities.
+Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities.
 
-![Image of available API and integration in Microsoft Defender ATP](images/mdatp-apis.png)  
+![Image of available API and integration in Microsoft Defender for Endpoint](images/mdatp-apis.png)  
 
-The Microsoft Defender ATP APIs can be grouped into three:
-- Microsoft Defender ATP APIs 
+The Defender for Endpoint APIs can be grouped into three:
+- Microsoft Defender for Endpoint APIs 
 - Raw data streaming API
 - SIEM integration
 
-## Microsoft Defender ATP APIs
+## Microsoft Defender for Endpoint APIs
 
-Microsoft Defender ATP offers a layered API model exposing data and capabilities in a structured, clear, and easy to use model, exposed through a standard Azure  AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form. 
+Defender for Endpoint offers a layered API model exposing data and capabilities in a structured, clear, and easy to use model, exposed through a standard Azure  AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form. 
 
-Watch this video for a quick overview of Microsoft Defender ATP's APIs. 
+Watch this video for a quick overview of Defender for Endpoint's APIs. 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
 
-The **Investigation API** exposes the richness of Microsoft Defender ATP - exposing calculated or 'profiled' entities (for example, device, user, and file) and discrete events (for example, process creation and file creation) which typically describes a behavior related to an entity, enabling access to data via investigation interfaces allowing a query-based access to data. For more information, see, [Supported APIs](exposed-apis-list.md).
+The **Investigation API** exposes the richness of Defender for Endpoint - exposing calculated or 'profiled' entities (for example, device, user, and file) and discrete events (for example, process creation and file creation) which typically describes a behavior related to an entity, enabling access to data via investigation interfaces allowing a query-based access to data. For more information, see, [Supported APIs](exposed-apis-list.md).
 
 The **Response API** exposes the ability to take actions in the service and on devices, enabling customers to ingest indicators, manage settings, alert status, as well as take response actions on devices programmatically such as isolate devices from the network, quarantine files, and others. 
 
 ## Raw data streaming API 
-Microsoft Defender ATP raw data streaming API provides the ability for customers to ship real-time events and alerts from their instances as they occur within a single data stream, providing a low latency, high throughput delivery mechanism.
+Defender for Endpoint raw data streaming API provides the ability for customers to ship real-time events and alerts from their instances as they occur within a single data stream, providing a low latency, high throughput delivery mechanism.
 
-The Microsoft Defender ATP event information is pushed directly to Azure storage for long-term data retention, or to Azure Event Hubs for consumption by visualization services or additional data processing engines. 
+The Defender for Endpoint event information is pushed directly to Azure storage for long-term data retention, or to Azure Event Hubs for consumption by visualization services or additional data processing engines. 
 
 For more information, see, [Raw data streaming API](raw-data-export.md).
 
@@ -76,7 +76,7 @@ For more information, see, [Raw data streaming API](raw-data-export.md).
 When you enable security information and event management (SIEM) integration, it allows you to pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API. This activates the SIEM connector access details section with pre-populated values and an application is created under your Azure Active Directory (Azure AD) tenant. For more information, see, [SIEM integration](enable-siem-integration.md)
 
 ## Related topics
-- [Access the Microsoft Defender Advanced Threat Protection APIs ](apis-intro.md)
+- [Access the Microsoft Defender for Endpoint APIs ](apis-intro.md)
 - [Supported APIs](exposed-apis-list.md)
 - [Technical partner opportunities](partner-integration.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index e9fa0412b0..efb438eb60 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -24,12 +24,12 @@ ms.date: 09/22/2020
 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ---
 
-# Migrate from McAfee to Microsoft Defender Advanced Threat Protection
+# Migrate from McAfee to Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide to plan your migration.  
+If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide to plan your migration.  
 
 ## The migration process
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 8813e53523..858c7f0d06 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -34,10 +34,10 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ||*You are here!* | |
 
 
-**Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
+**Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
 1. [Enable Microsoft Defender Antivirus and confirm it's in passive mode](#enable-microsoft-defender-antivirus-and-confirm-its-in-passive-mode).
 2. [Get updates for Microsoft Defender Antivirus](#get-updates-for-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-mcafee).
+3. [Add Microsoft Defender for Endpoint to the exclusion list for McAfee](#add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-mcafee).
 4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus).
 5. [Add McAfee to the exclusion list for Microsoft Defender for Endpoint](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-for-endpoint).
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
index 16dd867662..98816a74b8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
@@ -25,26 +25,26 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration.
+To benefit from Microsoft Defender for Endpoint cloud app discovery signals, turn on Microsoft Cloud App Security integration.
 
 >[!NOTE]
 >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
 
-> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. 
+> See [Microsoft Defender for Endpoint integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. 
 
-## Enable Microsoft Cloud App Security in Microsoft Defender ATP
+## Enable Microsoft Cloud App Security in Microsoft Defender for Endpoint
 
 1. In the navigation pane, select **Preferences setup** > **Advanced features**.
 2. Select **Microsoft Cloud App Security** and switch the toggle to **On**.
 3. Click **Save preferences**.
 
-Once activated, Microsoft Defender ATP will immediately start forwarding discovery signals to Cloud App Security.
+Once activated, Microsoft Defender for Endpoint will immediately start forwarding discovery signals to Cloud App Security.
 
 ## View the data collected
 
-To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security).
+To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security).
 
 
 For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
index a23303c507..87814b1b25 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
@@ -19,12 +19,12 @@ ms.topic: conceptual
 ms.date: 10/18/2018
 ---
 
-# Microsoft Cloud App Security in Microsoft Defender ATP overview
+# Microsoft Cloud App Security in Defender for Endpoint overview
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
@@ -33,9 +33,9 @@ Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution th
 >[!NOTE]
 >This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10 version 1809 or later.
 
-## Microsoft Defender ATP and Cloud App Security integration 
+## Microsoft Defender for Endpoint and Cloud App Security integration 
 
-Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Microsoft Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage. The monitoring functionality is built into the device, providing complete coverage of network activity.
+Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Microsoft Defender for Endpoint integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage. The monitoring functionality is built into the device, providing complete coverage of network activity.
 
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4yQ]
 
@@ -44,9 +44,9 @@ The integration provides the following major improvements to the existing Cloud
 
 - Available everywhere - Since the network activity is collected directly from the endpoint, it's available wherever the device is, on or off corporate network, as it's no longer depended on traffic routed through the enterprise firewall or proxy servers. 
 
-- Works out of the box, no configuration required - Forwarding cloud traffic logs to Cloud App Security requires firewall and proxy server configuration. With the Microsoft Defender ATP and Cloud App Security integration, there's no configuration required. Just switch it on in Microsoft Defender Security Center settings and you're good to go. 
+- Works out of the box, no configuration required - Forwarding cloud traffic logs to Cloud App Security requires firewall and proxy server configuration. With the Defender for Endpoint and Cloud App Security integration, there's no configuration required. Just switch it on in Microsoft Defender Security Center settings and you're good to go. 
 
-- Device context - Cloud traffic logs lack device context. Microsoft Defender ATP network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it. 
+- Device context - Cloud traffic logs lack device context. Defender for Endpoint network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it. 
 
 For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index b37274b4cb..ff9263b229 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -24,14 +24,14 @@ ms.topic: conceptual
 
 > For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
 
-Microsoft Defender Advanced Threat Protection is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
+Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 

 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4wDob]
 
-Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+Defender for Endpoint uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
--   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
+-   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
 
 
 -   **Cloud security analytics**: Leveraging big-data, device-learning, and
@@ -42,12 +42,12 @@ Microsoft Defender ATP uses the following combination of technology built into W
 
 -   **Threat intelligence**: Generated by Microsoft hunters, security teams,
     and augmented by threat intelligence provided by partners, threat
-    intelligence enables Microsoft Defender ATP to identify attacker
+    intelligence enables Defender for Endpoint to identify attacker
     tools, techniques, and procedures, and generate alerts when they
     are observed in collected sensor data.
 
 
-
Microsoft Defender ATP

+
Microsoft Defender for Endpoint

 
@@ -72,8 +72,8 @@ Microsoft Defender ATP uses the following combination of technology built into W
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4vnC4?rel=0] 
 
 > [!TIP]
-> - Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
-> - Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+> - Learn about the latest enhancements in Defender for Endpoint: [What's new in Microsoft Defender for Endpoint](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+> - Microsoft Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 
 
 
@@ -104,15 +104,15 @@ In conjunction with being able to quickly respond to advanced attacks, Microsoft
 
 **[Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)**

 
-Microsoft Defender ATP includes Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
+Defender for Endpoint includes Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
 
 
 
 **[Microsoft Threat Experts](microsoft-threat-experts.md)**

-Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
+Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
 
 >[!IMPORTANT]
->Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.

+>Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.

 >
If you are not enrolled yet and would like to experience its benefits, go to Settings > General > Advanced features > Microsoft Threat Experts to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription.
 
 
@@ -123,7 +123,7 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
 
 
 **[Integration with Microsoft solutions](threat-protection-integration.md)** 

- Microsoft Defender ATP directly integrates with various Microsoft solutions, including:
+ Defender for Endpoint directly integrates with various Microsoft solutions, including:
 - Intune
 - Office 365 ATP
 - Azure ATP
@@ -132,8 +132,8 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
 - Microsoft Cloud App Security
 
 **[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**

- With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
+ With Microsoft Threat Protection, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
 
 
 ## Related topic
-[Microsoft Defender ATP helps detect sophisticated threats](https://www.microsoft.com/en-us/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection)
+[Microsoft Defender for Endpoint helps detect sophisticated threats](https://www.microsoft.com/en-us/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
index 4b4a872950..e71d9f1081 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
@@ -20,24 +20,24 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Microsoft Defender Advanced Threat Protection for Android
+# Microsoft Defender for Endpoint for Android
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-This topic describes how to install, configure, update, and use Microsoft Defender ATP for Android.
+This topic describes how to install, configure, update, and use Defender for Endpoint for Android.
 
 > [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Android is likely to cause performance problems and unpredictable system errors.
+> Running other third-party endpoint protection products alongside Defender for Endpoint for Android is likely to cause performance problems and unpredictable system errors.
 
 
-## How to install Microsoft Defender ATP for Android
+## How to install Microsoft Defender for Endpoint for Android
 
 ### Prerequisites
 
 -   **For end users**
 
-    -   Microsoft Defender ATP license assigned to the end user(s) of the app. See [Microsoft Defender ATP licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
+    -   Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
 
     -   Intune Company Portal app can be downloaded from [Google
         Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal)
@@ -57,7 +57,7 @@ This topic describes how to install, configure, update, and use Microsoft Defend
     -   Access to the Microsoft Defender Security Center portal.
 
         > [!NOTE]
-        > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender ATP for Android. Currently only enrolled devices are supported for enforcing Microsoft Defender ATP for Android related device compliance policies in Intune. 
+        > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for Android. Currently only enrolled devices are supported for enforcing Defender for Endpoint for Android related device compliance policies in Intune. 
 
     -   Access [Microsoft Endpoint Manager admin
         center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the
@@ -72,24 +72,24 @@ This topic describes how to install, configure, update, and use Microsoft Defend
 
 ### Installation instructions
 
-Microsoft Defender ATP for Android supports installation on both modes of
+Microsoft Defender for Endpoint for Android supports installation on both modes of
 enrolled devices - the legacy Device Administrator and Android Enterprise modes.
 **Currently, only Work Profile enrolled devices are supported in Android Enterprise. Support for other Android Enterprise modes will be announced when ready.**
 
-Deployment of Microsoft Defender ATP for Android is via Microsoft Intune (MDM).
-For more information, see [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md).
+Deployment of Microsoft Defender for Endpoint for Android is via Microsoft Intune (MDM).
+For more information, see [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](android-intune.md).
 
 
 > [!NOTE]
-> **Microsoft Defender ATP for Android is available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.** 
 You can connect to Google Play from Intune to deploy Microsoft Defender ATP app, across Device Administrator and Android Enterprise entrollment modes. 
+> **Microsoft Defender for Endpoint for Android is available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.** 
 You can connect to Google Play from Intune to deploy Microsoft Defender for Endpoint app, across Device Administrator and Android Enterprise entrollment modes. 
 
-## How to Configure Microsoft Defender ATP for Android
+## How to Configure Microsoft Defender for Endpoint for Android
 
-Guidance on how to configure Microsoft Defender ATP for Android features is available in [Configure Microsoft Defender ATP for Android features](android-configure.md).
+Guidance on how to configure Microsoft Defender for Endpoint for Android features is available in [Configure Microsoft Defender for Endpoint for Android features](android-configure.md).
 
 
 
 ## Related topics
-- [Deploy Microsoft Defender ATP for with Microsoft Intune](android-intune.md)
-- [Configure Microsoft Defender ATP for Android features](android-configure.md)
+- [Deploy Microsoft Defender for Endpoint for with Microsoft Intune](android-intune.md)
+- [Configure Microsoft Defender for Endpoint for Android features](android-configure.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
index 118ea48672..46b7669ddf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
@@ -20,7 +20,7 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Microsoft Defender Advanced Threat Protection for iOS
+# Microsoft Defender for Endpoint for iOS
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -33,7 +33,7 @@ ms.topic: conceptual
 > As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
 
 
-The public preview of Microsoft Defender ATP for iOS will offer protection
+The public preview of Defender for Endpoint for iOS will offer protection
 against phishing and unsafe network connections from websites, emails, and apps.
 All alerts will be available through a single pane of glass in the Microsoft
 Defender Security Center. The portal gives security teams a centralized view of threats on
@@ -44,7 +44,7 @@ iOS devices along with other platforms.
 
 **For End Users**
 
--   Microsoft Defender ATP license assigned to the end user(s) of the app. Refer
+-   Defender for Endpoint license assigned to the end user(s) of the app. Refer
     [Assign licenses to
     users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign)
     for instructions on how to assign licenses.
@@ -74,5 +74,5 @@ iOS devices along with other platforms.
 
 ## Next steps
 
-- [Deploy Microsoft Defender ATP for iOS](ios-install.md)
-- [Configure Microsoft Defender ATP for iOS features](ios-configure-features.md)
\ No newline at end of file
+- [Deploy Microsoft Defender for Endpoint for iOS](ios-install.md)
+- [Configure Microsoft Defender for Endpoint for iOS features](ios-configure-features.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
index b53befb8a7..873df4353b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@@ -20,17 +20,17 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Microsoft Defender ATP for Linux
+# Microsoft Defender for Endpoint for Linux
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-This topic describes how to install, configure, update, and use Microsoft Defender ATP for Linux.
+This topic describes how to install, configure, update, and use Microsoft Defender for Endpoint for Linux.
 
 > [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to cause performance problems and unpredictable system errors.
+> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint for Linux is likely to cause performance problems and unpredictable system errors.
 
-## How to install Microsoft Defender ATP for Linux
+## How to install Microsoft Defender for Endpoint for Linux
 
 ### Prerequisites
 
@@ -40,19 +40,19 @@ This topic describes how to install, configure, update, and use Microsoft Defend
 
 ### Installation instructions
 
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Linux.
+There are several methods and deployment tools that you can use to install and configure Microsoft Defender for Endpoint for Linux.
 
 In general you need to take the following steps:
 
-- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the [Microsoft Defender ATP portal](microsoft-defender-security-center.md).
-- Deploy Microsoft Defender ATP for Linux using one of the following deployment methods:
+- Ensure that you have a Microsoft Defender for Endpoint subscription, and that you have access to the [Microsoft Defender for Endpoint portal](microsoft-defender-security-center.md).
+- Deploy Microsoft Defender for Endpoint for Linux using one of the following deployment methods:
   - The command-line tool:
     - [Manual deployment](linux-install-manually.md)
   - Third-party management tools:
     - [Deploy using Puppet configuration management tool](linux-install-with-puppet.md)
     - [Deploy using Ansible configuration management tool](linux-install-with-ansible.md)
 
-If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender ATP for Linux](linux-support-install.md).
+If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender for Endpoint for Linux](linux-support-install.md).
 
 ### System requirements
 
@@ -68,7 +68,7 @@ If you experience any installation failures, refer to [Troubleshooting installat
 - Minimum kernel version 3.10.0-327
 - The `fanotify` kernel option must be enabled
   > [!CAUTION]
-  > Running Microsoft Defender ATP for Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system.
+  > Running Defender for Endpoint for Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system.
 
 - Disk space: 1GB
 - The solution currently provides real-time protection for the following file system types:
@@ -99,33 +99,33 @@ The following downloadable spreadsheet lists the services and their associated U
 
 |**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
+|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 
 > [!NOTE]
 > For a more specific URL list, see [Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
 
-Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
+Defender for Endpoint can discover a proxy server by using the following discovery methods:
 - Transparent proxy
 - Manual static proxy configuration
 
-If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md).
+If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Defender for Endpoint. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md).
 
 > [!WARNING]
 > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used.
 >
-> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Defender for Endpoint for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
 
-For troubleshooting steps, see [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md).
+For troubleshooting steps, see [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Linux](linux-support-connectivity.md).
 
-## How to update Microsoft Defender ATP for Linux
+## How to update Microsoft Defender for Endpoint for Linux
 
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Linux, refer to [Deploy updates for Microsoft Defender ATP for Linux](linux-updates.md).
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint for Linux, refer to [Deploy updates for Microsoft Defender for Endpoint for Linux](linux-updates.md).
 
-## How to configure Microsoft Defender ATP for Linux
+## How to configure Microsoft Defender for Endpoint for Linux
 
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
 
 ## Resources
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 4f2891c210..da5844b30c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -20,38 +20,38 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Microsoft Defender Advanced Threat Protection for Mac
+# Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.
+This topic describes how to install, configure, update, and use Defender for Endpoint for Mac.
 
 > [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
+> Running other third-party endpoint protection products alongside Defender for Endpoint for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
 
 ## What’s new in the latest release
 
-[What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
+[What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-atp.md)
 
-[What's new in Microsoft Defender ATP for Mac](mac-whatsnew.md)
+[What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md)
 
 > [!TIP]
-> If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
+> If you have any feedback that you would like to share, submit it by opening Defender for Endpoint for Mac on your device and navigating to **Help** > **Send feedback**.
 
-To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender ATP to be an "Insider" device. See [Enable Microsoft Defender ATP Insider Device](endpoint-detection-response-mac-preview.md). 
+To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Defender for Endpoint to be an "Insider" device. See [Enable Microsoft Defender for Endpoint Insider Device](endpoint-detection-response-mac-preview.md). 
 
-## How to install Microsoft Defender ATP for Mac
+## How to install Microsoft Defender for Endpoint for Mac
 
 ### Prerequisites
 
-- A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
+- A Defender for Endpoint subscription and access to the Microsoft Defender Security Center portal
 - Beginner-level experience in macOS and BASH scripting
 - Administrative privileges on the device (in case of manual deployment)
 
 ### Installation instructions
 
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+There are several methods and deployment tools that you can use to install and configure Defender for Endpoint for Mac.
 
 - Third-party management tools:
     - [Microsoft Intune-based deployment](mac-install-with-intune.md)
@@ -74,15 +74,15 @@ After you've enabled the service, you may need to configure your network or fire
 
 ### Licensing requirements
 
-Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers:
+Microsoft Defender for Endpoint for Mac requires one of the following Microsoft Volume Licensing offers:
 
 - Microsoft 365 E5 (M365 E5)
 - Microsoft 365 E5 Security
 - Microsoft 365 A5 (M365 A5)
 
 > [!NOTE]
-> Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
-> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+> Eligible licensed users may use Defender for Endpoint on up to five concurrent devices.
+> Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
 
 ### Network connections
 
@@ -92,11 +92,11 @@ The following downloadable spreadsheet lists the services and their associated U
 
 |**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
+|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 
-Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
+Defender for Endpoint can discover a proxy server by using the following discovery methods:
 - Proxy autoconfig (PAC)
 - Web Proxy Autodiscovery Protocol (WPAD)
 - Manual static proxy configuration
@@ -106,7 +106,7 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t
 > [!WARNING]
 > Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
 >
-> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Defender for Endpoint for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
 
 To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
 
@@ -125,25 +125,25 @@ The output from this command should be similar to the following:
 > [!CAUTION]
 > We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
 
-Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:
+Once Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
 ```bash
 mdatp --connectivity-test
 ```
 
-## How to update Microsoft Defender ATP for Mac
+## How to update Microsoft Defender for Endpoint for Mac
 
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md)
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md)
 
-## How to configure Microsoft Defender ATP for Mac
+## How to configure Microsoft Defender for Endpoint for Mac
 
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
 
 ## macOS kernel and system extensions
 
-In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender Advanced Threat Protection for Mac](mac-whatsnew.md) for relevant details.
+In alignment with macOS evolution, we are preparing a Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md) for relevant details.
 
 ## Resources
 
 - For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page.
 
-- [Privacy for Microsoft Defender ATP for Mac](mac-privacy.md)
+- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
index e04a02313b..baaaf022b3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+Microsoft Defender Security Center is the portal where you can access Microsoft Defender for Endpoint capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
 
 ## In this section
 
@@ -35,9 +35,9 @@ Get started  |  Learn about the minimum requirements, validate licensing and com
 [Understand the portal](use.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
 Investigate and remediate threats | Investigate alerts, devices, and take response actions to remediate threats.
 API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Microsoft Defender Security Center.
-Reporting | Create and build Power BI reports using Microsoft Defender ATP data.
+Reporting | Create and build Power BI reports using Defender for Endpoint data.
 Check service health and sensor state | Verify that the service is running and check the sensor state on devices.
 [Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
-[Access the Microsoft Defender ATP Community Center](community.md) | Access the Microsoft Defender ATP Community Center to learn, collaborate, and share experiences about the product.
+[Access the Microsoft Defender for Endpoint Community Center](community.md) | Access the Defender for Endpoint Community Center to learn, collaborate, and share experiences about the product.
 [Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Microsoft Defender Advanced Threat service.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
index 47fcaf8d7d..07c5bb4248 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@@ -25,7 +25,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Microsoft Threat Experts is a managed threat hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
   
@@ -40,7 +40,7 @@ Watch this video for a quick overview of Microsoft Threat Experts.
 > [!NOTE]
 > Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
 
-Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
+Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
 
 If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription. See [Configure Microsoft Threat Experts capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#before-you-begin) for details. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
index 308308a4d0..24527c0a89 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
@@ -29,8 +29,8 @@ If you're considering switching from a non-Microsoft threat protection solution
 
 |Scenario |Guidance |
 |:--|:--|
-|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work.  |[Microsoft Defender ATP evaluation lab](evaluation-lab.md)   |
-|You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured.  |[Microsoft Defender Advanced Threat Protection deployment guide](deployment-phases.md)  |
+|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work.  |[Microsoft Defender for Endpoint evaluation lab](evaluation-lab.md)   |
+|You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured.  |[Microsoft Defender for Endpoint deployment guide](deployment-phases.md)  |
 |You're planning to migrate from McAfee Endpoint Security (McAfee) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from McAfee to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md) |
 |You're planning to migrate from Symantec Endpoint Protection (Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md) |
 |You're planning to migrate from a non-Microsoft endpoint protection solution (other than McAfee or Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Make the switch to Microsoft Defender for Endpoint](switch-to-microsoft-defender-migration.md)   |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 0f05ee52c8..7a36a23ea9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -17,25 +17,25 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Minimum requirements for Microsoft Defender ATP
+# Minimum requirements for Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 There are some minimum requirements for onboarding devices to the service. Learn about the licensing, hardware and software requirements, and other configuration settings to onboard devices to the service.
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink).
+> Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink).
 
 
 > [!TIP]
-> - Learn about the latest enhancements in Microsoft Defender ATP: [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced).
-> - Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+> - Learn about the latest enhancements in Microsoft Defender for Endpoint: [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced).
+> - Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 
 ## Licensing requirements
-Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+Microsoft Defender for Endpoint requires one of the following Microsoft Volume Licensing offers:
 
 - Windows 10 Enterprise E5
 - Windows 10 Education A5
@@ -44,18 +44,18 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
 - Microsoft 365 A5 (M365 A5)
 
 > [!NOTE]
-> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
-> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+> Eligible Licensed Users may use Microsoft Defender for Endpoint on up to five concurrent devices.
+> Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
 
 
 
-Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
+Microsoft Defender for Endpoint, on Windows Server, requires one of the following licensing options:
 
 - [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing)
-- Microsoft Defender ATP for Servers (one per covered server)
+- Defender for Endpoint for Servers (one per covered server)
 
 > [!NOTE]
-> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Microsoft Defender Advanced Threat Protection, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender ATP for Linux.
+> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Defender for Endpoint for Servers (one per covered Server OSE): Microsoft Defender for Endpoint, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Defender for Endpoint for Linux.
 
 For detailed licensing information, see the [Product Terms site](https://www.microsoft.com/licensing/terms/) and work with your account team to learn the detailed terms and conditions for the product.
 
@@ -64,7 +64,7 @@ For more information on the array of features in Windows 10 editions, see [Compa
 For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wfbdevicemanagementprod.blob.core.windows.net/windowsforbusiness/Windows10_CommercialEdition_Comparison.pdf).
 
 ## Browser requirements
-Access to Microsoft Defender ATP is done through a browser, supporting the following browsers:
+Access to Defender for Endpoint  is done through a browser, supporting the following browsers:
 - Microsoft Edge
 - Internet Explorer version 11
 - Google Chrome
@@ -94,7 +94,7 @@ Access to Microsoft Defender ATP is done through a browser, supporting the follo
 
 Devices on your network must be running one of these editions.
 
-The hardware requirements for Microsoft Defender ATP on devices are the same for the supported editions.
+The hardware requirements for Defender for Endpoint on devices are the same for the supported editions.
 
 > [!NOTE]
 > Machines running mobile versions of Windows are not supported.
@@ -110,22 +110,22 @@ The hardware requirements for Microsoft Defender ATP on devices are the same for
 - macOS
 
 > [!NOTE]
-> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Microsoft Defender ATP for the integration to work.
+> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Defender for Endpoint for the integration to work.
 
 
 
 ### Network and data storage and configuration requirements
-When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
+When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender for Endpoint-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
 
 > [!NOTE]
 > - You cannot change your data storage location after the first-time setup.
-> - Review the [Microsoft Defender ATP data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
+> - Review the [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
 
 
 ### Diagnostic data settings
 
 > [!NOTE]
-> Microsoft Defender ATP doesn't require any specific diagnostic level as long as it's enabled.
+> Microsoft Defender for Endpoint doesn't require any specific diagnostic level as long as it's enabled.
 
 Make sure that the diagnostic data service is enabled on all the devices in your organization.
 By default, this service is enabled. It's good practice to check to ensure that you'll get sensor data from them.
@@ -176,7 +176,7 @@ You'll need to set the service to automatically start if the **START_TYPE** is n
 #### Internet connectivity
 Internet connectivity on devices is required either directly or through proxy.
 
-The Microsoft Defender ATP sensor can utilize a daily average bandwidth of 5 MB to communicate with the Microsoft Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
+The Defender for Endpoint sensor can utilize a daily average bandwidth of 5 MB to communicate with the Defender for Endpoint cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
 
 For more information on additional proxy configuration settings, see [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md).
 
@@ -184,11 +184,11 @@ Before you onboard devices, the diagnostic data service must be enabled. The ser
 
 
 ## Microsoft Defender Antivirus configuration requirement
-The Microsoft Defender ATP agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.
+The Defender for Endpoint agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.
 
-Configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
+Configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
 
-When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Microsoft Defender Antivirus goes on passive mode. 
+When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes on passive mode. 
 
 If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.
 
@@ -201,7 +201,7 @@ If you are onboarding servers and Microsoft Defender Antivirus is not the active
 For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
 
 ## Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Microsoft Defender ATP agent will successfully onboard.
+If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Defender for Endpoint agent will successfully onboard.
 
 If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
index 36d7f8db37..73e5616d8b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
@@ -21,12 +21,12 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Logo |Partner name   | Description 
 :---|:---|:---
 ![Image of BDO Digital logo](images/bdo-logo.png)| [BDO Digital](https://go.microsoft.com/fwlink/?linkid=2090394) | BDO Digital's Managed Defense leverages best practice tools, AI, and in-house security experts for 24/7/365 identity protection
-![Image of BlueVoyant logo](images/bluevoyant-logo.png)| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Microsoft Defender ATP provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
+![Image of BlueVoyant logo](images/bluevoyant-logo.png)| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Microsoft Defender for Endpoint provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
 ![Image of Cloud Security Center logo](images/cloudsecuritycenter-logo.png)| [Cloud Security Center](https://go.microsoft.com/fwlink/?linkid=2099315) | InSpark's Cloud Security Center is a 24x7 managed service that delivers protect, detect & respond capabilities
 ![Image of Cloud SOC logo](images/cloudsoc-logo.png)| [Cloud SOC](https://go.microsoft.com/fwlink/?linkid=2104265) | Cloud SOC provides 24/7 security monitoring services based on Microsoft cloud and helps you to continuously improve your security posture
 ![Image of CSIS Managed Detection & Response logo](images/csis-logo.png)| [CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2091005) | 24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when and how security incidents have taken place
@@ -36,8 +36,8 @@ Logo |Partner name   | Description
 ![Image of Red Canary logo](images/redcanary-logo.png)| [Red Canary](https://go.microsoft.com/fwlink/?linkid=2103852) | Red Canary is a security operations partner for modern teams, MDR deployed in minutes
 ![Image of SecureWorks Managed Detection and Response Powered by Red Cloak logo](images/secureworks-logo.png)| [SecureWorks Managed Detection and Response Powered by Red Cloak](https://go.microsoft.com/fwlink/?linkid=2133634) | Secureworks combines threat intelligence and 20+ years of experience into SaaS and managed security solutions
 ![Image of sepagoSOC logo](images/sepago-logo.png)| [sepagoSOC](https://go.microsoft.com/fwlink/?linkid=2090491) | Ensure holistic security through sophisticated automated workflows in your zero trust environment
-![Image of Trustwave Threat Detection & Response Services logo](images/trustwave-logo.png)| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Microsoft Defender ATP
-![Image of Wortell's cloud SOC logo](images/wortell-logo.png)| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Microsoft Defender ATP service for monitoring & response
+![Image of Trustwave Threat Detection & Response Services logo](images/trustwave-logo.png)| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Defender for Endpoint.
+![Image of Wortell's cloud SOC logo](images/wortell-logo.png)| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Defender for Endpoint service for monitoring & response
 ![Image of Zero Trust Analytics Platform (ZTAP) logo](images/ztap-logo.png)| [Zero Trust Analytics Platform (ZTAP)](https://go.microsoft.com/fwlink/?linkid=2090971) | Reduce your alerts by 99% and access a full range of security capabilities from mobile devices
 
 ## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
index 6982d30ef4..e6d53ec221 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
@@ -23,18 +23,18 @@ ms.topic: conceptual
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 Security is recognized as a key component in running an enterprise, however some organizations might not have the capacity or expertise to have a dedicated security operations team to manage the security of their endpoints and network, others may want to have a second set of eyes to review alerts in their network.
 
 
-To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Microsoft Defender ATP. 
+To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Defender for Endpoint. 
 
