Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into errorcodes

windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: aadake
-ms.date: 10/03/2018
+ms.date: 12/08/2018
 ---
 
 # Kernel DMA Protection for Thunderbolt™ 3 
@@ -65,11 +65,17 @@ Systems released prior to Windows 10 version 1803 do not support Kernel DMA Prot
 
 Systems running Windows 10 version 1803 that do support Kernel DMA Protection do have this security feature enabled automatically by the OS with no user or IT admin configuration required.
 
-**To check if a device supports Kernel DMA Protection**
+### Using Security Center
+
+Beginning with Wndows 10 version 1809, you can use Security Center to check if Kernel DMA Protection is enabled. Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation details** > **Memory access protection**.
+
+![Kernel DMA protection in Security Center](bitlocker/images/kernel-dma-protection-security-center.png)
+
+### Using System information
 
 1. Launch MSINFO32.exe in a command prompt, or in the Windows search bar.
 2. Check the value of **Kernel DMA Protection**.
-   ![Kernel DMA protection](bitlocker/images/kernel-dma-protection.png)
+   ![Kernel DMA protection in System Information](bitlocker/images/kernel-dma-protection.png)
 3. If the current state of **Kernel DMA Protection** is OFF and **Virtualization Technology in Firmware** is NO:
    - Reboot into BIOS settings
    - Turn on Intel Virtualization Technology.

windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md

@@ -50,7 +50,6 @@ detectionSource | string | Detection source.
 threatFamilyName | string | Threat family.
 title | string | Alert title.
 description | String | Description of the threat, identified by the alert.
-recommendedAction | String | Action recommended for handling the suspected threat.
 alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was created.
 lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine.
 firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine.
@@ -74,7 +73,6 @@ machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-
 	"threatFamilyName": "Mikatz",
 	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 	"description": "Some description"
-	"recommendedAction": "Some recommended action"
 	"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 	"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 	"lastEventTime": "2018-11-26T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md

@@ -84,8 +84,8 @@ Content-Length: application/json
   "machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
   "severity": "Low",
   "title": "test alert",
-  "description": "redalert",
-  "recommendedAction": "white alert",
+  "description": "test alert",
+  "recommendedAction": "test alert",
   "eventTime": "2018-08-03T16:45:21.7115183Z",
   "reportId": "20776",
   "category": "None"

windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md

@@ -100,8 +100,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-26T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md

@@ -87,8 +87,7 @@ Here is an example of the response.
 	"detectionSource": "WindowsDefenderAv",
 	"threatFamilyName": "Mikatz",
 	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-	"description": "Some description"
-	"recommendedAction": "Some recommended action"
+	"description": "Some description",
 	"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 	"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 	"lastEventTime": "2018-11-25T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md

@@ -100,8 +100,7 @@ Here is an example of the response.
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-26T16:18:01.809871Z",
@@ -121,8 +120,7 @@ Here is an example of the response.
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -96,8 +96,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
@@ -117,8 +116,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-24T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-24T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -94,8 +94,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-26T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -93,8 +93,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -93,8 +93,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -93,8 +93,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
@@ -114,8 +113,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-24T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-24T16:18:01.809871Z",

windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md

@@ -40,7 +40,7 @@ id | Guid | Identity of the [Machine Action](machineaction-windows-defender-adva
 type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"
 requestor | String | Identity of the person that executed the action.
 requestorComment | String | Comment that was written when issuing the action.
-status | Enum | Current status of the command. Possible values are: "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled".
+status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled".
 machineId | String | Id of the machine on which the action was executed.
 creationDateTimeUtc | DateTimeOffset | The date and time when the action was created.
 lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated.

windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md

@@ -98,8 +98,7 @@ Here is an example of the response.
 	"detectionSource": "WindowsDefenderAv",
 	"threatFamilyName": "Mikatz",
 	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-	"description": "Some description"
-	"recommendedAction": "Some recommended action"
+	"description": "Some description",
 	"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 	"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 	"lastEventTime": "2018-11-26T16:18:01.809871Z",