From 0d98c94adb25c7f6b247c7571120484ff71e912f Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 2 Jun 2020 14:33:56 -0700
Subject: [PATCH 01/30] Removed extraneous pipe character and spaces

---
 .../microsoft-defender-application-guard/faq-md-app-guard.md   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 738bf5aceb..bbe24a32b2 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -22,7 +22,8 @@ Answering frequently asked questions about Microsoft Defender Application Guard
 
 ## Frequently Asked Questions
 
-### Can I enable Application Guard on machines equipped with 4GB RAM?                                                                   |
+### Can I enable Application Guard on machines equipped with 4GB RAM?
+
 We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
 
 `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is 4 cores.)                                                   

From 6509fb24eeb806492d6c6b1d9bfa49f6eb203981 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 19 Sep 2020 19:57:17 +0500
Subject: [PATCH 02/30] Update
 review-scan-results-microsoft-defender-antivirus.md

---
 .../review-scan-results-microsoft-defender-antivirus.md     | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
index d23aa3b802..702e9274d3 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
@@ -25,12 +25,6 @@ manager: dansimp
 After an Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. 
 
 
-## Use Microsoft Intune to review scan results
-
-1. In Intune, go to **Devices > All Devices** and select the device you want to scan.
-
-2. Click the scan results in **Device actions status**.
-
 ## Use Configuration Manager to review scan results
 
 See [How to monitor Endpoint Protection status](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection).

From e386450aee97cf16301688aa9a0612ddaf240bf8 Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Sun, 20 Sep 2020 12:14:17 +0200
Subject: [PATCH 03/30] Update microsoft-defender-antivirus-compatibility.md

When using DLP, RTP will be enabled even in Passive mode.

> [!IMPORTANT]
> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection feature will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate.
---
 .../microsoft-defender-antivirus-compatibility.md               | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 200a5cd47a..c6012aeeff 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -91,6 +91,8 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir
 > [!WARNING]
 > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
 
+> [!IMPORTANT]
+> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection feature will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate.
 
 ## Related topics
 

From 4134fce2ddaa3b660a26eeb6b3bdfe2eddf9e0ba Mon Sep 17 00:00:00 2001
From: Marty Hernandez Avedon <v-maave@microsoft.com>
Date: Wed, 23 Sep 2020 13:01:56 -0400
Subject: [PATCH 04/30] edits for linux exclusions

---
 .../microsoft-defender-atp/linux-exclusions.md      | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
index 27d42d2a2c..3caaa64438 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
@@ -46,6 +46,9 @@ File | A specific file identified by the full path | `/var/log/test.log`<br/>`/v
 Folder | All files under the specified folder (recursively) | `/var/log/`<br/>`/var/*/`
 Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`<br/>`c?t`
 
+> [!IMPORTANT]
+> The paths above must be hard links, not symbolic links, in order to be successfully excluded. You can check if a path is a symbolic link by running `file <path-name>`.
+
 File, folder, and process exclusions support the following wildcards:
 