 
-Microsoft Defender ATP adds partnership opportunities for this scenario and allows MSSPs to take the following actions:
+Defender for Endpoint adds partnership opportunities for this scenario and allows MSSPs to take the following actions:
 
 - Get access to MSSP customer's Microsoft Defender Security Center portal
 - Get email notifications, and 

From f36d7d30ce0a9cc219de7bddc3499b4348434cfb Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 10 Nov 2020 16:55:13 +0530
Subject: [PATCH 275/384] Update endpoint-detection-response-mac-preview.md

fixed warning
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 9c552f4e9c..b86fec795a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 > [!IMPORTANT]
-> Make sure you have enabled [Microsoft Defender for Endpoint (Mac)](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
+> Make sure you have enabled [Microsoft Defender for Endpoint (Mac)](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-for-endpoint-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf
 

From 99dca4838c0fda5a1d603ba6124aae6a88b068d1 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Tue, 10 Nov 2020 15:03:00 +0100
Subject: [PATCH 276/384] Update vpn-profile-options.md

Adding additional information for the scope / limitation of the VPN proxy settings configuration
---
 .../security/identity-protection/vpn/vpn-profile-options.md   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 29b5df1daf..ccb29a9823 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -34,7 +34,6 @@ The following table lists the VPN settings and whether the setting can be config
 | Routing: forced-tunnel | yes |
 | Authentication (EAP) | yes, if connection type is built-in |
 | Conditional access | yes |
-| Proxy settings | yes, by PAC/WPAD file or server and port |
 | Name resolution: NRPT | yes |
 | Name resolution: DNS suffix | no |
 | Name resolution: persistent | no |
@@ -45,6 +44,9 @@ The following table lists the VPN settings and whether the setting can be config
 | LockDown | no |
 | Windows Information Protection (WIP) | yes |
 | Traffic filters | yes |
+| Proxy settings | yes, by PAC/WPAD file or server and port |
+>[!NOTE] 
+>VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used.
 
 The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This is particularly useful for deploying profiles with features that are not yet supported by MDMs. You can get additional examples in the [ProfileXML XSD](https://msdn.microsoft.com/library/windows/hardware/mt755930.aspx) topic.
 

From 3e347e58249309624bda7242a67d0228fce1f8a8 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Tue, 10 Nov 2020 16:22:31 +0100
Subject: [PATCH 277/384] Update vpnv2-csp.md

Adding additional information for the scope / limitation of the VPN proxy settings configuration
---
 windows/client-management/mdm/vpnv2-csp.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 5f3d865cbd..f0ab6733f3 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -345,7 +345,10 @@ Added in Windows 10, version 1607. The XML schema for provisioning all the fiel
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/Proxy**  
-A collection of configuration objects to enable a post-connect proxy support for VPN. The proxy defined for this profile is applied when this profile is active and connected.
+A collection of configuration objects to enable a post-connect proxy support for VPN Force Tunnel connections. The proxy defined for this profile is applied when this profile is active and connected.
+
+>[Note]
+>VPN proxy settings are only used on Force Tunnel connections. On Split Tunnel connections the general proxy settings are used.
 
 **VPNv2/**ProfileName**/Proxy/Manual**  
 Optional node containing the manual server settings.

From b6567fc91858e019b820c169d7bd9c00229a9cd3 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Tue, 10 Nov 2020 23:19:40 +0530
Subject: [PATCH 278/384] removed duplicate entry

as per the user report  #8609 , so I removed the duplicate entry which is appeared two times.
---
 windows/deployment/planning/windows-10-deprecated-features.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 18d1d96008..fa4f088b49 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -28,7 +28,6 @@ The features described below are no longer being actively developed, and might b
 | ----------- | --------------------- | ---- |
 | Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
 | Companion Device Framework | The [Companion Device Framework](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 |
-| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
 | Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 |
 | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
 | My People / People in the Shell |  My People is no longer being developed. It may be removed in a future update. | 1909 |

From 98b06537adf8e6ece3350b8afc4470abec9c2eff Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 10 Nov 2020 11:00:14 -0800
Subject: [PATCH 279/384] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md          | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index ab130cb910..9eb235425e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -50,7 +50,6 @@ Whether taken automatically or upon approval, remediation actions following an a
 - Remove a registry key 
 - Kill a process 
 - Stop a service 
-- Remove a registry key 
 - Disable a driver 
 - Remove a scheduled task
 

From d6b9339bc9b47f582cacec91abeac7b572cbad29 Mon Sep 17 00:00:00 2001
From: Samantha Robertson 
Date: Tue, 10 Nov 2020 11:01:36 -0800
Subject: [PATCH 280/384] attempting to add m365 nav again

---
 windows/application-management/docfx.json | 1 +
 windows/client-management/docfx.json      | 1 +
 windows/configuration/docfx.json          | 1 +
 windows/deployment/docfx.json             | 1 +
 windows/hub/docfx.json                    | 1 +
 windows/privacy/docfx.json                | 1 +
 windows/security/docfx.json               | 1 +
 windows/whats-new/docfx.json              | 1 +
 8 files changed, 8 insertions(+)

diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index 09bd474c3e..abbb5fac56 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index ffd1c9d266..c81879ba3f 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index ea2a557e39..662747f3a4 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index d90a888be9..bc71e70299 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -35,6 +35,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index 07a8ea153b..2fad5a8fc9 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -36,6 +36,7 @@
     "globalMetadata": {
       "audience": "ITPro",
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "ms.topic": "article",
       "feedback_system": "GitHub",
diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json
index f7ff32cbfe..0f24cde486 100644
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@@ -33,6 +33,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index ab00e42eba..1998bdf279 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -33,6 +33,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.topic": "article",
       "manager": "dansimp",
       "audience": "ITPro",
diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json
index 5ff6fb5017..c04bfa1498 100644
--- a/windows/whats-new/docfx.json
+++ b/windows/whats-new/docfx.json
@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "ms.topic": "article",
       "audience": "ITPro",

From 55fba333be68ee6109296a8a28a62114a58d2de5 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Tue, 10 Nov 2020 11:30:34 -0800
Subject: [PATCH 281/384] update parameters

---
 .../microsoft-defender-atp/indicator-manage.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
index 82fe774e42..3cb8685e67 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
@@ -65,8 +65,8 @@ expirationTime | DateTimeOffset | The expiration time of the indicator in the fo
 severity | Enum | The severity of the indicator. Possible values are: "Informational", "Low", "Medium" and "High". **Optional**
 recommendedActions | String | TI indicator alert recommended actions. **Optional**
 rbacGroupNames | String | Comma-separated list of RBAC group names the indicator would be applied to. **Optional**
-category | String | Category of the alert. 
-mitretechniques| String | MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/).
+category | String | Category of the alert. Examples include: Execution and credential access. **Optional**
+mitretechniques| String | MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/). **Optional** It is recommended to add a value in category when a MITRE technique.
 
 For more information, see [Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748).
 

From c1e3ce52385ea06f99f49dd03cd7817c3d7a4422 Mon Sep 17 00:00:00 2001
From: JesseEsquivel <33558203+JesseEsquivel@users.noreply.github.com>
Date: Tue, 10 Nov 2020 15:24:20 -0500
Subject: [PATCH 282/384] Item is missing from proxy/firewall requirements

Should be the same as this link (missing *.azure-automation.net).  The *.azure-automation.net url is also called out and checked in the defender for endpoint connectivity analyzer.
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent#firewall-requirements
---
 .../microsoft-defender-atp/configure-proxy-internet.md         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index 6abe8ff951..48fd0bee7d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -140,7 +140,8 @@ The information below list the proxy and firewall configuration information requ
 |------|---------|--------|--------|   
 |*.ods.opinsights.azure.com |Port 443 |Outbound|Yes |  
 |*.oms.opinsights.azure.com |Port 443 |Outbound|Yes |  
-|*.blob.core.windows.net |Port 443 |Outbound|Yes |  
+|*.blob.core.windows.net |Port 443 |Outbound|Yes |
+|*.azure-automation.net |Port 443 |Outbound|Yes |  
 
 
 > [!NOTE]

From 941857293e86e7c4169a5e061b9de246066ba890 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Tue, 10 Nov 2020 16:10:32 -0800
Subject: [PATCH 283/384] Updated GP name

---
 windows/client-management/mdm/policy-csp-multitasking.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index 019a3f61c5..fd1e3372e8 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -96,7 +96,7 @@ This policy only applies to the Alt+Tab switcher. When the policy is not enabled
 
 ADMX Info:  
 -   GP English name: *Configure the inclusion of Edge tabs into Alt-Tab*
--   GP name: *MultiTaskingAltTabFilter*
+-   GP name: *BrowserAltTabBlowout*
 -   GP path: *Windows Components/Multitasking*
 -   GP ADMX file name: *Multitasking.admx*
 

From 574286732f8382fb24c30095007cade38b39e82e Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi 
Date: Wed, 11 Nov 2020 15:15:42 +0530
Subject: [PATCH 284/384] Update
 required-windows-diagnostic-data-events-and-fields-2004.md

---
 ...required-windows-diagnostic-data-events-and-fields-2004.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
index 0b34139584..b1c3b25c91 100644
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@@ -1638,7 +1638,7 @@ The following fields are available:
 - **LicenseStateReason**  Retrieves why (or how) a system is licensed or unlicensed.  The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
 - **OA3xOriginalProductKey**  Retrieves the License key stamped by the OEM to the machine.
 - **OSEdition**  Retrieves the version of the current OS.
-- **OSInstallType**  Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc
+- **OSInstallType**  Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc.
 - **OSOOBEDateTime**  Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
 - **OSSKU**  Retrieves the Friendly Name of OS Edition.
 - **OSSubscriptionStatus**  Represents the existing status for enterprise subscription feature for PRO machines.
@@ -1786,7 +1786,7 @@ This event sends data about the current user's default preferences for browser a
 The following fields are available:
 
 - **CalendarType**  The calendar identifiers that are used to specify different calendars.
-- **DefaultApp**  The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
+- **DefaultApp**  The current user's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
 - **DefaultBrowserProgId**  The ProgramId of the current user's default browser.
 - **LocaleName**  Name of the current user locale given by LOCALE_SNAME via the GetLocaleInfoEx() function.
 - **LongDateFormat**  The long date format the user has selected.

From 16493255e42647c3e2bb3893d921dd7dc54fc48b Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Wed, 11 Nov 2020 11:33:31 +0100
Subject: [PATCH 285/384] Update windows/client-management/mdm/vpnv2-csp.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 windows/client-management/mdm/vpnv2-csp.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index f0ab6733f3..75becc7f08 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -347,8 +347,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/Proxy**  
 A collection of configuration objects to enable a post-connect proxy support for VPN Force Tunnel connections. The proxy defined for this profile is applied when this profile is active and connected.
 
->[Note]
->VPN proxy settings are only used on Force Tunnel connections. On Split Tunnel connections the general proxy settings are used.
+> [Note]
+> VPN proxy settings are only used on Force Tunnel connections. On Split Tunnel connections the general proxy settings are used.
 
 **VPNv2/**ProfileName**/Proxy/Manual**  
 Optional node containing the manual server settings.
@@ -1332,4 +1332,3 @@ Servers
 
 
 
-

From 074bc73f723625fc63563ed01df40586cef1d216 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Wed, 11 Nov 2020 11:37:35 +0100
Subject: [PATCH 286/384] Update
 windows/security/identity-protection/vpn/vpn-profile-options.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../security/identity-protection/vpn/vpn-profile-options.md  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index ccb29a9823..4c4e67842d 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -45,8 +45,9 @@ The following table lists the VPN settings and whether the setting can be config
 | Windows Information Protection (WIP) | yes |
 | Traffic filters | yes |
 | Proxy settings | yes, by PAC/WPAD file or server and port |
->[!NOTE] 
->VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used.
+
+> [!NOTE] 
+> VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used.
 
 The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This is particularly useful for deploying profiles with features that are not yet supported by MDMs. You can get additional examples in the [ProfileXML XSD](https://msdn.microsoft.com/library/windows/hardware/mt755930.aspx) topic.
 

From ea38b9d7d7c0644c7d50a5b031f9fdd2a195981a Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Wed, 11 Nov 2020 11:41:25 +0100
Subject: [PATCH 287/384] Update vpn-conditional-access.md

---
 .../security/identity-protection/vpn/vpn-conditional-access.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 002d10e812..fa1a76285a 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -79,7 +79,7 @@ Two client-side configuration service providers are leveraged for VPN device com
 > [!NOTE]
 > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources.
 > 
-> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has in Subject and SAN (Subject Alternative Name) the user UPN from AzureAD, the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero).
+> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has the user UPN from AzureAD in Subject and SAN (Subject Alternative Name) , the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero).
 
 ## Client connection flow
 

From 9128c8a4d38c507f355e32afa7fe3e1252f5d005 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Wed, 11 Nov 2020 17:17:33 +0530
Subject: [PATCH 288/384] updated-4567381-Batch12

rebranding
---
 ...Onboard-Windows-10-multi-session-device.md |  2 +-
 .../microsoft-defender-atp-mac.md             | 46 ++++++-------
 .../microsoft-defender-security-center.md     |  8 +--
 .../microsoft-threat-experts.md               |  4 +-
 .../migration-guides.md                       |  4 +-
 .../minimum-requirements.md                   | 44 ++++++-------
 .../microsoft-defender-atp/mssp-list.md       |  8 +--
 .../microsoft-defender-atp/mssp-support.md    |  8 +--
 .../network-protection.md                     | 10 +--
 .../next-gen-threat-and-vuln-mgt.md           | 12 ++--
 .../microsoft-defender-atp/non-windows.md     | 40 +++++------
 .../offboard-machine-api.md                   |  8 +--
 .../offboard-machines.md                      |  6 +-
 .../onboard-configure.md                      | 24 +++----
 .../onboard-downlevel.md                      | 24 +++----
 .../onboard-offline-machines.md               | 10 +--
 .../microsoft-defender-atp/onboard.md         |  8 +--
 ...boarding-endpoint-configuration-manager.md | 18 ++---
 .../onboarding-endpoint-manager.md            | 18 ++---
 .../onboarding-notification.md                |  6 +-
 .../microsoft-defender-atp/onboarding.md      | 18 ++---
 .../overview-attack-surface-reduction.md      |  2 +-
 .../overview-endpoint-detection-response.md   |  6 +-
 .../overview-hardware-based-isolation.md      |  4 +-
 .../partner-applications.md                   | 66 +++++++++----------
 25 files changed, 202 insertions(+), 202 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 11c95b7ebf..928df9d3fd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -24,7 +24,7 @@ manager: dansimp
 Applies to: 
 - Windows 10 multi-session running on Windows Virtual Desktop (WVD) 
 > [!IMPORTANT]
-> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
+> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
 
 > [!WARNING]
 > Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 4f2891c210..955a6448f5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -20,38 +20,38 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Microsoft Defender Advanced Threat Protection for Mac
+# Microsoft Defender for Endpoint for Mac
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.
+This topic describes how to install, configure, update, and use Defender for Endpoint for Mac.
 
 > [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
+> Running other third-party endpoint protection products alongside Defender for Endpoint for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
 
 ## What’s new in the latest release
 
-[What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
+[What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-atp.md)
 
-[What's new in Microsoft Defender ATP for Mac](mac-whatsnew.md)
+[What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md)
 
 > [!TIP]
-> If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
+> If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint for Mac on your device and navigating to **Help** > **Send feedback**.
 
-To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender ATP to be an "Insider" device. See [Enable Microsoft Defender ATP Insider Device](endpoint-detection-response-mac-preview.md). 
+To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an "Insider" device. See [Enable Microsoft Defender for Endpoint Insider Device](endpoint-detection-response-mac-preview.md). 
 
-## How to install Microsoft Defender ATP for Mac
+## How to install Microsoft Defender for Endpoint for Mac
 
 ### Prerequisites
 
-- A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
+- A Defender for Endpoint subscription and access to the Microsoft Defender Security Center portal
 - Beginner-level experience in macOS and BASH scripting
 - Administrative privileges on the device (in case of manual deployment)
 
 ### Installation instructions
 
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+There are several methods and deployment tools that you can use to install and configure Defender for Endpoint for Mac.
 
 - Third-party management tools:
     - [Microsoft Intune-based deployment](mac-install-with-intune.md)
@@ -74,15 +74,15 @@ After you've enabled the service, you may need to configure your network or fire
 
 ### Licensing requirements
 
-Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers:
+Microsoft Defender for Endpoint for Mac requires one of the following Microsoft Volume Licensing offers:
 
 - Microsoft 365 E5 (M365 E5)
 - Microsoft 365 E5 Security
 - Microsoft 365 A5 (M365 A5)
 
 > [!NOTE]
-> Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
-> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+> Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices.
+> Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
 
 ### Network connections
 
@@ -92,11 +92,11 @@ The following downloadable spreadsheet lists the services and their associated U
 
 |**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
+|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 
-Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
+Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods:
 - Proxy autoconfig (PAC)
 - Web Proxy Autodiscovery Protocol (WPAD)
 - Manual static proxy configuration
@@ -106,7 +106,7 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t
 > [!WARNING]
 > Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
 >
-> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
 
 To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
 
@@ -125,25 +125,25 @@ The output from this command should be similar to the following:
 > [!CAUTION]
 > We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
 
-Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:
+Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
 ```bash
 mdatp --connectivity-test
 ```
 
-## How to update Microsoft Defender ATP for Mac
+## How to update Microsoft Defender for Endpoint for Mac
 
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md)
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md)
 
-## How to configure Microsoft Defender ATP for Mac
+## How to configure Microsoft Defender for Endpoint for Mac
 
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
 
 ## macOS kernel and system extensions
 
-In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender Advanced Threat Protection for Mac](mac-whatsnew.md) for relevant details.
+In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md) for relevant details.
 
 ## Resources
 
 - For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page.
 
-- [Privacy for Microsoft Defender ATP for Mac](mac-privacy.md)
+- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
index e04a02313b..df24150d36 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+Microsoft Defender Security Center is the portal where you can access Microsoft Defender for Endpoint capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
 
 ## In this section
 
@@ -35,9 +35,9 @@ Get started  |  Learn about the minimum requirements, validate licensing and com
 [Understand the portal](use.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
 Investigate and remediate threats | Investigate alerts, devices, and take response actions to remediate threats.
 API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Microsoft Defender Security Center.
-Reporting | Create and build Power BI reports using Microsoft Defender ATP data.
+Reporting | Create and build Power BI reports using Microsoft Defender for Endpoint data.
 Check service health and sensor state | Verify that the service is running and check the sensor state on devices.
 [Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
-[Access the Microsoft Defender ATP Community Center](community.md) | Access the Microsoft Defender ATP Community Center to learn, collaborate, and share experiences about the product.
-[Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Microsoft Defender Advanced Threat service.
+[Access the Microsoft Defender for Endpoint Community Center](community.md) | Access the Microsoft Defender for Endpoint Community Center to learn, collaborate, and share experiences about the product.
+[Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Microsoft Defender for Endpoint service.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
index 47fcaf8d7d..d73aa55b7b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@@ -25,7 +25,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Microsoft Threat Experts is a managed threat hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
   
@@ -40,7 +40,7 @@ Watch this video for a quick overview of Microsoft Threat Experts.
 > [!NOTE]
 > Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
 
-Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
+Microsoft Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
 
 If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription. See [Configure Microsoft Threat Experts capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#before-you-begin) for details. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
index 308308a4d0..24527c0a89 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
@@ -29,8 +29,8 @@ If you're considering switching from a non-Microsoft threat protection solution
 
 |Scenario |Guidance |
 |:--|:--|
-|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work.  |[Microsoft Defender ATP evaluation lab](evaluation-lab.md)   |
-|You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured.  |[Microsoft Defender Advanced Threat Protection deployment guide](deployment-phases.md)  |
+|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work.  |[Microsoft Defender for Endpoint evaluation lab](evaluation-lab.md)   |
+|You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured.  |[Microsoft Defender for Endpoint deployment guide](deployment-phases.md)  |
 |You're planning to migrate from McAfee Endpoint Security (McAfee) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from McAfee to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md) |
 |You're planning to migrate from Symantec Endpoint Protection (Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md) |
 |You're planning to migrate from a non-Microsoft endpoint protection solution (other than McAfee or Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Make the switch to Microsoft Defender for Endpoint](switch-to-microsoft-defender-migration.md)   |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 0f05ee52c8..ac90bc5d2f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -17,25 +17,25 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Minimum requirements for Microsoft Defender ATP
+# Minimum requirements for Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 There are some minimum requirements for onboarding devices to the service. Learn about the licensing, hardware and software requirements, and other configuration settings to onboard devices to the service.
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink).
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink).
 
 
 > [!TIP]
-> - Learn about the latest enhancements in Microsoft Defender ATP: [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced).
-> - Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+> - Learn about the latest enhancements in Defender for Endpoint: [Defender for Endpoint Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced).
+> - Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 
 ## Licensing requirements
-Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+Defender for Endpoint requires one of the following Microsoft Volume Licensing offers:
 
 - Windows 10 Enterprise E5
 - Windows 10 Education A5
@@ -44,18 +44,18 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
 - Microsoft 365 A5 (M365 A5)
 
 > [!NOTE]
-> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
-> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+> Eligible Licensed Users may use Defender for Endpoint on up to five concurrent devices.
+> Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
 
 
 
-Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
+Defender for Endpoint, on Windows Server, requires one of the following licensing options:
 
 - [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing)
-- Microsoft Defender ATP for Servers (one per covered server)
+- Defender for Endpoint for Servers (one per covered server)
 
 > [!NOTE]
-> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Microsoft Defender Advanced Threat Protection, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender ATP for Linux.
+> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Defender for Endpoint, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender for Endpoint for Linux.
 
 For detailed licensing information, see the [Product Terms site](https://www.microsoft.com/licensing/terms/) and work with your account team to learn the detailed terms and conditions for the product.
 
@@ -64,7 +64,7 @@ For more information on the array of features in Windows 10 editions, see [Compa
 For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wfbdevicemanagementprod.blob.core.windows.net/windowsforbusiness/Windows10_CommercialEdition_Comparison.pdf).
 
 ## Browser requirements
-Access to Microsoft Defender ATP is done through a browser, supporting the following browsers:
+Access to Defender for Endpoint is done through a browser, supporting the following browsers:
 - Microsoft Edge
 - Internet Explorer version 11
 - Google Chrome
@@ -94,7 +94,7 @@ Access to Microsoft Defender ATP is done through a browser, supporting the follo
 
 Devices on your network must be running one of these editions.
 
-The hardware requirements for Microsoft Defender ATP on devices are the same for the supported editions.
+The hardware requirements for Defender for Endpoint on devices are the same for the supported editions.
 
 > [!NOTE]
 > Machines running mobile versions of Windows are not supported.
@@ -110,22 +110,22 @@ The hardware requirements for Microsoft Defender ATP on devices are the same for
 - macOS
 
 > [!NOTE]
-> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Microsoft Defender ATP for the integration to work.
+> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Defender for Endpoint for the integration to work.
 
 
 
 ### Network and data storage and configuration requirements
-When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
+When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender Advanced Threat Protection-Defender for Endpoint related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
 
 > [!NOTE]
 > - You cannot change your data storage location after the first-time setup.
-> - Review the [Microsoft Defender ATP data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
+> - Review the [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
 
 
 ### Diagnostic data settings
 
 > [!NOTE]
-> Microsoft Defender ATP doesn't require any specific diagnostic level as long as it's enabled.
+> Defender for Endpoint doesn't require any specific diagnostic level as long as it's enabled.
 
 Make sure that the diagnostic data service is enabled on all the devices in your organization.
 By default, this service is enabled. It's good practice to check to ensure that you'll get sensor data from them.
@@ -176,7 +176,7 @@ You'll need to set the service to automatically start if the **START_TYPE** is n
 #### Internet connectivity
 Internet connectivity on devices is required either directly or through proxy.
 
-The Microsoft Defender ATP sensor can utilize a daily average bandwidth of 5 MB to communicate with the Microsoft Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
+The Defender for Endpoint sensor can utilize a daily average bandwidth of 5 MB to communicate with the Defender for Endpoint cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
 
 For more information on additional proxy configuration settings, see [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md).
 
@@ -184,11 +184,11 @@ Before you onboard devices, the diagnostic data service must be enabled. The ser
 
 
 ## Microsoft Defender Antivirus configuration requirement
-The Microsoft Defender ATP agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.
+The Defender for Endpoint agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.
 
-Configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
+Configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
 
-When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Microsoft Defender Antivirus goes on passive mode. 
+When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes on passive mode. 
 
 If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.
 
@@ -201,7 +201,7 @@ If you are onboarding servers and Microsoft Defender Antivirus is not the active
 For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
 
 ## Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Microsoft Defender ATP agent will successfully onboard.
+If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Defender for Endpoint agent will successfully onboard.
 
 If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
index 36d7f8db37..c4a27275f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
@@ -21,12 +21,12 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Logo |Partner name   | Description 
 :---|:---|:---
 ![Image of BDO Digital logo](images/bdo-logo.png)| [BDO Digital](https://go.microsoft.com/fwlink/?linkid=2090394) | BDO Digital's Managed Defense leverages best practice tools, AI, and in-house security experts for 24/7/365 identity protection
-![Image of BlueVoyant logo](images/bluevoyant-logo.png)| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Microsoft Defender ATP provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
+![Image of BlueVoyant logo](images/bluevoyant-logo.png)| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Defender for Endpoint provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
 ![Image of Cloud Security Center logo](images/cloudsecuritycenter-logo.png)| [Cloud Security Center](https://go.microsoft.com/fwlink/?linkid=2099315) | InSpark's Cloud Security Center is a 24x7 managed service that delivers protect, detect & respond capabilities
 ![Image of Cloud SOC logo](images/cloudsoc-logo.png)| [Cloud SOC](https://go.microsoft.com/fwlink/?linkid=2104265) | Cloud SOC provides 24/7 security monitoring services based on Microsoft cloud and helps you to continuously improve your security posture
 ![Image of CSIS Managed Detection & Response logo](images/csis-logo.png)| [CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2091005) | 24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when and how security incidents have taken place
@@ -36,8 +36,8 @@ Logo |Partner name   | Description
 ![Image of Red Canary logo](images/redcanary-logo.png)| [Red Canary](https://go.microsoft.com/fwlink/?linkid=2103852) | Red Canary is a security operations partner for modern teams, MDR deployed in minutes
 ![Image of SecureWorks Managed Detection and Response Powered by Red Cloak logo](images/secureworks-logo.png)| [SecureWorks Managed Detection and Response Powered by Red Cloak](https://go.microsoft.com/fwlink/?linkid=2133634) | Secureworks combines threat intelligence and 20+ years of experience into SaaS and managed security solutions
 ![Image of sepagoSOC logo](images/sepago-logo.png)| [sepagoSOC](https://go.microsoft.com/fwlink/?linkid=2090491) | Ensure holistic security through sophisticated automated workflows in your zero trust environment
-![Image of Trustwave Threat Detection & Response Services logo](images/trustwave-logo.png)| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Microsoft Defender ATP
-![Image of Wortell's cloud SOC logo](images/wortell-logo.png)| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Microsoft Defender ATP service for monitoring & response
+![Image of Trustwave Threat Detection & Response Services logo](images/trustwave-logo.png)| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Defender for Endpoint
+![Image of Wortell's cloud SOC logo](images/wortell-logo.png)| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Defender for Endpoint service for monitoring & response
 ![Image of Zero Trust Analytics Platform (ZTAP) logo](images/ztap-logo.png)| [Zero Trust Analytics Platform (ZTAP)](https://go.microsoft.com/fwlink/?linkid=2090971) | Reduce your alerts by 99% and access a full range of security capabilities from mobile devices
 
 ## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
index 6982d30ef4..e6d53ec221 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
@@ -23,18 +23,18 @@ ms.topic: conceptual
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 Security is recognized as a key component in running an enterprise, however some organizations might not have the capacity or expertise to have a dedicated security operations team to manage the security of their endpoints and network, others may want to have a second set of eyes to review alerts in their network.
 
 
-To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Microsoft Defender ATP. 
+To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Defender for Endpoint. 
 
 
-Microsoft Defender ATP adds partnership opportunities for this scenario and allows MSSPs to take the following actions:
+Defender for Endpoint adds partnership opportunities for this scenario and allows MSSPs to take the following actions:
 
 - Get access to MSSP customer's Microsoft Defender Security Center portal
 - Get email notifications, and 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index eec4470439..51421ea4a3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -25,7 +25,7 @@ ms.custom: asr
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
 
@@ -38,7 +38,7 @@ For more details about how to enable network protection, see [Enable network pro
 > [!TIP]
 > You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
-Network protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Network protection works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 When network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
 
@@ -52,11 +52,11 @@ Windows 10 version | Microsoft Defender Antivirus
 -|-
 Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled
 
-## Review network protection events in the Microsoft Defender ATP Security Center
+## Review network protection events in the Microsoft Defender for Endpoint Security Center
 
-Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Microsoft Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
-You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how network protection settings would affect your environment if they were enabled.
+You can query Microsoft Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how network protection settings would affect your environment if they were enabled.
 
 Here is an example query
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
index 54a1538ebe..d0317cd1ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -23,9 +23,9 @@ ms.topic: overview
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
 Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.
 
@@ -43,11 +43,11 @@ Vulnerability management is the first solution in the industry to bridge the gap
 
 ### Real-time discovery
 
-To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead.
+To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Defender for Endpoint sensors to reduce cumbersome network scans and IT overhead.
 
 It also provides:
 
-- **Real-time device inventory** - Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard.
+- **Real-time device inventory** - Devices onboarded to Defender for Endpoint automatically report and push vulnerability and security configuration data to the dashboard.
 - **Visibility into software and vulnerabilities** - Optics into the organization's software inventory, and software changes like installations, uninstalls, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
 - **Application runtime context** - Visibility on application usage patterns for better prioritization and decision-making.
 - **Configuration posture** - Visibility into organizational security configuration or misconfigurations. Issues are reported in the dashboard with actionable security recommendations.
@@ -79,7 +79,7 @@ Watch this video for a comprehensive walk-through of threat and vulnerability ma
 Area | Description
 :---|:---
 **Dashboard**   | Get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
-[**Security recommendations**](tvm-security-recommendation.md) | See the list of security recommendations and related threat information. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you've enabled your Intune connections in Microsoft Defender ATP.
+[**Security recommendations**](tvm-security-recommendation.md) | See the list of security recommendations and related threat information. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you've enabled your Intune connections in Defender for Endpoint.
 [**Remediation**](tvm-remediation.md) | See remediation activities you've created and recommendation exceptions.
 [**Software inventory**](tvm-software-inventory.md) | See the list of vulnerable software in your organization, along with weakness and threat information.
 [**Weaknesses**](tvm-weaknesses.md) | See the list of common vulnerabilities and exposures (CVEs) in your organization.
@@ -91,7 +91,7 @@ Run threat and vulnerability management-related API calls to automate vulnerabil
 
 See the following articles for related APIs:
 
-- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
+- [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
 - [Machine APIs](machine.md)
 - [Recommendation APIs](vulnerability.md)
 - [Score APIs](score.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
index 2de422a306..928c6f6e42 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
@@ -18,12 +18,12 @@ ms.collection:
 ms.topic: article
 ---
 
-# Microsoft Defender ATP for non-Windows platforms
+# Microsoft Defender for Endpoint for non-Windows platforms
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 Microsoft has been on a journey to extend its industry leading endpoint security
@@ -36,44 +36,44 @@ have committed to building security solutions not just *for* Microsoft, but also
 heterogenous environments. We're listening to customer feedback and partnering
 closely with our customers to build solutions that meet their needs.
 
-With Microsoft Defender ATP, customers benefit from a unified view of all
+With Defender for Endpoint, customers benefit from a unified view of all
 threats and alerts in the Microsoft Defender Security Center, across Windows and
 non-Windows platforms, enabling them to get a full picture of what's happening
 in their environment, which empowers them to more quickly assess and respond to
 threats.
 
