From 0d1cefddef9c88ddedcc7993e3b22756e9d10c66 Mon Sep 17 00:00:00 2001
From: v-pegao <v-pegao@users.noreply.github.com>
Date: Thu, 26 Dec 2019 15:12:21 +0800
Subject: [PATCH 01/28] Remove double quote

---
 windows/deployment/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index 9530728934..33f5976173 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -28,7 +28,7 @@ sections:
     - href: windows-10-deployment-scenarios
       html: <p>Understand the different ways that Windows 10 can be deployed</p>
       image:
-        src: https://docs.microsoft.com/media/common/i_deploy.svg"
+        src: https://docs.microsoft.com/media/common/i_deploy.svg
       title: Windows 10 deployment scenarios
     - href: update
       html: <p>Update Windows 10 in the enterprise</p>

From 81b25acdc95ecf7024d3bf59c45d74bff20a6d91 Mon Sep 17 00:00:00 2001
From: Mati Goldberg <matig@MININT-KDBVG2A.redmond.corp.microsoft.com>
Date: Fri, 10 Apr 2020 03:38:03 +0300
Subject: [PATCH 02/28] added missing endpoints

---
 .../microsoft-defender-atp/microsoft-defender-atp-mac.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index a22b112426..fe71625482 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -74,9 +74,9 @@ The following table lists the services and their associated URLs that your netwo
 | Service location                         | DNS record              |
 | ---------------------------------------- | ----------------------- |
 | Common URLs for all locations            |  x.cp.wd.microsoft.com <br/> cdn.x.cp.wd.microsoft.com <br/> eu-cdn.x.cp.wd.microsoft.com <br/> wu-cdn.x.cp.wd.microsoft.com <br/> officecdn-microsoft-com.akamaized.net <br/> crl.microsoft.com <br/>  events.data.microsoft.com |
-| European Union                           | europe.x.cp.wd.microsoft.com <br/> eu-v20.events.data.microsoft.com <br/> usseu1northprod.blob.core.windows.net <br/> usseu1westprod.blob.core.windows.net |
-| United Kingdom                           | unitedkingdom.x.cp.wd.microsoft.com <br/> uk-v20.events.data.microsoft.com <br/> ussuk1southprod.blob.core.windows.net <br/> ussuk1westprod.blob.core.windows.net |
-| United States                            | unitedstates.x.cp.wd.microsoft.com  <br/> us-v20.events.data.microsoft.com <br/> ussus1eastprod.blob.core.windows.net <br/> ussus1westprod.blob.core.windows.net |
+| European Union                           | europe.x.cp.wd.microsoft.com <br/> eu-v20.events.data.microsoft.com <br/> usseu1northprod.blob.core.windows.net <br/> usseu1westprod.blob.core.windows.net <br/> winatp-gw-weu.microsoft.com <br/> winatp-gw-neu.microsoft.com |
+| United Kingdom                           | unitedkingdom.x.cp.wd.microsoft.com <br/> uk-v20.events.data.microsoft.com <br/> ussuk1southprod.blob.core.windows.net <br/> ussuk1westprod.blob.core.windows.net <br/> winatp-gw-ukw.microsoft.com <br/> winatp-gw-uks.microsoft.com |
+| United States                            | unitedstates.x.cp.wd.microsoft.com  <br/> us-v20.events.data.microsoft.com <br/> ussus1eastprod.blob.core.windows.net <br/> ussus1westprod.blob.core.windows.net <br/> winatp-gw-cus.microsoft.com <br/> winatp-gw-eus.microsoft.com |
 
 Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
 - Proxy auto-config (PAC)

From e28f537634559e97623c9a2ee9b5c3aaefdf757a Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Thu, 23 Apr 2020 22:35:19 +0200
Subject: [PATCH 03/28] Identity Protection/VPN: grammar, links & spacing

As reported in issue ticket #6556 (Traffic filter sentence incomplete),
there is a missing part in the sentence "Network admins to effectively
add interface specific firewall rules on the VPN Interface." to make it
work as a full descriptive sentence in this context. This PR aims to
correct this issue, in addition to various other adjustments.

Thanks to klishb for reporting this issue.

Changes proposed:
- Add the missing part of the Traffic Filters sentence
- Update 2 outdated and permanently redirected MSDN links
- Uppercase adjustments for "Traffic filters" & "Lockdown"
- Add MarkDown indent marker compatibility spacing in the Note blob
- Reduce bullet point spacing from 3 to 1 in the "Applies to" section
- Remove all redundant end-of-line spacing
- Add missing space after the corrected sentence (after the period)

Ticket closure or reference:

Closes #6556
---
 .../vpn/vpn-security-features.md              | 33 +++++++++----------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index 18e7b41ec9..22517e110c 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -8,7 +8,7 @@ ms.pagetype: security, networking
 author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ---
@@ -16,8 +16,8 @@ ms.author: dansimp
 # VPN security features
 
 **Applies to**
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 10 Mobile
 
 
 ## LockDown VPN
@@ -29,51 +29,50 @@ A VPN profile configured with LockDown secures the device to only allow network
 - The user cannot delete or modify the VPN profile.
 - The VPN LockDown profile uses forced tunnel connection.
 - If the VPN connection is not available, outbound network traffic is blocked.
-- Only one VPN LockDown profile is allowed on a device. 
+- Only one VPN LockDown profile is allowed on a device.
 
