diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 2842e1a326..9e3480430e 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -84,6 +84,11 @@
       "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy",
+      "redirect_document_id": false
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
@@ -2377,9 +2382,14 @@
     },
     {
       "source_path": "windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",
-      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-windows-microsoft-antivirus",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
       "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",	
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",	
+      "redirect_document_id": true	
+    },
     {
       "source_path": "windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus",
@@ -15658,7 +15668,7 @@
 	{
       "source_path": "windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac",
-      "redirect_document_id": true
+      "redirect_document_id": false
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md",
@@ -16215,11 +16225,6 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus",
       "redirect_document_id": true
     },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",
-      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
-      "redirect_document_id": true
-    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus",
diff --git a/store-for-business/includes/store-for-business-content-updates.md b/store-for-business/includes/store-for-business-content-updates.md
index 168974c2fa..a69df6d2ff 100644
--- a/store-for-business/includes/store-for-business-content-updates.md
+++ b/store-for-business/includes/store-for-business-content-updates.md
@@ -2,6 +2,15 @@
 

 
 
+## Week of November 23, 2020
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 11/23/2020 | [Microsoft Store for Business and Microsoft Store for Education overview (Windows 10)](/microsoft-store/microsoft-store-for-business-overview) | modified |
+| 11/23/2020 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
+
+
 ## Week of October 26, 2020
 
 
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index 4b9707b563..59be6fdc1c 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 
 ---
 
 # Microsoft Store for Business and Microsoft Store for Education overview
@@ -22,7 +22,10 @@ ms.date: 10/17/2017
 -   Windows 10
 -   Windows 10 Mobile
 
-Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options. 
+Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options.
+
+> [!IMPORTANT]
+> Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business.
 
 ## Features
 Organizations or schools of any size can benefit from using Microsoft Store for Business or Microsoft Store for Education:
diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md
index 9d5a58c992..0dc7ab9ece 100644
--- a/store-for-business/prerequisites-microsoft-store-for-business.md
+++ b/store-for-business/prerequisites-microsoft-store-for-business.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/13/2017
+ms.date: 
 ---
 
 # Prerequisites for Microsoft Store for Business and Education
@@ -22,6 +22,9 @@ ms.date: 10/13/2017
 -   Windows 10
 -   Windows 10 Mobile
 
+> [!IMPORTANT]
+> Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business.
+
 There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education.
 
 ## Prerequisites
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index d064a375ca..dcf8eec173 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2728,6 +2728,7 @@ The following list shows the CSPs supported in HoloLens devices:
 | [DiagnosticLog CSP](diagnosticlog-csp.md)  | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
 | [DMAcc CSP](dmacc-csp.md)      | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
 | [DMClient CSP](dmclient-csp.md)    | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
+| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) <sup>10</sup>  |
 | [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
 | [NetworkProxy CSP](networkproxy-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) |
 | [NetworkQoSPolicy CSP](networkqospolicy-csp.md)  | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png)       | ![check mark](images/checkmark.png) <sup>8</sup>|
@@ -2737,6 +2738,7 @@ The following list shows the CSPs supported in HoloLens devices:
 | [RemoteFind CSP](remotefind-csp.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) <sup>4</sup>       | ![check mark](images/checkmark.png) |
 | [RemoteWipe CSP](remotewipe-csp.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) <sup>4</sup>       | ![check mark](images/checkmark.png) |
 | [RootCATrustedCertificates CSP](rootcacertificates-csp.md)   | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
+| [TenantLockdown CSP](tenantlockdown-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) <sup>10</sup>  |
 | [Update CSP](update-csp.md)     | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
 | [VPNv2 CSP](vpnv2-csp.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
 | [WiFi CSP](wifi-csp.md)     | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
@@ -2745,7 +2747,9 @@ The following list shows the CSPs supported in HoloLens devices:
  
 ## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
 
--   [Accounts CSP](accounts-csp.md)<sup>9</sup> **Note:** Support in Surface Hub is limited to **Domain\ComputerName**.
+-   [Accounts CSP](accounts-csp.md)<sup>9</sup> 
+    > [!NOTE]
+    > Support in Surface Hub is limited to **Domain\ComputerName**.
 -   [AccountManagement CSP](accountmanagement-csp.md)
 -   [APPLICATION CSP](application-csp.md)
 -   [CertificateStore CSP](certificatestore-csp.md)
@@ -2813,3 +2817,4 @@ The following list shows the CSPs supported in HoloLens devices:
 - 7 - Added in Windows 10, version 1909.
 - 8 - Added in Windows 10, version 2004.
 - 9 - Added in Windows 10 Team 2020 Update
+- 10 - Added in [Windows Holographic, version 20H2](https://docs.microsoft.com/hololens/hololens-release-notes#windows-holographic-version-20h2)
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index a8ec2a4ff2..4354bb8c3e 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -7,22 +7,22 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.date:
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 ---
 
 # Enroll a Windows 10 device automatically using Group Policy
 
-Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices. 
+Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
 
 The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
 
 Requirements:
 - AD-joined PC running Windows 10, version 1709 or later
-- The enterprise has configured a mobile device management (MDM) service  
-- The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md)
+- The enterprise has configured a mobile device management (MDM) service
+- The on-premises AD must be [integrated with Azure AD (via Azure AD Connect)](https://docs.microsoft.com/azure/architecture/reference-architectures/identity/azure-ad)
 - The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
-- The minimum Windows Server version requirement is based on the Hybrid AAD join requirement. See [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan) for more information.
+- The minimum Windows Server version requirement is based on the Hybrid Azure AD join requirement. See [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan) for more information.
 
 > [!TIP]
 > For additional information, see the following topics:
@@ -30,10 +30,10 @@ Requirements:
 > - [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan)
 > - [Azure Active Directory integration with MDM](https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm)
 
-The auto-enrollment relies on the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
+The auto-enrollment relies on the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically Azure AD–registered.
 
 > [!NOTE]
-> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. 
+> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
 
 When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
 
@@ -42,13 +42,13 @@ In Windows 10, version 1709 or later, when the same policy is configured in GP a
 For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices.
 
 ## Verify auto-enrollment requirements and settings
-To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly. 
+To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
 The following steps demonstrate required settings using the Intune service:
 1. Verify that the user who is going to enroll the device has a valid Intune license.
 
     ![Intune license verification](images/auto-enrollment-intune-license-verification.png)
 
-2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal). 
+2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal).
 
     ![Auto-enrollment activation verification](images/auto-enrollment-activation-verification.png)
 
@@ -80,7 +80,7 @@ The following steps demonstrate required settings using the Intune service:
 
     ![Mobility setting MDM intune](images/auto-enrollment-microsoft-intune-setting.png)
 
-7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune. 
+7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune.
 You may contact your domain administrators to verify if the group policy has been deployed successfully.
 
 8. Verify that the device is not enrolled with the old Intune client used on the Intune Silverlight Portal (this is the Intune portal used before the Azure portal).
@@ -95,33 +95,36 @@ This procedure is only for illustration purposes to show how the new auto-enroll
 
 Requirements:
 - AD-joined PC running Windows 10, version 1709 or later
-- Enterprise has MDM service already configured 
+- Enterprise has MDM service already configured
 - Enterprise AD must be registered with Azure AD
 
 1. Run GPEdit.msc
 
-    Click Start, then in the text box type gpedit. 
+    Click Start, then in the text box type gpedit.
 
     ![GPEdit desktop app search result](images/autoenrollment-gpedit.png)
 
 2. Under **Best match**, click **Edit group policy** to launch it.
 
-3.  In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**.
+3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**.
 
-    ![MDM policies](images/autoenrollment-mdm-policies.png)
+   ![MDM policies](images/autoenrollment-mdm-policies.png)
 
-4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** (support for Device Credential is coming) as the Selected Credential Type to use. User Credential enrolls Windows 10, version 1709 and later once an Intune licensed user logs into the device. Device Credential will enroll the device and then assign a user later, once support for this is available.
+4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
 
-    ![MDM autoenrollment policy](images/autoenrollment-policy.png)
+   > [!NOTE]
+   > **Device Credential** Credential Type will also work, however, it is not yet supported for MDM solutions (including Intune). We don't recommend using this option until support is announced.
+
+   ![MDM autoenrollment policy](images/autoenrollment-policy.png)
 
 5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**.
 
     > [!NOTE]
-    > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. 
-    > The default behavior for older releases is to revert to **User Credential**. 
-    > **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device. 
+    > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later.
+    > The default behavior for older releases is to revert to **User Credential**.
+    > **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device.
 
-    When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." 
+    When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
 
     To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
 
@@ -150,11 +153,11 @@ Requirements:
 
 2. Under **Best match**, click **Task Scheduler** to launch it.
 
-3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**. 
+3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
 
     ![Auto-enrollment scheduled task](images/autoenrollment-scheduled-task.png)
 
-    To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab. 
+    To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab.
 
     If the device enrollment is blocked, your IT admin may have enabled the **Disable MDM Enrollment** policy. Note that the GPEdit console does not reflect the status of policies set by your IT admin on your device. It is only used by the user to set policies.
 
@@ -162,46 +165,45 @@ Requirements:
 
 Requirements:
 - AD-joined PC running Windows 10, version 1709 or later
-- Enterprise has MDM service already configured (with Intune or a third party service provider)
+- Enterprise has MDM service already configured (with Intune or a third-party service provider)
 - Enterprise AD must be integrated with Azure AD.
 - Ensure that PCs belong to same computer group.
 
 > [!IMPORTANT]
 > If you do not see the policy, it may be because you don't have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, use the following procedures. Note that the latest MDM.admx is backwards compatible.
 
-1. Download:  
-  
+1. Download:
+
    - 1803 --> [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880)
-     
+
    - 1809 --> [Administrative Templates (.admx) for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576)
-     
+
    - 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495)
-   
-   - 1909 --> [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](
-https://www.microsoft.com/download/confirmation.aspx?id=100591)
+
+   - 1909 --> [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](https://www.microsoft.com/download/confirmation.aspx?id=100591)
    
    - 2004 --> [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445)
-     
+
 2. Install the package on the Domain Controller.
-  
+
 3. Navigate, depending on the version to the folder:
-  
+
    - 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**
-     
+
    - 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**
-     
+
    - 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3**
-   
+
    - 1909 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2019 Update (1909)**
-    
-   - 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**     
-     
+
+   - 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**
+
 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
-  
-5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**. 
-  
+
+5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**.
+
    If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
-     
+
 6. Restart the Domain Controller for the policy to be available.
 
 This procedure will work for any future version as well.
@@ -215,7 +217,7 @@ This procedure will work for any future version as well.
 4. Filter using Security Groups.
 