-## Microsoft Defender ATP for Mac 
+## Microsoft Defender for Endpoint for Mac 
 
-Microsoft Defender ATP for Mac offers AV and EDR capabilities for the three
+Microsoft Defender for Endpoint for Mac offers AV and EDR capabilities for the three
 latest released versions of macOS. Customers can deploy and manage the solution
 through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office
 applications on macOS, Microsoft Auto Update is used to manage Microsoft
-Defender ATP for Mac updates. For information about the key features and
+Defender for Endpoint for Mac updates. For information about the key features and
 benefits, read our
 [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/macOS).
 
-For more details on how to get started, visit the Microsoft Defender ATP for Mac
+For more details on how to get started, visit the Defender for Endpoint for Mac
 [documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
 
-## Microsoft Defender ATP for Linux
+## Microsoft Defender for Endpoint for Linux
 
-Microsoft Defender ATP for Linux offers preventative (AV) capabilities for Linux
+Microsoft Defender for Endpoint for Linux offers preventative (AV) capabilities for Linux
 servers. This includes a full command line experience to configure and manage
 the agent, initiate scans, and manage threats. We support recent versions of the
 six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu
 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft
-Defender ATP for Linux can be deployed and configured using Puppet, Ansible, or
+Defender for Endpoint for Linux can be deployed and configured using Puppet, Ansible, or
 using your existing Linux configuration management tool. For information about
 the key features and benefits, read our
 [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Linux).
 
-For more details on how to get started, visit the Microsoft Defender ATP for
+For more details on how to get started, visit the Microsoft Defender for Endpoint for
 Linux
 [documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux).
 
-## Microsoft Defender ATP for Android
+## Microsoft Defender for Endpoint for Android
 
-Microsoft Defender ATP for Android is our mobile threat defense solution for
+Microsoft Defender for Endpoint for Android is our mobile threat defense solution for
 devices running Android 6.0 and higher. Both Android Enterprise (Work Profile)
 and Device Administrator modes are supported. On Android, we offer web
 protection, which includes anti-phishing, blocking of unsafe connections, and
@@ -83,7 +83,7 @@ through integration with Microsoft Endpoint Manager and Conditional Access. For
 information about the key features and benefits, read our
 [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Android).
 
-For more details on how to get started, visit the Microsoft Defender ATP for
+For more details on how to get started, visit the Microsoft Defender for Endpoint for
 Android
 [documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android).
 
@@ -91,19 +91,19 @@ Android
 
 ## Licensing requirements 
 
-Eligible Licensed Users may use Microsoft Defender ATP on up to five concurrent
-devices. Microsoft Defender ATP is also available for purchase from a Cloud
+Eligible Licensed Users may use Microsoft Defender for Endpoint on up to five concurrent
+devices. Microsoft Defender for Endpoint is also available for purchase from a Cloud
 Solution Provider (CSP).
 
-Customers can obtain Microsoft Defender ATP for Mac through a standalone
-Microsoft Defender ATP license, as part of Microsoft 365 A5/E5, or Microsoft 365
+Customers can obtain Microsoft Defender for Endpoint for Mac through a standalone
+MDefender for Endpoint license, as part of Microsoft 365 A5/E5, or Microsoft 365
 Security.
 
-Recently announced capabilities of Microsoft Defender ATP for Android and soon
+Recently announced capabilities of Microsoft Defender for Endpoint for Android and soon
 iOS are included in the above mentioned offers as part of the five qualified
 devices for eligible licensed users.
 
-Microsoft Defender ATP for Linux is available through the Microsoft Defender ATP
+ Defender for Endpoint for Linux is available through the Defender for Endpoint
 for Server SKU that is available for both commercial and education customers.
 
 Please contact your account team or CSP for pricing and additional eligibility
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
index 19496bd97c..8cc6f7bed9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@@ -21,13 +21,13 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
-Offboard device from Microsoft Defender ATP.
+Offboard device from Defender for Endpoint.
 
 
 ## Limitations
@@ -41,7 +41,7 @@ Offboard device from Microsoft Defender ATP.
 > This API is not supported on MacOS or Linux devices.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index 7d9a09d143..3eb9642bf4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Offboard devices from the Microsoft Defender ATP service
+# Offboard devices from the Microsoft Defender for Endpoint service
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -27,10 +27,10 @@ ms.topic: conceptual
 - Linux
 - Windows Server 2012 R2
 - Windows Server 2016
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-offboarddevices-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-offboarddevices-abovefoldlink)
 
 Follow the corresponding instructions depending on your preferred deployment method.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
index dab5b79f99..1a625303aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
@@ -17,24 +17,24 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Onboard devices to the Microsoft Defender ATP service
+# Onboard devices to the Microsoft Defender for Endpoint service
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
-You'll need to go the onboarding section of the Microsoft Defender ATP portal to onboard any of the supported devices. Depending on the device, you'll be guided with appropriate steps and provided management and deployment tool options suitable for the device. 
+You'll need to go the onboarding section of the Defender for Endpoint portal to onboard any of the supported devices. Depending on the device, you'll be guided with appropriate steps and provided management and deployment tool options suitable for the device. 
 
 In general, to onboard devices to the service:
 
 - Verify that the device fulfills the [minimum requirements](minimum-requirements.md)
-- Depending on the device, follow the configuration steps provided in the onboarding section of the Microsoft Defender ATP portal
+- Depending on the device, follow the configuration steps provided in the onboarding section of the Defender for Endpoint portal
 - Use the appropriate management tool and deployment method for your devices
 - Run a detection test to verify that the devices are properly onboarded and reporting to the service
 
@@ -57,15 +57,15 @@ The following table lists the available tools based on the endpoint that you nee
 ## In this section
 Topic | Description
 :---|:---
-[Onboard previous versions of Windows](onboard-downlevel.md)| Onboard Windows 7 and Windows 8.1 devices to Microsoft Defender ATP. 
-[Onboard Windows 10 devices](configure-endpoints.md) | You'll need to onboard devices for it to report to the Microsoft Defender ATP service. Learn about the tools and methods you can use to configure devices in your enterprise.
-[Onboard servers](configure-server-endpoints.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP 
-[Onboard non-Windows devices](configure-endpoints-non-windows.md) | Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
-[Run a detection test on a newly onboarded device](run-detection-test.md) | Run a script on a newly onboarded device to verify that it is properly reporting to the Microsoft Defender ATP service.
-[Configure proxy and Internet settings](configure-proxy-internet.md)| Enable communication with the Microsoft Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
+[Onboard previous versions of Windows](onboard-downlevel.md)| Onboard Windows 7 and Windows 8.1 devices to Defender for Endpoint. 
+[Onboard Windows 10 devices](configure-endpoints.md) | You'll need to onboard devices for it to report to the Defender for Endpoint service. Learn about the tools and methods you can use to configure devices in your enterprise.
+[Onboard servers](configure-server-endpoints.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Defender for Endpoint 
+[Onboard non-Windows devices](configure-endpoints-non-windows.md) | Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
+[Run a detection test on a newly onboarded device](run-detection-test.md) | Run a script on a newly onboarded device to verify that it is properly reporting to the Defender for Endpoint service.
+[Configure proxy and Internet settings](configure-proxy-internet.md)| Enable communication with the Defender for Endpoint cloud service by configuring the proxy and Internet connectivity settings.
 [Troubleshoot onboarding issues](troubleshoot-onboarding.md) | Learn about resolving issues that might arise during onboarding.
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
index ca403709b0..f99a9fbab3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
@@ -28,32 +28,32 @@ ms.topic: article
 - Windows 7 SP1 Pro
 - Windows 8.1 Pro
 - Windows 8.1 Enterprise
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevel-abovefoldlink).
+>Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevel-abovefoldlink).
 
-Microsoft Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.
+Defender for Endpoint extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.
 
-To onboard down-level Windows client endpoints to Microsoft Defender ATP, you'll need to:
+To onboard down-level Windows client endpoints to Defender for Endpoint, you'll need to:
 - Configure and update System Center Endpoint Protection clients.
-- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP as instructed below.
+- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Defender for Endpoint as instructed below.
 
 > [!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint endpoint](run-detection-test.md).
 
 ## Configure and update System Center Endpoint Protection clients
 > [!IMPORTANT]
 > This step is required only if your organization uses System Center Endpoint Protection (SCEP).
 
-Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
+Defender for Endpoint integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
 
 The following steps are required to enable this integration: 
 - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) 
 - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
 - Configure your network to allow connections to the Microsoft Defender Antivirus cloud. For more information, see [Allow connections to the Microsoft Defender Antivirus cloud](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud)
 
-## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
+## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender for Endpoint
 
 ### Before you begin
 Review the following details to verify minimum system requirements:
@@ -77,7 +77,7 @@ Review the following details to verify minimum system requirements:
 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
 
 2. Obtain the workspace ID:
-   - In the Microsoft Defender ATP navigation pane, select **Settings > Device management > Onboarding**
+   - In the Defender for Endpoint navigation pane, select **Settings > Device management > Onboarding**
    - Select **Windows 7 SP1 and 8.1** as the operating system
    - Copy the workspace ID and workspace key
 
@@ -93,10 +93,10 @@ Once completed, you should see onboarded endpoints in the portal within an hour.
 ### Configure proxy and Internet connectivity settings
  
 - Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
-- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Defender for Endpoint service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
 
 ## Offboard client endpoints
-To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Microsoft Defender ATP. 
+To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Defender for Endpoint workspace. After offboarding the agent, the endpoint will no longer send sensor data to Defender for Endpoint. 
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevele-belowfoldlink).
+> Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevele-belowfoldlink).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
index 41098d9b2e..e3aea210fc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
@@ -18,7 +18,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Onboard devices without Internet access to Microsoft Defender ATP 
+# Onboard devices without Internet access to Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -47,25 +47,25 @@ For more information about onboarding methods, see the following articles:
 
 - Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
   - [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
-  - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Microsoft Defender ATP Workspace key & ID
+  - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Defender for Endpoint Workspace key & ID
 
 - Offline devices in the same network of Azure Log Analytics
   -  Configure MMA to point to:
      - Azure Log Analytics IP as a proxy
-     - Microsoft Defender ATP workspace key & ID
+     - Defender for Endpoint workspace key & ID
 
 ## Azure virtual machines
 - Configure and enable [Azure Log Analytics workspace](https://docs.microsoft.com/azure/azure-monitor/platform/gateway)
 
     - Setup Azure Log Analytics Gateway (formerly known as OMS Gateway) to act as proxy or hub:
       - [Azure Log Analytics Gateway](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
-      - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Microsoft Defender ATP Workspace key & ID
+      - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Defender for Endpoint Workspace key & ID
     - Offline Azure VMs in the same network of OMS Gateway
       - Configure Azure Log Analytics IP as a proxy
       - Azure Log Analytics Workspace Key & ID
 
     - Azure Security Center (ASC)
       - [Security Policy \> Log Analytics Workspace](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
-      - [Threat Detection \> Allow Microsoft Defender ATP to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
+      - [Threat Detection \> Allow Defender for Endpoint to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
 
         For more information, see [Working with security policies](https://docs.microsoft.com/azure/security-center/tutorial-security-policy).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
index 78edeae3ef..d35f1668f8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
@@ -18,15 +18,15 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Configure and manage Microsoft Defender ATP capabilities
+# Configure and manage Microsoft Defender for Endpoint capabilities
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Configure and manage all the Microsoft Defender ATP capabilities to get the best security protection for your organization. 
+Configure and manage all the Defender for Endpoint capabilities to get the best security protection for your organization. 
 
 
 ## In this section 
@@ -35,7 +35,7 @@ Topic | Description
 [Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) |  By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation. 
 [Configure next-generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next-generation protection to catch all types of emerging threats.
 [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
-[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP.
+[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Defender for Endpoint.
 [Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. 
 [Configure Microsoft Defender Security Center settings](preferences-setup.md) |  Configure portal-related settings such as general settings, advanced features, enable the preview experience and others.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
index 7435ab66b6..3098a40473 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
@@ -24,11 +24,11 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 This article is part of the Deployment guide and acts as an example onboarding method that guides users in:
 - Step 1: Onboarding Windows devices to the service 
-- Step 2: Configuring Microsoft Defender ATP capabilities
+- Step 2: Configuring Defender for Endpoint capabilities
 
 This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Endpoint Configuration Manager:
 - **Creating a collection in Microsoft Endpoint Configuration Manager**
@@ -37,7 +37,7 @@ This onboarding guidance will walk you through the following basic steps that yo
 >[!NOTE]
 >Only Windows devices are covered in this example deployment. 
 
-While Microsoft Defender ATP supports onboarding of various endpoints and tools, this article does not cover them. 
+While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. 
 
 For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
 
@@ -100,7 +100,7 @@ Follow the steps below to onboard endpoints using Microsoft Endpoint Configurati
 After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment. 
 
 
-## Step 2: Configure Microsoft Defender ATP capabilities 
+## Step 2: Configure Microsoft Defender for Endpoint capabilities 
 This section guides you in configuring the following capabilities using Microsoft Endpoint Configuration Manager on Windows devices:
 
 - [**Endpoint detection and response**](#endpoint-detection-and-response)
@@ -120,11 +120,11 @@ Manager and deploy that policy to Windows 10 devices.
 
 2. Under Deployment method select the supported version of **Microsoft Endpoint Configuration Manager**.
 
-    ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-onboarding-wizard.png)
+    ![Image of Microsoft Defender for Endpoint onboarding wizard](images/mdatp-onboarding-wizard.png)
 
 3. Select **Download package**.
 
-    ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-download-package.png)
+    ![Image of Microsoft Defender for Endpoint onboarding wizard](images/mdatp-download-package.png)
 
 4. Save the package to an accessible location.
 5. In  Microsoft Endpoint Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
@@ -156,7 +156,7 @@ Manager and deploy that policy to Windows 10 devices.
 
 15. Click **Close** when the Wizard completes.
 
-16.  In the Microsoft Endpoint Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
+16.  In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
 
      ![Image of configuration settings](images/configmgr-deploy.png)
 
@@ -166,7 +166,7 @@ Manager and deploy that policy to Windows 10 devices.
 
 
 #### Previous versions of Windows Client (Windows 7 and Windows 8.1)
-Follow the steps below to identify the Microsoft Defender ATP Workspace ID and Workspace Key, that will be required for the onboarding of previous versions of Windows.
+Follow the steps below to identify the Defender for Endpoint Workspace ID and Workspace Key, that will be required for the onboarding of previous versions of Windows.
 
 1. From a Microsoft Defender Security Center Portal, select **Settings > Onboarding**.
 
@@ -264,7 +264,7 @@ After completing this task, you now have successfully configured Windows
 Defender Antivirus.
 
 ### Attack surface reduction
-The attack surface reduction pillar of Microsoft Defender ATP includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit
+The attack surface reduction pillar of Defender for Endpoint includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit
 Protection. 
 
 All these features provide an audit mode and a block mode. In audit mode there is no end-user impact. All it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step-by-step move security controls into block mode.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
index 29548856da..f1112b1d8d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@@ -24,14 +24,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
 
 This article is part of the Deployment guide and acts as an example onboarding method that guides users in:
 - Step 1: Onboarding devices to the service by creating a group in Microsoft Endpoint Manager (MEM) to assign configurations on
-- Step 2: Configuring Microsoft Defender ATP capabilities using Microsoft Endpoint Manager
+- Step 2: Configuring Defender for Endpoint capabilities using Microsoft Endpoint Manager
 
 This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Endpoint Manager:
 
@@ -43,7 +43,7 @@ This onboarding guidance will walk you through the following basic steps that yo
 
     -   In Microsoft Endpoint Manager, we'll guide you in creating a separate policy for each capability.
 
-While Microsoft Defender ATP supports onboarding of various endpoints and tools, this article does not cover them. 
+While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. 
 
 For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
 
@@ -100,11 +100,11 @@ needs.

 
 8.  Your testing group now has a member to test.
 
-## Step 2: Create configuration policies to configure Microsoft Defender ATP capabilities
+## Step 2: Create configuration policies to configure Microsoft Defender for Endpoint capabilities
 In the following section, you'll create a number of configuration policies.
 
 First is a configuration policy to select which groups of users or devices will
-be onboarded to Microsoft Defender ATP. 
+be onboarded to Defender for Endpoint. 
 
 Then you will continue by creating several
 different types of endpoint security policies.
@@ -137,9 +137,9 @@ different types of endpoint security policies.
     > ![Image of Microsoft Endpoint Manager portal](images/cea7e288b5d42a9baf1aef0754ade910.png)
 
     > [!NOTE]
-    > In this instance, this has been auto populated as Microsoft Defender ATP has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender ATP in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp).
+    > In this instance, this has been auto populated as Defender for Endpoint has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender for Endpoint in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp).
     > 
-    > The following image is an example of what you'll see when Microsoft Defender ATP is NOT integrated with Intune:
+    > The following image is an example of what you'll see when Microsoft Defender for Endpoint is NOT integrated with Intune:
     >
     > ![Image of Microsoft Endpoint Manager portal](images/2466460812371ffae2d19a10c347d6f4.png)
 
@@ -350,13 +350,13 @@ To confirm that the configuration policy has been applied to your test device, f
 ### Endpoint detection and response
 
 
-1.  Before applying the configuration, the Microsoft Defender ATP
+1.  Before applying the configuration, the Defender for Endpoint
     Protection service should not be started.
 
     > [!div class="mx-imgBorder"]
     > [ ![Image of Services panel](images/b418a232a12b3d0a65fc98248dbb0e31.png) ](images/b418a232a12b3d0a65fc98248dbb0e31.png#lightbox)
 
-2.  After the configuration has been applied, the Microsoft Defender ATP
+2.  After the configuration has been applied, the Defender for Endpoint
     Protection Service should be started.
 
     > [!div class="mx-imgBorder"]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
index 30c80bb608..ff6119eee4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified. 
 
@@ -48,7 +48,7 @@ You'll need to have access to:
 
     ![Image of the notification flow](images/build-flow.png)
 
-4. Select the + button to add a new action. The new action will be an HTTP request to the Microsoft Defender ATP security center device(s) API. You can also replace it with the out-of-the-box "WDATP Connector" (action: "Machines - Get list of machines"). 
+4. Select the + button to add a new action. The new action will be an HTTP request to the Defender for Endpoint security center device(s) API. You can also replace it with the out-of-the-box "WDATP Connector" (action: "Machines - Get list of machines"). 
 
     ![Image of recurrence and add action](images/recurrence-add.png)
 
@@ -164,7 +164,7 @@ You'll need to have access to:
 
 10.  Extract the values from the JSON call and check if the onboarded device(s) is / are already registered at the SharePoint list as an example:
 - If yes, no notification will be triggered
-- If no, will register the new onboarded device(s) in the SharePoint list and a notification will be sent to the Microsoft Defender ATP admin
+- If no, will register the new onboarded device(s) in the SharePoint list and a notification will be sent to the Defender for Endpoint admin
 
     ![Image of apply to each](images/flow-apply.png)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
index f26781b856..f79266bf23 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
@@ -19,32 +19,32 @@ ms.collection:
 ms.topic: article
 ---
 
-# Onboard to the Microsoft Defender ATP service
+# Onboard to the Microsoft Defender for Endpoint service
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Deploying Microsoft Defender ATP is a three-phase process:
+Deploying Defender for Endpoint is a three-phase process:
 
 

 

 

 
 
Threat & Vulnerability Management

 
@@ -54,13 +54,13 @@ Deploying Microsoft Defender ATP is a three-phase process:
 
 You are currently in the onboarding phase.
 
-These are the steps you need to take to deploy Microsoft Defender ATP:
+These are the steps you need to take to deploy Defender for Endpoint:
 
 - Step 1: Onboard endpoints to the service 
 - Step 2: Configure capabilities 
 
 ## Step 1: Onboard endpoints using any of the supported management tools
-The [Plan deployment](deployment-strategy.md) topic outlines the general steps you need to take to deploy Microsoft Defender ATP.  
+The [Plan deployment](deployment-strategy.md) topic outlines the general steps you need to take to deploy Defender for Endpoint.  
 
 After identifying your architecture, you'll need to decide which deployment method to use. The deployment tool you choose influences how you onboard endpoints to the service. 
 
@@ -88,7 +88,7 @@ The tools in the example deployments are:
 - [Onboarding using Microsoft Endpoint Configuration Manager](onboarding-endpoint-configuration-manager.md)
 - [Onboarding using Microsoft Endpoint Manager](onboarding-endpoint-manager.md)
 
-Using the mentioned deployment tools above, you'll then be guided in configuring the following Microsoft Defender ATP capabilities:
+Using the mentioned deployment tools above, you'll then be guided in configuring the following Defender for Endpoint capabilities:
 - Endpoint detection and response configuration
 - Next-generation protection configuration
 - Attack surface reduction configuration
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
index 6af7ba9c0f..6f7a10acf3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Help reduce your attack surfaces, by minimizing the places where your organization is vulnerable to cyberthreats and attacks. Use the following resources to configure protection for the devices and applications in your organization.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
index 0f3c036938..f79f0792f3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
@@ -25,15 +25,15 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
+Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
 
 When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4o1j5]
 
-Inspired by the "assume breach" mindset, Microsoft Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
+Inspired by the "assume breach" mindset, Defender for Endpoint continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
 
 The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
index 8b32269fe0..c1705995b8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
@@ -22,9 +22,9 @@ ms.date: 09/07/2018
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender ATP. 
+Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender for Endpoint. 
 
 | Feature | Description |
 |------------|-------------|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 822b5afaab..0edc028048 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -18,21 +18,21 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Partner applications in Microsoft Defender ATP 
+# Partner applications in Microsoft Defender for Endpoint 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+Microsoft Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
 
 
-The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats.
+The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender for Endpoint; enabling security teams to effectively respond better to modern threats.
 
-Microsoft Defender ATP seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as:
+Microsoft Defender for Endpoint seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as:
 - SIEM
 - Ticketing and IT service management solutions
 - Managed security service providers (MSSP)
@@ -47,16 +47,16 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions. T
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Microsoft Defender ATP is configured properly by launching continuous attacks safely on production assets
+![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Defender for Endpoint is configured properly by launching continuous attacks safely on production assets
 ![Image of Azure Sentinel logo](images/sentinel-logo.png)| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel 
-![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Microsoft Defender ATP findings with simulated attacks to validate accurate detection and effective response actions
+![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender for Endpoint findings with simulated attacks to validate accurate detection and effective response actions
 ![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats
-![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Microsoft Defender ATP 
-![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
-![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API
-![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations
+![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Defender for Endpoint.
+![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Defender for Endpoint detections
+![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Defender for Endpoint Alerts to RSA NetWitness leveraging Microsoft Graph Security API
+![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations
 ![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities
-![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
+![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
 ![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets
 
 ### Orchestration and automation
@@ -64,31 +64,31 @@ Logo |Partner name   | Description
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
-![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform, ActiveEye.
-![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response
-![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
-![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
+![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Defender for Endpoint to automate customers' high-speed incident response playbooks
+![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Defender for Endpoint with its cloud-native SOAR platform, ActiveEye.
+![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Defender for Endpoint to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response
+![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Defender for Endpoint connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
+![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Defender for Endpoint to accelerate, streamline, and integrate your time-intensive security processes
 ![Image of ServiceNow logo](images/servicenow-logo.png) | [ServiceNow](https://go.microsoft.com/fwlink/?linkid=2135621) | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
-![Image of Swimlane logo](images/swimlane-logo.png) | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together
+![Image of Swimlane logo](images/swimlane-logo.png) | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Defender for Endpoint together
 
 
 ### Threat intelligence
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of MISP Malware Information Sharing Platform)logo](images/misp-logo.png) | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment
-![Image of Palo Alto Networks logo](images/paloalto-logo.png) | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld
-![Image of ThreatConnect logo](images/threatconnect-logo.png) | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP indicators
+![Image of MISP Malware Information Sharing Platform)logo](images/misp-logo.png) | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Defender for Endpoint environment
+![Image of Palo Alto Networks logo](images/paloalto-logo.png) | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Defender for Endpoint using MineMeld
+![Image of ThreatConnect logo](images/threatconnect-logo.png) | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Defender for Endpoint indicators
 
 
 
 ### Network security
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of Aruba ClearPass Policy Manager logo](images/aruba-logo.png) | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Microsoft Defender ATP is installed and updated on each endpoint before allowing access to the network
+![Image of Aruba ClearPass Policy Manager logo](images/aruba-logo.png) | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Defender for Endpoint is installed and updated on each endpoint before allowing access to the network
 ![Image of Blue Hexagon for Network logo](images/bluehexagon-logo.png) | [Blue Hexagon for Network](https://go.microsoft.com/fwlink/?linkid=2104613) | Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection
-![Image of CyberMDX logo](images/cybermdx-logo.png) | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender ATP environment
+![Image of CyberMDX logo](images/cybermdx-logo.png) | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Defender for Endpoint environment
 ![Image of Vectra Network Detection and Response (NDR) logo](images/vectra-logo.png) |[Vectra Network Detection and Response (NDR)](https://go.microsoft.com/fwlink/?linkid=866934)| Vectra applies AI & security research to detect and respond to cyber-attacks in real time
 
 
@@ -100,13 +100,13 @@ Logo |Partner name   | Description
 ![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata 
 ![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices
 ![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices 
-![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense
+![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense
 
 
 ## Additional integrations
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Microsoft Defender ATP with advanced Web Filtering
+![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Defender for Endpoint with advanced Web Filtering
 ![Image of Morphisec logo](images/morphisec-logo.png)| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2086215)| Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information
 ![Image of THOR Cloud logo](images/nextron-thor-logo.png)| [THOR Cloud](https://go.microsoft.com/fwlink/?linkid=862988)| Provides on-demand live forensics scans using a signature base with focus on persistent threats
 
@@ -114,27 +114,27 @@ Logo |Partner name   | Description
 
 
 ## SIEM integration
-Microsoft Defender ATP supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
+Defender for Endpoint supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
 
 ## Ticketing and IT service management 
-Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. 
+Ticketing solution integration helps to implement manual and automatic response processes. Defender for Endpoint can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. 
 
 ## Security orchestration and automation response (SOAR) integration 
-Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. 
+Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. 
 
 ## External alert correlation and Automated investigation and remediation  
-Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale.
+Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale.
   
 Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.  
 
-External alerts can be pushed into Microsoft Defender ATP and is presented side by side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert — with the real process and the full story of attack.  
+External alerts can be pushed into Defender for Endpoint and is presented side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert — with the real process and the full story of attack.  
 
 ## Indicators matching
 You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).
 
-Microsoft Defender ATP allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there's a match.
+Defender for Endpoint allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there's a match.
 
-Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
+Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
 
 ## Support for non-Windows platforms
-Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. 
+Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. 

From 6b5a7798026e58b0c71eb82f6cc125fbe4a05cab Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Wed, 11 Nov 2020 17:25:55 +0530
Subject: [PATCH 289/384] updated

to fix warnings
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 .../microsoft-defender-atp/onboarding-endpoint-manager.md       | 2 +-
 .../microsoft-defender-atp/overview-custom-detections.md        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 9c552f4e9c..b86fec795a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 > [!IMPORTANT]
-> Make sure you have enabled [Microsoft Defender for Endpoint (Mac)](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
+> Make sure you have enabled [Microsoft Defender for Endpoint (Mac)](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-for-endpoint-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
index f1112b1d8d..0027824386 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@@ -39,7 +39,7 @@ This onboarding guidance will walk you through the following basic steps that yo
 
     -   Creating an Azure Active Directory group (User or Device)
 
--   [Creating a Configuration Profile](#step-2-create-configuration-policies-to-configure-microsoft-defender-atp-capabilities)
+-   [Creating a Configuration Profile](#step-2-create-configuration-policies-to-configure-microsoft-defender-for-endpoint-capabilities)
 
     -   In Microsoft Endpoint Manager, we'll guide you in creating a separate policy for each capability.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
index 3e8077b6b8..9135f4ebe0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
@@ -23,7 +23,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions.
 

From c14df08a10d48e6af49a2d2018c4ab28737588eb Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Wed, 11 Nov 2020 06:53:09 -0800
Subject: [PATCH 290/384] Update change-history-for-threat-protection.md

---
 .../change-history-for-threat-protection.md               | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index d4391adcbe..53466cf41c 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -1,8 +1,8 @@
 ---
-title: Change history for [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+title: Change history for [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 ms.reviewer: 
 ms.author: dansimp
-description: This topic lists new and updated topics in the WWindows Defender ATP content set.
+description: This topic lists new and updated topics in the Defender for Endpoint content set.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,11 +16,11 @@ ms.localizationpriority: medium
 ---
 
 # Change history for threat protection
-This topic lists new and updated topics in the [Microsoft Defender ATP](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) documentation.
+This topic lists new and updated topics in the [Defender for Endpoint](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) documentation.
 
 ## August 2018
 
 New or changed topic | Description
 ---------------------|------------
-[Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) | Reorganized Windows 10 security topics to reflect the Windows Defender ATP platform.
+[Microsoft Defender for Endpoint](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) | Reorganized Windows 10 security topics to reflect the Defender for Endpoint platform.
 

From 33660224ef1c19795acd6d4e77686a3898c149c0 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Wed, 11 Nov 2020 21:18:14 +0530
Subject: [PATCH 291/384] removed invalid links . added correct links

as per the user report #8614 , so i removed  three invalid links  and added correct links
---
 .../threat-protection/intelligence/exploits-malware.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md
index c7b63fd5fd..36ef30a468 100644
--- a/windows/security/threat-protection/intelligence/exploits-malware.md
+++ b/windows/security/threat-protection/intelligence/exploits-malware.md
@@ -37,9 +37,9 @@ Several notable threats, including Wannacry, exploit the Server Message Block (S
 
 Examples of exploit kits:
 
-- Angler / [Axpergle](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=JS%2fAxpergle)
+- Angler / [Axpergle](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Axpergle)
 
-- [Neutrino](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=JS%2fNeutrino)
+- [Neutrino](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?name=JS/NeutrinoEK)
 
 - [Nuclear](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
 

From f976a899b7346434776ad926bb69733483ffc880 Mon Sep 17 00:00:00 2001
From: tiburd 
Date: Wed, 11 Nov 2020 07:52:00 -0800
Subject: [PATCH 292/384] Edit pass: Acrolinx fixes

---
 ...nced-troubleshooting-802-authentication.md |  47 ++++----
 .../manage-settings-app-with-group-policy.md  |   8 +-
 .../mdm/esim-enterprise-management.md         |  10 +-
 .../troubleshoot-inaccessible-boot-device.md  | 114 +++++++++---------
 .../troubleshoot-tcpip-connectivity.md        |  34 +++---
 .../auditing/audit-detailed-file-share.md     |   6 +-
 .../auditing/audit-group-membership.md        |  15 ++-
 .../auditing/audit-logoff.md                  |  10 +-
 .../audit-non-sensitive-privilege-use.md      |   8 +-
 9 files changed, 128 insertions(+), 124 deletions(-)

diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index 4af9868736..c27a78fa4c 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -17,17 +17,17 @@ ms.topic: troubleshooting
  
 ## Overview
 
-This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or switches, it won't be an end-to-end Microsoft solution.
+This article includes general troubleshooting for 802.1X wireless and wired clients. While troubleshooting 802.1X and wireless, it's important to know how the flow of authentication works, and then figure out where it's breaking. It involves a lot of third-party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. We don't make access points or switches, so it's not an end-to-end Microsoft solution.
  
 ## Scenarios
 
-This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 - 10 for clients, and Windows Server 2008 R2 - 2012 R2 for NPS.
+This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
  
-## Known Issues
+## Known issues
 
 None
  
-## Data Collection
+## Data collection
 
 See [Advanced troubleshooting 802.1X authentication data collection](data-collection-for-802-authentication.md).
  