->[!NOTE]
->For built-in VPN, Lockdown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
-
-Deploy this feature with caution as the resultant connection will not be able to send or receive any network traffic without the VPN being connected. 
+> [!NOTE]
+> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
 
+Deploy this feature with caution as the resultant connection will not be able to send or receive any network traffic without the VPN being connected.
 
 
 ## Windows Information Protection (WIP) integration with VPN
 
 Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally.
 
-The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) allows a Windows 10 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
+The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
 
 - Core functionality: File encryption and file access blocking
 - UX policy enforcement: Restricting copy/paste, drag/drop, and sharing operations
 - WIP network policy enforcement: Protecting intranet resources over the corporate network and VPN
 - Network policy enforcement: Protecting SMB and Internet cloud resources over the corporate network and VPN
 
-The value of the **EdpModeId** is an Enterprise ID. The networking stack will look for this ID in the app token to determine whether VPN should be triggered for that particular app. 
+The value of the **EdpModeId** is an Enterprise ID. The networking stack will look for this ID in the app token to determine whether VPN should be triggered for that particular app.
 
 Additionally, when connecting with WIP, the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced configuration is needed) because the WIP policies and App lists automatically take effect.
 
 [Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip)
 
 
-## Traffic filters
+## Traffic Filters
 
-Traffic Filters give enterprises the ability to decide what traffic is allowed into the corporate network based on policy. Network admins to effectively add interface specific firewall rules on the VPN Interface.There are two types of Traffic Filter rules:
+Traffic Filters give enterprises the ability to decide what traffic is allowed into the corporate network based on policy. Network admins can use Traffic Filters to effectively add interface specific firewall rules on the VPN Interface. There are two types of Traffic Filter rules:
 
 - App-based rules. With app-based rules, a list of applications can be marked such that only traffic originating from these apps is allowed to go over the VPN interface.
 - Traffic-based rules. Traffic-based rules are 5-tuple policies (ports, addresses, protocol) that can be specified such that only traffic matching these rules is allowed to go over the VPN interface.
 
-There can be many sets of rules which are linked by OR. Within each set, there can be app-based rules and traffic-based rules; all the properties within the set will be linked by AND. In addition, these rules can be applied at a per-app level or a per-device level. 
+There can be many sets of rules which are linked by OR. Within each set, there can be app-based rules and traffic-based rules; all the properties within the set will be linked by AND. In addition, these rules can be applied at a per-app level or a per-device level.
 
-For example, an admin could define rules that specify: 
+For example, an admin could define rules that specify:
 
-- The Contoso HR App must be allowed to go through the VPN and only access port 4545. 
+- The Contoso HR App must be allowed to go through the VPN and only access port 4545.
 - The Contoso finance apps is allowed to go over the VPN and only access the Remote IP ranges of 10.10.0.40 - 10.10.0.201 on port 5889.
-- All other apps on the device should be able to access only ports 80 or 443.  
+- All other apps on the device should be able to access only ports 80 or 443.
 
 ## Configure traffic filters
 
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. 
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://docs.microsoft.com/windows/client-management/mdm/vpnv2-csp) for XML configuration.
 
 The following image shows the interface to configure traffic rules in a VPN Profile configuration policy using Microsoft Intune.
 

From 71ffe3c05ccd0342d6745c29578508839f779b18 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 23 Apr 2020 16:01:31 -0700
Subject: [PATCH 04/28] ioc indicator

---
 .../enable-network-protection.md              | 38 +++++++++--------
 .../manage-indicators.md                      | 41 ++++++++++++++++++-
 2 files changed, 61 insertions(+), 18 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
index db54d852de..8513635c3a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
@@ -28,11 +28,31 @@ You can [audit network protection](evaluate-network-protection.md) in a test env
 
 You can enable network protection by using any of these methods:
 