 ## Troubleshoot auto-enrollment of devices
-Investigate the log file if you have issues even after performing all the mandatory verification steps. The first log file to investigate is the event log on the target Windows 10 device. 
+Investigate the log file if you have issues even after performing all the mandatory verification steps. The first log file to investigate is the event log on the target Windows 10 device.
 
 To collect Event Viewer logs:
 
@@ -251,13 +253,13 @@ To collect Event Viewer logs:
 
     Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment.
 
-    If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required. 
+    If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
     One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
 
     ![Outdated enrollment entries](images/auto-enrollment-outdated-enrollment-entries.png)
 
-    By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016. 
-    A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display less entries as shown in the following screenshot:
+    By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016.
+    A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
 
     ![Manually deleted entries](images/auto-enrollment-activation-verification-less-entries.png)
 
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-38.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-38.png
deleted file mode 100644
index 7ee23eda5d..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-38.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-39.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-39.png
deleted file mode 100644
index a1ca65c3f4..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-39.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-40.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-40.png
deleted file mode 100644
index 87f685d460..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-40.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-41.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-41.png
deleted file mode 100644
index 1832454fbc..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-41.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-42.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-42.png
deleted file mode 100644
index c85e74d141..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-42.png and /dev/null differ
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 1c9ca9aba5..f74caeda09 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -12,7 +12,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 11/15/2017
+ms.date: 11/19/2020
 ---
 
 # MDM enrollment of Windows 10-based devices
@@ -248,33 +248,6 @@ To create a local account and connect the device:
 
    After you complete the flow, your device will be connected to your organization’s MDM.
    
-
-### Connect to MDM on a phone (enroll in device management)
-
-1.  Launch the Settings app, and then select **Accounts**.
-
-    ![phone settings](images/unifiedenrollment-rs1-38.png)
-
-2.  Select **Access work or school**.
-
-    ![phone settings](images/unifiedenrollment-rs1-39.png)
-
-3.  Select the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
-
-    ![access work or school page](images/unifiedenrollment-rs1-40.png)
-
-4.  Enter your work email address.
-
-    ![enter your email address](images/unifiedenrollment-rs1-41.png)
-
-5.  If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information.
-
-    Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
-
-6.  After you complete the flow, your device will be connected to your organization’s MDM.
-
-    ![completed mdm enrollment](images/unifiedenrollment-rs1-42.png)
-
 ### Help with connecting personally-owned devices
 
 There are a few instances where your device may not be able to connect to work.
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 739826c640..bd4bcafd21 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -50,17 +50,17 @@ ms.date: 10/08/2020
 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
-- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
-- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
-- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
-- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled)
-- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
-- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
-- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
-- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery)
-- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
-- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
-- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
+- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) <sup>9</sup>
+- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) <sup>9</sup>
+- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) <sup>9</sup>
+- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) <sup>9</sup>
+- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) <sup>9</sup>
+- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) <sup>9</sup>
+- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) <sup>9</sup>
+- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery) <sup>9</sup>
+- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin) <sup>9</sup>
+- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) <sup>9</sup>
+- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) <sup>9</sup>
 - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
 - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
 - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
@@ -83,20 +83,22 @@ ms.date: 10/08/2020
 - [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps) <sup>8</sup>
 - [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) <sup>8</sup>
 - [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) <sup>8</sup>
+- [RemoteLock/Lock](https://docs.microsoft.com/windows/client-management/mdm/remotelock-csp) <sup>9</sup>
 - [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
-- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage)
-- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage)
+- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage) <sup>9</sup>
+- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage) <sup>9</sup>
 - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
 - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
+- [Settings/PageVisibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) <sup>9</sup>
 - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
 - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
 - [System/AllowLocation](policy-csp-system.md#system-allowlocation)
 - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
 - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
-- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
-- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
-- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
-- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
+- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone) <sup>9</sup>
+- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) <sup>9</sup>
+- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) <sup>9</sup>
+- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) <sup>9</sup>
 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
 - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
@@ -122,6 +124,7 @@ Footnotes:
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
+- 9 - Available in [Windows Holographic, version 20H2](https://docs.microsoft.com/hololens/hololens-release-notes#windows-holographic-version-20h2)
 
 ## Related topics
 
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 4061074c76..1031aada9c 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -371,7 +371,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-This policy allows you to to configure one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. One or more values can be added as either fully qualified domain names (FQDN) or IP addresses.  To add multiple values, separate each FQDN or IP address by commas.
+This policy allows you to configure one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. One or more values can be added as either fully qualified domain names (FQDN) or IP addresses.  To add multiple values, separate each FQDN or IP address by commas.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -754,8 +754,7 @@ The following list shows the supported values:
 -   2 – HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if it exists) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2.
 -   3 – HTTP blended with Internet peering.
 -   99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607.
--   100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607.
-
+-   100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. Note that this value is deprecated and will be removed in a future release.
 <!--/SupportedValues-->
 <!--/Policy-->
 
@@ -882,7 +881,7 @@ The options set in this policy only apply to Group (2) download mode. If Group (
 
 For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.
 
-Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5.
+Starting with Windows 10, version 1903, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5.
 