 Wildcard | Description | Example | Matches | Does not match
@@ -104,6 +107,16 @@ Examples:
     ```bash
     mdatp exclusion folder add --path "/var/*/"
     ```
+
+    > [!NOTE]
+    > This will only exclude paths one level below */var/*, but not folders which are more deeply nested; for example, */var/this-subfolder/but-not-this-subfolder*.
+    
+    ```bash
+    mdatp exclusion folder add --path "/var/"
+    ```
+    > [!NOTE]
+    > This will exclude all paths whose parent is */var/*; for example, */var/this-subfolder/and-this-subfolder-as-well*.
+
     ```Output
     Folder exclusion configured successfully
     ```

From 0a7feed59a29f66ad25bd98d94a36bea04daa17c Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Thu, 24 Sep 2020 12:35:15 +0200
Subject: [PATCH 05/30] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

[!NOTE] Updates are released under the below KB numbers:
Microsoft Defender Antivirus: KB2267602
System Center Endpoint Protection: KB2461484
---
 ...anage-updates-baselines-microsoft-defender-antivirus.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 514ee0334b..78f9f2a96f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -40,7 +40,12 @@ There are two types of updates related to keeping Microsoft Defender Antivirus u
 
 ## Security intelligence updates
 
-Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection. 
+Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloads security intelligence updates to provide protection.
+
+> [!NOTE]
+> Updates are released under the below KB numbers:  
+> Microsoft Defender Antivirus: KB2267602  
+> System Center Endpoint Protection: KB2461484
 
 The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the [Utilize Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. 
 

From 86f91160a7920e8bfa269aebbef505303b2ca989 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Thu, 24 Sep 2020 11:29:50 -0700
Subject: [PATCH 06/30] initial import

---
 .../update/delivery-optimization-proxy.md     | 77 +++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 windows/deployment/update/delivery-optimization-proxy.md

diff --git a/windows/deployment/update/delivery-optimization-proxy.md b/windows/deployment/update/delivery-optimization-proxy.md
new file mode 100644
index 0000000000..417c78a5db
--- /dev/null
+++ b/windows/deployment/update/delivery-optimization-proxy.md
@@ -0,0 +1,77 @@
+---
+title: Using a proxy with Delivery Optimization
+manager: laurawi
+description: 
+keywords: updates, downloads, network, bandwidth
+ms.prod: w10
+ms.mktglfcycl: deploy
+audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Using a proxy with Delivery Optimization
+
+**Applies to**: Windows 10
+
+When Delivery Optimization downloads content from HTTP sources, it uses the automatic proxy discovery capability of WinHttp to streamline and maximize the support for complex proxy configurations as it makes range requests from the content server. It does this by setting the **WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY** flag in all HTTP calls. 
+
+Delivery Optimization provides a token to WinHttp that corresponds to the user that is signed in currently. In turn, WinHttp automatically authenticates the user against the proxy server set either in Internet Explorer or in the **Proxy Settings** menu in Windows.  
+
+For downloads that use Delivery Optimization to successfully use the proxy, you should set the proxy via Windows **Proxy Settings** or the Internet Explorer proxy settings.
+
+Setting the Internet Explorer proxy to apply device-wide will ensure that the device can access the proxy server even when no user is signed in. In this case, the proxy is accessed with the “NetworkService” context if proxy authentication is required. 
+
+> [!NOTE]
+> We don't recommend that you use `netsh winhttp set proxy ProxyServerName:PortNumber`. Using this offers no auto-detection of the proxy, no support for an explicit PAC URL, and no authentication to the proxy. This setting is ignored by WinHTTP for requests that use auto-discovery (if an interactive user token is used).
+
+If a user is signed in, the system uses the Internet Explorer proxy.
+
+If no user is signed in, even if both the Internet Explorer proxy and netsh configuration are set, the netsh configuration will take precedence over the Internet Explorer proxy. This can result in download failures. For example, you might receive HTTP_E_STATUS_PROXY_AUTH_REQ or HTTP_E_STATUS_DENIED errors. 
+
+You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie `) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply. 
+
+These tables summarize the behavior for various combinations of settings:
+
+With an interactive user signed in:
+
+|Named proxy set by using:  |Delivery Optimization successfully uses proxy  |
+|---------|---------|
+|Internet Explorer proxy, current user     |  Yes       |
+|Internet Explorer proxy, device-wide     |   Yes   | 
+|netsh proxy     |  No       |
+|Both Internet Explorer proxy (current user) *and* netsh proxy     | Yes, Internet Explorer proxy is used        |
+|Both Internet Explorer proxy (device-wide) *and* netsh proxy     | Yes, Internet Explorer proxy is used        |
+
+With NetworkService (if unable to obtain a user token from a signed-in user):
+
+|Named proxy set by using:  |Delivery Optimization successfully uses proxy  |
+|---------|---------|
+|Internet Explorer proxy, current user     |  No       |
+|Internet Explorer proxy, device-wide     |   Yes   | 
+|netsh proxy     |  No       |
+|Both Internet Explorer proxy (current user) *and* netsh proxy     | Yes, netsh proxy is used        |
+|Both Internet Explorer proxy (device-wide) *and* netsh proxy     | Yes, netsh proxy is used        |
+
+## Setting a device-wide Internet Explorer proxy
+
+You can set a device-wide proxy that will apply to all users including an interactive user, LocalSystem, and NetworkService by using the [Network Proxy CSP](https://docs.microsoft.com/windows/client-management/mdm/networkproxy-csp).
+
+Or, if you use Group Policy, you can apply proxy settings to all users of the same device by enabling the **Computer Configuration\ Administrative Templates\ Windows Components\ Internet Explorer\ Make proxy settings per-machine (rather than per-user)** policy.
+
+This policy is meant to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user, so if you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer. If you disable this policy or do not configure it, users of the same computer can establish their own proxy settings.
+
+## Using a proxy with Microsoft Connected Cache
+
+Starting with Windows 10, version 2004, you can use Microsoft Connected Cache behind a proxy. In older versions, when you set Delivery Optimization to download from Microsoft Connected Cache, it will bypass the proxy and try to connect directly to the Connected Cache server. This can cause failure to download.
+
+However, you can set the Microsoft Connected Cache server to use an unauthenticated proxy. For more information, see [Microsoft Connected Cache in Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache#prerequisites-and-limitations) for more information. 
+
+ ## Related articles
+
+- [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](https://docs.microsoft.com/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp) 
+- [How to use GPP Registry to uncheck automatically detect settings? ](https://docs.microsoft.com/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings)
+- [How to configure a proxy server URL and Port using GPP Registry?](https://docs.microsoft.com/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) 