+* [PowerShell](#powershell)
 * [Microsoft Intune](#intune)
 * [Mobile Device Management (MDM)](#mdm)
 * [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
 * [Group Policy](#group-policy)
-* [PowerShell](#powershell)
+
+## PowerShell
+
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+    ```PowerShell
+    Set-MpPreference -EnableNetworkProtection Enabled
+    ```
+
+You can enable the feature in audit mode using the following cmdlet:
+
+```PowerShell
+Set-MpPreference -EnableNetworkProtection AuditMode
+```
+
+Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off.
+
+
+
 
 ## Intune
 
@@ -89,22 +109,6 @@ You can confirm network protection is enabled on a local computer by using Regis
    * 1=On
    * 2=Audit
 
-## PowerShell
-
-1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
-2. Enter the following cmdlet:
-
-    ```PowerShell
-    Set-MpPreference -EnableNetworkProtection Enabled
-    ```
-
-You can enable the feature in audit mode using the following cmdlet:
-
-```PowerShell
-Set-MpPreference -EnableNetworkProtection AuditMode
-```
-
-Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index 76908992e4..4f3be8bbf1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -114,7 +114,7 @@ By creating indicators for IPs and URLs or domains, you can now allow or block I
 
 ### Before you begin
 It's important to understand the following prerequisites prior to creating indicators for IPS, URLs, or domains:
-- URL/IP allow and block relies on the Microsoft Defender ATP component Network Protection to be enabled in block mode. For more information on Network Protection and configuration instructions, see [Protect your network](network-protection.md).
+- URL/IP allow and block relies on the Microsoft Defender ATP component Network Protection to be enabled in block mode. For more information on Network Protection and configuration instructions, see [Enable network protection](enable-network-protection.md).
 - The Antimalware client version must be 4.18.1906.x or later. 
 - Supported on machines on Windows 10, version 1709 or later. 
 - Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center > Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).
@@ -147,6 +147,45 @@ It's important to understand the following prerequisites prior to creating indic
 
 5. Review the details in the Summary tab, then click **Save**.
 
+## Create indicators for certificates 
+
+You can create indicators for certificates. Some common use cases include:
+
+- Deploying blocking technologies, such as [attack surface reduction rules](attack-surface-reduction.md) but allow behaviors from signed applications using certificate whitelisting.
+- Blocking the use of a specific signed application across your organization. Using the certificate 'block' indicator, Windows Defender AV will prevent file executions (block and remediate) and the Automated Investigation and Remediation behave the same.
+
+### Before you begin
+
+It's important to understand the following requirements prior to creating indicators for certifications:
+
+- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
+- Supported on machines on Windows 10, version 1703 or later.
+- The Antimalware client version must be  or later.
+- The Engine version must be x or later.
+- This feature currently supports entering … or … 
+
+>[!IMPORTANT]
+> - A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft.  Alternatively, a custom (self-signed) certificate can be used as long as it’s trusted by the client (Root CA certificate is installed under the Local Machine 'Trusted Root Certification Authorities').
+>- The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality – only leaf certificates are supported.
+>- Microsoft signed certificates cannot be blocked.
+
+#### Create an indicator for certificates from the settings page:
+
+>[!IMPORTANT]
+> It can take up to 3 hours to create and remove a certificate IoC.
+
+1. In the navigation pane, select **Settings** > **Indicators**.  
+
+2. Select the **Certificate** tab.
+
+3. Select **Add indicator**.
+
+4. Specify the following details:
+   - Indicator - Specify the entity details and define the expiration of the indicator.
+   - Action - Specify the action to be taken and provide a description.
+   - Scope - Define the scope of the machine group.
+
+5. Review the details in the Summary tab, then click **Save**.
 
 
 ## Manage indicators

From 4e3d87b932c0bb6faeec39611caa9691d5e2da3a Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 23 Apr 2020 16:15:30 -0700
Subject: [PATCH 05/28] fix links

---
 windows/security/threat-protection/TOC.md                       | 2 +-
 .../microsoft-defender-atp/network-protection.md                | 2 +-
 .../microsoft-defender-smartscreen-available-settings.md        | 2 +-
 .../microsoft-defender-smartscreen-overview.md                  | 2 +-
 .../microsoft-defender-smartscreen-set-individual-device.md     | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index e999dcb51f..14747e59ee 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -82,7 +82,7 @@
 #### [Network protection]()
 ##### [Protect your network](microsoft-defender-atp/network-protection.md)
 ##### [Network protection evaluation](microsoft-defender-atp/evaluate-network-protection.md)
-
+##### [Enable network protection](microsoft-defender-atp/enable-network-protection.md)
  
 #### [Web protection]()
 ##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index 64488a550e..991b2dbb25 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -27,7 +27,7 @@ ms.custom: asr
 
 Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
 
-Network protection expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
+Network protection expands the scope of [Windows Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
 
 Network protection is supported beginning with Windows 10, version 1709. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 8181c99856..60760b7cac 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -214,7 +214,7 @@ To better help you protect your organization, we recommend turning on and using
 ## Related topics
 - [Threat protection](../index.md)
 
-- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
+- [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen-overview.md)
 
 - [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies)
 
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index cb81f9cb97..973fe53199 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -49,7 +49,7 @@ Microsoft Defender SmartScreen provide an early warning system against websites
 