 <!--/Description-->
 <!--ADMXMapped-->
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index df12efd32b..b1a0a67245 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -84,6 +84,18 @@ For example, the following syntax grants user rights to Authenticated Users and
 <![CDATA[Authenticated Users&#xF000;Replicator]]>
 ```
 
+For example, the following syntax grants user rights to two specific Azure Active Directory (AAD) users from Contoso, user1 and user2:
+
+```xml
+<![CDATA[AzureAD\user1@contoso.com&#xF000;AzureAD\user2@contoso.com]]>
+```
+
+For example, the following syntax grants user rights to a specific user or group, by using the Security Identifier (SID) of the account or group:
+
+```xml
+<![CDATA[*S-1-12-1-430441778-1204322964-3914475434-3271576427&#xF000;*S-1-12-1-2699785510-1240757380-4153857927-656075536]]>
+```
+
 <hr/>
 
 <!--Policies-->
diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index b50e43abae..ee292cb2a6 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -251,7 +251,7 @@ If the physical computer is still running in a frozen state, follow these steps
 
 Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.   
 
-Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](https://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx). 
+Learn [how to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/office/how-to-use-memory-pool-monitor-poolmon-exe-to-troubleshoot-kernel-mode-memory-leaks-4f4a05c2-ef8a-fca4-3ae0-670b940af398). 
 
 ### Use memory dump to collect data for the virtual machine that's running in a frozen state 
 
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index c55b476746..f60f34e592 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -388,12 +388,12 @@ On **MDT01**:
 1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
 2. In the **OS Info** tab, click **Edit Unattend.xml**. MDT now generates a catalog file. This will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
 
- >[!IMPORTANT]
- >The current version of MDT (8456) has a known issue generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error "Could not load file or assembly" in in the console output. As a temporary workaround:
- >- Close the Deployment Workbench and install the [WSIM 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334). This will update imagecat.exe and imgmgr.exe to version 10.0.18362.144.
- >- Manually run imgmgr.exe (C:\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM\\imgmgr.exe).
- >- Generate a catalog (Tools/Create Catalog) for the selected install.wim (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install.wim). 
- >- After manually creating the catalog file (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install_Windows 10 Enterprise.clg), open the Deployment Workbench and proceed to edit unattend.xml.
+ > [!IMPORTANT]
+ > The ADK version 1903 has a [known issue](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-1903) generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error "Could not load file or assembly" in in the console output. To avoid this issue, [install the ADK, version 2004 or a later version](https://docs.microsoft.com/windows-hardware/get-started/adk-install). A workaround is also available for the ADK version 1903:
+ > - Close the Deployment Workbench and install the [WSIM 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334). This will update imagecat.exe and imgmgr.exe to version 10.0.18362.144.
+ > - Manually run imgmgr.exe (C:\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM\\imgmgr.exe).
+ > - Generate a catalog (Tools/Create Catalog) for the selected install.wim (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install.wim). 
+ > - After manually creating the catalog file (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install_Windows 10 Enterprise.clg), open the Deployment Workbench and proceed to edit unattend.xml.
 
 3. In Windows SIM, expand the **4 specialize** node in the **Answer File** pane and select the amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral entry.
 4. In the **amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral properties** window (right-hand window), set the following values:
diff --git a/windows/deployment/update/feature-update-mission-critical.md b/windows/deployment/update/feature-update-mission-critical.md
index a36563477b..c44569853e 100644
--- a/windows/deployment/update/feature-update-mission-critical.md
+++ b/windows/deployment/update/feature-update-mission-critical.md
@@ -31,10 +31,10 @@ Devices and shared workstations that are online and available 24 hours a day, 7
 You can use Configuration Manager to deploy feature updates to Windows 10 devices in two ways. The first option is to use the software updates feature. The second option is to use a task sequence to deploy feature updates. There are times when deploying a Windows 10 feature update requires the use of a task sequence—for example:
 
 - **Upgrade to the next LTSC release.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade.
-- **Additional required tasks.** When deploying a feature update requires additional steps (e.g., suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments.
+- **Additional required tasks.** When deploying a feature update requires additional steps (for example, suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments.
 - **Language pack installations.** When deploying a feature update requires the installation of additional language packs, you can use task sequences to orchestrate the installation. Software updates do not have the ability to natively install language packs.
 
-If you need to use a task sequence to deploy feature updates, see [Manage Windows as a service using Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/manage-windows-as-a-service) for more information. If you find that your requirement for a task sequence is based solely on the need to run additional tasks preformed pre-install or pre-commit, see the new [run custom actions](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) functionality first introduced with Windows 10, version 1803. You might find this useful in deploying software updates. 
+If you need to use a task sequence to deploy feature updates, see [Manage Windows as a service using Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/manage-windows-as-a-service) for more information. If you find that your requirement for a task sequence is based solely on the need to run additional tasks performed pre-install or pre-commit, see the new [run custom actions](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) functionality first introduced with Windows 10, version 1803. You might find this option useful in deploying software updates. 
 
 Use the following information:
 
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index 6bab8477a5..44bbae9ebf 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -28,7 +28,7 @@ The Windows Update workflow has four core areas of functionality:
 
 
 ### Download
-1. Orchestrator initiates downloads.
+1. Orchestrator starts downloads.
 2. Windows Update downloads manifest files and provides them to the arbiter.
 3. The arbiter evaluates the manifest and tells the Windows Update client to download files.
 4. Windows Update client downloads files in a temporary folder.
@@ -36,54 +36,54 @@ The Windows Update workflow has four core areas of functionality:
 
 
 ### Install
-1. Orchestrator initiates the installation.
+1. Orchestrator starts the installation.
 2. The arbiter calls the installer to install the package.
 
 
 ### Commit
-1. Orchestrator initiates a restart.
+1. Orchestrator starts a restart.
 2. The arbiter finalizes before the restart.
 
 
 ## How updating works 
-During the updating process, the Windows Update Orchestrator operates in the background to scan, download, and install updates. It does this automatically, according to your settings, and in a silent manner that doesn't disrupt your computer usage. 
+During the updating process, the Windows Update Orchestrator operates in the background to scan, download, and install updates. It does these actions automatically, according to your settings, and silently so that doesn't disrupt your computer usage. 
 
 ## Scanning updates 
 ![Windows Update scanning step](images/update-scan-step.png)
 
 The Windows Update Orchestrator on your PC checks the Microsoft Update server or your WSUS endpoint for new updates at random intervals. The randomization ensures that the Windows Update server isn't overloaded with requests all at the same time. The Update Orchestrator searches only for updates that have been added since the last time updates were searched, allowing it to find updates quickly and efficiently.  
 
-When checking for updates, the Windows Update Orchestrator evaluates whether the update is appropriate for your computer using guidelines defined by the publisher of the update, for example, Microsoft Office including enterprise group policies. 
+When checking for updates, the Windows Update Orchestrator evaluates whether the update is appropriate for your device. It uses guidelines defined by the publisher of the update, for example, Microsoft Office including enterprise group policies. 
 
 Make sure you're familiar with the following terminology related to Windows Update scan:
 
 |Term|Definition|
 |----|----------|
-|Update|We use this term to mean a lot of different things, but in this context it's the actual patch or change.| 
+|Update|We use this term to mean several different things, but in this context it's the actual updated code or change.| 
 |Bundle update|An update that contains 1-N child updates; doesn't contain payload itself.| 
 |Child update|Leaf update that's bundled by another update; contains payload.| 
-|Detectoid update|A special 'update' that contains "IsInstalled" applicability rule only and no payload. Used for prereq evaluation.| 
-|Category update|A special 'detectoid' that has always true IsInstalled rule. Used for grouping updates and for client to filter updates. |
+|Detector update|A special "update" that contains "IsInstalled" applicability rule only and no payload. Used for prereq evaluation.| 
+|Category update|A special "detectoid" that has an **IsInstalled** rule that is always true. Used for grouping updates and to allow the device to filter updates. |
 |Full scan|Scan with empty datastore.| 
 |Delta scan|Scan with updates from previous scan already cached in datastore.| 
-|Online scan|Scan that hits network and goes against server on cloud. |
-|Offline scan|Scan that doesn't hit network and goes against local datastore. Only useful if online scan has been performed before. |
-|CatScan|Category scan where caller can specify a categoryId to get updates published under the categoryId.| 
-|AppCatScan|Category scan where caller can specify an AppCategoryId to get apps published under the appCategoryId.| 
-|Software sync|Part of the scan that looks at software updates only (OS and apps).|  
-|Driver sync|Part of the scan that looks at Driver updates only. This is run after Software sync and is optional.| 
-|ProductSync|Attributes based sync, where client provides a list of device, product and caller attributes ahead of time to allow service to evaluate applicability in the cloud. |
+|Online scan|Scan that uses the network and to check an update server. |
+|Offline scan|Scan that doesn't use the network and instead checks the local datastore. Only useful if online scan has been performed before. |
+|CatScan|Category scan where caller can specify a **categoryId** to get updates published under that **categoryId**.| 
+|AppCatScan|Category scan where caller can specify an **AppCategoryId** to get apps published under that **appCategoryId**.| 
+|Software sync|Part of the scan that only checks for software updates (both the apps and the operating system).|  
+|Driver sync|Part of the scan that checks driver updates only. This sync is optional and runs after the software sync.| 
+|ProductSync|A sync based on attributes, in which the client provides a list of device, product, and caller attributes ahead of time to allow service to check applicability in the cloud. |
 
 ### How Windows Update scanning works 
  
-Windows Update takes the following sets of actions when it runs a scan. 
+Windows Update does the following actions when it runs a scan. 
 
 #### Starts the scan for updates  
 When users start scanning in Windows Update through the Settings panel, the following occurs:  
 
-- The scan first generates a “ComApi” message. The caller (Microsoft Defender Antivirus) tells the WU engine to scan for updates. 
+- The scan first generates a “ComApi” message. The caller (Microsoft Defender Antivirus) tells the Windows Update engine to scan for updates. 
 - "Agent" messages: queueing the scan, then actually starting the work: 
-   - Updates are identified by the different IDs ("Id = 10", "Id = 11") and from the different thread ID numbers. 
+   - Updates are identified by the different IDs ("ID = 10", "ID = 11") and from the different thread ID numbers. 
    - Windows Update uses the thread ID filtering to concentrate on one particular task. 
 
       ![Windows Update scan log 1](images/update-scan-log-1.png)
@@ -91,20 +91,19 @@ When users start scanning in Windows Update through the Settings panel, the foll
 #### Identifies service IDs
 
 - Service IDs indicate which update source is being scanned. 
-   Note The next screen shot shows Microsoft Update and the Flighting service. 
 
 - The Windows Update engine treats every service as a separate entity, even though multiple services may contain the same updates. 
    ![Windows Update scan log 2](images/update-scan-log-2.png)
 - Common service IDs 
 
    > [!IMPORTANT]
-   > ServiceId here identifies a client abstraction, not any specific service in the cloud. No assumption should be made of which server a serviceId is pointing to, it's totally controlled by the SLS responses. 
+   > ServiceId here identifies a client abstraction, not any specific service in the cloud. No assumption should be made of which server a serviceId is pointing to. It's totally controlled by responses from the Service Locator Service. 
  
 |Service|ServiceId|
 |-------|---------| 
-|Unspecified / Default|WU, MU or WSUS <br>00000000-0000-0000-0000-000000000000 |
-|WU|9482F4B4-E343-43B6-B170-9A65BC822C77| 
-|MU|7971f918-a847-4430-9279-4a52d1efe18d| 
+|Unspecified / Default|WU, MU, or WSUS <br>00000000-0000-0000-0000-000000000000 |
+|Windows Update|9482F4B4-E343-43B6-B170-9A65BC822C77| 
+|Microsoft Update|7971f918-a847-4430-9279-4a52d1efe18d| 
 |Store|855E8A7C-ECB4-4CA3-B045-1DFA50104289| 
 |OS Flighting|8B24B027-1DEE-BABB-9A95-3517DFB9C552| 
 |WSUS or Configuration Manager|Via ServerSelection::ssManagedServer <br>3DA21691-E39D-4da6-8A4B-B43877BCB1B7 |
@@ -115,33 +114,33 @@ Common update failure is caused due to network issues. To find the root of the i
 
 - Look for "ProtocolTalker" messages to see client-server sync network traffic. 
 - "SOAP faults" can be either client- or server-side issues; read the message. 
-- The WU client uses SLS (Service Locator Service) to discover the configurations and endpoints of Microsoft network update sources – WU, MU, Flighting. 
+- The Windows Update client uses the Service Locator Service to discover the configurations and endpoints of Microsoft network update sources: Windows update, Microsoft Update, or Flighting. 
 
    > [!NOTE]
-   > Warning messages for SLS can be ignored if the search is against WSUS or Configuration Manager. 
+   > If the search is against WSUS or Configuration Manager, you can ignore warning messages for the Service Locator Service. 
 
-- On sites that only use WSUS or Configuration Manager, the SLS may be blocked at the firewall. In this case the SLS request will fail, and can’t scan against Windows Update or Microsoft Update but can still scan against WSUS or Configuration Manager, since it’s locally configured.
+- On sites that only use WSUS or Configuration Manager, the Service Locator Service might be blocked at the firewall. In this case the request will fail, and though the service can’t scan against Windows Update or Microsoft Update, it can still scan against WSUS or Configuration Manager, since it’s locally configured.
    ![Windows Update scan log 3](images/update-scan-log-3.png)
    
 ## Downloading updates 
 ![Windows Update download step](images/update-download-step.png)
 
-Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does this in the background without interrupting your normal use of the computer.  
+Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does operation in the background without interrupting your normal use of the device.  
 
-To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization technology which downloads updates and reduces bandwidth consumption. 
+To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses Delivery Optimization, which downloads updates and reduces bandwidth consumption. 
  
-For more information see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md). 
+For more information, see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md). 
 
 ## Installing updates 
 ![Windows Update install step](images/update-install-step.png)
 
 When an update is applicable, the "Arbiter" and metadata are downloaded. Depending on your Windows Update settings, when downloading is complete, the Arbiter will gather details from the device, and compare that with the downloaded metadata to create an "action list".  
 
-The action list describes all the files needed from WU, and what the install agent (such as CBS or Setup) should do with them. The action list is provided to the install agent along with the payload to begin the installation. 
+The action list describes all the files needed from Windows Update, and what the installation agent (such as CBS or Setup) should do with them. The action list is provided to the installation agent along with the payload to begin the installation. 
  
 ## Committing Updates 
 ![Windows Update commit step](images/update-commit-step.png)
 
-When the option to automatically install updates is configured, the Windows Update Orchestrator, in most cases, automatically restarts the PC for you after installing the updates. This is necessary because your PC may be insecure, or not fully updated, until a restart is completed. You can use Group Policy settings, mobile device management (MDM), or  the registry (not recommended) to configure when devices will restart after a Windows 10 update is installed.  
+When the option to automatically install updates is configured, the Windows Update Orchestrator, in most cases, automatically restarts the device for you after installing the updates. It has to restart the device because it might be insecure, or not fully updated, until it restarts. You can use Group Policy settings, mobile device management (MDM), or the registry (not recommended) to configure when devices will restart after a Windows 10 update is installed.  
 
-For more information see [Manage device restarts after updates](waas-restart.md). 
+For more information, see [Manage device restarts after updates](waas-restart.md). 
diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index 8911262e12..b96d2edfd6 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -22,7 +22,7 @@ There are a number of requirements to consider when manually configuring devices
 The requirements are separated into different categories:
 
 1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured.
-2. Devices in every network topography needs to send data to the [**required endpoints**](#required-endpoints) for Update Compliance, for example both devices in main and satellite offices, which may have different network configurations.