@@ -35,11 +35,11 @@ See [Advanced troubleshooting 802.1X authentication data collection](data-collec
 
 Viewing [NPS authentication status events](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735320(v%3dws.10)) in the Windows Security [event log](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722404(v%3dws.11)) is one of the most useful troubleshooting methods to obtain information about failed authentications.
 
-NPS event log entries contain information on the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you are not seeing both success and failure events, see the section below on [NPS audit policy](#audit-policy).
+NPS event log entries contain information about the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you don't see both success and failure events, see the [NPS audit policy](#audit-policy) section later in this article.
 
-Check Windows Security Event log on the NPS Server for NPS events corresponding to rejected ([event ID 6273](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
+Check Windows Security Event log on the NPS Server for NPS events that correspond to rejected ([event ID 6273](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
  
-In the event message, scroll to the very bottom, and check the [Reason Code](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text associated with it.
+In the event message, scroll to the very bottom, and then check the [Reason Code](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text that's associated with it.
  
    ![example of an audit failure](images/auditfailure.png)
    *Example: event ID 6273 (Audit Failure)*


@@ -47,35 +47,35 @@ In the event message, scroll to the very bottom, and check the [Reason Code](htt
    ![example of an audit success](images/auditsuccess.png)
    *Example: event ID 6272 (Audit Success)*

 
-‎The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, Wired AutoConfig operational log is equivalent one.
+‎The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
 
-On the client side, navigate to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, navigate to  **..\Wired-AutoConfig/Operational**. See the following example:
+On the client side, go to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, go to  **..\Wired-AutoConfig/Operational**. See the following example:
 
 ![event viewer screenshot showing wired-autoconfig and WLAN autoconfig](images/eventviewer.png)
  
-Most 802.1X authentication issues are due to problems with the certificate that is used for client or server authentication (e.g. invalid certificate, expiration, chain verification failure, revocation check failure, etc.). 
+Most 802.1X authentication issues are because of problems with the certificate that's used for client or server authentication. Examples include invalid certificate, expiration, chain verification failure, and revocation check failure. 
 
-First, validate the type of EAP method being used:
+First, validate the type of EAP method that's used:
  
 ![eap authentication type comparison](images/comparisontable.png)
 
-If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Right click on the policy and select **Properties**. In the pop-up window, go to the **Constraints** tab and select the **Authentication Methods** section.
+If a certificate is used for its authentication method, check whether the certificate is valid. For the server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Select and hold (or right-click) the policy, and then select **Properties**. In the pop-up window, go to the **Constraints** tab, and then select the **Authentication Methods** section.
 
 ![Constraints tab of the secure wireless connections properties](images/eappropertymenu.png)
  
-The CAPI2 event log will be useful for troubleshooting certificate-related issues.
-This log is not enabled by default. You can enable this log by expanding **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, right-clicking **Operational** and then clicking **Enable Log**.
+The CAPI2 event log is useful for troubleshooting certificate-related issues.
+By default, this log isn't enabled. To enable this log, expand **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, select and hold (or right-click) **Operational**, and then select **Enable Log**.
 
 ![screenshot of event viewer](images/capi.png)
  
-The following article explains how to analyze CAPI2 event logs:
+For information about how to analyze CAPI2 event logs, see
 [Troubleshooting PKI Problems on Windows Vista](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29).
 
-When troubleshooting complex 802.1X authentication issues, it is important to understand the 802.1X authentication process. The following figure is an example of wireless connection process with 802.1X authentication:
+When troubleshooting complex 802.1X authentication issues, it's important to understand the 802.1X authentication process. Here's an example of wireless connection process with 802.1X authentication:
 
 ![authenticator flow chart](images/authenticator_flow_chart.png)
  
-If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter in for a client side capture, and **EAP** for an NPS side capture. See the following examples:
+If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter for a client-side capture, and **EAP** for an NPS-side capture. See the following examples:
 
 ![client-side packet capture data](images/clientsidepacket_cap_data.png)
 *Client-side packet capture data*


@@ -85,16 +85,16 @@ If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both
 ‎
 
 > [!NOTE]
-> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. Follow the instructions under the **Help** menu in Network Monitor to load the reqired [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/) if needed. See the example below.
+> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. If you need to load the required [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/), see the instructions under the **Help** menu in Network Monitor. Here's an example:
 
 ![ETL parse](images/etl.png) 
 
 ## Audit policy
 
-NPS audit policy (event logging) for connection success and failure is enabled by default. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
+By default, NPS audit policy (event logging) for connection success and failure is enabled. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
 
 View the current audit policy settings by running the following command on the NPS server:
-```
+```console
 auditpol /get /subcategory:"Network Policy Server"
 ```
 
@@ -106,13 +106,12 @@ Logon/Logoff
   Network Policy Server                   Success and Failure
 
 
-If it shows ‘No auditing’, you can run this command to enable it:
-
-```
+If it says, "No auditing," you can run this command to enable it:
+```console
 auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
 ```
 
-Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing via Group Policy. The success/failure setting can be found under **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server**.
+Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to the success/failure setting, select **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Advanced Audit Policy Configuration** > **Audit Policies** > **Logon/Logoff** > **Audit Network Policy Server**.
 
 ## Additional references
 
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index dc31960057..2950a6c6d9 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -19,13 +19,13 @@ ms.topic: article
 
 -   Windows 10, Windows Server 2016
 
-You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
-To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
+You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
+To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
 
 >[!Note]
 >Each server that you want to manage access to the Settings App must be patched.
 
-To centrally manage the new policies copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) if your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management.
+If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra).
 
 This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.
 
@@ -39,7 +39,7 @@ Policy paths:
 
 ## Configuring the Group Policy
 
-The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon delimited list of URIs in **Settings Page Visiblity**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). 
+The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon-delimited list of URIs in **Settings Page Visibility**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). 
 
 >[!NOTE]
 > When you specify the URI in the Settings Page Visibility textbox, don't include **ms-settings:** in the string.
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 79545b45cc..43f44a4d2a 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -12,15 +12,15 @@ ms.topic: conceptual
 ---
 
 # How Mobile Device Management Providers support eSIM Management on Windows
-The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
- If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following:
+The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
+ If you are a Mobile Device Management (MDM) Provider and want to support eSIM Management on Windows, perform the following steps:
 - Onboard to Azure Active Directory
-- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. 
+- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows doesn't limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, contact them and learn more about their onboarding. If you want to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. 
 - Assess solution type that you would like to provide your customers
 - Batch/offline solution
 - IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
-- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
+- Operator doesn't have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
 - Real-time solution
 - MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
 - Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
-**Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator.
+**Note:** End users don't notice the solution type. The choice between the two is made between the MDM and the Mobile Operator.
diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md
index 0bdc744338..bdb67e2528 100644
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@@ -1,6 +1,6 @@
 ---
 title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device
-description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error may occur after some changes are made to the computer,
+description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error might occur after some changes are made to the computer,
 ms.prod: w10
 ms.mktglfcycl:
 ms.sitesec: library
@@ -15,27 +15,27 @@ manager: dansimp
 
 # Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device
 
-This article provides steps to troubleshoot **Stop error 7B: Inaccessible_Boot_Device**. This error may occur after some changes are made to the computer, or immediately after you deploy Windows on the computer.
+This article provides steps to troubleshoot **Stop error 7B: Inaccessible_Boot_Device**. This error might occur after some changes are made to the computer, or immediately after you deploy Windows on the computer.
 
 ## Causes of the  Inaccessible_Boot_Device  Stop error
 
-Any one of the following factors may cause the stop error:
+Any one of the following factors might cause the stop error:
 
-*	Missing, corrupted, or misbehaving filter drivers that are related to the storage stack
+* Missing, corrupted, or misbehaving filter drivers that are related to the storage stack
 
-*	File system corruption
+* File system corruption
 
-*	Changes to the storage controller mode or settings in the BIOS 
+* Changes to the storage controller mode or settings in the BIOS 
 
-*	Using a different storage controller than the one that was used when Windows was installed
+* Using a different storage controller than the one that was used when Windows was installed
 
-*	Moving the hard disk to a different computer that has a different controller
+* Moving the hard disk to a different computer that has a different controller
 
-*	A faulty motherboard or storage controller, or faulty hardware 
+* A faulty motherboard or storage controller, or faulty hardware 
 
-*	In unusual cases: the failure of the TrustedInstaller service to commit newly installed updates because of Component Based Store corruptions
+* In unusual cases, the failure of the TrustedInstaller service to commit newly installed updates is because of component-based store corruptions
 
-*	Corrupted files in the **Boot**  partition (for example, corruption in the volume that is labeled **SYSTEM**  when you run the `diskpart`  > `list vol`  command)
+* Corrupted files in the **Boot**  partition (for example, corruption in the volume that's labeled **SYSTEM**  when you run the `diskpart`  > `list vol`  command)
 
 ## Troubleshoot this error
 
@@ -43,9 +43,9 @@ Start the computer in [Windows Recovery Mode (WinRE)](https://docs.microsoft.com
 
 1. Start the system by using [the installation media for the installed version of Windows](https://support.microsoft.com/help/15088).
 
-2. On the **Install Windows**  screen, select **Next**  > **Repair your computer** .
+2. On the **Install Windows**  screen, select **Next**  > **Repair your computer**.
 
-3. On the **System Recovery Options**  screen, select **Next**  > **Command Prompt** .
+3. On the **System Recovery Options**  screen, select **Next**  > **Command Prompt**.
 
 ### Verify that the boot disk is connected and accessible
 
@@ -55,7 +55,7 @@ Start the computer in [Windows Recovery Mode (WinRE)](https://docs.microsoft.com
 
 A list of the physical disks that are attached to the computer should be displayed and resemble the following display:
 
-```
+```console
   Disk ###  Status         Size     Free     Dyn  Gpt
 
   --------  -------------  -------  -------  ---  ---
@@ -65,7 +65,7 @@ A list of the physical disks that are attached to the computer should be display
 
 If the computer uses a Unified Extensible Firmware Interface (UEFI) startup interface, there will be an asterisk () in the **GPT*  column.
 
-If the computer uses a basic input/output system (BIOS) interface, there will not be an asterisk in the **Dyn**  column.
+If the computer uses a basic input/output system (BIOS) interface, there won't be an asterisk in the **Dyn**  column.
 
 #### Step 2
 
@@ -73,7 +73,7 @@ If the `list disk` command lists the OS disks correctly, run the `list vol` comm
 
 `list vol` generates an output that resembles the following display:
 
-```
+```console
   Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
 
   ----------  ---  -----------  -----  ----------  -------  ---------  --------
@@ -86,7 +86,7 @@ If the `list disk` command lists the OS disks correctly, run the `list vol` comm
 ```
 
 >[!NOTE]
->If the disk that contains the OS is not listed in the output, you will have to engage the OEM or virtualization manufacturer.
+>If the disk that contains the OS isn't listed in the output, you'll have to engage the OEM or virtualization manufacturer.
 
 ### Verify the integrity of Boot Configuration Database
 
@@ -94,57 +94,57 @@ Check whether the Boot Configuration Database (BCD) has all the correct entries.
 
 To verify the BCD entries:
 
-1. Examine the **Windows Boot Manager**  section that has the **{bootmgr}** identifier. Make sure that the **device**  and **path**  entries point to the correct device and boot loader file.
+1. Examine the **Windows Boot Manager** section that has the **{bootmgr}** identifier. Make sure that the **device** and **path**  entries point to the correct device and boot loader file.
  
-   An example output if the computer is UEFI-based:
+   If the computer is UEFI-based, here's example output:
     
-   ```
+   ```cmd
    device                  partition=\Device\HarddiskVolume2
    path                    \EFI\Microsoft\Boot\bootmgfw.efi
    ```
 
-   An example output if the machine is BIOS based:
-   ```
+   If the machine is BIOS-based, here's example output:
+   ```cmd
    Device                partition=C:
    ```
    >[!NOTE]
-   >This output may not contain a path.
+   >This output might not contain a path.
 
-2. In the **Windows Boot Loader**  that has the **{default}** identifier, make sure that **device**, **path**, **osdevice**, and **systemroot**  point to the correct device or partition, winload file, OS partition or device, and OS folder.
+2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device**, **path**, **osdevice**, and **systemroot**  point to the correct device or partition, winload file, OS partition or device, and OS folder.
  
    > [!NOTE]
-   > If the computer is UEFI-based, the filepath value specified in the **path** parameter of **{bootmgr}** and **{default}** will contain an **.efi** extension.
+   > If the computer is UEFI-based, the file path value that's specified in the **path** parameter of **{bootmgr}** and **{default}** contains an **.efi** extension.
 
    ![bcdedit](images/screenshot1.png)
 
-If any of the information is wrong or missing, we recommend that you create a backup of the BCD store. To do this, run `bcdedit /export C:\temp\bcdbackup`. This command creates a backup in **C:\\temp\\** that is named **bcdbackup** . To restore the backup, run `bcdedit /import C:\temp\bcdbackup`. This command overwrites all BCD settings by using the settings in **bcdbackup** .
+If any of the information is wrong or missing, we recommend that you create a backup of the BCD store. To do this, run `bcdedit /export C:\temp\bcdbackup`. This command creates a backup in **C:\\temp\\** that's named **bcdbackup**. To restore the backup, run `bcdedit /import C:\temp\bcdbackup`. This command overwrites all BCD settings by using the settings in **bcdbackup**.
 
-After the backup is completed, run the following command to make the changes:
+After the backup completes, run the following command to make the changes:
 
 
bcdedit /set *{identifier}* option value

 
-For example, if the device under {default} is wrong or missing, run the following command to set it: `bcdedit /set {default} device partition=C:`
+For example, if the device under {default} is wrong or missing, run this command to set it: `bcdedit /set {default} device partition=C:`
 
- If you want to re-create the BCD completely, or if you get a message that states that "**The boot configuration data store could not be opened. The system could not find the file specified,** " run `bootrec /rebuildbcd`.
+ If you want to completely re-create the BCD, or if you get a message that states that "**The boot configuration data store could not be opened. The system could not find the file specified,** " run `bootrec /rebuildbcd`.
 
-If the BCD has the correct entries, check whether the **winload** and **bootmgr** entries exist in the correct location per the path that is specified in the **bcdedit**  command. By default, **bootmgr**  in the BIOS partition will be in the root of the **SYSTEM**  partition. To see the file, run `Attrib -s -h -r`.
+If the BCD has the correct entries, check whether the **winload** and **bootmgr** entries exist in the correct location, which is in the specified path in the **bcdedit** command. By default, **bootmgr** in the BIOS partition is in the root of the **SYSTEM**  partition. To see the file, run `Attrib -s -h -r`.
 
 If the files are missing, and you want to rebuild the boot files, follow these steps:
 
-1. Copy all the contents under the **SYSTEM**  partition to another location. Alternatively, you can use the command prompt to navigate to the OS drive, create a new folder, and then copy all the files and folders from the **SYSTEM**  volume, as follows:
+1. Copy all the contents under the **SYSTEM** partition to another location. Alternatively, you can use the command prompt to navigate to the OS drive, create a new folder, and then copy all the files and folders from the **SYSTEM**  volume, like shown here:
 
-```
-D:\> Mkdir  BootBackup
-R:\> Copy *.* D:\BootBackup 
-```
+   ```cmd
+   D:\> Mkdir  BootBackup
+   R:\> Copy *.* D:\BootBackup 
+   ```
 
-2. If you are using Windows 10, or if you are troubleshooting by using a Windows 10 ISO at the Windows Pre-Installation Environment command prompt, you can use the **bcdboot**  command to re-create the boot files, as follows:
+2. If you're using Windows 10, or if you're troubleshooting by using a Windows 10 ISO at the Windows Pre-Installation Environment command prompt, you can use the **bcdboot** command to re-create the boot files, like shown here:
 
    ```cmd
    Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL
    ```
 
-   For example: if we assign the `` (WinRE drive) the letter R and the `` is the letter D, this command would be the following:
+   For example, if we assign the `` (WinRE drive) the letter R and the `` is the letter D, the following is the command that we would use:
 
    ```cmd
    Bcdboot D:\windows /s R: /f ALL
@@ -153,13 +153,13 @@ R:\> Copy *.* D:\BootBackup
    >[!NOTE]
    >The **ALL** part of the **bcdboot** command writes all the boot files (both UEFI and BIOS) to their respective locations.
 
-If you do not have a Windows 10 ISO, you must format the partition and copy **bootmgr**  from another working computer that has a similar Windows build. To do this, follow these steps:
+If you don't have a Windows 10 ISO, format the partition and copy **bootmgr** from another working computer that has a similar Windows build. To do this, follow these steps:
 
-1. Start **Notepad** .
+1. Start **Notepad**.
 
 2. Press Ctrl+O.
 
-3. Navigate to the system partition (in this example, it is R).
+3. Navigate to the system partition (in this example, it's R).
 
 4. Right-click the partition, and then format it.
 
@@ -171,7 +171,7 @@ Run the following command to verify the Windows update installation and dates:
 Dism /Image:: /Get-packages
 ```
 
-After you run this command, you will see the **Install pending** and **Uninstall Pending** packages:
+After you run this command, you'll see the **Install pending** and **Uninstall Pending** packages:
 
 ![Dism output](images/pendingupdate.png)
 
@@ -179,27 +179,27 @@ After you run this command, you will see the **Install pending** and **Uninstall
 
     ![Dism output](images/revertpending.png)
 
-2. Navigate to ***OSdriveLetter* :\Windows\WinSxS** , and then check whether the **pending.xml**  file exists. If it does, rename it to **pending.xml.old**.
+2. Navigate to ***OSdriveLetter*:\Windows\WinSxS**, and then check whether the **pending.xml** file exists. If it does, rename it to **pending.xml.old**.
 
-3. To revert the registry changes, type **regedit**  at the command prompt to open **Registry Editor**.
+3. To revert the registry changes, type **regedit** at the command prompt to open **Registry Editor**.
 
 4. Select **HKEY_LOCAL_MACHINE**, and then go to **File**  > **Load Hive**.
 
-5. Navigate to **OSdriveLetter:\Windows\System32\config**, select the file that is named **COMPONENT** (with no extension), and then select **Open**. When you are prompted, enter the name **OfflineComponentHive** for the new hive
+5. Navigate to ***OSdriveLetter*:\Windows\System32\config**, select the file that's named **COMPONENT** (with no extension), and then select **Open**. When you're prompted, enter the name **OfflineComponentHive** for the new hive.
     
     ![Load Hive](images/loadhive.png)
 
 6. Expand **HKEY_LOCAL_MACHINE\OfflineComponentHive**, and check whether the **PendingXmlIdentifier** key exists. Create a backup of the **OfflineComponentHive** key, and then delete the **PendingXmlIdentifier** key.
 
-7. Unload the hive. To do this, highlight **OfflineComponentHive**, and then select **File**  > **Unload hive**.
+7. Unload the hive. To do this, highlight **OfflineComponentHive**, and then select **File** > **Unload hive**.
 
     ![Unload Hive](images/unloadhive.png)![Unload Hive](images/unloadhive1.png)
 
-8. Select **HKEY_LOCAL_MACHINE**, go to **File** > **Load Hive**, navigate to ***OSdriveLetter* :\Windows\System32\config**, select the file that is named **SYSTEM** (with no extension), and then select **Open** . When you are prompted, enter the name **OfflineSystemHive** for the new hive.
+8. Select **HKEY_LOCAL_MACHINE**, go to **File** > **Load Hive**, navigate to ***OSdriveLetter*:\Windows\System32\config**, select the file that's named **SYSTEM** (with no extension), and then select **Open**. When you're prompted, enter the name **OfflineSystemHive** for the new hive.
 
 9. Expand **HKEY_LOCAL_MACHINE\OfflineSystemHive**, and then select the **Select** key. Check the data for the **Default** value.
 
-10. If the data in **HKEY_LOCAL_MACHINE\OfflineSystemHive\Select\Default**  is **1** , expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001**. If it is **2**, expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet002**, and so on.
+10. If the data in **HKEY_LOCAL_MACHINE\OfflineSystemHive\Select\Default**  is **1**, expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001**. If it's **2**, expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet002**, and so on.
 
 11.	 Expand **Control\Session Manager**. Check whether the **PendingFileRenameOperations** key exists. If it does, back up the **SessionManager** key, and then delete the **PendingFileRenameOperations** key.
 
@@ -207,7 +207,7 @@ After you run this command, you will see the **Install pending** and **Uninstall
 
 #### Check services	
 
-1.	 Follow steps 1-10 in the "Troubleshooting if this issue occurs after an Windows Update installation" section. (Step 11 does not apply to this procedure.)
+1. Follow steps 1-10 in the "Troubleshooting if this issue occurs after a Windows Update installation" section. (Step 11 doesn't apply to this procedure.)
 
 2. Expand **Services**.
 
@@ -225,9 +225,9 @@ After you run this command, you will see the **Install pending** and **Uninstall
     
     *	VOLUME
 
-If these keys exist, check each one to make sure that it has a value that is named **Start** and that it is set to **0**. If not, set the value to **0**.
+If these keys exist, check each one to make sure that it has a value that's named **Start**, and that it's set to **0**. If it's not, set the value to **0**.
 
-If any of these keys do not exist, you can try to replace the current registry hive by using the hive from **RegBack**. To do this, run the following commands:
+If any of these keys don't exist, you can try to replace the current registry hive by using the hive from **RegBack**. To do this, run the following commands:
 
 ```cmd
 cd OSdrive:\Windows\System32\config
@@ -237,7 +237,7 @@ copy OSdrive:\Windows\System32\config\RegBack\SYSTEM OSdrive:\Windows\System32\c
 
 #### Check upper and lower filter drivers
 
-Check whether there are any non-Microsoft upper and lower filter drivers on the computer and that they do not exist on another, similar working computer. if they do exist, remove the upper and lower filter drivers:
+Check whether there are any non-Microsoft upper and lower filter drivers on the computer and that they don't exist on another, similar working computer. If they do exist, remove the upper and lower filter drivers:
 
 1. Expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001\Control**.
 
@@ -245,8 +245,8 @@ Check whether there are any non-Microsoft upper and lower filter drivers on the
 
    >[!NOTE]
    >These filters are mainly related to storage. After you expand the **Control** key in the registry, you can search for **UpperFilters** and **LowerFilters**.
-
-   The following are some of the different registry entries in which you may find these filter drivers. These entries are located under **ControlSet**  and are designated as **Default** :
+   
+   You might find these filter drivers in some of the following registry entries. These entries are under **ControlSet**  and are designated as **Default**:
 
 \Control\Class\\{4D36E96A-E325-11CE-BFC1-08002BE10318} 
 
@@ -258,19 +258,19 @@ Check whether there are any non-Microsoft upper and lower filter drivers on the
 
 ![Registry](images/controlset.png) 
 
-If an **UpperFilters**  or **LowerFilters**  entry is non-standard (for example, it is not a Windows default filter driver, such as PartMgr), remove the entry by double-clicking it in the right pane, and then deleting only that value.
+If an **UpperFilters**  or **LowerFilters**  entry is non-standard (for example, it's not a Windows default filter driver, such as PartMgr), remove the entry. To remove it, double-click it in the right pane, and then delete only that value.
 
 >[!NOTE]
 >There could be multiple entries.
 
-The reason that these entries may affect us is because there may be an entry in the **Services** branch that has a START type set to 0 or 1 (indicating that it is loaded at the Boot or Automatic part of the boot process). Also, either the file that is referred to is missing or corrupted, or it may be named differently than what is listed in the entry. 
+These entries might affect us because there might be an entry in the **Services** branch that has a START type set to 0 or 1, which means that it's loaded at the Boot or Automatic part of the boot process. Also, either the file that's referred to is missing or corrupted, or it might be named differently than what's listed in the entry. 
 
 >[!NOTE]
->If there actually is a service that is set to **0** or **1** that corresponds to an **UpperFilters** or **LowerFilters** entry, setting the service to disabled in the **Services** registry (as discussed in steps 2 and 3 of the Check services section) without removing the **Filter Driver** entry causes the computer to crash and generate a 0x7b Stop error.
+>If there's a service that's set to **0** or **1** that corresponds to an **UpperFilters** or **LowerFilters** entry, setting the service to disabled in the **Services** registry (as discussed in steps 2 and 3 of the Check services section) without removing the **Filter Driver** entry causes the computer to crash and generate a 0x7b Stop error.
 
 ### Running SFC and Chkdsk
 
- If the computer still does not start, you can try to run a **chkdisk**  process on the system drive, and also run System File Checker. To do this, run the following commands at a WinRE command prompt:
+ If the computer still doesn't start, you can try to run a **chkdisk**  process on the system drive, and then also run System File Checker. To do this, run the following commands at a WinRE command prompt:
 
 *	`chkdsk /f /r OsDrive:`
 
diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md
index 0d4f00510a..77e524634d 100644
--- a/windows/client-management/troubleshoot-tcpip-connectivity.md
+++ b/windows/client-management/troubleshoot-tcpip-connectivity.md
@@ -14,27 +14,33 @@ manager: dansimp
 
 # Troubleshoot TCP/IP connectivity
 
-You might come across connectivity errors on the application end or timeout errors. Most common scenarios would include application connectivity to a database server, SQL timeout errors, BizTalk application timeout errors, Remote Desktop Protocol (RDP) failures, file share access failures, or general connectivity.  
+You might come across connectivity errors on the application end or timeout errors. The following are the most common scenarios:
+- Application connectivity to a database server
+- SQL timeout errors
+- BizTalk application timeout errors
+- Remote Desktop Protocol (RDP) failures
+- File share access failures
+- General connectivity
  
-When you suspect that the issue is on the network, you collect a network trace. The network trace would then be filtered. During troubleshooting connectivity errors, you might come across TCP reset in a network capture which could indicate a network issue.  
+When you suspect that the issue is on the network, you collect a network trace. The network trace would then be filtered. During troubleshooting connectivity errors, you might come across TCP reset in a network capture that could indicate a network issue.  
  
-* TCP is defined as connection-oriented and reliable protocol. One of the ways in which TCP ensures this is through the handshake process. Establishing a TCP session would begin with a 3-way handshake, followed by data transfer, and then a 4-way closure. The 4-way closure where both sender and receiver agree on closing the session is termed as *graceful closure*. After the 4-way closure, the server will allow 4 minutes of time (default), during which any pending packets on the network are to be processed, this is the TIME_WAIT state. Once the TIME_WAIT state is done, all the resources allocated for this connection are released.  
+* TCP is defined as connection-oriented and reliable protocol. One of the ways in which TCP ensures reliability is through the handshake process. Establishing a TCP session would begin with a three-way handshake, followed by data transfer, and then a four-way closure. The four-way closure where both sender and receiver agree on closing the session is termed as *graceful closure*. After the 4-way closure, the server will allow 4 minutes of time (default), during which any pending packets on the network are to be processed, this is the TIME_WAIT state. After the TIME_WAIT state completes, all the resources allocated for this connection are released.  
  
-* TCP reset is an abrupt closure of the session which causes the resources allocated to the connection to be immediately released and all other information about the connection is erased.  
+* TCP reset is an abrupt closure of the session; it causes the resources allocated to the connection to be immediately released and all other information about the connection is erased.  
  
 * TCP reset is identified by the RESET flag in the TCP header set to `1`.  
  
-A network trace on the source and the destination which will help you determine the flow of the traffic and see at what point the failure is observed.  
+A network trace on the source and the destination helps you to determine the flow of the traffic and see at what point the failure is observed.  
  
 The following sections describe some of the scenarios when you will see a RESET. 
  
 ## Packet drops
  
-When one TCP peer is sending out TCP packets for which there is no response received from the other end, the TCP peer would end up re-transmitting the data and when there is no response received, it would end the session by sending an ACK RESET( meaning, application acknowledges whatever data exchanged so far, but due to packet drop closing the connection).  
+When one TCP peer is sending out TCP packets for which there is no response received from the other end, the TCP peer would end up retransmitting the data and when there is no response received, it would end the session by sending an ACK RESET (this means that the application acknowledges whatever data is exchanged so far, but because of packet drop, the connection is closed).  
  
 The simultaneous network traces on source and destination will help you verify this behavior where on the source side you would see the packets being retransmitted and on the destination none of these packets are seen. This would mean, the network device between the source and destination is dropping the packets. 
  
-If the initial TCP handshake is failing because of packet drops then you would see that the TCP SYN packet is retransmitted only 3 times. 
+If the initial TCP handshake is failing because of packet drops, then you would see that the TCP SYN packet is retransmitted only three times. 
     
 Source side connecting on port 445:
 
@@ -44,7 +50,7 @@ Destination side: applying the same filter, you do not see any packets.
 
 ![Screenshot of frame summary with filter in Network Monitor](images/tcp-ts-7.png)
 
-For the rest of the data, TCP will retransmit the packets 5 times.
+For the rest of the data, TCP will retransmit the packets five times.
 
 **Source 192.168.1.62 side trace:**
 
@@ -58,16 +64,16 @@ If you are seeing that the SYN packets are reaching the destination, but the des
  
 ## Incorrect parameter in the TCP header
  
-You see this behavior when the packets are modified in the network by middle devices and TCP on the receiving end is unable to accept the packet, such as the sequence number being modified, or packets being re-played by middle device by changing the sequence number. Again, the simultaneous network trace on the source and destination will be able to tell you if any of the TCP headers are modified. Start by comparing the source trace and destination trace, you will be able to notice if there is a change in the packets itself or if any new packets are reaching the destination on behalf of the source.  
+You see this behavior when the packets are modified in the network by middle devices and TCP on the receiving end is unable to accept the packet, such as the sequence number being modified, or packets being replayed by middle device by changing the sequence number. Again, the simultaneous network trace on the source and destination will be able to tell you if any of the TCP headers are modified. Start by comparing the source trace and destination trace, you will be able to notice if there is a change in the packets itself or if any new packets are reaching the destination on behalf of the source.  
  
-In this case, you will again need help from the network team to identify any such device which is modifying packets or re-playing packets to the destination. The most common ones are RiverBed devices or WAN accelerators. 
+In this case, you'll again need help from the network team to identify any device that's modifying packets or replaying packets to the destination. The most common ones are RiverBed devices or WAN accelerators. 
  
      
 ## Application side reset
  
 When you have identified that the resets are not due to retransmits or incorrect parameter or packets being modified with the help of network trace, then you have narrowed it down to application level reset.
     
-The application resets are the ones where you see the Acknowledgement flag set to `1` along with the reset flag. This would mean that the server is acknowledging the receipt of the packet but for some reason it will not accept the connection. This is when the application that received the packet did not like something it received.  
+The application resets are the ones where you see the Acknowledgment flag set to `1` along with the reset flag. This would mean that the server is acknowledging the receipt of the packet but for some reason it will not accept the connection. This is when the application that received the packet did not like something it received.  
  
 In the below screenshots, you see that the packets seen on the source and the destination are the same without any modification or any drops, but you see an explicit reset sent by the destination to the source.
     
@@ -83,7 +89,7 @@ You also see an ACK+RST flag packet in a case when the TCP establishment packet
 
 ![Screenshot of packet flag](images/tcp-ts-11.png)
 
-The application which is causing the reset (identified by port numbers) should be investigated to understand what is causing it to reset the connection. 
+The application that's causing the reset (identified by port numbers) should be investigated to understand what is causing it to reset the connection. 
  
 >[!Note]
 >The above information is about resets from a TCP standpoint and not UDP. UDP is a connectionless protocol and the packets are sent unreliably. You would not see retransmission or resets when using UDP as a transport protocol. However, UDP makes use of ICMP as a error reporting protocol. When you have the UDP packet sent out on a port and the destination does not have port listed, you will see the destination sending out  **ICMP Destination host unreachable: Port unreachable** message immediately after the UDP packet
@@ -96,7 +102,7 @@ The application which is causing the reset (identified by port numbers) should b
 ```
  
  
-During the course of troubleshooting connectivity issue, you might also see in the network trace that a machine receives packets but does not respond to. In such cases, there could be a drop at the server level. You should enable firewall auditing on the machine to understand if the local firewall is dropping the packet.
+During the course of troubleshooting connectivity issue, you might also see in the network trace that a machine receives packets but does not respond to. In such cases, there could be a drop at the server level. To understand whether the local firewall is dropping the packet, enable the firewall auditing on the machine.
  