 - **Improved heuristics and diagnostic data.** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
 
-- **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md).
+- **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md).
 
 - **Blocking URLs associated with potentially unwanted applications.** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md).
 
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
index dd2eb47e6c..728d759855 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
@@ -82,7 +82,7 @@ Microsoft Defender SmartScreen can be configured to warn users from going to a p
 ## Related topics
 - [Threat protection](../index.md)
 
-- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
+- [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen-overview.md)
 
 >[!NOTE]
 >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

From ea093289b4a27d658ace878d0a776a94c3a2204a Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 23 Apr 2020 16:21:49 -0700
Subject: [PATCH 06/28] update name

---
 .../overview-of-threat-mitigations-in-windows-10.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index fe80c5c8a4..ee51de1614 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -86,7 +86,7 @@ Windows Defender SmartScreen notifies users if they click on reported phishing a
 
 For Windows 10, Microsoft improved SmartScreen (now called Windows Defender SmartScreen) protection capability by integrating its app reputation abilities into the operating system itself, which allows Windows Defender SmartScreen to check the reputation of files downloaded from the Internet and warn users when they’re about to run a high-risk downloaded file. The first time a user runs an app that originates from the Internet, Windows Defender SmartScreen checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, Windows Defender SmartScreen warns the user or blocks execution entirely, depending on how the administrator has configured Microsoft Intune or Group Policy settings.
 
-For more information, see [Windows Defender SmartScreen overview](windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
+For more information, see [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md).
 
 ### Windows Defender Antivirus
 

From a5132dd716ec30985497effaa9f7969f3dac79fc Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 23 Apr 2020 16:25:23 -0700
Subject: [PATCH 07/28] preview

---
 .../microsoft-defender-atp/manage-indicators.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index 4f3be8bbf1..ef48d72ec9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -105,7 +105,7 @@ When you add an indicator hash for a file, you can choose to raise an alert and
 
 Files automatically blocked by an indicator won't show up in the file's Action center, but the alerts will still be visible in the Alerts queue.
 
-## Create indicators for IPs and URLs/domains (preview)
+## Create indicators for IPs and URLs/domains 
 Microsoft Defender ATP can block what Microsoft deems as malicious IPs/URLs, through Windows Defender SmartScreen for Microsoft browsers, and through Network Protection for non-Microsoft browsers or calls made outside of a browser.
 
 The threat intelligence data set for this has been managed by Microsoft.
@@ -147,7 +147,7 @@ It's important to understand the following prerequisites prior to creating indic
 
 5. Review the details in the Summary tab, then click **Save**.
 
-## Create indicators for certificates 
+## Create indicators for certificates (preview)
 
 You can create indicators for certificates. Some common use cases include:
 

From a1ddbda0d032c0cc5d8921a1299178436ab2e8d8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 23 Apr 2020 16:40:20 -0700
Subject: [PATCH 08/28] fix link

---
 ...lock-potentially-unwanted-apps-windows-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index 3fb436099a..5837348f1d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -41,7 +41,7 @@ Potentially unwanted applications can increase the risk of your network being in
 
 ### Microsoft Edge
 
-The next major version of Microsoft Edge, which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
+The next major version of Microsoft Edge, which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Windows Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md).
 
 #### Enable PUA protection in Chromium-based Microsoft Edge
 

From d8826587b3643021424ea677a65c034f808aecb1 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 24 Apr 2020 04:00:39 +0200
Subject: [PATCH 09/28] grammar detail

* is/are

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../security/identity-protection/vpn/vpn-security-features.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index 22517e110c..75bd493fbf 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -67,7 +67,7 @@ There can be many sets of rules which are linked by OR. Within each set, there c
 For example, an admin could define rules that specify:
 
 - The Contoso HR App must be allowed to go through the VPN and only access port 4545.
-- The Contoso finance apps is allowed to go over the VPN and only access the Remote IP ranges of 10.10.0.40 - 10.10.0.201 on port 5889.
+- The Contoso finance apps are allowed to go over the VPN and only access the Remote IP ranges of 10.10.0.40 - 10.10.0.201 on port 5889.
 - All other apps on the device should be able to access only ports 80 or 443.
 
 ## Configure traffic filters

From 35ad2b06890c6625ce7709947dfe4fa3637aa936 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Fri, 24 Apr 2020 04:22:36 +0200
Subject: [PATCH 10/28] Readability commas & sentence structure

- 3 readability commas added, to gain focus
- "such that" does not aid readability much
---
 .../identity-protection/vpn/vpn-security-features.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index 75bd493fbf..0ac0b47d38 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -8,7 +8,7 @@ ms.pagetype: security, networking
 author: dulcemontemayor
 ms.localizationpriority: medium
 ms.date: 07/27/2017
-ms.reviewer:
+ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ---
@@ -34,12 +34,12 @@ A VPN profile configured with LockDown secures the device to only allow network
 > [!NOTE]
 > For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
 
-Deploy this feature with caution as the resultant connection will not be able to send or receive any network traffic without the VPN being connected.