\ No newline at end of file

From dbbb71c99f397d9ceccae9d73b8145823327f036 Mon Sep 17 00:00:00 2001
From: Dulce Montemayor <Dolcita.Montemayor@microsoft.com>
Date: Thu, 24 Sep 2020 15:29:01 -0700
Subject: [PATCH 07/30] added note

---
 .../microsoft-defender-atp/microsoft-threat-experts.md         | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
index ecb755c220..ba438b0434 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@@ -35,6 +35,9 @@ Watch this video for a quick overview of Microsoft Threat Experts.
 
 
 ## Before you begin 
+> [!NOTE]
+> Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
+
 Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
 
 If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription. See [Configure Microsoft Threat Experts capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#before-you-begin) for details. 

From d4c618b274fe95dd66722d7c2317874cdd07091d Mon Sep 17 00:00:00 2001
From: Dulce Montemayor <Dolcita.Montemayor@microsoft.com>
Date: Thu, 24 Sep 2020 15:29:34 -0700
Subject: [PATCH 08/30] Update configure-microsoft-threat-experts.md

---
 .../configure-microsoft-threat-experts.md                      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
index c7d22f6095..2b7f22a762 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
@@ -27,6 +27,9 @@ ms.topic: article
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 ## Before you begin 
+> [!NOTE]
+> Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
+
 Ensure that you have Microsoft Defender ATP deployed in your environment with devices enrolled, and not just on a laboratory set-up.
 
 Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.

From 47bba2152a2f571b1e2e4fdc8ea339c337ec3fcd Mon Sep 17 00:00:00 2001
From: Dolcita Montemayor <dolmont@microsoft.com>
Date: Thu, 24 Sep 2020 15:45:30 -0700
Subject: [PATCH 09/30] fixed Acrolinx flags

---
 .../configure-microsoft-threat-experts.md              | 10 +++++-----
 .../microsoft-defender-atp/microsoft-threat-experts.md |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
index 2b7f22a762..7503ffcee1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
@@ -34,7 +34,7 @@ Ensure that you have Microsoft Defender ATP deployed in your environment with de
 
 Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
 
-If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription. 
+If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription. 
 
 ## Register to Microsoft Threat Experts managed threat hunting service 
 If you're already a Microsoft Defender ATP customer, you can apply through the Microsoft Defender ATP portal. 
@@ -82,7 +82,7 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
 
 1. Navigate to the portal page with the relevant information that you'd like to investigate, for example, the **Incident** page. Ensure that the page for the relevant alert or device is in view before you send an investigation request. 
 
-2. From the upper right-hand menu, click **?**. Then, select **Consult a threat expert**. 
+2. From the upper right-hand menu, click the **?** icon. Then, select **Consult a threat expert**. 
 
     ![Image of Microsoft Threat Experts Experts on Demand from the menu](images/mte-eod-menu.png)
 
@@ -90,7 +90,7 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
 
     ![Image of Microsoft Threat Experts Experts on Demand screen](images/mte-eod.png)
 
-    The following screen shows when you are on a full Microsoft Threat Experts - Experts on Demand subscription.
+    The following screen shows when you are on a full Microsoft Threat Experts - Experts on-Demand subscription.
 
     ![Image of Microsoft Threat Experts Experts on Demand full subscription screen](images/mte-eod-fullsubscription.png)
 
@@ -113,7 +113,7 @@ Watch this video for a quick overview of the Microsoft Services Hub.
 
 **Alert information**
 - We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?
-- We’ve observed two similar attacks, which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
+- We’ve observed two similar attacks, which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious PowerShell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
 - I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Microsoft Defender ATP see these attempts? What type of sign-ins are being monitored?
 - Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. 
 
@@ -122,7 +122,7 @@ Watch this video for a quick overview of the Microsoft Services Hub.
 - Can you help validate a possible compromise on the following system on [date] with similar behaviors as the previous [malware name] malware detection on the same system in [month]?
 
 **Threat intelligence details**
-- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events, which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
+- We detected a phishing email that delivered a malicious Word document to a user. The malicious Word document caused a series of suspicious events, which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
 - I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor? 
 
 **Microsoft Threat Experts’ alert communications** 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
index ba438b0434..9831cb1cf8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@@ -40,7 +40,7 @@ Watch this video for a quick overview of Microsoft Threat Experts.
 
 Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
 
-If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription. See [Configure Microsoft Threat Experts capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#before-you-begin) for details. 
+If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription. See [Configure Microsoft Threat Experts capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#before-you-begin) for details. 
 
 ## Targeted attack notification 
 Microsoft Threat Experts provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyberespionage. The managed hunting service includes:  

From a1d16d9d3a109145bcc3402f4b19f3702eb7503a Mon Sep 17 00:00:00 2001
From: Alec Oot <aloot@microsoft.com>
Date: Thu, 24 Sep 2020 15:58:48 -0700
Subject: [PATCH 10/30] Updating MSA warning documentation

---
 windows/client-management/mdm/policy-csp-update.md          | 2 --
 windows/deployment/update/windows-update-troubleshooting.md | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 4eb6ccaccf..6fd1fa0e3a 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -14,8 +14,6 @@ manager: dansimp
 
 # Policy CSP - Update
 
-> [!NOTE]
-> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
 
 <hr/>
 
diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md
index bf3f571358..418c2cc860 100644
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ b/windows/deployment/update/windows-update-troubleshooting.md
@@ -62,7 +62,7 @@ The Settings UI is talking to the Update Orchestrator service which in turn is t
    - Windows Update 
 
 ## Feature updates are not being offered while other updates are
-On computers running [Windows 10 1709 or higher](#BKMK_DCAT) configured to update from Windows Update (usually WUfB scenario) servicing and definition updates are being installed successfully, but feature updates are never offered.
+On computers running Windows 10 1709 through Windows 10 version 1803 and [configured to update from Windows Update](#BKMK_DCAT) (including WUfB scenarios) servicing and definition updates are being installed successfully, but feature updates are never offered.
 
 Checking the WindowsUpdate.log reveals the following error:
 ```console