+2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Update Compliance. For example, devices in both main and satellite offices, which might have different network configurations must be able to reach the endpoints.
 3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
 4. [**Run a full Census sync**](#run-a-full-census-sync) on new devices to ensure that all necessary data points are collected.
 
@@ -34,7 +34,7 @@ The requirements are separated into different categories:
 Update Compliance has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Update Compliance. They are enumerated below, separated by whether the policies will be configured via [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
 
 - **Policy** corresponds to the location and name of the policy.
-- **Value** Indicates what value the policy must be set to. Update Compliance requires *at least* Basic (or Required) telemetry, but can function off Enhanced or Full (or Optional).
+- **Value** Indicates what value the policy must be set to. Update Compliance requires *at least* Basic (or Required) diagnostic data, but can function off Enhanced or Full (or Optional).
 - **Function** details why the policy is required and what function it serves for Update Compliance. It will also detail a minimum version the policy is required, if any.
 
 ### Mobile Device Management policies
@@ -44,8 +44,8 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e
 | Policy | Value | Function |
 |---------------------------|-|------------------------------------------------------------|
 |**Provider/*ProviderID*/**[**CommercialID**](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) |Identifies the device as belonging to your organization. |
-|**System/**[**AllowTelemetry**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | 1- Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
-|**System/**[**ConfigureTelemetryOptInSettingsUx**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | 1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether end-users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
+|**System/**[**AllowTelemetry**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | 1- Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. |
+|**System/**[**ConfigureTelemetryOptInSettingsUx**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | 1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
 |**System/**[**AllowDeviceNameInDiagnosticData**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
 
 > [!NOTE]
@@ -58,8 +58,8 @@ All Group Policies that need to be configured for Update Compliance are under **
 | Policy | Value | Function |
 |---------------------------|-|-----------------------------------------------------------|
 |**Configure the Commercial ID** |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) | Identifies the device as belonging to your organization. |
-|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this lower than what the policy defines. See the following policy for more information. |
-|**Configure telemetry opt-in setting user interface** | 1 - Disable telemetry opt-in Settings |(in Windows 10, version 1803 and later) Determines whether end-users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. |
+|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. See the following policy for more information. |
+|**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. |
 |**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
 
 ## Required endpoints
@@ -72,9 +72,9 @@ To enable data sharing between devices, your network, and Microsoft's Diagnostic
 | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
 | `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. |
 | `http://adl.windows.com` | Required for Windows Update functionality. |
-| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting in the event of certain Feature Update deployment failures. |
+| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting if certain Feature Update deployment failures occur. |
 | `https://oca.telemetry.microsoft.com`  | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. |
-| `https://login.live.com` | This endpoint facilitates MSA access and is required to create the primary identifier we use for devices. Without this service, devices will not be visible in the solution. This also requires Microsoft Account Sign-in Assistant service to be running (wlidsvc). |
+| `https://login.live.com` | This endpoint facilitates MSA access and is required to create the primary identifier we use for devices. Without this service, devices will not be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
 
 ## Required services
 
@@ -83,7 +83,7 @@ Many Windows and Microsoft services are required to ensure that not only the dev
 
 ## Run a full Census sync
 
-Census is a service that runs on a regular schedule on Windows devices. A number of key device attributes, like what operating system edition is installed on the device, are included in the Census payload. However, to save network load and system resources, data that tends to be more static (like edition) is sent approximately once per week rather than on every daily run. Because of this, these attributes can take longer to appear in Update Compliance unless you start a full Census sync. The Update Compliance Configuration Script does this. 
+Census is a service that runs on a regular schedule on Windows devices. A number of key device attributes, like what operating system edition is installed on the device, are included in the Census payload. However, to save network load and system resources, data that tends to be more static (like edition) is sent approximately once per week rather than on every daily run. Because of this behavior, these attributes can take longer to appear in Update Compliance unless you start a full Census sync. The Update Compliance Configuration Script will do a full sync. 
 
 A full Census sync adds a new registry value to Census's path. When this registry value is added, Census's configuration is overridden to force a full sync. For Census to work normally, this registry value should be enabled, Census should be started manually, and then the registry value should be disabled. Follow these steps:
 
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index d1f41bc2bd..1a27cda457 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -27,7 +27,7 @@ Windows Update for Business is a free service that is available for all premium
 
 Windows Update for Business enables IT administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated.
   
-Specifically, Windows Update for Business allows for control over update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization as well as a positive update experience for those in your organization.
+Specifically, Windows Update for Business lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization. It also provides a positive update experience for people in your organization.
 
 ## What can I do with Windows Update for Business?
 
@@ -47,9 +47,9 @@ Windows Update for Business enables an IT administrator to receive and manage a
 Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
 
 - **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released semi-annually in the fall and in the spring.
-- **Quality updates:** These are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
-- **Driver updates:** These are non-Microsoft drivers that are applicable to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer. 
-- **Microsoft product updates**: These are updates for other Microsoft products, such as Office. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
+- **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as updates for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
+- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer. 
+- **Microsoft product updates**: Updates for other Microsoft products, such as Office. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
 
 
 ## Offering
@@ -65,13 +65,13 @@ The branch readiness level enables administrators to specify which channel of fe
 - Windows Insider Fast
 - Windows Insider Slow
 - Windows Insider Release Preview
-- Semi-annual Channel
+- Semi-Annual Channel
 
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-annual Channel and Semi-annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-annual Channel. All deferral days are calculated against a release’s Semi-annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
 
 #### Defer an update
 
-A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates use the **Select when Preview Builds and Feature Updates are Received** policy.
+A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and Feature Updates are Received** policy.
 
 
 |Category  |Maximum deferral period  |
@@ -88,10 +88,10 @@ A Windows Update for Business administrator can defer the installation of both f
 If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated.
 If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
 
-To pause feature updates use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
+To pause feature updates, use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
 
-Built in benefits:
-When updating from Windows Update you get the added benefits of built in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
+Built-in benefits:
+When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
 
 ### Recommendations
 
@@ -104,13 +104,13 @@ For the best experience with Windows Update, follow these guidelines:
 
 ### Manage the end-user experience when receiving Windows Updates
 
-Windows Update for Business provides controls to help meet your organization’s security standards as well as provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for those in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's usually better to use fewer controls to manage the end-user experience. 
+Windows Update for Business provides controls to help meet your organization’s security standards as well as provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for people in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's better to use fewer controls to manage the user experience. 
 
 #### Recommended experience settings
 
 Features like the smart busy check (which ensure updates don't happen when a user is signed in) and active hours help provide the best experience for end users while keeping devices more secure and up to date. Follow these steps to take advantage of these features:
 
-1.	Automatically download, install and restart (default if no restart policies are set up or enabled)
+1.	Automatically download, install, and restart (default if no restart policies are set up or enabled)
 2.	Use the default notifications 
 3.	Set update deadlines
 
@@ -118,7 +118,7 @@ Features like the smart busy check (which ensure updates don't happen when a use
 
 A compliance deadline policy (released in June 2019) enables you to set separate deadlines and grace periods for feature and quality updates. 
 
-This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This is extremely beneficial in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
+This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This approach is useful in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
 
 #### Update Baseline
 The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
@@ -186,9 +186,9 @@ The branch readiness level enables administrators to specify which channel of fe
     - Windows Insider Fast 
     - Windows Insider Slow 
     - Windows Insider Release Preview 
-- Semi-annual Channel for released updates
+    - Semi-Annual Channel for released updates
  
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-annual Channel and Semi-annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-annual Channel. All deferral days will be calculated against a release's Semi-annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
 
 ### Recommendations
 
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 4f59f66eec..cf357be8c6 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -1,6 +1,6 @@
 ---
 title: Manage device restarts after updates (Windows 10)
-description: Use Group Policy settings, mobile device management (MDM) or Registry to configure when devices will restart after a Windows 10 update is installed.
+description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows 10 update is installed.
 ms.prod: w10
 ms.mktglfcycl: deploy
 author: jaimeo
@@ -23,7 +23,7 @@ ms.custom:
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
-You can use Group Policy settings, mobile device management (MDM) or Registry (not recommended) to configure when devices will restart after a Windows 10 update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both.
+You can use Group Policy settings, mobile device management (MDM), or Registry (not recommended) to configure when devices will restart after a Windows 10 update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both.
 
 ## Schedule update installation
 
@@ -77,11 +77,12 @@ MDM uses the [Update/ActiveHoursStart and Update/ActiveHoursEnd](https://msdn.mi
 
 ### Configuring active hours through Registry
 
-This method is not recommended, and should only be used when neither Group Policy or MDM are available.
+This method is not recommended, and should only be used when you can't use Group Policy or MDM.
 Any settings configured through Registry may conflict with any existing configuration that uses any of the methods mentioned above.
 
-You should set a combination of the following registry values, in order to configure active hours.
-Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate** use **SetActiveHours** to enable or disable active hours and **ActiveHoursStart**,**ActiveHoursEnd** to specify the range of active hours.
+Configure active hours by setting a combination of the following registry values:
+
+Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate** use **SetActiveHours** to enable or disable active hours and **ActiveHoursStart** and **ActiveHoursEnd** to specify the range of active hours.
 
 For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
 
@@ -100,7 +101,7 @@ To configure active hours max range through MDM, use [**Update/ActiveHoursMaxRan
 
 ## Limit restart delays
 
-After an update is installed, Windows 10 attempts automatic restart outside of active hours. If the restart does not succeed after 7 days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from 7 days to a number of days between 2 and 14.
+After an update is installed, Windows 10 attempts automatic restart outside of active hours. If the restart does not succeed after seven days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from seven days to any number of days between two and 14.
 
 ## Control restart notifications
 
@@ -137,7 +138,7 @@ In MDM, the warning reminder is configured using [**Update/ScheduleRestartWarnin
 
 ### Engaged restart
 
-Engaged restart is the period of time when users are required to schedule a restart. Initially, Windows will auto-restart outside of working hours. Once the set period ends (7 days by default), Windows transitions to user scheduled restarts.
+Engaged restart is the period of time when users are required to schedule a restart. Initially, Windows will auto-restart outside of working hours. Once the set period ends (seven days by default), Windows transitions to user scheduled restarts.
 
 The following settings can be adjusted for engaged restart:
 * Period of time before auto-restart transitions to engaged restart.
@@ -183,19 +184,19 @@ The following tables list registry values that correspond to the Group Policy se
 
 | Registry key | Key type | Value |
 | --- | --- | --- |
-| AlwaysAutoRebootAtScheduledTime | REG_DWORD | 0: disable automatic reboot after update installation at scheduled time</br>1: enable automatic reboot after update installation at ascheduled time |
+| AlwaysAutoRebootAtScheduledTime | REG_DWORD | 0: disable automatic reboot after update installation at scheduled time</br>1: enable automatic reboot after update installation at a scheduled time |
 | AlwaysAutoRebootAtScheduledTimeMinutes | REG_DWORD | 15-180: set automatic reboot to occur after given minutes |
 | AUOptions | REG_DWORD | 2: notify for download and notify for installation of updates</br>3: automatically download and notify for installation of updates</br>4: Automatically download and schedule installation of updates</br>5: allow the local admin to configure these settings</br>**Note:** To configure restart behavior, set this value to **4** |
-| NoAutoRebootWithLoggedOnUsers | REG_DWORD | 0: disable do not reboot if users are logged on</br>1: do not reboot after an update installation if a user is logged on</br>**Note:** If disabled : Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation  |
+| NoAutoRebootWithLoggedOnUsers | REG_DWORD | 0: disable do not reboot if users are logged on</br>1: do not reboot after an update installation if a user is logged on</br>**Note:** If disabled: Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation  |
 | ScheduledInstallTime | REG_DWORD | 0-23: schedule update installation time to a specific hour</br>starts with 12 AM (0) and ends with 11 PM (23) |
 
-There are 3 different registry combinations for controlling restart behavior:
+There are three different registry combinations for controlling restart behavior:
 
 - To set active hours, **SetActiveHours** should be **1**, while **ActiveHoursStart** and **ActiveHoursEnd** should define the time range.
-- To schedule a specific installation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
+- To schedule a specific installation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, and **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
 - To delay rebooting if a user is logged on, **AUOptions** should be **4**, while **NoAutoRebootWithLoggedOnUsers** is set to **1**.
 
-## Related topics
+## Related articles
 
 - [Update Windows 10 in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index 11dff0bce0..0cad11e031 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -7,7 +7,6 @@ audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
-ms.date: 09/18/2018
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
@@ -23,18 +22,18 @@ The following table provides information about common errors you might run into
 
 |                Error Code                |              Message              |                                          Description                                          |                                                                                                                                                                                                                     Mitigation                                                                                                                                                                                                                      |
 |------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                0x8024402F                | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS |                    External cab file processing completed with some errors                    |                                                                                               One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>The IP addresses of the computers you want to get updates successfully on, should be added to the exceptions list of Lightspeed                                                                                               |