+Deploy this feature with caution, as the resultant connection will not be able to send or receive any network traffic without the VPN being connected.
 
 
 ## Windows Information Protection (WIP) integration with VPN
 
-Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally.
+Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices, without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally.
 
 The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
 
@@ -59,8 +59,8 @@ Additionally, when connecting with WIP, the admin does not have to specify AppTr
 
 Traffic Filters give enterprises the ability to decide what traffic is allowed into the corporate network based on policy. Network admins can use Traffic Filters to effectively add interface specific firewall rules on the VPN Interface. There are two types of Traffic Filter rules:
 
-- App-based rules. With app-based rules, a list of applications can be marked such that only traffic originating from these apps is allowed to go over the VPN interface.
-- Traffic-based rules. Traffic-based rules are 5-tuple policies (ports, addresses, protocol) that can be specified such that only traffic matching these rules is allowed to go over the VPN interface.
+- App-based rules. With app-based rules, a list of applications can be marked to allow only traffic originating from these apps to go over the VPN interface.
+- Traffic-based rules. Traffic-based rules are 5-tuple policies (ports, addresses, protocol) that can be specified to allow only traffic matching these rules to go over the VPN interface.
 
 There can be many sets of rules which are linked by OR. Within each set, there can be app-based rules and traffic-based rules; all the properties within the set will be linked by AND. In addition, these rules can be applied at a per-app level or a per-device level.
 
@@ -74,7 +74,7 @@ For example, an admin could define rules that specify:
 
 See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://docs.microsoft.com/windows/client-management/mdm/vpnv2-csp) for XML configuration.
 
-The following image shows the interface to configure traffic rules in a VPN Profile configuration policy using Microsoft Intune.
+The following image shows the interface to configure traffic rules in a VPN Profile configuration policy, using Microsoft Intune.
 
 ![Add a traffic rule](images/vpn-traffic-rules.png)
 

From 58c4adef2f599967d991272478853499b6597564 Mon Sep 17 00:00:00 2001
From: Louie Mayor <louie.mayor@microsoft.com>
Date: Thu, 23 Apr 2020 20:50:33 -0700
Subject: [PATCH 11/28] Remove beta in AH schema

---
 .openpublishing.redirection.json                       |  5 +++++
 windows/security/threat-protection/TOC.md              |  2 +-
 ...nced-hunting-devicefilecertificateinfobeta-table.md | 10 +++++-----
 .../advanced-hunting-schema-reference.md               |  2 +-
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index f4483bee95..abb6c746ef 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1001,6 +1001,11 @@
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table",
+"redirect_document_id": true
+    },
+{
 "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table",
 "redirect_document_id": true
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index e999dcb51f..5e11ce615d 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -356,7 +356,7 @@
 ##### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
 ##### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
 ##### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
-##### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
+##### [DeviceFileCertificateInfo](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md)
 ##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
 ##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
 ##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
index f386c93d96..4cb464a3c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
@@ -1,7 +1,7 @@
 ---
-title: DeviceFileCertificateInfoBeta table in the advanced hunting schema
-description: Learn about file signing information in the DeviceFileCertificateInfoBeta table of the advanced hunting schema
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, digital signature, certificate, file signing, DeviceFileCertificateInfoBeta
+title: DeviceFileCertificateInfo table in the advanced hunting schema
+description: Learn about file signing information in the DeviceFileCertificateInfo table of the advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, digital signature, certificate, file signing, DeviceFileCertificateInfo
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -18,7 +18,7 @@ ms.topic: article
 ms.date: 01/14/2020
 ---
 
-# DeviceFileCertificateInfoBeta
+# DeviceFileCertificateInfo
 
 **Applies to:**
 
@@ -28,7 +28,7 @@ ms.date: 01/14/2020
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-The `DeviceFileCertificateInfoBeta` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.
+The `DeviceFileCertificateInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.
 
 For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
index e90dbf5e55..c371fcba4f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
@@ -47,7 +47,7 @@ Table and column names are also listed within the Microsoft Defender Security Ce
 | **[DeviceLogonEvents](advanced-hunting-devicelogonevents-table.md)** | Sign-ins and other authentication events |
 | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events |
 | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
-| **[DeviceFileCertificateInfoBeta](advanced-hunting-devicefilecertificateinfobeta-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints |
+| **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints |
 | **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-tvm-softwareinventory-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products |
 | **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-tvm-softwarevulnerability-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
 | **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-tvm-configassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |

From 51abfdac4176364d6e96e170c965d277c8bbfaef Mon Sep 17 00:00:00 2001
From: Louie Mayor <louie.mayor@microsoft.com>
Date: Thu, 23 Apr 2020 21:27:36 -0700
Subject: [PATCH 12/28] Rename beta file

---