 ```
 auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /failure:enable
@@ -106,6 +112,6 @@ You can then review the Security event logs to see for a packet drop on a partic
 
 ![Screenshot of Event Properties](images/tcp-ts-12.png)
 
-Now, run the command `netsh wfp show state`, this will generate a wfpstate.xml file. Once you open this file and filter for the ID you find in the above event (2944008), you will be able to see a firewall rule name associated with this ID which is blocking the connection.
+Now, run the command `netsh wfp show state`, this will generate a wfpstate.xml file. After you open this file and filter for the ID that you find in the above event (2944008), you'll be able to see a firewall rule name that's associated with this ID that's blocking the connection.
 
 ![Screenshot of wfpstate.xml file](images/tcp-ts-13.png)
diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
index 69a9d636c7..3b223b9331 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
@@ -37,9 +37,9 @@ There are no system access control lists (SACLs) for shared folders. If this pol
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
 |-------------------|-----------------|-----------------|------------------|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | No              | Yes             | No               | Yes              | Audit Success for this subcategory on domain controllers typically will lead to very high volume of events, especially for SYSVOL share.
We recommend monitoring Failure access attempts: the volume should not be very high. You will be able to see who was not able to get access to a file or folder on a network share on a computer.                                                                                                                                                                                                                                                                                                                                                                                              |
-| Member Server     | IF              | Yes             | IF               | Yes              | IF – If a server has shared network folders which typically get many access requests (File Server, for example), the volume of events might be very high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use the [Audit File System](audit-file-system.md) subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for member servers should not be very high (if they are not File Servers). With Failure auditing, you will be able to see who was not able to get access to a file or folder on a network share on this computer. |
-| Workstation       | IF              | Yes             | IF               | Yes              | IF – If a workstation has shared network folders which typically get many access requests, the volume of events might be very high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use Audit File System subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for workstations should not be very high. With Failure auditing, you will be able to see who was not able to get access to a file or folder on a network share on this computer.                                                                                   |
+| Domain Controller | No              | Yes             | No               | Yes              | Audit Success for this subcategory on domain controllers typically will lead to high volume of events, especially for SYSVOL share.
We recommend monitoring Failure access attempts: the volume should not be high. You will be able to see who was not able to get access to a file or folder on a network share on a computer.                                                                                                                                                                                                                                                                                                                                                                                              |
+| Member Server     | IF              | Yes             | IF               | Yes              | IF – If a server has shared network folders that typically get many access requests (File Server, for example), the volume of events might be high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use the [Audit File System](audit-file-system.md) subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for member servers should not be high (if they are not File Servers). With Failure auditing, you can see who can't access a file or folder on a network share on this computer. |
+| Workstation       | IF              | Yes             | IF               | Yes              | IF – If a workstation has shared network folders that typically get many access requests, the volume of events might be high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use Audit File System subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for workstations should not be high. With Failure auditing, you can see who can't access a file or folder on a network share on this computer.                                                                                   |
 
 **Events List:**
 
diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md
index e9047b6c8a..5775f97220 100644
--- a/windows/security/threat-protection/auditing/audit-group-membership.md
+++ b/windows/security/threat-protection/auditing/audit-group-membership.md
@@ -1,6 +1,6 @@
 ---
 title: Audit Group Membership (Windows 10)
-description: The advanced security audit policy setting, Audit Group Membership, enables you to audit group memberships when they are enumerated on the client PC.
+description: Using the advanced security audit policy setting, Audit Group Membership, you can audit group memberships when they're enumerated on the client PC.
 ms.assetid: 1CD7B014-FBD9-44B9-9274-CC5715DE58B9
 ms.reviewer: 
 manager: dansimp
@@ -20,8 +20,7 @@ ms.date: 04/19/2017
 -   Windows 10
 -   Windows Server 2016
 
-
-Audit Group Membership enables you to audit group memberships when they are enumerated on the client computer.
+By using Audit Group Membership, you can audit group memberships when they're enumerated on the client computer.
 
 This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created.
 
@@ -33,15 +32,15 @@ Multiple events are generated if the group membership information cannot fit in
 
 **Event volume**:
 
--   Low on a client computer.
+- Low on a client computer.
 
--   Medium on a domain controller or network servers.
+- Medium on a domain controller or network servers.
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
 |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes             | No              | Yes              | No               | Group membership information for logged in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | Yes             | No              | Yes              | No               | Group membership information for logged in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation       | Yes             | No              | Yes              | No               | Group membership information for logged in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | Yes             | No              | Yes              | No               | Group membership information for a logged-in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group, or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so this subcategory doesn't have a recommendation to enable Failure auditing. |
+| Member Server     | Yes             | No              | Yes              | No               | Group membership information for logged in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group, or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so this subcategory doesn't have a recommendation to enable Failure auditing. |
+| Workstation       | Yes             | No              | Yes              | No               | Group membership information for a logged-in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group, or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so this subcategory doesn't have a recommendation to enable Failure auditing. |
 
 **Events List:**
 
diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md
index c4d6606795..011a5d397c 100644
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@@ -23,7 +23,7 @@ ms.date: 07/16/2018
 
 Audit Logoff determines whether the operating system generates audit events when logon sessions are terminated.
 
-These events occur on the computer that was accessed. In the case of an interactive logon, these events are generated on the computer that was logged on to.
+These events occur on the computer that was accessed. For an interactive logon, these events are generated on the computer that was logged on to.
 
 There is no failure event in this subcategory because failed logoffs (such as when a system abruptly shuts down) do not generate an audit record.
 
@@ -31,13 +31,13 @@ Logon events are essential to understanding user activity and detecting potentia
 
 **Event volume**: High.
 
-This subcategory allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to.
+This subcategory allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff, the security audit event is generated on the computer that the user account logged on to.
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 |-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation       | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It's more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long a session was active (in correlation with [Audit Logon](audit-logon.md) events) and when a user logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Member Server     | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It's more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long a session was active (in correlation with [Audit Logon](audit-logon.md) events) and when a user logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Workstation       | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It's more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long a session was active (in correlation with [Audit Logon](audit-logon.md) events) and when a user logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
 
 **Events List:**
 
diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
index f1227802bd..b75e993891 100644
--- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
@@ -1,6 +1,6 @@
 ---
-title: Audit Non Sensitive Privilege Use (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
+title: Audit Non-Sensitive Privilege Use (Windows 10)
+description: This article for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
 ms.assetid: 8fd74783-1059-443e-aa86-566d78606627
 ms.reviewer: 
 manager: dansimp
@@ -14,14 +14,14 @@ author: dansimp
 ms.date: 04/19/2017
 ---
 
-# Audit Non Sensitive Privilege Use
+# Audit Non-Sensitive Privilege Use
 
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 
 
-Audit Non Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges:
+Audit Non-Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges:
 
 -   Access Credential Manager as a trusted caller
 

From c7dc0cc6df273fb0e50f92cebb62bc177e1a12a2 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Wed, 11 Nov 2020 21:26:23 +0530
Subject: [PATCH 293/384] updated-4567381-batch13

rebranding
---
 .../overview-endpoint-detection-response.md   |  6 +-
 .../partner-applications.md                   | 68 +++++++++----------
 .../partner-integration.md                    | 24 +++----
 .../microsoft-defender-atp/portal-overview.md | 20 +++---
 .../post-ti-indicator.md                      |  4 +-
 .../preferences-setup.md                      |  4 +-
 .../prepare-deployment.md                     | 25 ++++---
 .../preview-settings.md                       | 14 ++--
 .../microsoft-defender-atp/preview.md         | 24 +++----
 .../production-deployment.md                  | 40 +++++------
 .../pull-alerts-using-rest-api.md             | 42 ++++++------
 .../raw-data-export-event-hub.md              | 12 ++--
 .../raw-data-export-storage.md                | 16 ++---
 .../microsoft-defender-atp/raw-data-export.md | 10 +--
 .../microsoft-defender-atp/rbac.md            | 14 ++--
 .../microsoft-defender-atp/recommendation.md  |  4 +-
 .../respond-file-alerts.md                    | 16 ++---
 .../respond-machine-alerts.md                 | 10 +--
 .../restrict-code-execution.md                |  6 +-
 .../microsoft-defender-atp/review-alerts.md   | 12 ++--
 .../run-advanced-query-api.md                 |  8 +--
 .../run-advanced-query-sample-powershell.md   |  6 +-
 .../run-advanced-query-sample-python.md       |  6 +-
 .../microsoft-defender-atp/run-av-scan.md     |  6 +-
 .../run-detection-test.md                     |  8 +--
 25 files changed, 202 insertions(+), 203 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
index 0f3c036938..f79f0792f3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
@@ -25,15 +25,15 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
+Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
 
 When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4o1j5]
 
-Inspired by the "assume breach" mindset, Microsoft Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
+Inspired by the "assume breach" mindset, Defender for Endpoint continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
 
 The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 822b5afaab..4c47c0f8bd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -18,21 +18,21 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Partner applications in Microsoft Defender ATP 
+# Partner applications in Microsoft Defender for Endpoint 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
 
 
-The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats.
+The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Defender for Endpoint; enabling security teams to effectively respond better to modern threats.
 
-Microsoft Defender ATP seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as:
+Defender for Endpoint seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as:
 - SIEM
 - Ticketing and IT service management solutions
 - Managed security service providers (MSSP)
@@ -47,16 +47,16 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions. T
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Microsoft Defender ATP is configured properly by launching continuous attacks safely on production assets
-![Image of Azure Sentinel logo](images/sentinel-logo.png)| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel 
-![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Microsoft Defender ATP findings with simulated attacks to validate accurate detection and effective response actions
+![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Defender for Endpoint is configured properly by launching continuous attacks safely on production assets
+![Image of Azure Sentinel logo](images/sentinel-logo.png)| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Defender for Endpoint into Azure Sentinel 
+![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender for Endpoint findings with simulated attacks to validate accurate detection and effective response actions
 ![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats
-![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Microsoft Defender ATP 
-![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
-![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API
-![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations
+![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Defender for Endpoint 
+![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Defender for Endpoint detections
+![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Defender for Endpoint Alerts to RSA NetWitness leveraging Microsoft Graph Security API
+![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations
 ![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities
-![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
+![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
 ![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets
 
 ### Orchestration and automation
@@ -64,31 +64,31 @@ Logo |Partner name   | Description
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
-![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform, ActiveEye.
-![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response
-![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
-![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
+![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Defender for Endpoint to automate customers' high-speed incident response playbooks
+![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Defender for Endpoint with its cloud-native SOAR platform, ActiveEye.
+![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Defender for Endpoint to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response
+![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Defender for Endpoint connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
+![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Defender for Endpoint to accelerate, streamline, and integrate your time-intensive security processes
 ![Image of ServiceNow logo](images/servicenow-logo.png) | [ServiceNow](https://go.microsoft.com/fwlink/?linkid=2135621) | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
-![Image of Swimlane logo](images/swimlane-logo.png) | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together
+![Image of Swimlane logo](images/swimlane-logo.png) | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Defender for Endpoint together
 
 
 ### Threat intelligence
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of MISP Malware Information Sharing Platform)logo](images/misp-logo.png) | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment
-![Image of Palo Alto Networks logo](images/paloalto-logo.png) | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld
-![Image of ThreatConnect logo](images/threatconnect-logo.png) | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP indicators
+![Image of MISP Malware Information Sharing Platform)logo](images/misp-logo.png) | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Defender for Endpoint environment
+![Image of Palo Alto Networks logo](images/paloalto-logo.png) | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Defender for Endpoint using MineMeld
+![Image of ThreatConnect logo](images/threatconnect-logo.png) | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Defender for Endpoint indicators
 
 
 
 ### Network security
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of Aruba ClearPass Policy Manager logo](images/aruba-logo.png) | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Microsoft Defender ATP is installed and updated on each endpoint before allowing access to the network
+![Image of Aruba ClearPass Policy Manager logo](images/aruba-logo.png) | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Defender for Endpoint is installed and updated on each endpoint before allowing access to the network
 ![Image of Blue Hexagon for Network logo](images/bluehexagon-logo.png) | [Blue Hexagon for Network](https://go.microsoft.com/fwlink/?linkid=2104613) | Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection
-![Image of CyberMDX logo](images/cybermdx-logo.png) | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender ATP environment
+![Image of CyberMDX logo](images/cybermdx-logo.png) | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Defender for Endpoint environment
 ![Image of Vectra Network Detection and Response (NDR) logo](images/vectra-logo.png) |[Vectra Network Detection and Response (NDR)](https://go.microsoft.com/fwlink/?linkid=866934)| Vectra applies AI & security research to detect and respond to cyber-attacks in real time
 
 
@@ -100,13 +100,13 @@ Logo |Partner name   | Description
 ![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata 
 ![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices
 ![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices 
-![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense
+![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense
 
 
 ## Additional integrations
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Microsoft Defender ATP with advanced Web Filtering
+![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Defender for Endpoint with advanced Web Filtering
 ![Image of Morphisec logo](images/morphisec-logo.png)| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2086215)| Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information
 ![Image of THOR Cloud logo](images/nextron-thor-logo.png)| [THOR Cloud](https://go.microsoft.com/fwlink/?linkid=862988)| Provides on-demand live forensics scans using a signature base with focus on persistent threats
 
@@ -114,27 +114,27 @@ Logo |Partner name   | Description
 
 
 ## SIEM integration
-Microsoft Defender ATP supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
+Defender for Endpoint supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
 
 ## Ticketing and IT service management 
-Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. 
+Ticketing solution integration helps to implement manual and automatic response processes. Defender for Endpoint can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. 
 
 ## Security orchestration and automation response (SOAR) integration 
-Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. 
+Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. 
 
 ## External alert correlation and Automated investigation and remediation  
-Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale.
+Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale.
   
 Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.  
 
-External alerts can be pushed into Microsoft Defender ATP and is presented side by side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert — with the real process and the full story of attack.  
+External alerts can be pushed into Defender for Endpoint and is presented side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert — with the real process and the full story of attack.  
 
 ## Indicators matching
 You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).
 
-Microsoft Defender ATP allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there's a match.
+Defender for Endpoint allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there's a match.
 
-Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
+Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
 
 ## Support for non-Windows platforms
-Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. 
+Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
index 7aa19efe08..349dc8d30d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
@@ -18,42 +18,42 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual 
 ---
 
-# Microsoft Defender ATP partner opportunities and scenarios
+# Microsoft Defender for Endpoint partner opportunities and scenarios
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:** 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
-Partners can easily extend their existing security offerings on top of the open framework and a rich and complete set of APIs to build extensions and integrations with Microsoft Defender ATP. 
+Partners can easily extend their existing security offerings on top of the open framework and a rich and complete set of APIs to build extensions and integrations with Defender for Endpoint. 
 
-The APIs span functional areas including detection, management, response, vulnerabilities, and intelligence-wide range of use cases. Based on the use case and need, partners can either stream or query data from Microsoft Defender ATP. 
+The APIs span functional areas including detection, management, response, vulnerabilities, and intelligence-wide range of use cases. Based on the use case and need, partners can either stream or query data from Defender for Endpoint. 
 
 
 ## Scenario 1: External alert correlation and Automated investigation and remediation
-Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale. 
+Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale. 
 
 Integrating the automated investigation and response capability with other solutions such as network security products or other endpoint security products will help to address alerts. The integration also minimizes the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.
 
-Microsoft Defender ATP adds support for this scenario in the following forms:
+Defender for Endpoint adds support for this scenario in the following forms:
 
-- External alerts can be pushed into Microsoft Defender ATP and presented side by side with additional device-based alerts from Microsoft Defender ATP. This view provides the full context of the alert - with the real process and the full story of attack.
+- External alerts can be pushed into Defender for Endpoint and presented side by side with additional device-based alerts from Defender for Endpoint. This view provides the full context of the alert - with the real process and the full story of attack.
 
-- Once an alert is generated, the signal is shared across all Microsoft Defender ATP protected endpoints in the enterprise. Microsoft Defender ATP takes immediate automated or operator-assisted response to address the alert.
+- Once an alert is generated, the signal is shared across all Defender for Endpoint protected endpoints in the enterprise. Defender for Endpoint takes immediate automated or operator-assisted response to address the alert.
 
 ## Scenario 2: Security orchestration and automation response (SOAR) integration
-Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others.
+Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others.
 
 ## Scenario 3: Indicators matching 
-Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability is available in Microsoft Defender ATP and gives the ability to set a list of indicators for prevention, detection, and exclusion of entities. One can define the action to be taken as well as the duration for when to apply the action.
+Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability is available in Defender for Endpoint and gives the ability to set a list of indicators for prevention, detection, and exclusion of entities. One can define the action to be taken as well as the duration for when to apply the action.
 
 The above scenarios serve as examples of the extensibility of the platform. You are not limited to the examples and we certainly encourage you to leverage the open framework to discover and explore other scenarios.
 
-Follow the steps in [Become a Microsoft Defender ATP partner](get-started-partner-integration.md) to integrate your solution in Microsoft Defender ATP.
+Follow the steps in [Become a Microsoft Defender for Endpoint partner](get-started-partner-integration.md) to integrate your solution in Defender for Endpoint.
 
 ## Related topic
 - [Overview of management and APIs](management-apis.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
index 699cc87da7..e4679370bb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
@@ -23,9 +23,9 @@ ms.topic: conceptual
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
 
 Enterprise security teams can use Microsoft Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat activity or data breaches.
 
@@ -33,7 +33,7 @@ You can use [Microsoft Defender Security Center](https://securitycenter.windows.
 
 - View, sort, and triage alerts from your endpoints
 - Search for more information on observed indicators such as files and IP Addresses
-- Change Microsoft Defender ATP settings, including time zone and review licensing information
+- Change Microsoft Defender for Endpoint settings, including time zone and review licensing information
 
 ## Microsoft Defender Security Center
 
@@ -42,7 +42,7 @@ When you open the portal, you'll see:
 - (1) Navigation pane (select the horizontal lines at the top of the navigation pane to show or hide it)
 - (2) Search, Community center, Localization, Help and support, Feedback
 
- ![Microsoft Defender Advanced Threat Protection portal](images/mdatp-portal-overview.png)
+ ![Microsoft Defender for Endpoint portal](images/mdatp-portal-overview.png)
 
 > [!NOTE]
 > Malware related detections will only appear if your devices are using Microsoft Defender Antivirus as the default real-time protection antimalware product.
@@ -54,29 +54,29 @@ Area | Description
 **(1) Navigation pane** | Use the navigation pane to move between **Dashboards**, **Incidents**, **Devices list**, **Alerts queue**, **Automated investigations**, **Advanced hunting**, **Reports**, **Partners & APIs**, **Threat & Vulnerability Management**, **Evaluation and tutorials**, **Service health**, **Configuration management**, and **Settings**. Select the horizontal lines at the top of the navigation pane to show or hide it.
 **Dashboards** | Access the active automated investigations, active alerts, automated investigations statistics, devices at risk, users at risk, devices with sensor issues, service health, detection sources, and daily devices reporting dashboards.
 **Incidents** | View alerts that have been aggregated as incidents.
-**Devices list** | Displays the list of devices that are onboarded to Microsoft Defender ATP, some information about them, and their exposure and risk levels.
+**Devices list** | Displays the list of devices that are onboarded to Defender for Endpoint, some information about them, and their exposure and risk levels.
 **Alerts queue** | View alerts generated from devices in your organizations.
 **Automated investigations** | Displays automated investigations that have been conducted in the network, triggering alert, the status of each investigation and other details such as when the investigation started and the duration of the investigation.
 **Advanced hunting** | Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool.
 **Reports** | View graphs detailing threat protection, device health and compliance, web protection, and vulnerability.
 **Partners & APIs** | View supported partner connections, which enhance the detection, investigation, and threat intelligence capabilities of the platform. You can also view connected applications, the API explorer, API usage overview, and data export settings.
 **Threat & Vulnerability management** | View your Microsoft Secure Score for Devices, exposure score, exposed devices, vulnerable software, and take action on top security recommendations.
-**Evaluation and tutorials** | Manage test devices, attack simulations, and reports. Learn and experience the Microsoft Defender ATP capabilities through a guided walk-through in a trial environment.
-**Service health** | Provides information on the current status of the Microsoft Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
+**Evaluation and tutorials** | Manage test devices, attack simulations, and reports. Learn and experience the Defender for Endpoint capabilities through a guided walk-through in a trial environment.
+**Service health** | Provides information on the current status of the Defender for Endpoint service. You'll be able to verify that the service health is healthy or if there are current issues.
 **Configuration management** | Displays on-boarded devices, your organizations' security baseline, predictive analysis, web protection coverage, and allows you to perform attack surface management on your devices.
 **Settings** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as permissions, APIs, rules, device management, IT service management, and network assessments.
-**(2) Search, Community center, Localization,  Help and support, Feedback** | **Search** - search by device, file, user, URL, IP, vulnerability, software, and recommendation. 

 **Community center** - Access the Community center to learn, collaborate, and share experiences about the product. 

  **Localization** - Set time zones. 

  **Help and support** - Access the Microsoft Defender ATP guide, Microsoft and Microsoft Premier support, license information, simulations & tutorials, Microsoft Defender ATP evaluation lab, consult a threat expert.

 **Feedback** - Provide comments about what you like or what we can do better.
+**(2) Search, Community center, Localization,  Help and support, Feedback** | **Search** - search by device, file, user, URL, IP, vulnerability, software, and recommendation. 

 **Community center** - Access the Community center to learn, collaborate, and share experiences about the product. 

  **Localization** - Set time zones. 

  **Help and support** - Access the Defender for Endpoint guide, Microsoft and Microsoft Premier support, license information, simulations & tutorials, Defender for Endpoint evaluation lab, consult a threat expert.

 **Feedback** - Provide comments about what you like or what we can do better.
 
 > [!NOTE]
 > For devices with high resolution DPI scaling issues, please see [Windows scaling issues for high-DPI devices](https://support.microsoft.com/help/3025083/windows-scaling-issues-for-high-dpi-devices) for possible solutions.
 
-## Microsoft Defender ATP icons
+## Microsoft Defender for Endpoint icons
 
 The following table provides information on the icons used all throughout the portal:
 
 Icon | Description
 :---|:---
-![ATP logo icon](images/atp-logo-icon.png)| Microsoft Defender ATP logo
+![ATP logo icon](images/atp-logo-icon.png)| Microsoft Defender for Endpoint logo
 ![Alert icon](images/alert-icon.png)| Alert – Indication of an activity correlated with advanced attacks.
 ![Detection icon](images/detection-icon.png)| Detection – Indication of a malware threat detection.
 ![Active threat icon](images/active-threat-icon.png)| Active threat – Threats actively executing at the time of detection.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
index f74d49ee22..ab2b412ae2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint]https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
index 59653a5fc2..335e716372 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
@@ -23,9 +23,9 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
 
 Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
index fe2d128e37..3c320f4601 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -20,30 +20,30 @@ ms.collection:
 ms.topic: article 
 ---
 
-# Prepare Microsoft Defender ATP deployment
+# Prepare Microsoft Defender for Endpoint deployment
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
 
-Deploying Microsoft Defender ATP is a three-phase process:
+Deploying Defender for Endpoint is a three-phase process:
 
 

 

   

     
        
-        Prepare to deploy Microsoft Defender ATP
+        Prepare to deploy Defender for Endpoint
       
Phase 1: Prepare 

     		
      
       
-        Setup the Microsoft Defender ATP service
+        Setup the Defender for Endpoint service
       
Phase 2: Set up 

     		
     
       
-        Onboard diagram
+        Onboard diagram
       
Phase 3: Onboard 

 

-
-
-
@@ -716,7 +723,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
 
-
@@ -724,7 +731,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
 
-
@@ -732,7 +739,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
 
-
@@ -740,7 +747,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
 
-
@@ -767,9 +774,9 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 
-
@@ -777,17 +784,17 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 
-
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
-
@@ -795,7 +802,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 
-
@@ -803,7 +810,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 
-
@@ -811,7 +818,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 
-
@@ -819,7 +826,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 
-
@@ -827,19 +834,19 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 
-
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

   

     
        
-        Plan to deploy Microsoft Defender ATP
+        Plan to deploy Microsoft Defender for Endpoint
       
Phase 1: Prepare 

     		
      
       
-        Onboard to the Microsoft Defender ATP service
+        Onboard to the Defender for Endpoint service
       
Phase 2: Set up 

         		
     
@@ -68,7 +68,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
 You are currently in the preparation phase.
 
 
-Preparation is key to any successful deployment. In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Microsoft Defender ATP.
+Preparation is key to any successful deployment. In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Defender for Endpoint.
 
 
 ## Stakeholders and approval
@@ -111,8 +111,7 @@ required in technologies or processes.
 
 ## Role-based access control
 
-Microsoft recommends using the concept of least privileges. Microsoft Defender
-ATP leverages built-in roles within Azure Active Directory. Microsoft recommends
+Microsoft recommends using the concept of least privileges. Defender for Endpoint leverages built-in roles within Azure Active Directory. Microsoft recommends
 [review the different roles that are
 available](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles-azure-portal)
 and choose the right one to solve your needs for each persona for this
@@ -132,7 +131,7 @@ Management](https://docs.microsoft.com/azure/active-directory/active-directory-p
 to manage your roles to provide additional auditing, control, and access review
 for users with directory permissions.
 
-Microsoft Defender ATP supports two ways to manage permissions:
+Defender for Endpoint supports two ways to manage permissions:
 
 -   **Basic permissions management**: Set permissions to either full access or
     read-only. In the case of basic permissions management users with Global
@@ -144,7 +143,7 @@ Microsoft Defender ATP supports two ways to manage permissions:
     groups access to device groups. For more information. see [Manage portal access using role-based access control](rbac.md).
 
 Microsoft recommends leveraging RBAC to ensure that only users that have a
-business justification can access Microsoft Defender ATP.
+business justification can access Defender for Endpoint.
 
 You can find details on permission guidelines
 [here](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group).
@@ -167,16 +166,16 @@ place. The bare minimum every organization should have been an antivirus solutio
 
 Historically, replacing any security solution used to be time intensive and difficult
 to achieve due to the tight hooks into the application layer and infrastructure
-dependencies. However, because Microsoft Defender ATP is built into the
+dependencies. However, because Defender for Endpoint is built into the
 operating system, replacing third-party solutions is now easy to achieve.
 
-Choose the component of Microsoft Defender ATP to be used and remove the ones
+Choose the component of Defender for Endpoint to be used and remove the ones
 that do not apply. The table below indicates the order Microsoft recommends for
 how the endpoint security suite should be enabled.
 
 | Component                               | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Adoption Order Rank |
 |-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
-| Endpoint Detection & Response (EDR)     | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. 
 [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response)                                                                                                                                                                                                                                             | 1                   |
+| Endpoint Detection & Response (EDR)     | Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. 
 [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response)                                                                                                                                                                                                                                             | 1                   |
 |Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: 
 - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities 
 - Invaluable device vulnerability context during incident investigations 
 -  Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager 
 [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 |
 | Next-generation protection (NGP)        | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes: 
 -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.   
 -  Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection"). 
 - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research. 
 [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10).                                                                                                                                                                                                                                                                                                                                                                       |3                   |
 | Attack Surface Reduction (ASR)          | Attack surface reduction capabilities in Microsoft Defender ATP help protect the devices and applications in the organization from new and emerging threats. 
 [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction)                                                                                                                                                                                                                                                                                                                                                                                       | 4                   |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
index 0609532537..8c1f70f474 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
@@ -16,15 +16,15 @@ audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
-# Turn on the preview experience in Microsoft Defender ATP
+# Turn on the preview experience in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
 
 Turn on the preview experience setting to be among the first to try upcoming features.
 
@@ -36,8 +36,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 
 ## Related topics
-- [Update general settings in Microsoft Defender ATP](data-retention-settings.md)
-- [Turn on advanced features in Microsoft Defender ATP](advanced-features.md)
-- [Configure email notifications in Microsoft Defender ATP](configure-email-notifications.md)
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Update general settings in Microsoft Defender for Endpoint](data-retention-settings.md)
+- [Turn on advanced features in Microsoft Defender for Endpoint](advanced-features.md)
+- [Configure email notifications in Microsoft Defender for Endpoint](configure-email-notifications.md)
+- [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index 5ed93079a0..f8bc3dccad 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -19,7 +19,7 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Microsoft Defender ATP preview features
+# Microsoft Defender for Endpoint preview features
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -27,19 +27,19 @@ ms.topic: conceptual
 >The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-The Microsoft Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
+The Defender for Endpoint service is constantly being updated to include new feature enhancements and capabilities.
 
 > [!TIP]
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink)
 
-Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+Learn about new features in the Defender for Endpoint preview release and be among the first to try upcoming features by turning on the preview experience.
 
 >[!TIP]
 >Get notified when this page is updated by copying and pasting the following URL into your feed reader: `https://docs.microsoft.com/api/search/rss?search=%22Microsoft+Defender+ATP+preview+features%22&locale=en-us`
 
-For more information on new capabilities that are generally available, see [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md).
+For more information on new capabilities that are generally available, see [What's new in Defender for Endpoint](whats-new-in-microsoft-defender-atp.md).
 
 ## Turn on preview features
 
@@ -54,22 +54,22 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 ## Preview features
 
 The following features are included in the preview release:
-- [Microsoft Defender ATP for iOS](microsoft-defender-atp-ios.md) 
 Microsoft Defender ATP now adds support for iOS. Learn how to install, configure, and use Microsoft Defender ATP for iOS.
+- [Microsoft Defender for Endpoint for iOS](microsoft-defender-atp-ios.md) 
 Microsoft Defender ATP now adds support for iOS. Learn how to install, configure, and use Microsoft Defender ATP for iOS.
 
-- [Microsoft Defender ATP for Android](microsoft-defender-atp-android.md) 
 Microsoft Defender ATP now adds support for Android. Learn how to install, configure, and use Microsoft Defender ATP for Android.
+- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md) 
 Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android.
 
-- [Web Content Filtering](web-content-filtering.md) 
 Web content filtering is part of web protection capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
+- [Web Content Filtering](web-content-filtering.md) 
 Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
 
 - [Device health and compliance report](machine-reports.md) 
 The device health and compliance report provides high-level information about the devices in your organization.
 
 - [Information protection](information-protection-in-windows-overview.md)

-Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
+Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender for Endpoint is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
 
     >[!NOTE]
     >Partially available from Windows 10, version 1809.
 
-- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) 
 Microsoft Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices.
+- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) 
 Microsoft Defender for Endpoint now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices.
 
 
 > [!TIP] 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-belowfoldlink)  
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-belowfoldlink)  
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
index a1c3772e14..516c64e1b5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -20,28 +20,28 @@ ms.collection:
 ms.topic: article 
 ---
 
-# Set up Microsoft Defender ATP deployment
+# Set up Microsoft Defender for Endpoint deployment
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Deploying Microsoft Defender ATP is a three-phase process:
+Deploying Defender for Endpoint is a three-phase process:
 
 

 
-
@@ -324,7 +331,7 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
 
@@ -333,40 +340,40 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
 
-
-
-
+
-
+
-
-
@@ -401,7 +408,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 
-
@@ -410,7 +417,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 
-
@@ -419,14 +426,14 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 
-
-
@@ -434,7 +441,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 
-
@@ -442,13 +449,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 
-
+
-
@@ -457,7 +464,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 
-
@@ -494,7 +501,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 
-
@@ -503,7 +510,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 
-
@@ -512,7 +519,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 
-
@@ -520,7 +527,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 
-
@@ -528,7 +535,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 
-
@@ -536,13 +543,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 
-
+
-
@@ -551,7 +558,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 
-
@@ -592,7 +599,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 
-
@@ -601,7 +608,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 
-
@@ -610,7 +617,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 
-
@@ -618,7 +625,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 
-
@@ -626,7 +633,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 
-
@@ -634,13 +641,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 
-
+
-
@@ -649,7 +656,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 
-
@@ -658,13 +665,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
 

   

     
        
-        Prepare to deploy Microsoft Defender ATP
+        Prepare to deploy Microsoft Defender for Endpoint
       
Phase 1: Prepare 

     		
      
       
-        Onboard to the Microsoft Defender ATP service
+        Onboard to the Microsoft Defender for Endpoint service
       
Phase 2: Set up 

     		
     
@@ -63,7 +63,7 @@ In this deployment scenario, you'll be guided through the steps on:
 
 
 >[!NOTE]
->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
+>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md).
 
 ## Check license state
 
@@ -94,11 +94,11 @@ To gain access into which licenses are provisioned to your company, and to check
 
 ## Tenant Configuration
 
-When accessing Microsoft Defender Security Center for the first time, a wizard that will guide you through some initial steps. At the end of the setup wizard, there will be a dedicated cloud instance of Microsoft Defender ATP created. The easiest method is to perform these steps from a Windows 10 client device.
+When accessing Microsoft Defender Security Center for the first time, a wizard that will guide you through some initial steps. At the end of the setup wizard, there will be a dedicated cloud instance of Defender for Endpoint created. The easiest method is to perform these steps from a Windows 10 client device.
 
 1. From a web browser, navigate to .
 
-    ![Image of Set up your permissions for Microsoft Defender ATP](images/atp-setup-permissions-wdatp-portal.png)
+    ![Image of Set up your permissions for Microsoft Defender for Endpoint](images/atp-setup-permissions-wdatp-portal.png)
 
 2. If going through a TRIAL license, go to the link ()
 
@@ -128,11 +128,11 @@ When accessing Microsoft Defender Security Center for the first time, a wizard t
 If the organization does not require the endpoints to use a Proxy to access the
 Internet, skip this section.
 
-The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to
-report sensor data and communicate with the Microsoft Defender ATP service. The
-embedded Microsoft Defender ATP sensor runs in the system context using the
+The Microsoft Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to
+report sensor data and communicate with the Microsoft Defender for Endpoint service. The
+embedded Microsoft Defender for Endpoint sensor runs in the system context using the
 LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP)
-to enable communication with the Microsoft Defender ATP cloud service. The
+to enable communication with the Microsoft Defender for Endpoint cloud service. The
 WinHTTP configuration setting is independent of the Windows Internet (WinINet)
 internet browsing proxy settings and can only discover a proxy server by using
 the following discovery methods:
@@ -145,7 +145,7 @@ the following discovery methods:
 
 If a Transparent proxy or WPAD has been implemented in the network topology,
 there is no need for special configuration settings. For more information on
-Microsoft Defender ATP URL exclusions in the proxy, see the
+Microsoft Defender for Endpoint URL exclusions in the proxy, see the
 Appendix section in this document for the URLs allow list or on
 [Microsoft
 Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
@@ -163,8 +163,8 @@ Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defe
 
 ### Configure the proxy server manually using a registry-based static proxy
 
-Configure a registry-based static proxy to allow only Microsoft Defender ATP
-sensor to report diagnostic data and communicate with Microsoft Defender ATP
+Configure a registry-based static proxy to allow only Microsoft Defender for Endpoint
+sensor to report diagnostic data and communicate with Microsoft Defender for Endpoint
 services if a computer is not permitted to connect to the Internet. The static
 proxy is configurable through Group Policy (GP). The group policy can be found
 under:
@@ -236,20 +236,20 @@ URLs that include v20 in them are only needed if you have Windows 10, version
 needed if the device is on Windows 10, version 1803 or later.
  
 
-If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the listed URLs.
+If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender for Endpoint sensor is connecting from system context, make sure anonymous traffic is permitted in the listed URLs.
 
 The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. Ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
 
 |**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
+|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
-###  Microsoft Defender ATP service backend IP range
+###  Microsoft Defender for Endpoint service backend IP range
 
 If you network devices don't support the URLs listed in the prior section, you can use the following information.
 
-Microsoft Defender ATP is built on Azure cloud, deployed in the following regions:
+Defender for Endpoint is built on Azure cloud, deployed in the following regions:
 
 - \+\
 - \+\
@@ -267,4 +267,4 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https:
 ## Next step
 |||
 |:-------|:-----|
-|![Phase 3: Onboard](images/onboard.png) 
[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so that the Microsoft Defender ATP service can get sensor data from them.
+|![Phase 3: Onboard](images/onboard.png) 
[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so that the Microsoft Defender for Endpoint service can get sensor data from them.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index 5ded65750b..d656f995c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -17,24 +17,24 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Pull Microsoft Defender ATP detections using SIEM REST API
+# Pull Microsoft Defender for Endpoint detections using SIEM REST API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) 
 
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
->-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
+>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
+>- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
+>-The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
-Microsoft Defender ATP supports the OAuth 2.0 protocol to pull detections from the API.
+Microsoft Defender for Endpoint supports the OAuth 2.0 protocol to pull detections from the API.
 
 In general, the OAuth 2.0 protocol supports four types of flows:
 - Authorization grant flow
@@ -44,19 +44,19 @@ In general, the OAuth 2.0 protocol supports four types of flows:
 
 For more information about the OAuth specifications, see the [OAuth Website](http://www.oauth.net).
 
-Microsoft Defender ATP supports the _Authorization grant flow_ and _Client credential flow_ to obtain access to pull detections, with Azure Active Directory (AAD) as the authorization server.
+Microsoft Defender for Endpoint supports the _Authorization grant flow_ and _Client credential flow_ to obtain access to pull detections, with Azure Active Directory (AAD) as the authorization server.
 
 The _Authorization grant flow_ uses user credentials to get an authorization code, which is then used to obtain an access token.
 
-The _Client credential flow_ uses client credentials to authenticate against the Microsoft Defender ATP endpoint URL. This flow is suitable for scenarios when an OAuth client creates requests to an API that doesn't require user credentials.
+The _Client credential flow_ uses client credentials to authenticate against the Microsoft Defender for Endpoint endpoint URL. This flow is suitable for scenarios when an OAuth client creates requests to an API that doesn't require user credentials.
 
-Use the following method in the Microsoft Defender ATP API to pull detections in JSON format.
+Use the following method in the Microsoft Defender for Endpoint API to pull detections in JSON format.
 
 >[!NOTE]
 >Microsoft Defender Security Center merges similar alert detections into a single alert. This API pulls alert detections in its raw form based on the query parameters you set, enabling you to apply your own grouping and filtering. 
 
 ## Before you begin
-- Before calling the Microsoft Defender ATP endpoint to pull detections, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
+- Before calling the Microsoft Defender for Endpoint endpoint to pull detections, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md).
 
 - Take note of the following values in your Azure application registration. You need these values to configure the OAuth flow in your service or daemon app:
   - Application ID (unique to your application)
@@ -67,7 +67,7 @@ Use the following method in the Microsoft Defender ATP API to pull detections in
 ## Get an access token
 Before creating calls to the endpoint, you'll need to get an access token.
 
-You'll use the access token to access the protected resource, which are detections in Microsoft Defender ATP.
+You'll use the access token to access the protected resource, which are detections in Microsoft Defender for Endpoint.
 
 To get an access token, you'll need to do a POST request to the token issuing endpoint. Here is a sample request:
 
@@ -92,10 +92,10 @@ The response will include an access token and expiry information.
   "access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..."
 }
 ```
-You can now use the value in the *access_token* field in a request to the Microsoft Defender ATP API.
+You can now use the value in the *access_token* field in a request to the Defender for Endpoint API.
 