From 465c8e0f1b71f3296d31581e10a803f589414648 Mon Sep 17 00:00:00 2001
From: Thomas Raya <v-thraya@microsoft.com>
Date: Thu, 24 Sep 2020 16:23:52 -0700
Subject: [PATCH 11/30] remove ms.technology from Security docfx

---
 windows/security/docfx.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index d1b2905bad..ab00e42eba 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -33,7 +33,6 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
-      "ms.technology": "windows",
       "ms.topic": "article",
       "manager": "dansimp",
       "audience": "ITPro",

From 252931186c9bf7a622d62657f68f5acbce353569 Mon Sep 17 00:00:00 2001
From: Thomas Raya <v-thraya@microsoft.com>
Date: Thu, 24 Sep 2020 16:36:20 -0700
Subject: [PATCH 12/30] Update oldTOC.md

---
 .../threat-protection/windows-defender-security-center/oldTOC.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
index 0533ec00f5..b2b028118b 100644
--- a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
+++ b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
@@ -1,6 +1,7 @@
 ---
 ms.author: dansimp
 author: dansimp
+ms.prod: w10
 title: The Microsoft Defender Security Center app
 ---
 

From 7bbd5b95b3706eecad86ec896c8edf177f4b76e6 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Fri, 25 Sep 2020 08:15:36 -0700
Subject: [PATCH 13/30] Update windows-update-troubleshooting.md

Cleaned up language for clarity and terminology.
---
 windows/deployment/update/windows-update-troubleshooting.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md
index 418c2cc860..81138d6e5b 100644
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ b/windows/deployment/update/windows-update-troubleshooting.md
@@ -62,7 +62,7 @@ The Settings UI is talking to the Update Orchestrator service which in turn is t
    - Windows Update 
 
 ## Feature updates are not being offered while other updates are
-On computers running Windows 10 1709 through Windows 10 version 1803 and [configured to update from Windows Update](#BKMK_DCAT) (including WUfB scenarios) servicing and definition updates are being installed successfully, but feature updates are never offered.
+Devices running Windows 10, version 1709 through Windows 10, version 1803 that are [configured to update from Windows Update](#BKMK_DCAT) (including Windows Update for Business scenarios) are able to install servicing and definition updates but are never offered feature updates.
 