 ...ble.md => advanced-hunting-devicefilecertificateinfo-table.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-devicefilecertificateinfobeta-table.md => advanced-hunting-devicefilecertificateinfo-table.md} (100%)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md

From a8f25725e8d6b8383055020b3ff750e5435ae5f5 Mon Sep 17 00:00:00 2001
From: Louie Mayor <louie.mayor@microsoft.com>
Date: Thu, 23 Apr 2020 21:48:58 -0700
Subject: [PATCH 13/28] Update
 advanced-hunting-devicefilecertificateinfo-table.md

---
 .../advanced-hunting-devicefilecertificateinfo-table.md         | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
index 4cb464a3c3..4d1315f233 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
@@ -26,8 +26,6 @@ ms.date: 01/14/2020
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-[!include[Prerelease information](../../includes/prerelease.md)]
-
 The `DeviceFileCertificateInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.
 
 For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).

From a9df87cf2cd940d88a1ae0543dfe4c872d57ff30 Mon Sep 17 00:00:00 2001
From: Obi Eze Ajoku <62227226+linque1@users.noreply.github.com>
Date: Fri, 24 Apr 2020 08:27:48 -0700
Subject: [PATCH 14/28] GPs and REG entry fixes

Inking & Typing GP fix, Account Info REG fix and Voice Activation GP edit
---
 ...ting-system-components-to-microsoft-services.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 6dd9518dcf..918937a2b4 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1073,7 +1073,7 @@ To turn off **Let apps access my name, picture, and other account info**:
 
   -or-
 
-- Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 
 
@@ -1413,11 +1413,15 @@ To turn this off:
 
 In the **Inking & Typing** area you can configure the functionality as such: 
 
-To turn off Inking & Typing data collection (note: there is no Group Policy for this setting):
+To turn off Inking & Typing data collection:
 
-- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Inking and typing** and turn **Improve inking & typing** to **Off** 
+- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Improve inking and typing** and turn it to **Off** 
 
   -or-
+  
+  **Disable** the Group Policy: **Computer Configuration > Administrative Templates > Windows Components > Text Input > Improve inking and typing recognition**
+  
+  -or-
 
 - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)**
 
@@ -1467,11 +1471,11 @@ To turn this Off in the UI:
 
 -OR-
 
-- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** >  named **Let Windows apps activate with voice** 
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** >  named **Let Windows apps activate with voice** and set the **Select a setting** box to **Force Deny**
 
      -and-
 
-- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** >  named **Let Windows apps activate with voice while the system is locked** 
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** >  named **Let Windows apps activate with voice while the system is locked** box to **Force Deny**
 
 
 -OR-

From a52a78eda28935e9fc436cf53b09a0a44a9c2cb8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 24 Apr 2020 10:58:13 -0700
Subject: [PATCH 15/28] edits

---
 .../microsoft-defender-atp/manage-indicators.md      | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index ef48d72ec9..c2674dbb21 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -151,8 +151,11 @@ It's important to understand the following prerequisites prior to creating indic
 
 You can create indicators for certificates. Some common use cases include:
 
-- Deploying blocking technologies, such as [attack surface reduction rules](attack-surface-reduction.md) but allow behaviors from signed applications using certificate whitelisting.
-- Blocking the use of a specific signed application across your organization. Using the certificate 'block' indicator, Windows Defender AV will prevent file executions (block and remediate) and the Automated Investigation and Remediation behave the same.
+- Scenarios when you need to deploy blocking technologies, such as [attack surface reduction rules](attack-surface-reduction.md) but need to allow behaviors from signed applications by using the adding the certificate in the allow list.
+- Blocking the use of a specific signed application across your organization. By creating an indicator to block the certificate of the application, Windows Defender AV will prevent file executions (block and remediate) and the Automated Investigation and Remediation behave the same.
+- 
+
+
 
 ### Before you begin
 
@@ -160,9 +163,8 @@ It's important to understand the following requirements prior to creating indica
 
 - This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
 - Supported on machines on Windows 10, version 1703 or later.
-- The Antimalware client version must be  or later.
-- The Engine version must be x or later.
-- This feature currently supports entering … or … 
+- The Antimalware client version must be  4.18.1901.x or later.
+- The virus and threat protection definitions must be up-to-date.
 
 >[!IMPORTANT]
 > - A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft.  Alternatively, a custom (self-signed) certificate can be used as long as it’s trusted by the client (Root CA certificate is installed under the Local Machine 'Trusted Root Certification Authorities').

From a5da7d7719dc3ca2fc8ed6846e85ba8703115ff2 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 24 Apr 2020 11:37:28 -0700
Subject: [PATCH 16/28] edits

---
 .../microsoft-defender-atp/manage-indicators.md            | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index c2674dbb21..f93b12d0ad 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -69,6 +69,7 @@ There are two ways you can create indicators for files:
 
 ### Before you begin
 It's important to understand the following prerequisites prior to creating indicators for files:
+
 - This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
 - The Antimalware client version must be 4.18.1901.x or later.
 - Supported on machines on Windows 10, version 1703 or later.
@@ -151,10 +152,8 @@ It's important to understand the following prerequisites prior to creating indic
 
 You can create indicators for certificates. Some common use cases include:
 
-- Scenarios when you need to deploy blocking technologies, such as [attack surface reduction rules](attack-surface-reduction.md) but need to allow behaviors from signed applications by using the adding the certificate in the allow list.