 ## Request
-With an access token, your app can make authenticated requests to the Microsoft Defender ATP API. Your app must append the access token to the Authorization header of each request.
+With an access token, your app can make authenticated requests to the Microsoft Defender for Endpoint API. Your app must append the access token to the Authorization header of each request.
 
 ### Request syntax
 Method | Request URI
@@ -200,7 +200,7 @@ Here is an example return value:
 
 ## Code examples
 ### Get access token
-The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender ATP SIEM API.
+The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender for Endpoint SIEM API.
 
 ```csharp
 AuthenticationContext context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));
@@ -250,7 +250,7 @@ echo ${tokenArr[1]} | cut -d "\"" -f2 | cut -d "\"" -f1 >> $scriptDir/LatestSIEM
 ```
 
 ### Use token to connect to the detections endpoint
-The following code examples demonstrate how to use an access token for calling the Microsoft Defender ATP SIEM API to get alerts.
+The following code examples demonstrate how to use an access token for calling the Defender for Endpoint SIEM API to get alerts.
 
 ```csharp
 HttpClient httpClient = new HttpClient();
@@ -318,7 +318,7 @@ echo $apiResponse
 ```
 
 ## Error codes
-The Microsoft Defender ATP REST API returns the following error codes caused by an invalid request.
+The Microsoft Defender for Endpoint REST API returns the following error codes caused by an invalid request.
 
 HTTP error code | Description
 :---|:---
@@ -327,8 +327,8 @@ HTTP error code | Description
 500 | Error in the service.
 
 ## Related topics
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
-- [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
+- [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md)
+- [Configure ArcSight to pull Microsoft Defender for Endpoint detections](configure-arcsight.md)
+- [Configure Splunk to pull Microsoft Defender for Endpoint detections](configure-splunk.md)
+- [Microsoft Defender for Endpoint Detection fields](api-portal-mapping.md)
 - [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
index 3dd71c46a6..9e61246a70 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure Microsoft Defender ATP to stream Advanced Hunting events to your Azure Event Hubs
+# Configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Azure Event Hubs
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
 ## Before you begin:
 
@@ -65,7 +65,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
 
 - Each event hub message in Azure Event Hubs contains list of records.
 - Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
-- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
+- For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md).
 - In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](machine-groups.md) for more information.
 
 ## Data types mapping:
@@ -88,6 +88,6 @@ To get the data types for event properties do the following:
 
 ## Related topics
 - [Overview of Advanced Hunting](advanced-hunting-overview.md)
-- [Microsoft Defender ATP streaming API](raw-data-export.md)
-- [Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)
+- [Microsoft Defender for Endpoint streaming API](raw-data-export.md)
+- [Stream Microsoft Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)
 - [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
index ae061aa91b..804a1ff98e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure Microsoft Defender ATP to stream Advanced Hunting events to your Storage account
+# Configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Storage account
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
 ## Before you begin:
 
@@ -36,7 +36,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
 
 ## Enable raw data streaming:
 
-1. Log in to [Microsoft Defender ATP portal](https://securitycenter.windows.com) with Global Admin user.
+1. Log in to [Microsoft Defender for Endpoint portal](https://securitycenter.windows.com) with Global Admin user.
 2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center.
 3. Click on **Add data export settings**.
 4. Choose a name for your new settings.
@@ -65,8 +65,8 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
 ```
 
 - Each blob contains multiple rows.
-- Each row contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
-- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
+- Each row contains the event name, the time Defender for Endpoint received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
+- For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md).
 - In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](machine-groups.md) for more information.
 
 ## Data types mapping:
@@ -89,6 +89,6 @@ In order to get the data types for our events properties do the following:
 
 ## Related topics
 - [Overview of Advanced Hunting](advanced-hunting-overview.md)
-- [Microsoft Defender Advanced Threat Protection Streaming API](raw-data-export.md)
-- [Stream Microsoft Defender Advanced Threat Protection events to your Azure storage account](raw-data-export-storage.md)
+- [Microsoft Defender for Endpoint Streaming API](raw-data-export.md)
+- [Stream Microsoft Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)
 - [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
index e5a93c9ecf..d619e6803f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
@@ -24,13 +24,13 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
 ## Stream Advanced Hunting events to Event Hubs and/or Azure storage account.
 
-Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](advanced-hunting-overview.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/).
+Defender for Endpoint supports streaming all the events available through [Advanced Hunting](advanced-hunting-overview.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/).
 
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4ga]
 
@@ -39,8 +39,8 @@ Microsoft Defender ATP supports streaming all the events available through [Adva
 
 Topic | Description
 :---|:---
-[Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to Event Hubs.
-[Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to your Azure storage account.
+[Stream Microsoft Defender for Endpoint events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream [Advanced Hunting](advanced-hunting-overview.md) to Event Hubs.
+[Stream Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream [Advanced Hunting](advanced-hunting-overview.md) to your Azure storage account.
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/rbac.md b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
index d0659c30a2..754b84fd55 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/rbac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
@@ -24,9 +24,9 @@ ms.topic: article
 **Applies to:**
 - Azure Active Directory
 - Office 365
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-rbac-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-rbac-abovefoldlink)
 
 
 Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the  portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do. 
@@ -41,10 +41,10 @@ Tier 1 | **Local security operations team / IT team** 
 This team usually tri
 Tier 2 | **Regional security operations team** 
 This team can see all the devices for their region and perform remediation actions.
 Tier 3 | **Global security operations team** 
 This team consists of security experts and are authorized to see and perform all actions from the portal.
 
-Microsoft Defender ATP RBAC is designed to support your tier- or role-based model of choice and gives you granular control over what roles can see, devices they can access, and actions they can take. The RBAC framework is centered around the following controls:
+Defender for Endpoint RBAC is designed to support your tier- or role-based model of choice and gives you granular control over what roles can see, devices they can access, and actions they can take. The RBAC framework is centered around the following controls:
 
 - **Control who can take specific action**
-  - Create custom roles and control what Microsoft Defender ATP capabilities they can access with granularity.
+  - Create custom roles and control what Defender for Endpoint capabilities they can access with granularity.
  
 - **Control who can see information on specific device group or groups**
   - [Create device groups](machine-groups.md) by specific criteria such as names, tags, domains, and others, then grant role access to them using a specific  Azure Active Directory (Azure AD) user group.
@@ -61,18 +61,18 @@ Before using RBAC, it's important that you understand the roles that can grant p
 
 When you first log in to Microsoft Defender Security Center, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD. 
 
-Someone with a Microsoft Defender ATP Global administrator role has unrestricted access to all devices, regardless of their device group association and the Azure AD user groups assignments
+Someone with a Defender for Endpoint Global administrator role has unrestricted access to all devices, regardless of their device group association and the Azure AD user groups assignments
 
 > [!WARNING]
 > Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in Microsoft Defender Security Center, therefore, having the right groups ready in Azure AD is important.
 >
 > **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.** 
 >
->Users with admin permissions are automatically assigned the default built-in Microsoft Defender ATP global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Microsoft Defender ATP global administrator role. 
+>Users with admin permissions are automatically assigned the default built-in Defender for Endpoint global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Defender for Endpoint global administrator role. 
 >
 > After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal. 
 
 
 
 ## Related topic
-- [Create and manage device groups in Microsoft Defender ATP](machine-groups.md)
+- [Create and manage device groups in Microsoft Defender for Endpoint](machine-groups.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
index 4e9bf9b693..4d71206462 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index b22362ce0a..336099ffa7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -24,11 +24,11 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
  
 [!include[Prerelease information](../../includes/prerelease.md)]
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-responddile-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-responddile-abovefoldlink)
 
 Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details in the Action center.
 
@@ -131,7 +131,7 @@ You can roll back and remove a file from quarantine if you’ve determined that
 > [!NOTE]
 > In some scenarios, the **ThreatName** may appear as: EUS:Win32/CustomEnterpriseBlock!cl.
 > 
-> Microsoft Defender ATP will restore all custom blocked files that were quarantined on this device in the last 30 days.
+> Defender for Endpoint will restore all custom blocked files that were quarantined on this device in the last 30 days.
 
 ## Add indicator to block or allow a file
 
@@ -177,7 +177,7 @@ When you select this action, a fly-out will appear. From the fly-out, you can re
 
 ![Image of download file fly-out](images/atp-download-file-reason.png)
 
-If a file is not already stored by Microsoft Defender ATP, you cannot download it. Instead, you will see a **Collect file** button in the same location. If a file has not been seen in the organization in the past 30 days, **Collect file** will be disabled.
+If a file is not already stored by Defender for Endpoint, you cannot download it. Instead, you will see a **Collect file** button in the same location. If a file has not been seen in the organization in the past 30 days, **Collect file** will be disabled.
 
 ## Consult a threat expert
 
@@ -216,7 +216,7 @@ Use the deep analysis feature to investigate the details of any file, usually du
 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4aAYy?rel=0] 
 
-**Submit for deep analysis** is enabled when the file is available in the Microsoft Defender ATP backend sample collection, or if it was observed on a Windows 10 device that supports submitting to deep analysis.
+**Submit for deep analysis** is enabled when the file is available in the Defender for Endpoint backend sample collection, or if it was observed on a Windows 10 device that supports submitting to deep analysis.
 
 > [!NOTE]
 > Only files from Windows 10 can be automatically collected.
@@ -224,9 +224,9 @@ Use the deep analysis feature to investigate the details of any file, usually du
 You can also manually submit a sample through the [Microsoft Security Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 device, and wait for **Submit for deep analysis** button to become available.
 
 > [!NOTE]
-> Due to backend processing flows in the Microsoft Security Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Microsoft Defender ATP.
+> Due to backend processing flows in the Microsoft Security Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Defender for Endpoint.
 
-When the sample is collected, Microsoft Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on devices, communication to IPs, and registry modifications.
+When the sample is collected, Defender for Endpoint runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on devices, communication to IPs, and registry modifications.
 
 **Submit files for deep analysis:**
 
@@ -249,7 +249,7 @@ A progress bar is displayed and provides information on the different stages of
 
 **View deep analysis reports**
 
-View the deep analysis report that Microsoft Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
+View the deep analysis report that Defender for Endpoint provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
 
 You can view the comprehensive report that provides details on the following sections:
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
index 89647f9832..4bb5a90936 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
@@ -23,9 +23,9 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) 
 
 Quickly respond to detected attacks by isolating devices or collecting an investigation package. After taking action on devices, you can check activity details on the Action center.
 
@@ -128,7 +128,7 @@ One you have selected **Run antivirus scan**, select the scan type that you'd li
 The Action center will show the scan information and the device timeline will include a new event, reflecting that a scan action was submitted on the device. Microsoft Defender AV alerts will reflect any detections that surfaced during the scan.
 
 >[!NOTE]
->When triggering a scan using Microsoft Defender ATP response action, Microsoft Defender antivirus 'ScanAvgCPULoadFactor' value still applies and limits the CPU impact of the scan.
 
+>When triggering a scan using Defender for Endpoint response action, Microsoft Defender antivirus 'ScanAvgCPULoadFactor' value still applies and limits the CPU impact of the scan.
 
 >If ScanAvgCPULoadFactor is not configured, the default value is a limit of 50% maximum CPU load during a scan.

 >For more information, see [configure-advanced-scan-types-microsoft-defender-antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus).
 
@@ -163,7 +163,7 @@ Depending on the severity of the attack and the sensitivity of the device, you m
 >- Full isolation is available for devices on Windows 10, version 1703.
 >- Selective isolation is available for devices on Windows 10, version 1709 or later.
 
-This device isolation feature disconnects the compromised device from the network while retaining connectivity to the Microsoft Defender ATP service, which continues to monitor the device.
+This device isolation feature disconnects the compromised device from the network while retaining connectivity to the Defender for Endpoint service, which continues to monitor the device.
 
 On Windows 10, version 1709 or later, you'll have additional control over the network isolation level. You can also choose to enable Outlook, Microsoft Teams, and Skype for Business connectivity (a.k.a 'Selective Isolation').
 
@@ -175,7 +175,7 @@ Once you have selected **Isolate device** on the device page, type a comment and
 ![Image of isolate device](images/isolate-device.png)
 
 >[!NOTE]
->The device will remain connected to the Microsoft Defender ATP service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the device is isolated.
+>The device will remain connected to the Defender for Endpoint service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the device is isolated.
 
 **Notification on device user**:

 When a device is being isolated, the following notification is displayed to inform the user that the device is being isolated from the network:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
index 7b9e53a6e8..414c106934 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
@@ -37,7 +37,7 @@ Restrict execution of all applications on the device except a predefined set.
 [!include[Device actions note](../../includes/machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
index 821c82fed3..28ce3b1696 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
@@ -18,18 +18,18 @@ ms.topic: conceptual
 ms.date: 5/1/2020
 ---
 
-# Review alerts in Microsoft Defender Advanced Threat Protection
+# Review alerts in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
 
-The alert page in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story.
+The alert page in Microsoft Defender for Endpoint provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story.
 
 Quickly triage, investigate, and take effective action on alerts that affect your organization. Understand why they were triggered, and their impact from one location. Learn more in this overview.
 
@@ -37,7 +37,7 @@ Quickly triage, investigate, and take effective action on alerts that affect you
 
 ## Getting started with an alert
 
-Clicking on an alert's name in Microsoft Defender ATP will land you on its alert page. On the alert page, all the information will be shown in context of the selected alert. Each alert page consists of 4 sections:
+Clicking on an alert's name in Defender for Endpoint will land you on its alert page. On the alert page, all the information will be shown in context of the selected alert. Each alert page consists of 4 sections:
 
 1. **The alert title** shows the alert's name and is there to remind you which alert started your current investigation regardless of what you have selected on the page.
 2. [**Affected assets**](#review-affected-assets) lists cards of devices and users affected by this alert that are clickable for further information and actions.
@@ -46,7 +46,7 @@ Clicking on an alert's name in Microsoft Defender ATP will land you on its alert
 
 ![An alert page when you first land on it](images/alert-landing-view.png)
 
-Note the detection status for your alert. Blocked, prevented, or remediated means actions were already taken by Microsoft Defender ATP.
+Note the detection status for your alert. Blocked, prevented, or remediated means actions were already taken by Defender for Endpoint.
 Start by reviewing the *automated investigation details* in your alert's [details pane](#take-action-from-the-details-pane), to see which actions were already taken, as well as reading the alert's description for recommended actions.
 
 ![A snippet of the details pane with the alert description and automatic investigation sections highlighted](images/alert-air-and-alert-description.png)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 91772a215f..ce6887fc58 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 ## Limitations
 1. You can only run a query on data from the last 30 days.
@@ -36,7 +36,7 @@ ms.topic: article
 5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -137,6 +137,6 @@ Here is an example of the response.
 ```
 
 ## Related topic
-- [Microsoft Defender ATP APIs introduction](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs introduction](apis-intro.md)
 - [Advanced Hunting from Portal](advanced-hunting-query-language.md)
 - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
index dfb227ec23..cc1e69bc35 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
@@ -22,7 +22,7 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md).
@@ -65,7 +65,7 @@ $aadToken = $response.access_token
 
 where
 - $tenantId: ID of the tenant on behalf of which you want to run the query (that is, the query will be run on the data of this tenant)
-- $appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
+- $appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Defender for Endpoint)
 - $appSecret: Secret of your Azure AD app
 
 ## Run query
@@ -117,6 +117,6 @@ $results | ConvertTo-Json | Set-Content file1.json
 
 
 ## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using Python](run-advanced-query-sample-python.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
index 55f4d1ec1b..c7d5c9e145 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
@@ -24,7 +24,7 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md).
 
@@ -68,7 +68,7 @@ aadToken = jsonResponse["access_token"]
 
 where
 - tenantId: ID of the tenant on behalf of which you want to run the query (that is, the query will be run on the data of this tenant)
-- appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
+- appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender for Endpoint)
 - appSecret: Secret of your Azure AD app
 
 ## Run query
@@ -147,6 +147,6 @@ outputFile.close()
 
 
 ## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
index ac66c55986..9525f7a282 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
@@ -37,7 +37,7 @@ Initiate Microsoft Defender Antivirus scan on a device.
 [!include[Device actions note](../../includes/machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
index 21efcfa495..0ade180410 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
@@ -19,7 +19,7 @@ ms.collection:
 ms.topic: article
 ---
 
-# Run a detection test on a newly onboarded Microsoft Defender ATP device 
+# Run a detection test on a newly onboarded Microsoft Defender for Endpoint device 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -30,10 +30,10 @@ ms.topic: article
 - Windows Server 2016
 - Windows Server, version 1803
 - Windows Server, 2019
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Run the following PowerShell script on a newly onboarded device to verify that it is properly reporting to the Microsoft Defender ATP service.
+Run the following PowerShell script on a newly onboarded device to verify that it is properly reporting to the Defender for Endpoint service.
 
 1. Create a folder:  'C:\test-MDATP-test'.
 2. Open an elevated command-line prompt on the device and run the script:
@@ -55,4 +55,4 @@ The Command Prompt window will close automatically. If successful, the detection
 ## Related topics
 - [Onboard Windows 10 devices](configure-endpoints.md)
 - [Onboard servers](configure-server-endpoints.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)

From 4d5eac991e3f43d22066314a81ade73bd5298df8 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Wed, 11 Nov 2020 08:23:30 -0800
Subject: [PATCH 294/384] pencil edit

---
 .../microsoft-defender-atp/manage-indicators.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index a2904c5d62..e13c8bff5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -27,7 +27,7 @@ ms.topic: article
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
 
 Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response).
 

From 012c07945ec3b3166316b750bc4c948b4009f526 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Wed, 11 Nov 2020 08:26:28 -0800
Subject: [PATCH 295/384] pencil edits

---
 .../microsoft-defender-advanced-threat-protection.md        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index ff9263b229..0969e12f2d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ ms.topic: conceptual
 Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 

 
->[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4wDob]
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4wDob]
 
 Defender for Endpoint uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
@@ -69,7 +69,7 @@ Defender for Endpoint uses the following combination of technology built into Wi
 
 

 
->[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4vnC4?rel=0] 
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4vnC4?rel=0] 
 
 > [!TIP]
 > - Learn about the latest enhancements in Defender for Endpoint: [What's new in Microsoft Defender for Endpoint](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
@@ -136,4 +136,4 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
 
 
 ## Related topic
-[Microsoft Defender for Endpoint helps detect sophisticated threats](https://www.microsoft.com/en-us/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection)
+[Microsoft Defender for Endpoint helps detect sophisticated threats](https://www.microsoft.com/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection)

From cfbcd4467189163ba235c9f9c3f74c9722cad491 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Wed, 11 Nov 2020 22:48:47 +0530
Subject: [PATCH 296/384] Update tvm-dashboard-insights.md

fixed warnings
---
 .../microsoft-defender-atp/tvm-dashboard-insights.md   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index 004ad94602..85b1ba0c5b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -24,12 +24,12 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
-Threat and vulnerability management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
+Threat and vulnerability management is a component of Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including:
 
 - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
 - Invaluable device vulnerability context during incident investigations
@@ -51,7 +51,7 @@ Watch this video for a quick overview of what is in the threat and vulnerability
 
 ## Threat and vulnerability management dashboard
 
- ![Microsoft Defender Advanced Threat Protection portal](images/tvm-dashboard-devices.png)
+ ![Microsoft Defender for Endpoint portal](images/tvm-dashboard-devices.png)
 
 Area | Description
 :---|:---
@@ -64,7 +64,7 @@ Area | Description
 **Top remediation activities** | Track the remediation activities generated from the security recommendations. You can select each item on the list to see the details in the **Remediation** page or select **Show more** to view the rest of the remediation activities, and active exceptions.
 **Top exposed devices** | View exposed device names and their exposure level. Select a device name from the list to go to the device page where you can view the alerts, risks, incidents, security recommendations, installed software, and discovered vulnerabilities associated with the exposed devices. Select **Show more** to see the rest of the exposed devices list. From the devices list, you can manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate device.
 
-For more information on the icons used throughout the portal, see [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-icons).
+For more information on the icons used throughout the portal, see [Microsoft Defender for Endpoint icons](portal-overview.md#microsoft-defender-for-endpoint-icons).
 
 ## Related topics
 

From d291e049b1454d0121e74058450a1f368638b1fd Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Wed, 11 Nov 2020 19:13:24 +0100
Subject: [PATCH 297/384] Update
 windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/enable-exploit-protection.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index 373ad6ff74..d32e84b405 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -238,7 +238,7 @@ Validate stack integrity (StackPivot) | App-level only |   EnableRopStackPivot
 ```PowerShell
 Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll
 ```
-\[2\]: Audit for this mitigation is not available via Powershell CmdLet.
+\[2\]: Audit for this mitigation is not available via Powershell cmdlets.
 ## Customize the notification
 
 See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.

From 0f26cd1d82e151cf3d32178ff43837b535bbf219 Mon Sep 17 00:00:00 2001
From: jaimeo 
Date: Wed, 11 Nov 2020 11:26:06 -0700
Subject: [PATCH 298/384] corrected endpoint list to latest, linked to
 authoritative source, fixed some Acrolinx and other language issues

---
 .../update/prepare-deploy-windows.md          | 23 ++++-
 .../update/windows-update-troubleshooting.md  | 86 +++++++++----------
 2 files changed, 63 insertions(+), 46 deletions(-)

diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index 53b1f289ec..19c0a83aa5 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -41,13 +41,13 @@ Your infrastructure probably includes many different components and tools. You
 
 You should also look at your organization’s environment’s configuration and outline how you’ll implement any necessary changes previously identified in the plan phase to support the update. Consider what you’ll need to do for the various settings and policies that currently underpin the environment. For example:
 
-- Implement new draft security guidance. New versions of Windows can include new features that improve your environment’s security. Your security teams will want to make appropriate changes to security related configurations.
+- Implement new draft security guidance. New versions of Windows can include new features that improve your environment’s security. Your security teams will want to make appropriate changes to security-related configurations.
 
 - Update security baselines. Security teams understand the relevant security baselines and will have to work to make sure all baselines fit into whatever guidance they have to adhere to.
 
 However, your configuration will consist of many different settings and policies. It’s important to only apply changes where they are necessary, and where you gain a clear improvement. Otherwise, your environment might face issues that will slow down the update process. You want to ensure your environment isn’t affected adversely because of changes you make. For example:
 
-1.	Review new security settings. Your security team will review the new security settings, to understand how they can best be set to facilitate the update, and to also investigate the potential effects they might have on your environment.
+1.	Review new security settings. Your security team will review the new security settings to understand how they can best be set to facilitate the update, and to also investigate the potential effects they might have on your environment.
 
 2.	Review security baselines for changes. Security teams will also review all the necessary security baselines, to ensure the changes can be implemented, and ensure your environment remains compliant.
 