 Checking the WindowsUpdate.log reveals the following error:
 ```console

From d16d9f79389b419603aa87ffdc47d6804ca8bf45 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 25 Sep 2020 09:19:09 -0700
Subject: [PATCH 14/30] small tweaks; wiring into TOC

---
 windows/deployment/TOC.yml                               | 2 ++
 windows/deployment/update/delivery-optimization-proxy.md | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index f0c84c9b9b..01c507abde 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -45,6 +45,8 @@
           href: update/plan-define-strategy.md
         - name: Delivery Optimization for Windows 10 updates
           href: update/waas-delivery-optimization.md
+            - name: Using a proxy with Delivery Optimization
+              href: update/delivery-optimization-proxy.md
         - name: Best practices for feature updates on mission-critical devices
           href: update/feature-update-mission-critical.md
         - name: Windows 10 deployment considerations
diff --git a/windows/deployment/update/delivery-optimization-proxy.md b/windows/deployment/update/delivery-optimization-proxy.md
index 417c78a5db..71a4c056cb 100644
--- a/windows/deployment/update/delivery-optimization-proxy.md
+++ b/windows/deployment/update/delivery-optimization-proxy.md
@@ -34,6 +34,8 @@ If no user is signed in, even if both the Internet Explorer proxy and netsh conf
 
 You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie `) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply. 
 
+### Summary of settings behavior
+
 These tables summarize the behavior for various combinations of settings:
 
 With an interactive user signed in:
@@ -66,9 +68,9 @@ This policy is meant to ensure that proxy settings apply uniformly to the same c
 
 ## Using a proxy with Microsoft Connected Cache
 
-Starting with Windows 10, version 2004, you can use Microsoft Connected Cache behind a proxy. In older versions, when you set Delivery Optimization to download from Microsoft Connected Cache, it will bypass the proxy and try to connect directly to the Connected Cache server. This can cause failure to download.
+Starting with Windows 10, version 2004, you can use Connected Cache behind a proxy. In older versions, when you set Delivery Optimization to download from Connected Cache, it will bypass the proxy and try to connect directly to the Connected Cache server. This can cause failure to download.
 
-However, you can set the Microsoft Connected Cache server to use an unauthenticated proxy. For more information, see [Microsoft Connected Cache in Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache#prerequisites-and-limitations) for more information. 
+However, you can set the Connected Cache server to use an unauthenticated proxy. For more information, see [Microsoft Connected Cache in Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache#prerequisites-and-limitations). 
 
  ## Related articles
 

From b8fad2c8d006d43f3bc4bfe405ae6aaf67e4bfa1 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 25 Sep 2020 09:23:56 -0700
Subject: [PATCH 15/30] fixing TOC

---
 windows/deployment/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 01c507abde..2e06134d85 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -45,6 +45,7 @@
           href: update/plan-define-strategy.md
         - name: Delivery Optimization for Windows 10 updates
           href: update/waas-delivery-optimization.md
+          items:
             - name: Using a proxy with Delivery Optimization
               href: update/delivery-optimization-proxy.md
         - name: Best practices for feature updates on mission-critical devices

From 64ce73e96dcf46ff6e3c686e1850374ef5eaa664 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 25 Sep 2020 09:45:33 -0700
Subject: [PATCH 16/30] adding description

---
 windows/deployment/update/delivery-optimization-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/delivery-optimization-proxy.md b/windows/deployment/update/delivery-optimization-proxy.md
index 71a4c056cb..1c4a8224fc 100644
--- a/windows/deployment/update/delivery-optimization-proxy.md
+++ b/windows/deployment/update/delivery-optimization-proxy.md
@@ -1,7 +1,7 @@
 ---
 title: Using a proxy with Delivery Optimization
 manager: laurawi
-description: 
+description: Settings to use with various proxy configurations to allow Delivery Optimization to work
 keywords: updates, downloads, network, bandwidth
 ms.prod: w10
 ms.mktglfcycl: deploy

From d1df2170e773cf58a3c73b09f710e53ce3058c23 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Fri, 25 Sep 2020 14:15:13 -0700
Subject: [PATCH 17/30] Updated per task 4471196

---
 .../configuration-service-provider-reference.md    | 14 +++++++-------
 .../client-management/mdm/networkqospolicy-csp.md  |  2 +-
 .../new-in-windows-mdm-enrollment-management.md    |  1 +
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 0cd97100aa..d064a375ca 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -1557,13 +1557,13 @@ Additional lists:
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 </table>
 
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index ee81816701..7fa8f960ce 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -25,7 +25,7 @@ The following actions are supported:
 - Layer 3 tagging using a differentiated services code point (DSCP) value
 
 > [!NOTE]
-> The NetworkQoSPolicy configuration service provider is supported only in Microsoft Surface Hub.
+> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on Azure AD Hybrid joined devices and for devices using GPO and CSP at the same time. The minimum operating system requirement for this CSP is Windows 10, version 2004.
 