+- Scenarios when you need to deploy blocking technologies, such as [attack surface reduction rules](attack-surface-reduction.md) and [controlled folder access](controlled-folders.md) but need to allow behaviors from signed applications by adding the certificate in the allow list.
 - Blocking the use of a specific signed application across your organization. By creating an indicator to block the certificate of the application, Windows Defender AV will prevent file executions (block and remediate) and the Automated Investigation and Remediation behave the same.
-- 
-
 
 
 ### Before you begin
@@ -162,8 +161,8 @@ You can create indicators for certificates. Some common use cases include:
 It's important to understand the following requirements prior to creating indicators for certifications:
 
 - This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
-- Supported on machines on Windows 10, version 1703 or later.
 - The Antimalware client version must be  4.18.1901.x or later.
+- Supported on machines on Windows 10, version 1703 or later.
 - The virus and threat protection definitions must be up-to-date.
 
 >[!IMPORTANT]

From b21891d0f20ee66a596ef09d7d6ca59371e73de6 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 24 Apr 2020 11:50:54 -0700
Subject: [PATCH 17/28] typo

---
 .../microsoft-defender-atp/manage-indicators.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index f93b12d0ad..e04c52cc32 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -158,7 +158,7 @@ You can create indicators for certificates. Some common use cases include:
 
 ### Before you begin
 
-It's important to understand the following requirements prior to creating indicators for certifications:
+It's important to understand the following requirements prior to creating indicators for certificates:
 
 - This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
 - The Antimalware client version must be  4.18.1901.x or later.

From 5dd024466cade8dff7f4e70777f4ef8e1366192f Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 24 Apr 2020 11:54:01 -0700
Subject: [PATCH 18/28] fix warning

---
 ...lock-potentially-unwanted-apps-windows-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index 91816a7033..612a4ddb65 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -62,7 +62,7 @@ Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft
 Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can
 [configure Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Windows Defender SmartScreen on or off.
 
-Although Microsoft Defender ATP has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md#create-indicators-for-ips-and-urlsdomains-preview) in the Microsoft Defender ATP portal, Windows Defender SmartScreen will respect the new settings.
+Although Microsoft Defender ATP has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md#create-indicators-for-ips-and-urlsdomains) in the Microsoft Defender ATP portal, Windows Defender SmartScreen will respect the new settings.
 
 ### Windows Defender Antivirus
 

From 9e5a8bf3e72e11c7795633ed08e0e90d111a654d Mon Sep 17 00:00:00 2001
From: Todd Lyon <19413953+tmlyon@users.noreply.github.com>
Date: Fri, 24 Apr 2020 12:10:46 -0700
Subject: [PATCH 19/28] Update hololens-insider.md

Fix typo in speech command section
---
 devices/hololens/hololens-insider.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index c4d1cee1a2..385eed565c 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -88,7 +88,7 @@ Provisioning packages let you set HoloLens configuration through a config file r
 1. Plug it into any freshly flashed HoloLens and press **Volume down + Power** to apply your provisioning package.
 
 ### System voice commands
-You can now can access these commands with your voice:
+You can now access these commands with your voice:
 - "Restart device"
 - "Shutdown device"
 - "Brightness up"

From 31806c89cd852e3fcb6f053302939890746311cf Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 24 Apr 2020 12:12:14 -0700
Subject: [PATCH 20/28] fix link

---
 ...lock-potentially-unwanted-apps-windows-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index 612a4ddb65..7c0db7f78f 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -62,7 +62,7 @@ Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft
 Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can
 [configure Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Windows Defender SmartScreen on or off.
 
-Although Microsoft Defender ATP has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md#create-indicators-for-ips-and-urlsdomains) in the Microsoft Defender ATP portal, Windows Defender SmartScreen will respect the new settings.
+Although Microsoft Defender ATP has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender ATP portal, Windows Defender SmartScreen will respect the new settings.
 
 ### Windows Defender Antivirus
 

From dc0062c6b87827051bfb2ccaf4fa3d89b560922d Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 25 Apr 2020 12:42:17 +0500
Subject: [PATCH 21/28] Update configure-server-endpoints.md

---
 .../microsoft-defender-atp/configure-server-endpoints.md        | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index a2550f9980..c0c8157b48 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -77,8 +77,6 @@ You'll need to take the following steps if you choose to onboard servers through
 > After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
 
 ### Configure and update System Center Endpoint Protection clients
-> [!IMPORTANT]
-> This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
 
 Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
 

From 16e9e90cee6d810cf86ba1e9c9b2d38cd7ff5a42 Mon Sep 17 00:00:00 2001
From: komsorg <33907047+komsorg@users.noreply.github.com>
Date: Mon, 27 Apr 2020 15:33:55 +0300
Subject: [PATCH 22/28] Fixed link address

Fixed link address in markdown markup.
---
 .../creating-and-managing-app-v-51-virtualized-applications.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
index c781eb4fea..a2dc196c47 100644
--- a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
+++ b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
@@ -20,7 +20,7 @@ ms.date: 06/16/2016
 After you have properly deployed the Microsoft Application Virtualization (App-V) 5.1 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
 
 **Note**  
-For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx).
 
 **Note**
 The App-V 5.x Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.