-|                0x80242006                |      WU_E_UH_INVALIDMETADATA      |   A handler operation could not be completed because the update contains invalid metadata.    | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>To do this, type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
-|                0x80070BC9                |    ERROR_FAIL_REBOOT_REQUIRED     |    The requested operation failed. A system reboot is required to roll back changes made.     |                                                                                                                          Ensure that we do not have any policies that control the start behavior for the Windows Module Installer. This service should not be hardened to any start value and should be managed by the OS.                                                                                                                          |
-|                0x80200053                |      BG_E_VALIDATION_FAILED       |                                              NA                                               |                                                                  Ensure that there is no Firewalls that filter downloads. The Firewall filtering may lead to invalid responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [WU reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).                                                                  |
-|                0x80072EE2                |         WININET_E_TIMEOUT         |                                    The operation timed out                                    |                   This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>Additionally , you can take a network trace and see what is timing out. \<Refer to Firewall Troubleshooting scenario>                   |
+|                0x8024402F                | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS |                    External cab file processing completed with some errors                    |                                                                                               One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed                                                                                               |
+|                0x80242006                |      WU_E_UH_INVALIDMETADATA      |   A handler operation could not be completed because the update contains invalid metadata.    | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
+|                0x80070BC9                |    ERROR_FAIL_REBOOT_REQUIRED     |    The requested operation failed. A system reboot is required to roll back changes made.     |                                                                                                                          Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system.                                                                                                                          |
+|                0x80200053                |      BG_E_VALIDATION_FAILED       |                                              NA                                               |                                                                  Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).                                                                  |
+|                0x80072EE2                |         WININET_E_TIMEOUT         |                                    The operation timed out                                    |                   This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario>                   |
 | 0x80072EFD <br>0x80072EFE <br>0x80D02002 |          TIME_OUT_ERRORS          |                                    The operation timed out                                    |                                                                                                                                Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario>                                                                                                                                 |
 |                0X8007000D                |        ERROR_INVALID_DATA         |                   Indicates invalid data downloaded or corruption occurred.                   |                                                                                                                                                                                            Attempt to re-download the update and initiate installation.                                                                                                                                                                                             |
-|                0x8024A10A                |    USO_E_SERVICE_SHUTTING_DOWN    |                        Indicates that the WU Service is shutting down.                        |                                                                                         This may happen due to a very long period of time of inactivity, a system hang leading to the service being idle and leading to the shutdown of the service. Ensure that the system remains active and the connections remain established to complete the upgrade.                                                                                          |
-|                0x80240020                |     WU_E_NO_INTERACTIVE_USER      |          Operation did not complete because there is no logged-on interactive user.           |                                                                                                                                                                            Please login to the system to initiate the installation and allow the system to be rebooted.                                                                                                                                                                             |
-|                0x80242014                |  WU_E_UH_POSTREBOOTSTILLPENDING   |                The post-reboot operation for the update is still in progress.                 |                                                                                                                                                               Some Windows Updates require the system to be restarted. Reboot the system to complete the installation of the Updates.                                                                                                                                                               |
+|                0x8024A10A                |    USO_E_SERVICE_SHUTTING_DOWN    |                        Indicates that the Windows Update Service is shutting down.                        |                                                                                         This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade.                                                                                          |
+|                0x80240020                |     WU_E_NO_INTERACTIVE_USER      |          Operation did not complete because there is no logged-on interactive user.           |                                                                                                                                                                            Sign in to the device to start the installation and allow the device to restart.                                                                                                                                                                             |
+|                0x80242014                |  WU_E_UH_POSTREBOOTSTILLPENDING   |                The post-restart operation for the update is still in progress.                 |                                                                                                                                                               Some Windows Updates require the device to be restarted. Restart the device to complete update installation.                                                                                                                                                              |
 |                0x80246017                |  WU_E_DM_UNAUTHORIZED_LOCAL_USER  | The download failed because the local user was denied authorization to download the content.  |                                                                                                                                               Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).                                                                                                                                                |
-|                0x8024000B                |        WU_E_CALL_CANCELLED        |                                   Operation was cancelled.                                    |                                                            This indicates that the operation was cancelled by the user/service. You may also encounter this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete.                                                             |
+|                0x8024000B                |        WU_E_CALL_CANCELLED        |                                   Operation was canceled.                                    |                                                            The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete.                                                             |
 |                0x8024000E                |         WU_E_XML_INVALID          |           Windows Update Agent found invalid information in the update's XML data.            |                                                                                                              Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine.                                                                                                              |
 |                0x8024D009                |      WU_E_SETUP_SKIP_UPDATE       | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |                                                                                       You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue.                                                                                       |
 |                0x80244007                |   WU_E_PT_SOAPCLIENT_SOAPFAULT    | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. |                                                                                        This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue.                                                                                         |
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index 1e40aac62e..ed776f86d0 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -1,13 +1,12 @@
 ---
 title: Windows Update log files 
-description: Learn about the Windows Update log files and how to merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file.
+description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
 ms.prod: w10
 ms.mktglfcycl: 
 audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
-ms.date: 09/18/2018
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
@@ -21,21 +20,21 @@ ms.custom: seo-marvel-apr2020
 The following table describes the log files created by Windows Update.
 
 
-|Log file|Location|Description|When to Use |
+|Log file|Location|Description|When to use |
 |-|-|-|-|
-|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update (WU), you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.|
-|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these etl files.|When you see that the updates are available but download is not getting triggered.  <br>When Updates are downloaded but installation is not triggered.<br>When Updates are installed but reboot is not triggered. |
-|NotificationUxBroker.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the notification toast or the banner is triggered by this NotificationUxBroker.exe . And the logs to check its working is this etl. |When you want to check whether the Notification was triggered or not for reboot or update availability etc. |
-|CBS.log|%systemroot%\Logs\CBS|This logs provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to WU installation.|
+|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.|
+|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files.|When you see that the updates are available but download is not getting triggered.  <br>When Updates are downloaded but installation is not triggered.<br>When Updates are installed but reboot is not triggered. |
+|NotificationUxBroker.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the notification toast or the banner is triggered by NotificationUxBroker.exe. |When you want to check whether the notification was triggered or not. |
+|CBS.log|%systemroot%\Logs\CBS|This log provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to Windows Update installation.|
 
 ## Generating WindowsUpdate.log 
-To merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru). 
+To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru). 
 
 >[!NOTE]
 >When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpate.log unless you run **Get-WindowsUpdateLog** again. 
  
 ### Windows Update log components 
-The WU engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file: 
+The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file: 
 
 - AGENT- Windows Update agent 
 - AU - Automatic Updates is performing this task 
@@ -93,12 +92,12 @@ The time stamp indicates the time at which the logging occurs.
 The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log. 
 - The first four hex digits are the process ID. 
 - The next four hex digits are the thread ID. 
-- Each component, such as the USO, WU engine, COM API callers, and WU installer handlers, has its own process ID.   
+- Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.   
    ![Windows Update process and thread IDs](images/update-process-id.png)
 
 
 #### Component name  
-Search for and identify the components that are associated with the IDs. Different parts of the WU engine have different component names. Some of them are as follows: 
+Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows: 
 
 - ProtocolTalker - Client-server sync 
 - DownloadManager - Creates and monitors payload downloads 
@@ -114,7 +113,7 @@ Search for and identify the components that are associated with the IDs. Differe
 
 ##### Update ID and revision number 
 There are different identifiers for the same update in different contexts. It's important to know the identifier schemes. 
-- Update ID: A GUID (indicated in the previous screen shot) that's assigned to a given update at publication time 
+- Update ID: A GUID (indicated in the previous screenshot) that's assigned to a given update at publication time 
 - Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service 
 - Revision numbers are reused from one update to another (not a unique identifier). 
 - The update ID and revision number are often shown together as "{GUID}.revision." 
@@ -122,15 +121,15 @@ There are different identifiers for the same update in different contexts. It's
 
 
 ##### Revision ID 
-- A Revision ID (do no confuse this with "revision number") is a serial number that's issued when an update is initially published or revised on a given service. 
-- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a completely new revision ID that is not related to the previous ID. 
+- A Revision ID (don't confuse this value with "revision number") is a serial number that's issued when an update is initially published or revised on a given service. 
+- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that is not related to the previous ID. 
 - Revision IDs are unique on a given update source, but not across multiple sources. 
-- The same update revision may have completely different revision IDs on WU and WSUS. 
-- The same revision ID may represent different updates on WU and WSUS. 
+- The same update revision might have different revision IDs on Windows Update and WSUS. 
+- The same revision ID might represent different updates on Windows Update and WSUS. 
 
 ##### Local ID 
-- Local ID is a serial number issued when an update is received from a service by a given WU client 
-- Usually seen in debug logs, especially involving the local cache for update info (Datastore) 
+- Local ID is a serial number issued when an update is received from a service by a given Windows Update client 
+- Typically seen in debug logs, especially involving the local cache for update info (Datastore) 
 - Different client PCs will assign different Local IDs to the same update 
 - You can find the local IDs that a client is using by getting the client's %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file 
 
diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md
index 32a55ed102..92db02e305 100644
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ b/windows/deployment/update/windows-update-troubleshooting.md
@@ -53,7 +53,7 @@ The update that is offered to a device depends on several factors. The following
 If the update you're offered isn't the most current available, it might be because your device is being managed by a WSUS server, and you're being offered the updates available on that server. It's also possible, if your device is part of a deployment group, that your admin is intentionally slowing the rollout of updates. Since the deployment is slow and measured to begin with, all devices will not receive the update on the same day.  
  
 ## My device is frozen at scan. Why? 
-The Settings UI communicates with the Update Orchestrator service which in turn communicates with to Windows Update service. If these services stop unexpectedly, then you might see this behavior. In such cases, follow these steps:  
+The Settings UI communicates with the Update Orchestrator service that in turn communicates with to Windows Update service. If these services stop unexpectedly, then you might see this behavior. In such cases, follow these steps:  
 
 1. Close the Settings app and reopen it.  
 
@@ -151,7 +151,7 @@ Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping
 ## Issues arising from configuration of conflicting policies 
 Windows Update provides a wide range configuration policy to control the behavior of the Windows Update service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting policies may lead to unexpected behaviors. 
  
-See [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information.
+For more information, see [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information.
 
 ## Device cannot access update files
 
@@ -183,7 +183,7 @@ Windows 10 devices can receive updates from a variety of sources, including Wind
  
 Check the output for the Name and OffersWindowsUPdates parameters, which you can interpret according to this table. 
 
-|Output|Interpretation| 
+|Output|Meaning| 
 |-|-|
 |- Name: Microsoft Update <br>-OffersWindowsUpdates: True| - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.<br>- Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) |
 |- <a name="BKMK_DCAT"></a>Name: DCat Flighting Prod <br>- OffersWindowsUpdates: True |- Starting with Windows 10 1709, feature updates are always delivered through the DCAT service.<br>- Indicates that the client is configured to receive feature updates from Windows Update. |
@@ -213,9 +213,9 @@ From Windows Update logs:
 2018-08-06 09:33:32:554  480 1118 Agent **  END  **  Agent: Finding updates [CallerId = OperationalInsight  Id = 49] 
 ```
 