 The following diagram shows the NetworkQoSPolicy configuration service provider in tree format.
 
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 6e07246916..d919c5f1a7 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1996,6 +1996,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 ### September 2020
 |New or updated topic | Description|
 |--- | ---|
+|[NetworkQoSPolicy CSP](networkqospolicy-csp.md)|Updated support information of the NetworkQoSPolicy CSP.|
 |[Policy CSP - LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation:<br>- RecoveryConsole_AllowAutomaticAdministrativeLogon <br>- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways<br>- DomainMember_DigitallyEncryptSecureChannelDataWhenPossible<br>- DomainMember_DisableMachineAccountPasswordChanges<br>- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems<br>|
 
 ### August 2020

From 6b22b0b2de19d72863d8cb2173f9778dcb258bb2 Mon Sep 17 00:00:00 2001
From: Evan Miller <v-evmill@microsoft.com>
Date: Fri, 25 Sep 2020 16:50:41 -0700
Subject: [PATCH 18/30] Remove HoloLens from delivery optimization chart

---
 windows/deployment/update/waas-delivery-optimization.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index e4e27a9a8a..1def8466e7 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -74,7 +74,6 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Computers running Windows 10 | 1511 |
 | Computers running Server Core installations of Windows Server | 1709 |
 | IoT devices | 1803 |
-| HoloLens devices | 1803 |
 
 **Types of download packages supported by Delivery Optimization**
 

From fb7ce22bfdef625a2c82f47b0cc7467f27f36697 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Sat, 26 Sep 2020 23:48:12 +0200
Subject: [PATCH 19/30] Event Forwarding: 1 word typo removal

Closes #8361
---
 ...indows-event-forwarding-to-assist-in-intrusion-detection.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index da3aea58e5..58051a41aa 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -24,8 +24,7 @@ Learn about an approach to collect events from devices in your organization. Thi
 
 Windows Event Forwarding (WEF) reads any operational or administrative event log on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server.
 
-To accomplish this, there are two different of subscriptions published to client devices - the Baseline subscription and the suspect subscription. The Baseline subscription enrolls all devices in your organization, and a Suspect subscription only includes devices that have been added by you. The
-Suspect subscription collects additional events to help build context for system activity and can quickly be updated to accommodate new events and/or scenarios as needed without impacting baseline operations.
+To accomplish this, there are two different subscriptions published to client devices - the Baseline subscription and the suspect subscription. The Baseline subscription enrolls all devices in your organization, and a Suspect subscription only includes devices that have been added by you. The Suspect subscription collects additional events to help build context for system activity and can quickly be updated to accommodate new events and/or scenarios as needed without impacting baseline operations.
 
 This implementation helps differentiate where events are ultimately stored. Baseline events can be sent to devices with online analytical capability, such as Security Event Manager (SEM), while also sending events to a MapReduce system, such as HDInsight or Hadoop, for long-term storage and deeper analysis. Events from the Suspect subscription are sent directly to a MapReduce system due to volume and lower signal/noise ratio, they are largely used for host forensic analysis.
 

From e36795e3781b1ad4080a3ac9b8ac761b2927d875 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Sun, 27 Sep 2020 22:45:05 +0300
Subject: [PATCH 20/30] update naming

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6806
---
 .../microsoft-defender-smartscreen-available-settings.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 3956891c0c..89fd8fd2ee 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -78,7 +78,7 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
 
 ## MDM settings
 If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support both desktop computers (running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune) and Windows 10 Mobile devices.  <br><br> 
-For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP - InternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer).
+For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser).
 <table>
 <tr>
 <th align="left">Setting</th>

From cdcb6c958f95bfbbda7166b19101191fcda365a1 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Mon, 28 Sep 2020 08:40:15 -0700
Subject: [PATCH 21/30] Updated the note

---
 windows/client-management/mdm/networkqospolicy-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index 7fa8f960ce..61bdfa0cdc 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -25,7 +25,7 @@ The following actions are supported:
 - Layer 3 tagging using a differentiated services code point (DSCP) value
 
 > [!NOTE]
-> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on Azure AD Hybrid joined devices and for devices using GPO and CSP at the same time. The minimum operating system requirement for this CSP is Windows 10, version 2004.
+> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on Azure AD Hybrid joined devices and for devices using GPO and CSP at the same time. The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub for versions prior to Window 10, 2004.
 
 The following diagram shows the NetworkQoSPolicy configuration service provider in tree format.
 