From 7ab11c6f127ec3e0f077a7e009deeda4a432f9df Mon Sep 17 00:00:00 2001
From: komsorg <33907047+komsorg@users.noreply.github.com>
Date: Mon, 27 Apr 2020 15:40:55 +0300
Subject: [PATCH 23/28] Fixed broken link

Fixed broken link to App-V 5.0 Sequencing Guide.docx
---
 .../appv-creating-and-managing-virtualized-applications.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index 197cff66cb..29d79221c5 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -18,7 +18,7 @@ ms.topic: article
 
 After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
 
-For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](<https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V_5.0_Sequencing_Guide.docx>).
+For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx).
 
 >[!NOTE]
 >The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.

From 91683a5cd6a34f752a4de8c98a1c0fe05b8066f6 Mon Sep 17 00:00:00 2001
From: Louie Mayor <louie.mayor@microsoft.com>
Date: Mon, 27 Apr 2020 08:17:31 -0700
Subject: [PATCH 24/28] Update advanced-hunting-shared-queries.md

---
 .../microsoft-defender-atp/advanced-hunting-shared-queries.md  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
index de3d5741a4..b661399a57 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
@@ -52,6 +52,9 @@ You can save a new or existing query so that it is only accessible to you or sha
 
 2. Select **Delete** and confirm deletion. Or select **Rename** and provide a new name for the query.
 
+## Create a direct link to a query
+To generate a link that opens your query directly in the advanced hunting query editor, finalize your query and select **Share link**.
+
 ## Access queries in the GitHub repository  
 Microsoft security researchers regularly share advanced hunting queries in a [designated public repository on GitHub](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). This repository is open to contributions. To contribute, [join GitHub for free](https://github.com/). 
 

From 83feacbc67116d1cd92c109b2d5ed950e84716e7 Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Mon, 27 Apr 2020 09:21:39 -0700
Subject: [PATCH 25/28] Update index.yml

---
 devices/surface/index.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/devices/surface/index.yml b/devices/surface/index.yml
index d9d7043dc2..cd2e9ae131 100644
--- a/devices/surface/index.yml
+++ b/devices/surface/index.yml
@@ -30,12 +30,7 @@ additionalContent:
         # Card
         - title: Surface Hub documentation
           summary: Learn how to deploy and manage Surface Hub 2S, the all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device. 
-          url: https://docs.microsoft.com/surface-hub/index
-         # Card
-        - title: Surface Hub adoption guidance
-          summary: Get best practices for technical readiness and adoption across your lines of business. 
-          url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
-        
+          url: https://docs.microsoft.com/surface-hub/index     
     - title: Other resources # < 60 chars (optional)
       items:
         # Card

From 7b26000055a735324fac1c4591043d2c356c1aa2 Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Mon, 27 Apr 2020 09:31:06 -0700
Subject: [PATCH 26/28] Update index.yml

Adds adoption guidance link to Learn section
---
 devices/surface/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/devices/surface/index.yml b/devices/surface/index.yml
index cd2e9ae131..b173beeed8 100644
--- a/devices/surface/index.yml
+++ b/devices/surface/index.yml
@@ -45,6 +45,8 @@ additionalContent:
           links:
             - text: Surface training on Microsoft Learn
               url: https://docs.microsoft.com/learn/browse/?term=Surface
+            - text: Surface Hub 2S adoption guidance
+              url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
             - text: Microsoft Mechanics Surface videos
               url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ
             

From b56979cc0136e8140d8fdc4379943438c979c61b Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 27 Apr 2020 09:44:12 -0700
Subject: [PATCH 27/28] add cern pem

---
 .../microsoft-defender-atp/manage-indicators.md                  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index e04c52cc32..b2176faf1d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -164,6 +164,7 @@ It's important to understand the following requirements prior to creating indica
 - The Antimalware client version must be  4.18.1901.x or later.
 - Supported on machines on Windows 10, version 1703 or later.
 - The virus and threat protection definitions must be up-to-date.
+- This feature currently supports entering .CER or .PEM file extensions.
 
 >[!IMPORTANT]
 > - A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft.  Alternatively, a custom (self-signed) certificate can be used as long as it’s trusted by the client (Root CA certificate is installed under the Local Machine 'Trusted Root Certification Authorities').

From 061d4481412794a3cc532fb93cac598d6f5f2cd8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 27 Apr 2020 09:46:58 -0700
Subject: [PATCH 28/28] preview

---
 .../threat-protection/microsoft-defender-atp/preview.md         | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index e4676f46b6..a92e6a198a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -44,6 +44,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 ## Preview features
 
 The following features are included in the preview release:
+- [Create indicators for certificates](manage-indicators.md) <br> Create indicators to allow or block certificates. 
+
 - [Microsoft Defender ATP for Linux](microsoft-defender-atp-linux.md) <br> Microsoft Defender ATP now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender ATP for Linux.
 
  - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os) <BR> Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. <BR> <BR> Secure Configuration Assessment (SCA) supports Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, and Windows Server 2019. See [Secure Configuration Assessment (SCA) for Windows Server now in public preview](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/secure-configuration-assessment-sca-for-windows-server-now-in/ba-p/1243885) and [Reducing risk with new Threat & Vulnerability Management capabilities](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/reducing-risk-with-new-threat-amp-vulnerability-management/ba-p/978145) blogs for more information.