-In the above log snippet, we see that the Criteria = "IsHidden = 0 AND DeploymentAction=*". "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results. 
+In the above log snippet, we see that the `Criteria = "IsHidden = 0 AND DeploymentAction=*"`. "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results. 
 
-Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are no updates to install or download. This is due to an incorrect configuration. The WSUS side should approve the updates for Windows Update so that it fetches the updates and installs them at the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. You're expecting the operational insight agent to do the scan and automatically trigger the download and installation but that won’t happen with this configuration.  
+As shown in the following logs, automatic update runs the scan and finds no update approved for it. So it reports there are no updates to install or download. This is due to an incorrect configuration. The WSUS side should approve the updates for Windows Update so that it fetches the updates and installs them at the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. You're expecting the operational insight agent to do the scan and automatically trigger the download and installation but that won’t happen with this configuration.  
 
 ```console
 2018-08-06 10:58:45:992  480 5d8 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates  Id = 57] 
@@ -231,15 +231,15 @@ Now if you look at the below logs, the Automatic update runs the scan and finds
 ```
 
 ## High bandwidth usage on Windows 10 by Windows Update 
-Users may see that Windows 10 is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that may consume bandwidth expand beyond Windows Update components. 
+Users might see that Windows 10 is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that might consume bandwidth expand beyond Windows Update components. 
 
-The following group policies can help mitigate this: 
+The following group policies can help mitigate this situation: 
  
 - Blocking access to Windows Update servers: [Policy Turn off access to all Windows Update features](https://gpsearch.azurewebsites.net/#4728) (Set to enabled)
 - Driver search: [Policy Specify search order for device driver source locations](https://gpsearch.azurewebsites.net/#183) (Set to "Do not search Windows Update")
 - Windows Store automatic update: [Policy Turn off Automatic Download and Install of updates](https://gpsearch.azurewebsites.net/#10876) (Set to enabled)
  
-Other components that reach out to the internet:
+Other components that connect to the internet:
 
 - Windows Spotlight: [Policy Configure Windows spotlight on lock screen](https://gpsearch.azurewebsites.net/#13362) (Set to disabled) 
 - Consumer experiences: [Policy Turn off Microsoft consumer experiences](https://gpsearch.azurewebsites.net/#13329) (Set to enabled) 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 6b57a9ab0d..4753557b61 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -53,6 +53,8 @@ These are the things you'll need to complete this lab:
 
 A summary of the sections and procedures in the lab is provided below. Follow each section in the order it is presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix.
 
+> If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version.
+
 [Verify support for Hyper-V](#verify-support-for-hyper-v)
 <br>[Enable Hyper-V](#enable-hyper-v)
 <br>[Create a demo VM](#create-a-demo-vm)
@@ -70,7 +72,8 @@ A summary of the sections and procedures in the lab is provided below. Follow ea
 <br>&nbsp;&nbsp;&nbsp; [Autopilot registration using MSfB](#autopilot-registration-using-msfb)
 <br>[Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile)
 <br>&nbsp;&nbsp;&nbsp; [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
-<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Assign the profile](#assign-the-profile)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Create a device group](#create-a-device-group)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Create the deployment profile](#create-the-deployment-profile)
 <br>&nbsp;&nbsp;&nbsp; [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb)
 <br>[See Windows Autopilot in action](#see-windows-autopilot-in-action)
 <br>[Remove devices from Autopilot](#remove-devices-from-autopilot)
@@ -140,7 +143,7 @@ After we have set the ISO file location and determined the name of the appropria
 You can download an ISO file for an evaluation version of the latest release of Windows 10 Enterprise [here](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise).
 - When asked to select a platform, choose **64 bit**.
 
-After you download this file, the name will be extremely long (ex: 17763.107.101029-1455.rs5_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso).
+After you download this file, the name will be extremely long (ex: 19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso).
 
 1. So that it is easier to type and remember, rename the file to **win10-eval.iso**.
 2. Create a directory on your computer named **c:\iso** and move the **win10-eval.iso** file there, so the path to the file is **c:\iso\win10-eval.iso**.
@@ -163,7 +166,7 @@ For example, if the command above displays Ethernet but you wish to use Ethernet
 All VM data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the following commands.
 