@@ -98,7 +98,24 @@ You can check these services manually by using Services.msc, or by using PowerSh
 
 ### Network configuration
 
-Ensure that devices can reach necessary Windows Update endpoints through the firewall. 
+Ensure that devices can reach necessary Windows Update endpoints through the firewall. For example, for Windows 10, version 2004, the following protocols must be able to reach these respective endpoints:
+
+
+|Protocol  |Endpoint URL  |
+|---------|---------|
+|TLS 1.2         |  `*.prod.do.dsp.mp.microsoft.com`      |
+|HTTP     | `emdl.ws.microsoft.com`        |
+|HTTP     | `*.dl.delivery.mp.microsoft.com`        |
+|HTTP     |  `*.windowsupdate.com`       |
+|HTTPS     |  `*.delivery.mp.microsoft.com`       |
+|TLS 1.2     | `*.update.microsoft.com`        |
+|TLS 1.2     |  `tsfe.trafficshaping.dsp.mp.microsoft.com`       |
+
+> [!NOTE]
+> Be sure not to use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail.
+
+The specific endpoints can vary between Windows 10 versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](https://docs.microsoft.com/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows 10 versions are available in the table of contents nearby.
+
 
 ### Optimize download bandwidth
 Set up [Delivery Optimization](waas-delivery-optimization.md) for peer network sharing or Microsoft Connected Cache.
diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md
index bce6aa30cb..32a55ed102 100644
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ b/windows/deployment/update/windows-update-troubleshooting.md
@@ -21,7 +21,7 @@ If you run into problems when using Windows Update, start with the following ste
  
 1. Run the built-in Windows Update troubleshooter to fix common issues. Navigate to **Settings > Update & Security > Troubleshoot > Windows Update**. 
 
-2. Install the most recent Servicing Stack Update (SSU) that matches your version of Windows from the Microsoft Update Catalog. See [Servicing stack updates](servicing-stack-updates.md) for more details on SSU. 
+2. Install the most recent Servicing Stack Update (SSU) that matches your version of Windows from the Microsoft Update Catalog. See [Servicing stack updates](servicing-stack-updates.md) for more details on servicing stack updates. 
 
 3. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system: 
 
@@ -41,8 +41,8 @@ Advanced users can also refer to the [log](windows-update-logs.md) generated by
  
 You might encounter the following scenarios when using Windows Update. 
 
-## Why am I offered an older update/upgrade?
-The update that is offered to a device depends on several factors. Some of the most common attributes include the following:  
+## Why am I offered an older update?
+The update that is offered to a device depends on several factors. The following are some of the most common attributes:  
 
 - OS Build 
 - OS Branch 
@@ -50,20 +50,20 @@ The update that is offered to a device depends on several factors. Some of the m
 - OS Architecture 
 - Device update management configuration 
 
-If the update you're offered isn't the most current available, it might be because your device is being managed by a WSUS server, and you're being offered the updates available on that server. It's also possible, if your device is part of a Windows as a Service deployment ring, that your admin is intentionally slowing the rollout of updates. Since the WaaS rollout is slow and measured to begin with, all devices will not receive the update on the same day.  
+If the update you're offered isn't the most current available, it might be because your device is being managed by a WSUS server, and you're being offered the updates available on that server. It's also possible, if your device is part of a deployment group, that your admin is intentionally slowing the rollout of updates. Since the deployment is slow and measured to begin with, all devices will not receive the update on the same day.  
  
 ## My device is frozen at scan. Why? 
-The Settings UI is talking to the Update Orchestrator service which in turn is talking to Windows Update service. If these services stop unexpectedly then you might see this behavior. In such cases, do the following:  
+The Settings UI communicates with the Update Orchestrator service which in turn communicates with to Windows Update service. If these services stop unexpectedly, then you might see this behavior. In such cases, follow these steps:  
 
 1. Close the Settings app and reopen it.  
 
-2. Launch Services.msc and check if the following services are running:  
+2. Start Services.msc and check if the following services are running:  
 
    - Update State Orchestrator 
    - Windows Update 
 
 ## Feature updates are not being offered while other updates are
-Devices running Windows 10, version 1709 through Windows 10, version 1803 that are [configured to update from Windows Update](#BKMK_DCAT) (including Windows Update for Business scenarios) are able to install servicing and definition updates but are never offered feature updates.
+Devices running Windows 10, version 1709 through Windows 10, version 1803 that are [configured to update from Windows Update](#BKMK_DCAT) (including Windows Update for Business) are able to install servicing and definition updates but are never offered feature updates.
 
 Checking the WindowsUpdate.log reveals the following error:
 ```console
@@ -95,12 +95,12 @@ The 0x80070426 error code translates to:
 ERROR_SERVICE_NOT_ACTIVE - # The service has not been started.
 ```
 
-Microsoft Account Sign In Assistant (MSA or wlidsvc) is the service in question. The DCAT Flighting service (ServiceId: 855E8A7C-ECB4-4CA3-B045-1DFA50104289) relies on the Microsoft Account Sign In Assistant (MSA) to get the Global Device ID for the device. Without the MSA service running, the global device ID will not be generated and sent by the client and the search for feature updates never completes successfully.
+Microsoft Account Sign In Assistant (MSA or wlidsvc) is the service in question. The DCAT Flighting service (ServiceId: 855E8A7C-ECB4-4CA3-B045-1DFA50104289) relies on MSA to get the global device ID for the device. Without the MSA service running, the global device ID won't be generated and sent by the client and the search for feature updates never completes successfully.
 
-In order to solve this issue, we need to reset the MSA service to the default StartType of manual.
+To resolve this issue, reset the MSA service to the default StartType of "manual."
 
 ## Issues related to HTTP/Proxy 
-Windows Update uses WinHttp with Partial Range requests (RFC 7233) to download updates and applications from Windows Update servers or on-premises WSUS servers. Because of this proxy servers configured on the network must support HTTP RANGE requests. If a proxy was configured in Internet Explorer (User level) but not in WinHTTP (System level), connections to Windows Update will fail. 
+Windows Update uses WinHttp with Partial Range requests (RFC 7233) to download updates and applications from Windows Update servers or on-premises WSUS servers. Therefore proxy servers on the network must support HTTP RANGE requests. If a proxy was configured in Internet Explorer (User level) but not in WinHTTP (System level), connections to Windows Update will fail. 
  
 To fix this issue, configure a proxy in WinHTTP by using the following netsh command: 
 
@@ -113,14 +113,13 @@ netsh winhttp set proxy ProxyServerName:PortNumber
  
 If downloads through a proxy server fail with a 0x80d05001 DO_E_HTTP_BLOCKSIZE_MISMATCH error, or if you notice high CPU usage while updates are downloading, check the proxy configuration to permit HTTP RANGE requests to run.  
  
-You may choose to apply a rule to permit HTTP RANGE requests for the following URLs: 
+You might choose to apply a rule to permit HTTP RANGE requests for the following URLs: 
 
-*.download.windowsupdate.com  
-*.dl.delivery.mp.microsoft.com
-*.delivery.mp.microsoft.com
-*.emdl.ws.microsoft.com
+`*.download.windowsupdate.com`  
+`*.dl.delivery.mp.microsoft.com`
+`*.delivery.mp.microsoft.com`
 
-If you cannot permit RANGE requests, keep in mind that this means you are downloading more content than needed in updates (as delta patching will not work).
+If you can't allow RANGE requests, you'll be downloading more content than needed in updates (as delta patching will not work).
  
  
 ## The update is not applicable to your computer 
@@ -128,13 +127,13 @@ The most common reasons for this error are described in the following table:
 
 |Cause|Explanation|Resolution|
 |-----|-----------|----------| 
-|Update is superseded|As updates for a component are released, the updated component will supersede an older component that is already on the system. When this occurs, the previous update is marked as superseded. If the update that you're trying to install already has a newer version of the payload on your system, you may encounter this error message.|Check that the package that you are installing contains newer versions of the binaries. Or, check that the package is superseded by another new package. |
+|Update is superseded|As updates for a component are released, the updated component will supersede an older component that is already on the system. When this occurs, the previous update is marked as superseded. If the update that you're trying to install already has a newer version of the payload on your system, you might receive this error message.|Check that the package that you are installing contains newer versions of the binaries. Or, check that the package is superseded by another new package. |
 |Update is already installed|If the update that you're trying to install was previously installed, for example, by another update that carried the same payload, you may encounter this error message.|Verify that the package that you are trying to install was not previously installed.| 
 |Wrong update for architecture|Updates are published by CPU architecture. If the update that you're trying to install does not match the architecture for your CPU, you may encounter this error message. |Verify that the package that you're trying to install matches the Windows version that you are using. The Windows version information can be found in the "Applies To" section of the article for each update. For example, Windows Server 2012-only updates cannot be installed on Windows Server 2012 R2-based computers. 
Also, verify that the package that you are installing matches the processor architecture of the Windows version that you are using. For example, an x86-based update cannot be installed on x64-based installations of Windows. |
-|Missing prerequisite update|Some updates require a prerequisite update before they can be applied to a system. If you are missing a prerequisite update, you may encounter this error message. For example, KB 2919355 must be installed on Windows 8.1 and Windows Server 2012 R2 computers before many of the updates that were released after April 2014 can be installed.|Check the related articles about the package in the Microsoft Knowledge Base (KB) to make sure that you have the prerequisite updates installed. For example, if you encounter the error message on Windows 8.1 or Windows Server 2012 R2, you may have to install the April 2014 update 2919355 as a prerequisite and one or more pre-requisite servicing updates (KB 2919442 and KB 3173424). 
Note: To determine if these prerequisite updates are installed, run the following PowerShell command: 
get-hotfix KB3173424,KB2919355,KB2919442 
If the updates are installed, the command will return the installed date in the "InstalledOn" section of the output. 
+|Missing prerequisite update|Some updates require a prerequisite update before they can be applied to a system. If you are missing a prerequisite update, you may encounter this error message. For example, KB 2919355 must be installed on Windows 8.1 and Windows Server 2012 R2 computers before many of the updates that were released after April 2014 can be installed.|Check the related articles about the package in the Microsoft Knowledge Base (KB) to make sure that you have the prerequisite updates installed. For example, if you encounter the error message on Windows 8.1 or Windows Server 2012 R2, you may have to install the April 2014 update 2919355 as a prerequisite and one or more pre-requisite servicing updates (KB 2919442 and KB 3173424). 
To determine if these prerequisite updates are installed, run the following PowerShell command: 
`get-hotfix KB3173424,KB2919355, KB2919442`. 
If the updates are installed, the command will return the installed date in the `InstalledOn` section of the output. 
 
 ## Issues related to firewall configuration 
-Error that may be seen in the WU logs:  
+Error that you might see in Windows Update logs:  
 ```console
 DownloadManager    Error 0x800706d9 occurred while downloading update; notifying dependent calls. 
 ```
@@ -150,33 +149,34 @@ DownloadManager [0]12F4.1FE8::09/29/2017-13:45:08.530 [agent]DO job {C6E2F6DC-5B
 Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft. For more information, see [I need to disable Windows Firewall](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766337(v=ws.10)).
  
 ## Issues arising from configuration of conflicting policies 
-Windows Update provides a wide range configuration policies to control the behavior of WU service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting polices may lead to unexpected behaviors. 
+Windows Update provides a wide range configuration policy to control the behavior of the Windows Update service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting policies may lead to unexpected behaviors. 
  
 See [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information.
 
 ## Device cannot access update files
-Check that your device can access these Windows Update endpoints:
 
-- `http://windowsupdate.microsoft.com`
-- `http://*.windowsupdate.microsoft.com`
-- `https://*.windowsupdate.microsoft.com`
-- `http://*.update.microsoft.com`
-- `https://*.update.microsoft.com`
-- `http://*.windowsupdate.com`
-- `http://download.windowsupdate.com`
-- `https://download.microsoft.com`
-- `http://*.download.windowsupdate.com`
-- `http://wustat.windows.com`
-- `http://ntservicepack.microsoft.com`
-- `https://*.prod.do.dsp.mp.microsoft.com`
-- `http://*.dl.delivery.mp.microsoft.com`
-- `https://*.delivery.mp.microsoft.com`
-- `https://tsfe.trafficshaping.dsp.mp.microsoft.com`
- 
- Allow these endpoints for future use.
+Ensure that devices can reach necessary Windows Update endpoints through the firewall. For example, for Windows 10, version 2004, the following protocols must be able to reach these respective endpoints:
+
+
+|Protocol  |Endpoint URL  |
+|---------|---------|
+|TLS 1.2         |  `*.prod.do.dsp.mp.microsoft.com`      |
+|HTTP     | `emdl.ws.microsoft.com`        |
+|HTTP     | `*.dl.delivery.mp.microsoft.com`        |
+|HTTP     |  `*.windowsupdate.com`       |
+|HTTPS     |  `*.delivery.mp.microsoft.com`       |
+|TLS 1.2     | `*.update.microsoft.com`        |
+|TLS 1.2     |  `tsfe.trafficshaping.dsp.mp.microsoft.com`       |
+
+> [!NOTE]
+> Be sure not to use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail.
+
+The specific endpoints can vary between Windows 10 versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](https://docs.microsoft.com/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows 10 versions are available in the table of contents nearby.
+
  
 ## Updates aren't downloading from the intranet endpoint (WSUS or Configuration Manager) 
-Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps:  
+Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps: 
+ 
 1. Start Windows PowerShell as an administrator.
 2. Run \$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager". 
 3. Run \$MUSM.Services.  
@@ -192,14 +192,14 @@ Check the output for the Name and OffersWindowsUPdates parameters, which you can
 |- Name: Windows Update
- OffersWindowsUpdates: True|- The source is Windows Update. 
- The client is configured to receive updates from Windows Update Online.| 
  
 ## You have a bad setup in the environment 
-If we look at the GPO being set through registry, the system is configured to use WSUS to download updates: 
+In this example, per the Group Policy set through registry, the system is configured to use WSUS to download updates (note the second line): 
 
 ```console
 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] 
-"UseWUServer"=dword:00000001                                        ===================================> it says use WSUS server.  
+"UseWUServer"=dword:00000001
 ```
 
-From the WU logs: 
+From Windows Update logs: 
 ```console
 2018-08-06 09:33:31:085  480 1118 Agent ** START **  Agent: Finding updates [CallerId = OperationalInsight  Id = 49] 
 2018-08-06 09:33:31:085  480 1118 Agent ********* 
@@ -215,7 +215,7 @@ From the WU logs:
 
 In the above log snippet, we see that the Criteria = "IsHidden = 0 AND DeploymentAction=*". "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results. 
 
-Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are 0 updates to install or download. This is due to bad setup or configuration in the environment. The WSUS side should approve the patches for WU so that it fetches the updates and installs it on the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. And that is the problem you are facing. You expect that the scan should be done by the operational insight agent and automatically trigger download and install but that won’t happen here.  
+Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are no updates to install or download. This is due to an incorrect configuration. The WSUS side should approve the updates for Windows Update so that it fetches the updates and installs them at the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. You're expecting the operational insight agent to do the scan and automatically trigger the download and installation but that won’t happen with this configuration.  
 
 ```console
 2018-08-06 10:58:45:992  480 5d8 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates  Id = 57] 

From 25a70fc716fcc93b42f4abdbde37c09489239c3b Mon Sep 17 00:00:00 2001
From: Beth Woodbury <40870842+levinec@users.noreply.github.com>
Date: Wed, 11 Nov 2020 12:06:56 -0800
Subject: [PATCH 299/384] Update exploits-malware.md

---
 .../threat-protection/intelligence/exploits-malware.md      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md
index 36ef30a468..ac9b1e0cb1 100644
--- a/windows/security/threat-protection/intelligence/exploits-malware.md
+++ b/windows/security/threat-protection/intelligence/exploits-malware.md
@@ -37,11 +37,11 @@ Several notable threats, including Wannacry, exploit the Server Message Block (S
 
 Examples of exploit kits:
 
-- Angler / [Axpergle](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Axpergle)
+- Angler / [Axpergle](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Axpergle)
 
-- [Neutrino](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?name=JS/NeutrinoEK)
+- [Neutrino](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/NeutrinoEK)
 
-- [Nuclear](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
+- [Nuclear](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
 
 To learn more about exploits, read this blog post on [taking apart a double zero-day sample discovered in joint hunt with ESET.](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/)
 

From 4454ae46ef7f425612416cc3c618104de597a2e4 Mon Sep 17 00:00:00 2001
From: Beth Woodbury <40870842+levinec@users.noreply.github.com>
Date: Wed, 11 Nov 2020 12:08:58 -0800
Subject: [PATCH 300/384] Update exploits-malware.md

---
 .../threat-protection/intelligence/exploits-malware.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md
index ac9b1e0cb1..f7895be9f2 100644
--- a/windows/security/threat-protection/intelligence/exploits-malware.md
+++ b/windows/security/threat-protection/intelligence/exploits-malware.md
@@ -37,11 +37,11 @@ Several notable threats, including Wannacry, exploit the Server Message Block (S
 
 Examples of exploit kits:
 
-- Angler / [Axpergle](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Axpergle)
+- Angler / [Axpergle](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/Axpergle)
 
 - [Neutrino](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/NeutrinoEK)
 
-- [Nuclear](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
+- [Nuclear](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/Neclu)
 
 To learn more about exploits, read this blog post on [taking apart a double zero-day sample discovered in joint hunt with ESET.](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/)
 

From 69d5498bc33f85474f0bb932c1443d39afa58ac5 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila 
Date: Wed, 11 Nov 2020 13:14:26 -0800
Subject: [PATCH 301/384] Move Big Sur note to top of What's new page and on
 landing page

---
 .../microsoft-defender-atp/mac-whatsnew.md    | 22 +------------------
 .../microsoft-defender-atp-mac.md             |  5 ++++-
 2 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 7c00c8af5a..aade908feb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -23,25 +23,8 @@ ms.topic: conceptual
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 > [!IMPORTANT]
-> In preparation for macOS 11 Big Sur, we are getting ready to release an update to Microsoft Defender for Endpoint for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender for Endpoint for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
-> 
-> The update is applicable to devices running macOS version 10.15.4 or later.
-> 
-> To ensure that the Microsoft Defender for Endpoint for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Microsoft Defender for Endpoint for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
-> 
-> Timing: 
-> - Organizations that previously opted into Microsoft Defender for Endpoint preview features in Microsoft Defender Security Center, must be ready for Microsoft Defender for Endpoint for Mac agent update **by August 10, 2020**.
-> - Organizations that do not participate in public previews for Microsoft Defender for Endpoint features, must be ready **by September 07, 2020**.
-> 
-> Action is needed by IT administrator. Review the steps below and assess the impact on your organization:
-> 
-> 1. Deploy the specified remote configuration to eligible macOS devices before Microsoft publishes the new agent version. 

-> Even though Microsoft Defender for Endpoint for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Microsoft Defender for Endpoint for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
-> 
-> 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
-> 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
+> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
 
 ## 101.10.72
 
@@ -57,9 +40,6 @@ ms.topic: conceptual
 
 - This product version has been validated on macOS Big Sur 11 beta 9
 
-  > [!IMPORTANT]
-  > Extensive testing of MDE (Microsoft Defender for Endpoint) with new macOS system extensions revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
-
 - The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md#configuring-from-the-command-line)
 
   > [!NOTE]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index e0e09fc815..808f3f9bc1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -65,10 +65,13 @@ There are several methods and deployment tools that you can use to install and c
 
 The three most recent major releases of macOS are supported.
 
+> [!IMPORTANT]
+> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
+
 - 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
 - Disk space: 1GB
 
-Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.
+Beta versions of macOS are not supported.
 
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 

From 3627397d9d4378249e7963165e0237b76b1ae28e Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 11 Nov 2020 23:23:52 +0200
Subject: [PATCH 302/384] Fix broken link

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8578

Used social technet link instead of web.archive one.
---
 .../information-protection/bitlocker/bitlocker-overview.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index 131a256f82..2b79e081bc 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -62,7 +62,7 @@ A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant B
 The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.
 
 > [!IMPORTANT]
-> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://blogs.technet.microsoft.com/tip_of_the_day/2014/01/22/tip-of-the-day-bitlocker-without-tpm-or-usb/).
+> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://social.technet.microsoft.com/Forums/en-US/eac2cc67-8442-42db-abad-2ed173879751/bitlocker-without-tpm?forum=win10itprosetup).
 
 > [!NOTE]
 > TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.

From 6b5b3b3dd2d785f4d14f95af57360b2b3a8ba962 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila 
Date: Wed, 11 Nov 2020 13:32:29 -0800
Subject: [PATCH 303/384] Add info on how to submit feedback

---
 .../threat-protection/microsoft-defender-atp/mac-whatsnew.md    | 2 +-
 .../microsoft-defender-atp/microsoft-defender-atp-mac.md        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index aade908feb..eb1f868d60 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 > [!IMPORTANT]
-> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
+> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app.
 
 ## 101.10.72
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 808f3f9bc1..de9fa4ec68 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -66,7 +66,7 @@ There are several methods and deployment tools that you can use to install and c
 The three most recent major releases of macOS are supported.
 
 > [!IMPORTANT]
-> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
+> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app.
 
 - 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
 - Disk space: 1GB

From 209277d6a700975891e26100f5be51c5ca6148d8 Mon Sep 17 00:00:00 2001
From: Marty Hernandez Avedon 
Date: Wed, 11 Nov 2020 17:12:50 -0500
Subject: [PATCH 304/384] attempt to improve acrolinx score

typo fixes, shorter sentences, misc other copyedits
---
 .../threat-protection/fips-140-validation.md  | 704 +++++++++---------
 1 file changed, 354 insertions(+), 350 deletions(-)

diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 867aadf0d5..755d20142f 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -1,6 +1,6 @@
 ---
 title: Federal Information Processing Standard (FIPS) 140 Validation
-description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140.
+description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
 ms.prod: w10
 audience: ITPro
 author: dansimp
@@ -16,41 +16,48 @@ ms.reviewer:
 
 ## FIPS 140-2 standard overview
 
-The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996.
+The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products.
 
-The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program), a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover eleven areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.
+The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.
 
 ## Microsoft’s approach to FIPS 140-2 validation
 
-Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since the inception of the standard in 2001.  Microsoft validates its cryptographic modules under the NIST CMVP, as described above.  Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.
+Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001.  Microsoft validates its cryptographic modules under the NIST CMVP, as described above.  Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.
 
 ## Using Windows in a FIPS 140-2 approved mode of operation
 
-Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.”  When this mode is enabled, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows cryptographic operations are run. These self-tests are run in accordance with FIPS 140-2 Section 4.9 and are utilized to ensure that the modules are functioning properly. The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by this mode of operation. The FIPS 140-2 approved mode of operation will not prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. For applications or components beyond the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library, FIPS mode is merely advisory.
+Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode."  If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly.
 
-While US government regulations continue to mandate that FIPS mode be enabled on government computers running Windows, our recommendation is that it is each customer’s decision to make when considering enabling FIPS mode. There are many applications and protocols that look to the FIPS mode policy to determine which cryptographic functionality should be utilized in a given solution. We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode. 
+The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library.
+
+US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography.
 
 Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below.
 
 ### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed
 
-Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated.  This is accomplished by cross-checking the version number of the cryptographic module with the table of validated modules at the end of this topic, organized by operating system release.
+Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated.  Tables listing validated modules, organized by operating system release, are available later in this article.
 
 ### Step 2: Ensure all security policies for all cryptographic modules are followed
 
-Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode.  The security policy may be found in each module’s published Security Policy Document (SPD).  The SPDs for each module may be found by following the links in the table of validated modules at the end of this topic.  Click on the module version number to view the published SPD for the module. 
- 
+Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode.  The security policy may be found in each module’s published Security Policy Document (SPD).  The SPDs for each module may be found in the table of validated modules at the end of this article.  Select the module version number to view the published SPD for the module. 
+
 ### Step 3: Enable the FIPS security policy
 
-Windows provides the security policy setting, “System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode.  When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode.  The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution.   For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing).  
+Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode.  When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode.  This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution.   For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing).  
 
-### Step 4: Ensure only FIPS validated cryptographic algorithms are used
+### Step 4: Ensure that only FIPS validated cryptographic algorithms are used
 
-Neither the operating system nor the cryptographic modules can enforce a FIPS approved mode of operation, regardless of the FIPS security policy setting.  To run in a FIPS approved mode, an application or service must check for the policy flag and enforce the security policies of the validated modules.  If an application or service uses a non-approved cryptographic algorithm or does not follow the security policies of the validated modules, it is not operating in a FIPS approved mode.
+FIPS mode is enforced at the level of the application or service. It is not enforced by the operating system or by individual cryptographic modules. Applications or services running in FIPS mode must follow the security policies of validated modules. They must not use a cryptographic algorithm that isn't FIPS-compliant.
+
+In short, an application or service is running in FIPS mode if it:
+
+* Checks for the policy flag
+* Enforces security policies of validated modules
 
 ## Frequently asked questions
 
-### How long does it take to certify cryptographic modules?
+### How long does it take to certify a cryptographic module?
 
 Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors.
 
@@ -58,29 +65,29 @@ Microsoft begins certification of cryptographic modules after each major feature
 
 The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server.  As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules.  
 
-### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”?
+### What is the difference between *FIPS 140 validated* and *FIPS 140 compliant*?
 
-“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
+*FIPS 140 validated* means that the cryptographic module, or a product that embeds the module, has been validated ("certified") by the CMVP as meeting the FIPS 140-2 requirements. *FIPS 140 compliant* is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
 
-### I need to know if a Windows service or application is FIPS 140-2 validated.
+### How do I know if a Windows service or application is FIPS 140-2 validated?
 
-The cryptographic modules leveraged in Windows are validated through the CMVP, not individual services, applications, hardware peripherals, or other solutions.  For a solution to be considered compliant, it must call a FIPS 140-2 validated cryptographic module in the underlying OS and the OS must be configured to run in FIPS mode.  Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module.
+The cryptographic modules used in Windows are validated through the CMVP. They aren't validated by individual services, applications, hardware peripherals, or other solutions.  Any compliant solution must call a FIPS 140-2 validated cryptographic module in the underlying OS, and the OS must be configured to run in FIPS mode.  Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module.
 
-### What does "When operated in FIPS mode" mean on a certificate?
+### What does *When operated in FIPS mode* mean on a certificate?
 
-This caveat identifies required configuration and security rules that must be followed to use the cryptographic module in a way that is consistent with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module.
+This label means that certain configuration and security rules must be followed to use the cryptographic module in compliance with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module.
 
 ### What is the relationship between FIPS 140-2 and Common Criteria?
 
-These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
+FIPS 140-2 and Common Criteria are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules. Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
 
 ### How does FIPS 140 relate to Suite B?
 
-Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140-2 standard.
+Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS approved cryptographic algorithms allowed by the FIPS 140-2 standard.
 
 ### Is SMB3 (Server Message Block) FIPS 140 compliant in Windows?
 
-When Windows is configured to operate in FIPS 140 approved mode on both client and server, SMB3 is FIPS 140 compliant and relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations. 
+SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server.  In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations.
 
 ## Microsoft FIPS 140-2 validated cryptographic modules
 
@@ -314,7 +321,7 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
 		Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
 10.0.15063
 #3095
FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)

+
FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)

 

 Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)
10.0.15063
 #3094
 
#3094

-
FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)

+
FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)

 

 Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)
Boot Manager
 10.0.15063
 #3089
FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

+
FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

 
Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)

 

 

 Windows OS Loader
 10.0.15063
 #3090
FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

+
FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

 
Other algorithms: NDRNG

 

 

 Windows Resume[1]
 10.0.15063
 #3091FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
 

 

 BitLocker® Dump Filter[2]
 10.0.15063
 #3092FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
 

 

 Code Integrity (ci.dll)
 10.0.15063
 #3093
FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+
FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

 

 

 Secure Kernel Code Integrity (skci.dll)[3]
 10.0.15063
 #3096
FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+
FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

 

 
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
 10.0.14393
 #2937
FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

+
FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

 

 Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)
Kernel Mode Cryptographic Primitives Library (cng.sys)
 10.0.14393
 #2936
FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

+
FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

 

 Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)
Boot Manager
 10.0.14393
 #2931
FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+
FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

 
Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

 

 

 BitLocker® Windows OS Loader (winload)
 10.0.14393
 #2932FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

+		FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

 

 Other algorithms: NDRNG; MD5		
 
BitLocker® Windows Resume (winresume)[1]
 10.0.14393
 #2933FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

+		FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

 

 Other algorithms: MD5		
 
BitLocker® Dump Filter (dumpfve.sys)[2]
 10.0.14393
 #2934FIPS Approved algorithms: AES (Certs. #4061 and #4064)FIPS approved algorithms: AES (Certs. #4061 and #4064)
 

 

 Code Integrity (ci.dll)
 10.0.14393
 #2935
FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

+
FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

 

 Other algorithms: AES (non-compliant); MD5

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)
Secure Kernel Code Integrity (skci.dll)[3]
 10.0.14393
 #2938
FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

+
FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

 

 Other algorithms: MD5

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
 10.0.10586
 #2606
FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

+
FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

 

 Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)
Kernel Mode Cryptographic Primitives Library (cng.sys)
 10.0.10586
 #2605
FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

+
FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

 

 Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)
Boot Manager[4]
 10.0.10586
 #2700FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)

+		FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)

 

 Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)		
 
BitLocker® Windows OS Loader (winload)[5]
 10.0.10586
 #2701FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

+		FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

 

 Other algorithms: MD5; NDRNG		
 
BitLocker® Windows Resume (winresume)[6]
 10.0.10586
 #2702FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)

+		FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)

 

 Other algorithms: MD5		
 
BitLocker® Dump Filter (dumpfve.sys)[7]
 10.0.10586
 #2703FIPS Approved algorithms: AES (Certs. #3653)FIPS approved algorithms: AES (Certs. #3653)
 

 

 Code Integrity (ci.dll)
 10.0.10586
 #2604
FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

+
FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

 

 Other algorithms: AES (non-compliant); MD5

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)
Secure Kernel Code Integrity (skci.dll)[8]
 10.0.10586
 #2607
FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

+
FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

 

 Other algorithms: MD5

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
 10.0.10240
 #2606
FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

+
FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

 

 Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)
Kernel Mode Cryptographic Primitives Library (cng.sys)
 10.0.10240
 #2605
FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

+
FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

 

 Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)
Boot Manager[9]
 10.0.10240
 #2600FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)

+		FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)

 

 Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)		
 
BitLocker® Windows OS Loader (winload)[10]
 10.0.10240
 #2601FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

+		FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

 

 Other algorithms: MD5; NDRNG		
 
BitLocker® Windows Resume (winresume)[11]
 10.0.10240
 #2602FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

+		FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

 

 Other algorithms: MD5		
 
BitLocker® Dump Filter (dumpfve.sys)[12]
 10.0.10240
 #2603FIPS Approved algorithms: AES (Certs. #3497 and #3498)FIPS approved algorithms: AES (Certs. #3497 and #3498)
 

 

 Code Integrity (ci.dll)
 10.0.10240
 #2604
FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

+
FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

 

 Other algorithms: AES (non-compliant); MD5

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)
Secure Kernel Code Integrity (skci.dll)[13]
 10.0.10240
 #2607
FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

+
FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

 

 Other algorithms: MD5

 
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

 
 
-\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+\[9\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
 
-\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+\[10\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
 
-\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+\[11\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
 
-\[12\] Applies only to Pro, Enterprise and Enterprise LTSB
+\[12\] Applies only to Pro, Enterprise, and Enterprise LTSB
 
 \[13\] Applies only to Enterprise and Enterprise LTSB
 
@@ -690,25 +697,25 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
 		Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
 6.3.9600 6.3.9600.17031
 #2357
FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

+
FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

 

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)

 

 

 Kernel Mode Cryptographic Primitives Library (cng.sys)
 6.3.9600 6.3.9600.17042
 #2356
FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

