Merge pull request #4476 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)

windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md

@@ -26,7 +26,7 @@ ms.custom: bitlocker
 This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it.
 
 Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.
-Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers.
+Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can make it difficult for enterprises to roll out software patches to unattended desktops and remotely administered servers.
 
 Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the key for Network Unlock is composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session.
 

windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md

@@ -196,7 +196,7 @@ Value | Description
 **5.** | If present, NX protections are available.
 **6.** | If present, SMM mitigations are available.
 **7.** | If present, Mode Based Execution Control is available.
-
+**8.** | If present, APIC virtualization is available.
 
 #### InstanceIdentifier
 
@@ -227,6 +227,7 @@ Value | Description
 **1.** | If present, Windows Defender Credential Guard is configured.
 **2.** | If present, HVCI is configured.
 **3.** | If present, System Guard Secure Launch is configured.
+**4.** | If present, SMM Firmware Measurement is configured.
 
 #### SecurityServicesRunning
 
@@ -238,6 +239,7 @@ Value | Description
 **1.** | If present, Windows Defender Credential Guard is running.
 **2.** | If present, HVCI is running.
 **3.** | If present, System Guard Secure Launch is running.
+**4.** | If present, SMM Firmware Measurement is running.
 
 #### Version
 

windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md

@@ -44,7 +44,7 @@ Once activated, Microsoft Defender for Endpoint will immediately start forwardin
 
 ## View the data collected
 
-To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security).
+To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/mde-integration#investigate-devices-in-cloud-app-security).
 
 
 For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).