From 37f6ce8e7042fe777f9854aebca2f67067eeec34 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Mon, 28 Sep 2020 08:46:30 -0700
Subject: [PATCH 22/30] minor update

---
 windows/client-management/mdm/networkqospolicy-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index 61bdfa0cdc..19a52ed0be 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -25,7 +25,7 @@ The following actions are supported:
 - Layer 3 tagging using a differentiated services code point (DSCP) value
 
 > [!NOTE]
-> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on Azure AD Hybrid joined devices and for devices using GPO and CSP at the same time. The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub for versions prior to Window 10, 2004.
+> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on Azure AD Hybrid joined devices and for devices using GPO and CSP at the same time. The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004.
 
 The following diagram shows the NetworkQoSPolicy configuration service provider in tree format.
 

From 49696f8aa070e22771fe28857d8256e98609ae10 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 28 Sep 2020 10:18:04 -0700
Subject: [PATCH 23/30] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 78f9f2a96f..35ef7a7f50 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 09/10/2020
+ms.date: 09/28/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines

From 465f35d02f66ae915bd3a62916b84b53a3287a27 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 28 Sep 2020 10:36:33 -0700
Subject: [PATCH 24/30] Update
 windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index c6012aeeff..4b85403bcd 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -92,7 +92,7 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir
 > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
 
 > [!IMPORTANT]
-> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection feature will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate.
+> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate.
 
 ## Related topics
 

From b3386e77e5f5b064aa71db22527095ec7e221920 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 28 Sep 2020 10:37:52 -0700
Subject: [PATCH 25/30] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 4b85403bcd..09c2e938a3 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer:
 manager: dansimp
-ms.date: 08/26/2020
+ms.date: 09/28/2020
 ---
 
 # Microsoft Defender Antivirus compatibility
@@ -92,7 +92,7 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir
 > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
 
 > [!IMPORTANT]
-> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus Real-time protection will be enabled even when Microsoft Defender Antivirus is running in Passive mode. Endpoint DLP depends on Real-time protection (RTP) to operate.
+> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate.
 
 ## Related topics
 

From 95a73b8ae1ca5be1979d9e399cbec64013b4deeb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 28 Sep 2020 10:39:24 -0700
Subject: [PATCH 26/30] Update
 windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../review-scan-results-microsoft-defender-antivirus.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
index 702e9274d3..964eadf5dd 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
@@ -22,7 +22,7 @@ manager: dansimp
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-After an Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. 
+After a Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. 
 
 
 ## Use Configuration Manager to review scan results

From 6b71932d9a8ca3d29c9128a3f15c6b332ebc2aeb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 28 Sep 2020 10:40:12 -0700
Subject: [PATCH 27/30] Update
 review-scan-results-microsoft-defender-antivirus.md

---
 .../review-scan-results-microsoft-defender-antivirus.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
index 964eadf5dd..93117ba6f2 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/03/2018
+ms.date: 09/28/2020
 ms.reviewer: 
 manager: dansimp
 ---

From 86a2f6c76365c820ced5c0abaadb3638c7aa5997 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 28 Sep 2020 10:53:33 -0700
Subject: [PATCH 28/30] Update
 microsoft-defender-smartscreen-available-settings.md

---
 .../microsoft-defender-smartscreen-available-settings.md    | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 89fd8fd2ee..263e076dda 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 1/26/2018
+ms.date: 09/28/2020
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -78,7 +78,7 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
 
 ## MDM settings
 If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support both desktop computers (running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune) and Windows 10 Mobile devices.  <br><br> 
-For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser).
+For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
 <table>
 <tr>
 <th align="left">Setting</th>
@@ -220,5 +220,3 @@ To better help you protect your organization, we recommend turning on and using
 
 - [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies)
 
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

From b42e4eeb073c7b296501112066c64c0e8c0a52d7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 28 Sep 2020 11:30:57 -0700
Subject: [PATCH 29/30] Update
 review-scan-results-microsoft-defender-antivirus.md

---
 .../review-scan-results-microsoft-defender-antivirus.md       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
index 48ed7d3439..da893a1b8a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
@@ -40,7 +40,7 @@ The following cmdlet will return each detection on the endpoint. If there are mu
 Get-MpThreatDetection
 ```
 