 > [!IMPORTANT]
-> **VM switch**: a VM switch is how Hyper-V connects VMs to a network. <br><br>If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."<br><br>If you have never created an external VM switch before, then just run the commands below.
+> **VM switch**: a VM switch is how Hyper-V connects VMs to a network. <br><br>If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."<br><br>If you have never created an external VM switch before, then just run the commands below.<br><br>If you are not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
 
 ```powershell
 New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
@@ -218,6 +221,9 @@ PS C:\autopilot&gt;
 
 ### Install Windows 10
 
+> [!NOTE]
+> The VM will be booted to gather a hardware ID, then it will be reset. The goal in the next few steps is to get to the desktop quickly so don't worry about how it is configured at this stage. The VM only needs to be connected to the Internet.
+
 Ensure the VM booted from the installation ISO, click **Next** then click **Install now** and complete the Windows installation process. See the following examples:
 
    ![Windows setup example 1](images/winsetup1.png)
@@ -250,7 +256,7 @@ Click on the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see
 
 Follow these steps to run the PS script:
 
-1. Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you are using a VM or a physical device:
+1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you are using a VM or a physical device:
 
     ```powershell
     md c:\HWID
@@ -263,18 +269,20 @@ Follow these steps to run the PS script:
 
 When you are prompted to install the NuGet package, choose **Yes**.
 
-See the sample output below.
+See the sample output below.  A 'dir' command is issued at the end to show the file that was created.
 
 <pre>
 PS C:\> md c:\HWID
 
-    Directory: C:\
+     Directory: C:\
 
-Mode                LastWriteTime         Length Name
-----                -------------         ------ ----
-d-----        3/14/2019  11:33 AM                HWID
 
-PS C:\> Set-Location c:\HWID
+Mode                 LastWriteTime         Length Name
+----                 -------------         ------ ----
+d-----        11/13/2020   3:00 PM                HWID
+
+
+PS C:\Windows\system32> Set-Location c:\HWID
 PS C:\HWID> Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
 PS C:\HWID> Install-Script -Name Get-WindowsAutopilotInfo -Force
 
@@ -287,13 +295,17 @@ import the NuGet provider now?
 [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y
 PS C:\HWID> $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
 PS C:\HWID> Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
+Gathered details for device with serial number: 1804-7078-6805-7405-0796-0675-17
 PS C:\HWID> dir
 
+
     Directory: C:\HWID
 
-Mode                LastWriteTime         Length Name
-----                -------------         ------ ----
--a----        3/14/2019  11:33 AM           8184 AutopilotHWID.csv
+
+Mode                 LastWriteTime         Length Name
+----                 -------------         ------ ----
+-a----        11/13/2020   3:01 PM           8184 AutopilotHWID.csv
+
 
 PS C:\HWID>
 </pre>
@@ -305,7 +317,7 @@ Verify that there is an **AutopilotHWID.csv** file in the **c:\HWID** directory
 
 ![Serial number and hardware hash](images/hwid.png)
 
-You will need to upload this data into Intune to register your device for Autopilot, so it needs to be transferred to the computer you will use to access the Azure portal.  If you are using a physical device instead of a VM, you can copy the file to a USB stick.  If you're using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM).
+You will need to upload this data into Intune to register your device for Autopilot, so the next step is to transfer this file to the computer you will use to access the Azure portal.  If you are using a physical device instead of a VM, you can copy the file to a USB stick.  If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM).
 
 If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this.
 
@@ -317,7 +329,7 @@ If you have trouble copying and pasting the file, just view the contents in Note
 With the hardware ID captured in a file, prepare your Virtual Machine for Windows Autopilot deployment by resetting it back to OOBE.
 
 On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**.
-Select **Remove everything** and **Just remove my files**. Finally, click on **Reset**.
+Select **Remove everything** and **Just remove my files**. If you are asked **How would you like to reinstall Windows**, select Local reinstall. Finally, click on **Reset**.
 
 ![Reset this PC final prompt](images/autopilot-reset-prompt.jpg)
 
@@ -363,7 +375,7 @@ Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com
 
 For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**.
 
-![MDM user scope in the Mobility blade](images/autopilot-aad-mdm.png)
+![MDM user scope in the Mobility blade](images/ap-aad-mdm.png)
 
 ## Register your VM
 
@@ -371,24 +383,24 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B
 
 ### Autopilot registration using Intune
 
-1. In Intune in the Azure portal, choose **Device enrollment** > **Windows enrollment** > **Devices** > **Import**.
+1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/), choose **Devices** > **Device enrollment | Enroll devices** > **Windows enrollment** > **Windows Autopilot Deployment Program | Devices** and then on the **Windows Autopilot devices** page, choose **Import**.
 
-    ![Intune device import](images/device-import.png)
+    ![Intune device import](images/enroll1.png)
 
     > [!NOTE]
     > If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI.  You might need to provide Intune configuration privileges in a challenge window that appeared.
 
 2. Under **Add Windows Autopilot devices** in the far right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer.  The file should contain the serial number and 4K HH of your VM (or device).  It's okay if other fields (Windows Product ID) are left blank.
 
-    ![HWID CSV](images/hwid-csv.png)
+    ![HWID CSV](images/enroll2.png)
 
     You should receive confirmation that the file is formatted correctly before uploading it, as shown above.
 
 3. Click **Import** and wait until the import process completes. This can take up to 15 minutes.
 
-4. Click **Sync** to sync the device you just registered. Wait a few moments before refreshing to verify your VM or device has been added. See the following example.
+4. Click **Refresh** to verify your VM or device has been added. See the following example.
 
-   ![Import HWID](images/import-vm.png)
+   ![Import HWID](images/enroll3.png)
 
 ### Autopilot registration using MSfB
 
@@ -425,17 +437,33 @@ Pick one:
 ### Create a Windows Autopilot deployment profile using Intune
 
 > [!NOTE]
-> Even if you registered your device in MSfB, it will still appear in Intune, though you might have to **sync** and then **refresh** your device list first:
+> Even if you registered your device in MSfB, it will still appear in Intune, though you might have to **sync** and then **refresh** your device list.
 
-![Intune Devices](images/intune-devices.png)
+![Devices](images/enroll4.png)
 
-> The example above lists both a physical device and a VM. Your list should only include only one of these.
+#### Create a device group
 
-To create a Windows Autopilot profile, select **Device enrollment** > **Windows enrollment** > **Deployment profiles**
+The Autopilot deployment profile wizard will ask for a device group, so we must create one first.  To create a device group:
 
-![Deployment profiles](images/deployment-profiles.png)
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
+2. In the **Group** blade:
+    1. For **Group type**, choose **Security**.
+    2. Type a **Group name** and **Group description** (ex: Autopilot Lab).
+    3. Azure AD roles can be assigned to the group: **No**
+    4. For **Membership type**, choose **Assigned**.
+3. Click **Members** and add the Autopilot VM to the group. See the following example:
 
-Click on **Create profile**.
+  ![add members](images/group1.png)
+
+4. Click **Create**. 
+
+#### Create the deployment profile
+
+To create a Windows Autopilot profile, scroll back to the left hand pane and click **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
+
+![Deployment profiles](images/dp.png)
+
+Click on **Create profile** and then select **Windows PC**.
 
 ![Create deployment profile](images/create-profile.png)
 
@@ -444,22 +472,33 @@ On the **Create profile** blade, use the following values:
 | Setting | Value |
 |---|---|
 | Name | Autopilot Lab profile |
-| Description | blank |
+| Description | Lab |
 | Convert all targeted devices to Autopilot | No |
-| Deployment mode | User-driven |
-| Join to Azure AD as | Azure AD joined |
 
-Click on **Out-of-box experience (OOBE)** and configure the following settings:
+Click **Next** to continue with the **Out-of-box experience (OOBE)** settings:
 
 | Setting | Value |
 |---|---|
-| EULA | Hide |
+| Deployment mode | User-driven |
+| Join to Azure AD as | Azure AD joined |
+| Microsoft Sofware License Terms | Hide |
 | Privacy Settings | Hide |
 | Hide change account options | Hide |
 | User account type | Standard |
+| Allow White Glove OOBE | No |
+| Language (Region) | Operating system default |
+| Automatically configure keyboard | Yes |
 | Apply device name template | No |
 
-See the following example:
+Click **Next** to continue with the **Assignments** settings:
+
+| Setting | Value |
+|---|---|
+| Assign to | Selected groups |
+
+1. Click **Select groups to include**.
+2. Click the **Autopilot Lab** group, and then click **Select**.
+3. Click **Next** to continue and then click **Create**. See the following example:
 
 ![Deployment profile](images/profile.png)
 
@@ -467,40 +506,6 @@ Click on **OK** and then click on **Create**.
 
 > If you want to add an app to your profile via Intune, the OPTIONAL steps for doing so can be found in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
 
-#### Assign the profile
-
-Profiles can only be assigned to Groups, so first you must create a group that contains the devices to which the profile should be applied. This guide will provide simple instructions to assign a profile, for more detailed instructions, see [Create an Autopilot device group](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Assign an Autopilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-autopilot#assign-an-autopilot-deployment-profile-to-a-device-group), as optional reading.
-
-To create a Group, open the Azure portal and select **Azure Active Directory** > **Groups** > **All groups**:
-
-![All groups](images/all-groups.png)
-
-Select New group from the Groups blade to open the new groups UI.  Select the "Security" group type, name the group, and select the "Assigned" membership type:
-
-Before clicking **Create**, expand the **Members** panel, click your device's serial number (it will then appear under **Selected members**) and then click **Select** to add that device to this group.
-
-![New group](images/new-group.png)
-
-Now click **Create** to finish creating the new group.
-
-Click on **All groups** and click **Refresh** to verify that your new group has been successfully created.
-
-With a group created containing your device, you can now go back and assign your profile to that group. Navigate back to the Intune page in the Azure portal (one way is to type **Intune** in the top banner search bar and select **Intune** from the results).
-
-From Intune, select **Device enrollment** > **Windows enrollment** > **Deployment Profiles** to open the profile blade.  Click on the name of the profile you previously created (Autopilot Lab profile) to open the details blade for that profile:
-
-![Lab profile](images/deployment-profiles2.png)
-
-Under **Manage**, click **Assignments**, and then with the **Include** tab highlighted, expand the **Select groups** blade and click **AP Lab Group 1** (the group will appear under **Selected members**).
-
-![Include group](images/include-group.png)
-
-Click **Select** and then click **Save**.
-
-![Include group save](images/include-group2.png)
-
-It's also possible to assign specific users to a profile, but we will not cover this scenario in the lab. For more detailed information, see [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot).
-
 ### Create a Windows Autopilot deployment profile using MSfB
 
 If you have already created and assigned a profile via Intune by using the steps immediately above, then skip this section.
@@ -559,14 +564,17 @@ Also, make sure to wait at least 30 minutes from the time you've [configured com
 - Turn on the device
 - Verify that the appropriate OOBE screens (with appropriate Company Branding) appear.  You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip).
 
-![OOBE sign-in page](images/autopilot-oobe.jpg)
+![OOBE sign-in page](images/autopilot-oobe.png)
 
 Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device.  Go into the Intune Azure portal, and select **Devices > All devices**, then **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated.
 
-![Device enabled](images/enabled-device.png)
+![Device enabled](images/devices1.png)
 
 Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done.
 
+> [!TIP]
+> If you recieve a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use" then verify you have correctly [assigned licenses](https://docs.microsoft.com/mem/intune/fundamentals/licenses-assign) to the current user.
+
 Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings.
 
 ## Remove devices from Autopilot
@@ -575,41 +583,27 @@ To use the device (or VM) for other purposes after completion of this lab, you w
 
 ### Delete (deregister) Autopilot device
 
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into your Intune Azure portal, then navigate to **Intune > Devices > All Devices**.  Select the checkbox next to the device you want to delete, then click the Delete button along the top menu.
+You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then navigate to **Intune > Devices > All Devices**.  Select the device you want to delete, then click the Delete button along the top menu.
 
 ![Delete device step 1](images/delete-device1.png)
 
-Click **X** when challenged to complete the operation:
-
-![Delete device step 2](images/delete-device2.png)
-
 This will remove the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot, so the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
 
-![Delete device step 3](images/delete-device3.png)
-
 The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores.  The former (All devices) is the list of devices currently enrolled into Intune.
 
 > [!NOTE]
 > A device will only appear in the All devices list once it has booted.  The latter (Windows Autopilot Deployment Program > Devices) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
 
-To remove the device from the Autopilot program, select the device and click Delete.
+To remove the device from the Autopilot program, select the device and click **Delete**. You will get a popup dialog box to confirm deletion.
 
-![Delete device step 4](images/delete-device4.png)
-
-A warning message appears reminding you to first remove the device from Intune, which we previously did.
-
-![Delete device step 5](images/delete-device5.png)
+![Delete device](images/delete-device2.png)
 
 At this point, your device has been unenrolled from Intune and also deregistered from Autopilot.  After several minutes, click the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program:
 
-![Delete device step 6](images/delete-device6.png)
-
 Once the device no longer appears, you are free to reuse it for other purposes.
 
 If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and click the delete button:
 
-![Delete device step 7](images/delete-device7.png)
-
 ## Appendix A: Verify support for Hyper-V
 
 Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information.