+
FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

 

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

 
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

 

 

 Boot Manager
 6.3.9600 6.3.9600.17031
 #2351FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

+		FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

 

 Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)		
 
BitLocker® Windows OS Loader (winload)
 6.3.9600 6.3.9600.17031
 #2352FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

+		FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

 

 Other algorithms: MD5; NDRNG		
 
BitLocker® Windows Resume (winresume)[14]
 6.3.9600 6.3.9600.17031
 #2353FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

+		FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

 

 Other algorithms: MD5		
 
BitLocker® Dump Filter (dumpfve.sys)
 6.3.9600 6.3.9600.17031
 #2354FIPS Approved algorithms: AES (Cert. #2832)

+		FIPS approved algorithms: AES (Cert. #2832)

 

 Other algorithms: N/A		
 
Code Integrity (ci.dll)
 6.3.9600 6.3.9600.17031
 #2355#2355
FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

+
FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

 

 Other algorithms: MD5

 
Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
 6.2.9200
 #1892FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

+		FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

 

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

 

 		
 
Kernel Mode Cryptographic Primitives Library (cng.sys)
 6.2.9200
 #1891FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

+		FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

 

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

 

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)		
 

 

 Boot Manager
 6.2.9200
 #1895FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

+		FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

 

 Other algorithms: MD5		
 
BitLocker® Windows OS Loader (WINLOAD)
 6.2.9200
 #1896FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

+		FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

 

 Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG		
 
BitLocker® Windows Resume (WINRESUME)[15]
 6.2.9200
 #1898FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

+		FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

 

 Other algorithms: MD5		
 
BitLocker® Dump Filter (DUMPFVE.SYS)
 6.2.9200
 #1899FIPS Approved algorithms: AES (Certs. #2196 and #2198)

+		FIPS approved algorithms: AES (Certs. #2196 and #2198)

 

 Other algorithms: N/A		
 
Code Integrity (CI.DLL)
 6.2.9200
 #1897FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

+		FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

 

 Other algorithms: MD5		
 
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
 6.2.9200
 #1893FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

+		FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

 

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Cert., vendor affirmed)

+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)

 

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert., key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)		
 

 

 Enhanced Cryptographic Provider (RSAENH.DLL)
 6.2.9200
 #1894FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

+		FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

 

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)		
 

 
 

@@ -870,11 +877,11 @@ Validated Editions: Windows 7, Windows 7 SP1
 
6.1.7600.16385

 
6.1.7601.17514

 1329
-FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

+FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

 

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)

+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)

 

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
 
 
 Kernel Mode Cryptographic Primitives Library (cng.sys)
@@ -887,16 +894,16 @@ Validated Editions: Windows 7, Windows 7 SP1
 
6.1.7601.21861

 
6.1.7601.22076

 1328
-FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

+FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

 

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
 
 
 Boot Manager
 
6.1.7600.16385

 
6.1.7601.17514

 1319
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)

+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)

 

 Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)

 

@@ -913,7 +920,7 @@ Validated Editions: Windows 7, Windows 7 SP1
 
6.1.7601.21655

 
6.1.7601.21675

 1326
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)

+FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)

 

 Other algorithms: MD5
 
@@ -932,7 +939,7 @@ Validated Editions: Windows 7, Windows 7 SP1
 
6.1.7601.21655

 
6.1.7601.21675

 1332
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

 

 Other algorithms: Elephant Diffuser
 
@@ -945,7 +952,7 @@ Validated Editions: Windows 7, Windows 7 SP1
 
6.1.7601.17950

 
6.1.7601.22108

 1327
-FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)

+FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)

 

 Other algorithms: MD5
 
@@ -954,7 +961,7 @@ Validated Editions: Windows 7, Windows 7 SP1
 6.1.7600.16385

 (no change in SP1)
 1331
-FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

+FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

 

 Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
 
@@ -963,9 +970,9 @@ Validated Editions: Windows 7, Windows 7 SP1
 6.1.7600.16385

 (no change in SP1)
 1330
-FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)

+FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)

 

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
 
 
@@ -993,13 +1000,13 @@ Validated Editions: Ultimate Edition
 Boot Manager (bootmgr)
 6.0.6001.18000 and 6.0.6002.18005
 978
-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
 
 
 Winload OS Loader (winload.exe)
 6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596
 979
-FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)

+FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)

 

 Other algorithms: MD5
 
@@ -1007,37 +1014,37 @@ Validated Editions: Ultimate Edition
 Code Integrity (ci.dll)
 6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005
 980
-FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)

+FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753)

 

 Other algorithms: MD5
 
 
 Kernel Mode Security Support Provider Interface (ksecdd.sys)
-6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869
+6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869
 1000
-
FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+
FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

+
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

 
 
 Cryptographic Primitives Library (bcrypt.dll)
-6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872
+6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872
 1001
-
FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

-
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

+
FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

+
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

 
 
 Enhanced Cryptographic Provider (RSAENH)
-6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005
+6.0.6001.22202 and 6.0.6002.18005
 1002
-
FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

-
Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+
FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

+
Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

 
 
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005
+6.0.6001.18000 and 6.0.6002.18005
 1003
-
FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

+
FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

+
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

 
 
 
@@ -1059,23 +1066,23 @@ Validated Editions: Ultimate Edition
 Enhanced Cryptographic Provider (RSAENH)
 6.0.6000.16386
 893
-FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

+FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

 

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
 
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
 6.0.6000.16386
 894
-FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)

+FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)

 

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
 
 
 BitLocker™ Drive Encryption
 6.0.6000.16386
 947
-FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)

+FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)

 

 Other algorithms: Elephant Diffuser
 
@@ -1083,9 +1090,9 @@ Validated Editions: Ultimate Edition
 Kernel Mode Security Support Provider Interface (ksecdd.sys)
 6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067
 891
-FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

+FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

 

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
+Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
 
 
 
@@ -1111,22 +1118,22 @@ Validated Editions: Ultimate Edition
 Kernel Mode Cryptographic Module (FIPS.SYS)
 5.1.2600.5512
 997
-
FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

+
FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

 
Other algorithms: DES; MD5; HMAC MD5

 
 
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
 5.1.2600.5507
 990
-
FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

-
Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

+
FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

+
Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

 
 
 Enhanced Cryptographic Provider (RSAENH)
 5.1.2600.5507
 989
-
FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

-
Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)

+
FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

+
Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)

 
 
 
@@ -1152,14 +1159,14 @@ Validated Editions: Ultimate Edition
 DSS/Diffie-Hellman Enhanced Cryptographic Provider
 5.1.2600.2133
 240
-
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

+
FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

 
Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

 
 
 Microsoft Enhanced Cryptographic Provider
 5.1.2600.2161
 238
-
FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+
FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

 
Other algorithms: DES (Cert. #156); RC2; RC4; MD5

 
 
@@ -1186,7 +1193,7 @@ Validated Editions: Ultimate Edition
 Microsoft Enhanced Cryptographic Provider
 5.1.2600.1029
 238
-
FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+
FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

 
Other algorithms: DES (Cert. #156); RC2; RC4; MD5

 
 
@@ -1213,7 +1220,7 @@ Validated Editions: Ultimate Edition
 Kernel Mode Cryptographic Module
 5.1.2600.0
 241
-
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

+
FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

 
Other algorithms: DES (Cert. #89)

 
 
@@ -1240,7 +1247,7 @@ Validated Editions: Ultimate Edition
 Kernel Mode Cryptographic Module (FIPS.SYS)
 5.0.2195.1569
 106
-
FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+
FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

 
Other algorithms: DES (Certs. #89)

 
 
@@ -1250,7 +1257,7 @@ Validated Editions: Ultimate Edition
 
(DSS/DH Enh: 5.0.2195.3665 [SP3])

 
(Enh: 5.0.2195.3839 [SP3]

 103
-
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+
FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

 
Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

 
 
@@ -1277,7 +1284,7 @@ Validated Editions: Ultimate Edition
 Kernel Mode Cryptographic Module (FIPS.SYS)
 5.0.2195.1569
 106
-
FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+
FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

 
Other algorithms: DES (Certs. #89)

 
 
@@ -1291,7 +1298,7 @@ Validated Editions: Ultimate Edition
 
(Enh:

 
5.0.2195.2228 [SP2])

 103
-
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+
FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

 
Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

 
 
@@ -1321,7 +1328,7 @@ Validated Editions: Ultimate Edition
 
(DSS/DH Enh: 5.0.2150.1391 [SP1])

 
(Enh: 5.0.2150.1391 [SP1])

 103
-
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+
FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

 
Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

 
 
@@ -1348,7 +1355,7 @@ Validated Editions: Ultimate Edition
 Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
 5.0.2150.1
 76
-
FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

+
FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

 
Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

 
 
@@ -1375,7 +1382,7 @@ Validated Editions: Ultimate Edition
 Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
 5.0.1877.6 and 5.0.1877.7
 75
-
FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

+
FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

 
Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

 
 
@@ -1396,7 +1403,7 @@ Validated Editions: Ultimate Edition
 Base Cryptographic Provider
 5.0.1877.6 and 5.0.1877.7
 68
-FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)

+FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)

 

 Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
 
@@ -1631,7 +1638,7 @@ Validated Editions: Standard, Datacenter, Storage Server
 Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
 10.0.14393
 2937
-FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

+FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

 

 Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
 
@@ -1639,7 +1646,7 @@ Validated Editions: Standard, Datacenter, Storage Server
 Kernel Mode Cryptographic Primitives Library (cng.sys)
 10.0.14393
 2936
-FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

+FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

 

 Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
 
@@ -1647,14 +1654,14 @@ Validated Editions: Standard, Datacenter, Storage Server
 Boot Manager
 10.0.14393
 2931
-
FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+
FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

 
Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

 
 
 BitLocker® Windows OS Loader (winload)
 10.0.14393
 2932
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

 

 Other algorithms: NDRNG; MD5
 
@@ -1662,7 +1669,7 @@ Validated Editions: Standard, Datacenter, Storage Server
 BitLocker® Windows Resume (winresume)
 10.0.14393
 2933
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

 

 Other algorithms: MD5
 
@@ -1670,13 +1677,13 @@ Validated Editions: Standard, Datacenter, Storage Server
 BitLocker® Dump Filter (dumpfve.sys)
 10.0.14393
 2934
-FIPS Approved algorithms: AES (Certs. #4061 and #4064)
+FIPS approved algorithms: AES (Certs. #4061 and #4064)
 
 
 Code Integrity (ci.dll)
 10.0.14393
 2935
-FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

+FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

 

 Other algorithms: AES (non-compliant); MD5
 
@@ -1684,7 +1691,7 @@ Validated Editions: Standard, Datacenter, Storage Server
 Secure Kernel Code Integrity (skci.dll)
 10.0.14393
 2938
-FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

+FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

 

 Other algorithms: MD5
 
@@ -1710,23 +1717,23 @@ Validated Editions: Server, Storage Server,
 Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
 6.3.9600 6.3.9600.17031
 2357
-FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

+FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

 

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
 
 
 Kernel Mode Cryptographic Primitives Library (cng.sys)
 6.3.9600 6.3.9600.17042
 2356
-FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

+FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

 

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
 
 
 Boot Manager
 6.3.9600 6.3.9600.17031
 2351
-FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

+FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

 

 Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
 
@@ -1734,7 +1741,7 @@ Validated Editions: Server, Storage Server,
 BitLocker® Windows OS Loader (winload)
 6.3.9600 6.3.9600.17031
 2352
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

 

 Other algorithms: MD5; NDRNG
 
@@ -1742,7 +1749,7 @@ Validated Editions: Server, Storage Server,
 BitLocker® Windows Resume (winresume)[16]
 6.3.9600 6.3.9600.17031
 2353
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

 

 Other algorithms: MD5
 
@@ -1750,7 +1757,7 @@ Validated Editions: Server, Storage Server,
 BitLocker® Dump Filter (dumpfve.sys)[17]
 6.3.9600 6.3.9600.17031
 2354
-FIPS Approved algorithms: AES (Cert. #2832)

+FIPS approved algorithms: AES (Cert. #2832)

 

 Other algorithms: N/A
 
@@ -1758,7 +1765,7 @@ Validated Editions: Server, Storage Server,
 Code Integrity (ci.dll)
 6.3.9600 6.3.9600.17031
 2355
-FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

+FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

 

 Other algorithms: MD5
 
@@ -1766,9 +1773,9 @@ Validated Editions: Server, Storage Server,
 
 
 
-\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+\[16\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
 
-\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+\[17\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
 
 **Windows Server 2012**
 
@@ -1786,27 +1793,27 @@ Validated Editions: Server, Storage Server
 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
 6.2.9200
 1892
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

 

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

 

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
 
 
 Kernel Mode Cryptographic Primitives Library (cng.sys)
 6.2.9200
 1891
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

 

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

 

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
 
 
 Boot Manager
 6.2.9200
 1895
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

+FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

 

 Other algorithms: MD5
 
@@ -1814,7 +1821,7 @@ Validated Editions: Server, Storage Server
 BitLocker® Windows OS Loader (WINLOAD)
 6.2.9200
 1896
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

 

 Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
 
@@ -1822,7 +1829,7 @@ Validated Editions: Server, Storage Server
 BitLocker® Windows Resume (WINRESUME)
 6.2.9200
 1898
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

 

 Other algorithms: MD5
 
@@ -1830,7 +1837,7 @@ Validated Editions: Server, Storage Server
 BitLocker® Dump Filter (DUMPFVE.SYS)
 6.2.9200
 1899
-FIPS Approved algorithms: AES (Certs. #2196 and #2198)

+FIPS approved algorithms: AES (Certs. #2196 and #2198)

 

 Other algorithms: N/A
 
@@ -1838,7 +1845,7 @@ Validated Editions: Server, Storage Server
 Code Integrity (CI.DLL)
 6.2.9200
 1897
-FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

+FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

 

 Other algorithms: MD5
 
@@ -1846,7 +1853,7 @@ Validated Editions: Server, Storage Server
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
 6.2.9200
 1893
-FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

+FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

 

 Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
@@ -1854,9 +1861,9 @@ Validated Editions: Server, Storage Server
 Enhanced Cryptographic Provider (RSAENH.DLL)
 6.2.9200
 1894
-FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

+FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

 

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
 
 
@@ -1874,65 +1881,65 @@ Validated Editions: Server, Storage Server
 
 
 Boot Manager (bootmgr)
-6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.17514
+6.1.7600.16385 or 6.1.7601.17514
 1321
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)

+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)

 

 Other algorithms: MD5
 
 
 Winload OS Loader (winload.exe)
-6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675
+6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675
 1333
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)

+FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)

 

 Other algorithms: MD5
 
 
 Code Integrity (ci.dll)
-6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108
+6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108
 1334
-FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)

+FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)

 

 Other algorithms: MD5
 
 
 Kernel Mode Cryptographic Primitives Library (cng.sys)
-6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076
+6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076
 1335
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

+FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

 

--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
+-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
 
 
 Cryptographic Primitives Library (bcryptprimitives.dll)
-66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.17514
+66.1.7600.16385 or 6.1.7601.17514
 1336
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

+FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

 

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
 
 
 Enhanced Cryptographic Provider (RSAENH)
 6.1.7600.16385
 1337
-FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)

+FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)

 

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
 
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
 6.1.7600.16385
 1338
-FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

+FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

 

 Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
 
 
 BitLocker™ Drive Encryption
-6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675
+6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675
 1339
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

 

 Other algorithms: Elephant Diffuser
 
@@ -1952,61 +1959,61 @@ Validated Editions: Server, Storage Server
 
 
 Boot Manager (bootmgr)
-6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497
+6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497
 1004
-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)

+FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)

 

 Other algorithms: N/A
 
 
 Winload OS Loader (winload.exe)
-6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596
+6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596
 1005
-FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)

+FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)

 

 Other algorithms: MD5
 
 
 Code Integrity (ci.dll)
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005
+6.0.6001.18000 and 6.0.6002.18005
 1006
-FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)

+FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753)

 

 Other algorithms: MD5
 
 
 Kernel Mode Security Support Provider Interface (ksecdd.sys)
-6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869
+6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869
 1007
-FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

+FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

 

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

 

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
 
 Cryptographic Primitives Library (bcrypt.dll)
-6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872
+6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872
 1008
-FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

+FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

 

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
 
 
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005
+6.0.6001.18000 and 6.0.6002.18005
 1009
-FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

+FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

 

--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
+-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
 
 
 Enhanced Cryptographic Provider (RSAENH)
-6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005
+6.0.6001.22202 and 6.0.6002.18005
 1010
-FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

+FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

 

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
 
 
@@ -2032,22 +2039,22 @@ Validated Editions: Server, Storage Server
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
 5.2.3790.3959
 875
-
FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

-
Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

+
FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

+
Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

 
 
 Kernel Mode Cryptographic Module (FIPS.SYS)
 5.2.3790.3959
 869
-
FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

+
FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

 
Other algorithms: DES; HMAC-MD5

 
 
 Enhanced Cryptographic Provider (RSAENH)
 5.2.3790.3959
 868
-
FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

-
Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+
FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

+
Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

 
 
 
@@ -2073,7 +2080,7 @@ Validated Editions: Server, Storage Server
 Kernel Mode Cryptographic Module (FIPS.SYS)
 5.2.3790.1830 [SP1]
 405
-
FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+
FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

 
Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

 
[1] x86

 [2] SP1 x86, x64, IA64

@@ -2082,7 +2089,7 @@ Validated Editions: Server, Storage Server
 Enhanced Cryptographic Provider (RSAENH)
 5.2.3790.1830 [Service Pack 1])
 382
-
FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+
FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

 
Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

 
[1] x86

 [2] SP1 x86, x64, IA64

@@ -2091,7 +2098,7 @@ Validated Editions: Server, Storage Server
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
 5.2.3790.1830 [Service Pack 1]
 381
-
FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+
FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

 
Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

 
[1] x86

 [2] SP1 x86, x64, IA64

@@ -2120,7 +2127,7 @@ Validated Editions: Server, Storage Server
 Kernel Mode Cryptographic Module (FIPS.SYS)
 5.2.3790.0
 405
-
FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+
FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

 
Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

 
[1] x86

 [2] SP1 x86, x64, IA64

@@ -2129,7 +2136,7 @@ Validated Editions: Server, Storage Server
 Enhanced Cryptographic Provider (RSAENH)
 5.2.3790.0
 382
-
FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+
FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

 
Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

 
[1] x86

 [2] SP1 x86, x64, IA64

@@ -2138,7 +2145,7 @@ Validated Editions: Server, Storage Server
 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
 5.2.3790.0
 381
-
FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+
FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

 
Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

 
[1] x86

 [2] SP1 x86, x64, IA64

@@ -2169,15 +2176,15 @@ Validated Editions: Server, Storage Server
 Enhanced Cryptographic Provider
 7.00.2872 [1] and 8.00.6246 [2]
 2957
-
FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

-
Allowed algorithms: HMAC-MD5; MD5; NDRNG

+
FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

+
Allowed algorithms: HMAC-MD5, MD5, NDRNG

 
 
 Cryptographic Primitives Library (bcrypt.dll)
 7.00.2872 [1] and 8.00.6246 [2]
 2956
-
FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

-
Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength

+
FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

+
Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength

 
 
 
@@ -2204,7 +2211,7 @@ Validated Editions: Server, Storage Server
 Enhanced Cryptographic Provider
 6.00.1937 [1] and 7.00.1687 [2]
 825
-
FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

+
FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

 
Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

 
 
@@ -2229,9 +2236,9 @@ Validated Editions: Server, Storage Server
 
 
 Outlook Cryptographic Provider (EXCHCSP)
-SR-1A (3821)SR-1A (3821)
+SR-1A (3821)
 110
-
FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

+
FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

 
Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5

 
 
@@ -2320,7 +2327,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
    • 
 
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
    • 
 
  • Plain Text Length: 0-32
    • 
-
  • AAD Length: 0-65536
    • 
+
  • Additional authenticated data length: 0-65536
    • 
 
 
  • AES-CFB128:
    • 
 
    • 
@@ -2393,7 +2400,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
    • Key Lengths: 128, 192, 256 (bits)
      • 
 
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • 
 
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • 
-
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • 
+
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
      • 
 
    • 96 bit IV supported
      • 
 
    • 
 
  • AES-XTS:
    • 
@@ -2426,7 +2433,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
    • 
 
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
    • 
 
  • Plain Text Length: 0-32
    • 
-
  • AAD Length: 0-65536
    • 
+
  • Additional authenticated data length: 0-65536
    • 
 
 
  • AES-CFB128:
    • 
 
    • 
@@ -2499,7 +2506,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
    • Key Lengths: 128, 192, 256 (bits)
      • 
 
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • 
 
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • 
-
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • 
+
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
      • 
 
    • 96 bit IV supported
      • 
 
    • 
 
  • AES-XTS:
    • 
@@ -2532,7 +2539,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
    • 
 
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
    • 
 
  • Plain Text Length: 0-32
    • 
-
  • AAD Length: 0-65536
    • 
+
  • Additional authenticated data length: 0-65536
    • 
 
 
  • AES-CFB128:
    • 
 
    • 
@@ -2606,7 +2613,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
    • Key Lengths: 128, 192, 256 (bits)
      • 
 
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • 
 
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • 
-
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • 
+
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
      • 
 
    • 96 bit IV supported
      • 
 
    • 
 
  • AES-XTS:
    • 
@@ -2669,7 +2676,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Tag Lengths: 128 (bits)
    • 
 
  • IV Lengths: 96 (bits)
    • 
 
  • Plain Text Length: 0-32
    • 
-
  • AAD Length: 0-65536
    • 
+
  • Additional authenticated data length: 0-65536
    • 
 
 
    AES Val#4902
    
 
    Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896
    
@@ -2682,7 +2689,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Tag Lengths: 128 (bits)
    • 
 
  • IV Lengths: 96 (bits)
    • 
 
  • Plain Text Length: 0-32
    • 
-
  • AAD Length: 0-65536
    • 
+
  • Additional authenticated data length: 0-65536
    • 
 
 
    AES Val#4901
    
 
    Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895
    
@@ -2695,7 +2702,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Tag Lengths: 128 (bits)
    • 
 
  • IV Lengths: 96 (bits)
    • 
 
  • Plain Text Length: 0-32
    • 
-
  • AAD Length: 0-65536
    • 
+
  • Additional authenticated data length: 0-65536
    • 
 
 
    AES Val#4897
    
 
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
    
@@ -2732,8 +2739,8 @@ The following tables are organized by cryptographic algorithms with their modes,
 
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
    
 
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
 
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
-
    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); 96BitIV_Supported
    
-
    GMAC_Supported
    
+
    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported
    
+
    GMAC supported
    
 
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
    
 
    Version 10.0.15063
    
@@ -2778,8 +2785,8 @@ The following tables are organized by cryptographic algorithms with their modes,
 
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
 
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
 (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
-IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    
-GMAC_Supported
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
    
+GMAC supported
    
 
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
    
 
    Version 10.0.14393
    
@@ -2830,8 +2837,8 @@ Version 10.0.10586
 
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
 
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
 (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
-IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    
-GMAC_Supported
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
    
+GMAC supported
    
 
    XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
    
 
    
@@ -2856,8 +2863,8 @@ GMAC_Supported
    
 
    CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
 
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
 (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
-IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96BitIV_Supported
    
-GMAC_Supported
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96 bit IV supported
    
+GMAC supported
    
 
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
    
 Version 10.0.10240
@@ -2881,7 +2888,7 @@ Version 10.0.10240
 
 
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#2832
    
-
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848
    
+
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848
    
 
    Version 6.3.9600
    
 
 
@@ -2889,10 +2896,10 @@ Version 10.0.10240
 
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
 
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
 
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
-
    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); AAD Lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96BitIV_Supported;
    
+
    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96 bit IV supported;
    
 OtherIVLen_Supported
    
-GMAC_Supported
    
-
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
    
+GMAC supported
    
+
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
    
 
    Version 6.3.9600
    
 
 
@@ -2902,12 +2909,12 @@ AES Val#2197
    
 
    GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
 (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
-IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported
    
-GMAC_Supported
    
+IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported
    
+GMAC supported
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216
 
 
-
    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#2196
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
 
@@ -2927,13 +2934,13 @@ GMAC_Supported
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
 
 
-CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
+CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
 AES Val#1168
 
    Windows Server 2008 R2 and SP1 CNG algorithms #1187
    
 
    Windows 7 Ultimate and SP1 CNG algorithms #1178
    
 
 
-CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    
+CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
    
 AES Val#1168
 Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177
 
@@ -2950,11 +2957,11 @@ AES #1168, vendor-affirmed
 
 
-CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
+CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
 Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
 
 
-CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
 
    Windows Server 2008 CNG algorithms #757
    
 
    Windows Vista Ultimate SP1 CNG algorithms #756
    
 
@@ -2995,7 +3002,7 @@ AES 
 CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2832)]
-
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
    
+
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
    
 
    Version 6.3.9600
    
 
 
@@ -3280,7 +3287,7 @@ Deterministic Random Bit Generator (DRBG)
 
    PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
    
 
    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    KeyPairGen:   [(2048,256); (3072,256)]
    
-
    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+
    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val#3790
    
 
    DRBG: Val# 1555
    
@@ -3289,16 +3296,16 @@ Deterministic Random Bit Generator (DRBG)
 
 
 FIPS186-4:
    
-PQG(ver)PARMS TESTED:       [(1024,160) SHA(1); ]
    
-SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    
+PQG(ver)PARMS TESTED:       [(1024,160) SHA(1)]
    
+SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    
 SHS: Val# 3649
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
    
 
    Version 7.00.2872
    
 
 
 FIPS186-4:
    
-PQG(ver)PARMS TESTED:       [(1024,160) SHA(1); ]
    
-SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    
+PQG(ver)PARMS TESTED:       [(1024,160) SHA(1)]
    
+SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    
 SHS: Val#3648
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
    
 
    Version 8.00.6246
    
@@ -3310,7 +3317,7 @@ PQG(gen)    PARMS TESTED: [
    
 PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 KeyPairGen:    [(2048,256); (3072,256)]
    
 SIG(gen)PARMS TESTED:   [(2048,256)
    
-SHA(256); (3072,256) SHA(256); ]
    
+SHA(256); (3072,256) SHA(256)]
    
 SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 3347
    
 DRBG: Val# 1217
    
@@ -3320,7 +3327,7 @@ DRBG: 
 
    FIPS186-4:
    
 PQG(gen)    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
-KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 3047
    
 DRBG: Val# 955
    
@@ -3332,7 +3339,7 @@ DRBG: Val# 2886
    
 DRBG: Val# 868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
    
@@ -3345,11 +3352,11 @@ PQG(gen)    PARMS TESTED:   [
    
 PQG(ver)PARMS TESTED:   [(2048,256)
    
 SHA(256); (3072,256) SHA(256)]
    
 KeyPairGen:    [(2048,256); (3072,256)]
    
-SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 2373
    
 DRBG: Val# 489
    
-
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
    
+
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
    
 
    Version 6.3.9600
    
 
 
@@ -3361,11 +3368,11 @@ DRBG: #1903
    
 DRBG: #258
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.
    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
 
 
@@ -3374,7 +3381,7 @@ PQG(ver) MOD(1024);
    
 SIG(ver) MOD(1024);
    
 SHS: #1902
    
 DRBG: #258
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
 
 
@@ -3382,7 +3389,7 @@ Some of the previously validated components for this validation have been remove
 SIG(ver) MOD(1024);
    
 SHS: Val# 1773
    
 DRBG: Val# 193
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.
 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
 
 
@@ -3390,7 +3397,7 @@ Some of the previously validated components for this validation have been remove
 SIG(ver) MOD(1024);
    
 SHS: Val# 1081
    
 DRBG: Val# 23
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.
 
    Windows Server 2008 R2 and SP1 CNG algorithms #391
    
 
    Windows 7 Ultimate and SP1 CNG algorithms #386
    
 
@@ -3399,7 +3406,7 @@ Some of the previously validated components for this validation have been remove
 SIG(ver) MOD(1024);
    
 SHS: Val# 1081
    
 RNG: Val# 649
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.
 
    Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390
    
 
    Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385
    
 
@@ -3407,7 +3414,7 @@ Some of the previously validated components for this validation have been remove
 FIPS186-2:
    
 SIG(ver)     MOD(1024);
    
 SHS: Val# 753
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.
 
    Windows Server 2008 CNG algorithms #284
    
 
    Windows Vista Ultimate SP1 CNG algorithms #283
    
 
@@ -3416,7 +3423,7 @@ Some of the previously validated components for this validation have been remove
 SIG(ver) MOD(1024);
    
 SHS: Val# 753
    
 RNG: Val# 435
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.
 
    Windows Server 2008 Enhanced DSS (DSSENH) #282
    
 
    Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281
    
 
@@ -3425,7 +3432,7 @@ Some of the previously validated components for this validation have been remove
 SIG(ver) MOD(1024);
    
 SHS: Val# 618
    
 RNG: Val# 321
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.
 
    Windows Vista CNG algorithms #227
    
 
    Windows Vista Enhanced DSS (DSSENH) #226
    
 
@@ -3434,7 +3441,7 @@ Some of the previously validated components for this validation have been remove
 SIG(ver) MOD(1024);
    
 SHS: Val# 784
    
 RNG: Val# 448
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.
 Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
 
 
@@ -3442,7 +3449,7 @@ Some of the previously validated components for this validation have been remove
 SIG(ver) MOD(1024);
    
 SHS: Val# 783
    
 RNG: Val# 447
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.
 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
 
 
@@ -3548,7 +3555,7 @@ SHS: SHA-1 (BYTE)
    
 
 
 
    Prerequisite: SHS #2373, DRBG #489
    
-
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
    
+
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
    
 
    Version 6.3.9600
    
 
 
@@ -3892,7 +3899,7 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
 SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val#2373
    
 DRBG: Val# 489
    
-
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
    
+
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
    
 
    Version 6.3.9600
    
 
 
@@ -3900,7 +3907,7 @@ DRBG: #1903
    
 DRBG: #258
    
-SIG(ver):CURVES(P-256 P-384 P-521)
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: #1903
    
 DRBG: #258
    
 
    FIPS186-4:
    
@@ -3909,7 +3916,7 @@ PKG: CURVES    (P-256 P-384 P-521 ExtraRandomBits)
    
 SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS: #1903
    
 DRBG: #258
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.
    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341
 
 
@@ -3926,7 +3933,7 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
 SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS: Val#1773
    
 DRBG: Val# 193
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.
    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.
    
 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
 
 
@@ -3937,7 +3944,7 @@ PKG: CURVES(P-256 P-384 P-521)
    
 SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#1081
    
 DRBG: Val# 23
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.
 
    Windows Server 2008 R2 and SP1 CNG algorithms #142
    
 
    Windows 7 Ultimate and SP1 CNG algorithms #141
    
 
@@ -3947,7 +3954,7 @@ PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#753
    
 SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#753
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.
 
    Windows Server 2008 CNG algorithms #83
    
 
    Windows Vista Ultimate SP1 CNG algorithms #82
    
 
@@ -3959,7 +3966,7 @@ PKG: CURVES(P-256 P-384 P-521)
    
 SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#618
    
 RNG: Val# 321
    
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.
 Windows Vista CNG algorithms #60
 
 
@@ -4219,7 +4226,7 @@ SHS Val#2373
    
 
    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    
 SHS Val#2373
    
-
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
    
+
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
    
 
    Version 6.3.9600
    
 
 
@@ -4500,7 +4507,7 @@ SHS 
 
 
-
  • One Pass DH:
    • 
+
  • One-Pass DH:
    •