-![IMAGEALT](images/defender/wdav-get-mpthreatdetection.png)
+![screenshot of PowerShell cmdlets and outputs](images/defender/wdav-get-mpthreatdetection.png)
 
 You can specify `-ThreatID` to limit the output to only show the detections for a specific threat.
 
@@ -50,7 +50,7 @@ If you want to list threat detections, but combine detections of the same threat
 Get-MpThreat
 ```
 
-![IMAGEALT](images/defender/wdav-get-mpthreat.png)
+![screenshot of PowerShell](images/defender/wdav-get-mpthreat.png)
 
 See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 

From c3e2a3d210b8c3e9884117f5b03e4f3ad72d9fd8 Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Mon, 28 Sep 2020 12:02:59 -0700
Subject: [PATCH 30/30] Removed unsupported DisableHomeGroup setting

---
 .../policy-configuration-service-provider.md  |  3 -
 .../mdm/policy-csp-admx-sharing.md            | 77 -------------------
 .../mdm/policy-csps-admx-backed.md            |  1 -
 3 files changed, 81 deletions(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index d6adbd08d4..0349f6cde6 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1014,9 +1014,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### ADMX_Sharing policies
 
 <dl>
-  <dd>
-    <a href="./policy-csp-admx-sharing.md#admx-sharing-disablehomegroup" id="admx-sharing-disablehomegroup">ADMX_Sharing/DisableHomeGroup</a>
-  </dd>
   <dd>
     <a href="./policy-csp-admx-sharing.md#admx-sharing-noinplacesharing" id="admx-sharing-noinplacesharing">ADMX_Sharing/NoInplaceSharing</a>
   </dd>
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index 0a6a1a20dc..a293d2b013 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -22,9 +22,6 @@ manager: dansimp
 ## ADMX_Sharing policies  
 
 <dl>
-  <dd>
-    <a href="#admx-sharing-disablehomegroup">ADMX_Sharing/DisableHomeGroup</a>
-  </dd>
   <dd>
     <a href="#admx-sharing-noinplacesharing">ADMX_Sharing/NoInplaceSharing</a>
   </dd>
@@ -32,80 +29,6 @@ manager: dansimp
 
 <hr/>
 
-<!--Policy-->
-<a href="" id="admx-sharing-disablehomegroup"></a>**ADMX_Sharing/DisableHomeGroup**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can add computers to a homegroup. By default, users can add their computer to a homegroup on a private network.
-
-If you enable this policy setting, users cannot add computers to a homegroup. This policy setting does not affect other network sharing features.
-
-If you disable or do not configure this policy setting, users can add computers to a homegroup. However, data on a domain-joined computer is not shared with the homegroup.
-
-This policy setting is not configured by default.
-
-You must restart the computer for this policy setting to take effect.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent the computer from joining a homegroup*
--   GP name: *DisableHomeGroup*
--   GP path: *Windows Components\HomeGroup*
--   GP ADMX file name: *Sharing.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
 <!--Policy-->
 <a href="" id="admx-sharing-noinplacesharing"></a>**ADMX_Sharing/NoInplaceSharing**  
 
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md
index a28103799c..a580f4a524 100644
--- a/windows/client-management/mdm/policy-csps-admx-backed.md
+++ b/windows/client-management/mdm/policy-csps-admx-backed.md
@@ -254,7 +254,6 @@ ms.date: 08/18/2020
 - [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing)
 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots)
 - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders)
-- [ADMX_Sharing/DisableHomeGroup](./policy-csp-admx-sharing.md#admx-sharing-disablehomegroup)
 - [ADMX_Sharing/NoInplaceSharing](./policy-csp-admx-sharing.md#admx-sharing-noinplacesharing)
 - [ADMX_ShellCommandPromptRegEditTools/DisableCMD](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
 - [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)