@@ -741,7 +735,7 @@ You will be able to find your app in your app list:
 #### Assign the app to your Intune profile
 
 > [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#assign-the-profile).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
+> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
 
 In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade.  Then click **Assignments** from the menu:
 
@@ -810,7 +804,7 @@ Click **OK** and then click **Add**.
 #### Assign the app to your Intune profile
 
 > [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#assign-the-profile).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
+> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
 
 In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade.  Then click **Assignments** from the menu:
 
diff --git a/windows/deployment/windows-autopilot/images/ap-aad-mdm.png b/windows/deployment/windows-autopilot/images/ap-aad-mdm.png
new file mode 100644
index 0000000000..ece310f978
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/ap-aad-mdm.png differ
diff --git a/windows/deployment/windows-autopilot/images/autopilot-oobe.png b/windows/deployment/windows-autopilot/images/autopilot-oobe.png
new file mode 100644
index 0000000000..9cfea73377
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/autopilot-oobe.png differ
diff --git a/windows/deployment/windows-autopilot/images/create-profile.png b/windows/deployment/windows-autopilot/images/create-profile.png
index 52f087721d..d2816e9c89 100644
Binary files a/windows/deployment/windows-autopilot/images/create-profile.png and b/windows/deployment/windows-autopilot/images/create-profile.png differ
diff --git a/windows/deployment/windows-autopilot/images/delete-device1.png b/windows/deployment/windows-autopilot/images/delete-device1.png
index e73f929fbd..770c8e5b02 100644
Binary files a/windows/deployment/windows-autopilot/images/delete-device1.png and b/windows/deployment/windows-autopilot/images/delete-device1.png differ
diff --git a/windows/deployment/windows-autopilot/images/delete-device2.png b/windows/deployment/windows-autopilot/images/delete-device2.png
index ed764ac1ed..188c72d67b 100644
Binary files a/windows/deployment/windows-autopilot/images/delete-device2.png and b/windows/deployment/windows-autopilot/images/delete-device2.png differ
diff --git a/windows/deployment/windows-autopilot/images/device-status.png b/windows/deployment/windows-autopilot/images/device-status.png
index 5a78973ce5..a5627040ec 100644
Binary files a/windows/deployment/windows-autopilot/images/device-status.png and b/windows/deployment/windows-autopilot/images/device-status.png differ
diff --git a/windows/deployment/windows-autopilot/images/devices1.png b/windows/deployment/windows-autopilot/images/devices1.png
new file mode 100644
index 0000000000..459aa19c69
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/devices1.png differ
diff --git a/windows/deployment/windows-autopilot/images/dp.png b/windows/deployment/windows-autopilot/images/dp.png
new file mode 100644
index 0000000000..a133c72491
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/dp.png differ
diff --git a/windows/deployment/windows-autopilot/images/enroll1.png b/windows/deployment/windows-autopilot/images/enroll1.png
new file mode 100644
index 0000000000..4bc9be72bb
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/enroll1.png differ
diff --git a/windows/deployment/windows-autopilot/images/enroll2.png b/windows/deployment/windows-autopilot/images/enroll2.png
new file mode 100644
index 0000000000..62e7344da1
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/enroll2.png differ
diff --git a/windows/deployment/windows-autopilot/images/enroll3.png b/windows/deployment/windows-autopilot/images/enroll3.png
new file mode 100644
index 0000000000..3501d5036c
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/enroll3.png differ
diff --git a/windows/deployment/windows-autopilot/images/enroll4.png b/windows/deployment/windows-autopilot/images/enroll4.png
new file mode 100644
index 0000000000..fc7215b68f
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/enroll4.png differ
diff --git a/windows/deployment/windows-autopilot/images/group1.png b/windows/deployment/windows-autopilot/images/group1.png
new file mode 100644
index 0000000000..2ccc8db248
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/group1.png differ
diff --git a/windows/deployment/windows-autopilot/images/profile.png b/windows/deployment/windows-autopilot/images/profile.png
index 40cf26bee2..1c6c734a74 100644
Binary files a/windows/deployment/windows-autopilot/images/profile.png and b/windows/deployment/windows-autopilot/images/profile.png differ
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index c72bdf03e9..4c6e0b8880 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -10,11 +10,11 @@ ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
 author: linque1
-ms.author: obezeajo
+ms.author: robsize
 manager: robsize
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 7/7/2020
+ms.date: 12/1/2020
 ---
 
 # Manage connections from Windows 10 operating system components to Microsoft services
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 4486823bc5..8e3e7d4f74 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -44,9 +44,12 @@ Prepare the Active Directory Federation Services deployment by installing and up
 > 1. Launch AD FS management console. Brose to "Services > Scope Descriptions".
 > 2. Right click "Scope Descriptions" and select "Add Scope Description".
 > 3. Under name type "ugs" and Click Apply > OK.
-> 4. Launch Powershell as Administrator.
-> 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier Make a note of the ObjectIdentifier.
-> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'.
+> 4. Launch PowerShell as an administrator.
+> 5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b":
+> ```PowerShell
+> (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
+> ```
+> 6. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'`.
 > 7. Restart the ADFS service.
 > 8. On the client: Restart the client. User should be prompted to provision WHFB.
 > 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot.
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md
index b96b25c8f4..8d7088b7b7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.md
@@ -76,6 +76,8 @@ Communicating with Azure Active Directory uses the following URLs:
 - login.microsoftonline.com
 - login.windows.net
 - account.live.com
+- accountalt.azureedge.net
+- secure.aadcdn.microsoftonline-p.com
 
 If your environment uses Microsoft Intune, you need these additional URLs:
 - enrollment.manage.microsoft.com
@@ -144,7 +146,7 @@ Beginning with Windows 10, version 1709, Windows Hello for Business used as a sm
 The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket.  The process does not receive the PIN, but rather the ticket that grants them private key operations.  Windows 10 does not provide any Group Policy settings to adjust this caching.
 
 ## Can I disable the PIN while using Windows Hello for Business?
-No. The movement away from passwords is accomplished by gradually reducing the use of the password.  In the occurrence where you cannot authenticate with biometrics, you need a fall back mechanism that is not a password.  The PIN is the fall back mechanism.  Disabling or hiding the PIN credential provider disabled the use of biometrics.
+No. The movement away from passwords is accomplished by gradually reducing the use of the password.  In the occurrence where you cannot authenticate with biometrics, you need a fallback mechanism that is not a password.  The PIN is the fallback mechanism.  Disabling or hiding the PIN credential provider will disable the use of biometrics.
 
 ## How are keys protected?
 Wherever possible, Windows Hello for Business takes advantage of trusted platform module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business does not require a TPM. Administrators can choose to allow key operations in software.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index e5ebf54b09..81afb0421e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -506,7 +506,7 @@ The following script helps you with the creation of the issuance transform rules
 #### Configure Device Authentication in AD FS  
 Using an elevated PowerShell command window, configure AD FS policy by executing the following command  
 
-`PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod All` 
+`PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod SignedToken` 
 
 #### Check your configuration  
 For your reference, below is a comprehensive list of the AD DS devices, containers and permissions required for device write-back and authentication to work
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index fa3b1d7a97..18959a0f1e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -67,7 +67,7 @@ Key trust deployments do not need client issued certificates for on-premises aut
 
 The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca).
 
-* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL.
+* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL, or an Authority Information Access (AIA) extension that points to an Online Certificate Status Protocol (OCSP) responder.
 * The certificate Subject section should contain the directory path of the server object (the distinguished name).
 * The certificate Key Usage section must contain Digital Signature and Key Encipherment.
 * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None].
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index 26a28b9593..8042bad1d8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -24,10 +24,10 @@ ms.reviewer:
 -   Key trust
 
 
-You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
+You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
 Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703.
 
-Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
+Alternatively, you can create a copy of the .ADMX and .ADML files from a Windows 10, version 1703 installation setup template folder to their respective language folder on a Windows Server, or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
 
 On-premises certificate-based deployments of Windows Hello for Business needs one Group Policy setting:  Enable Windows Hello for Business
 
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index b7380c9640..f3396e65c3 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -278,7 +278,7 @@
 
 #### [Configure]()
 ##### [Configure iOS features](microsoft-defender-atp/ios-configure-features.md)
-#### [Privacy](microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md)
+#### [Privacy](microsoft-defender-atp/ios-privacy.md)
 
 
 ### [Microsoft Defender Advanced Threat Protection for Linux]()
@@ -297,6 +297,7 @@
 ##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
 ##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
 ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md)
+##### [Schedule scans with Microsoft Defender ATP for Linux](microsoft-defender-atp/linux-schedule-scan-atp.md)
 
 #### [Troubleshoot]()
 ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)
@@ -438,16 +439,8 @@
 
 ### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
 
-### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
-
-
-
-
-
-
-
-
-
+### [Threat analytics overview](microsoft-defender-atp/threat-analytics.md)
+#### [Read the analyst report](microsoft-defender-atp/threat-analytics-analyst-reports.md)
 
 
 ## [How-to]()
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index 70362c9d1c..9c201ba4ac 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -1,8 +1,8 @@
 ---
 title: Block untrusted fonts in an enterprise (Windows 10)
-description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature.
+description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature.
 ms.assetid: a3354c8e-4208-4be6-bc19-56a572c361b4
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 keywords: font blocking, untrusted font blocking, block fonts, untrusted fonts
 ms.prod: w10
@@ -19,11 +19,11 @@ ms.localizationpriority: medium
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
 
->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
+> Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
 
-To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
+To help protect your company from attacks which may originate from untrusted or attacker-controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
 
 ## What does this mean for me?
 Blocking untrusted fonts helps improve your network and employee protection against font-processing-related attacks. By default, this feature is not turned on.
@@ -31,24 +31,27 @@ Blocking untrusted fonts helps improve your network and employee protection agai
 ## How does this feature work?
 There are 3 ways to use this feature:
 
--   **On.** Helps stop any font processed using GDI from loading outside of the `%windir%/Fonts` directory. It also turns on event logging.
+- **On.** Helps stop any font processed using GDI from loading outside of the `%windir%/Fonts` directory. It also turns on event logging.
 
--   **Audit.** Turns on event logging, but doesn’t block fonts from loading, regardless of location. The name of the apps that use untrusted fonts appear in your event log.<p>**Note**<br>If you aren’t quite ready to deploy this feature into your organization, you can run it in Audit mode to see if not loading untrusted fonts causes any usability or compatibility issues.
+- **Audit.** Turns on event logging, but doesn’t block fonts from loading, regardless of location. The name of the apps that use untrusted fonts appear in your event log.
 
--   **Exclude apps to load untrusted fonts.** You can exclude specific apps, allowing them to load untrusted fonts, even while this feature is turned on. For instructions, see [Fix apps having problems because of blocked fonts](#fix-apps-having-problems-because-of-blocked-fonts).
+  > [!NOTE]
+  > If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if not loading untrusted fonts causes any usability or compatibility issues.
+
+- **Exclude apps to load untrusted fonts.** You can exclude specific apps, allowing them to load untrusted fonts, even while this feature is turned on. For instructions, see [Fix apps having problems because of blocked fonts](#fix-apps-having-problems-because-of-blocked-fonts).
 
 ## Potential reductions in functionality
 After you turn this feature on, your employees might experience reduced functionality when:
 
--   Sending a print job to a remote printer server that uses this feature and where the spooler process hasn’t been specifically excluded. In this situation, any fonts that aren’t already available in the server’s %windir%/Fonts folder won’t be used.
+- Sending a print job to a remote printer server that uses this feature and where the spooler process hasn’t been specifically excluded. In this situation, any fonts that aren’t already available in the server’s %windir%/Fonts folder won’t be used.
 
--   Printing using fonts provided by the installed printer’s graphics .dll file, outside of the %windir%/Fonts folder. For more information, see [Introduction to Printer Graphics DLLs](https://go.microsoft.com/fwlink/p/?LinkId=522302).
+- Printing using fonts provided by the installed printer’s graphics .dll file, outside of the %windir%/Fonts folder. For more information, see [Introduction to Printer Graphics DLLs](https://go.microsoft.com/fwlink/p/?LinkId=522302).
 
--   Using first or third-party apps that use memory-based fonts.
+- Using first or third-party apps that use memory-based fonts.
 
--   Using Internet Explorer to look at websites that use embedded fonts. In this situation, the feature blocks the embedded font, causing the website to use a default font. However, not all fonts have all of the characters, so the website might render differently.
+- Using Internet Explorer to look at websites that use embedded fonts. In this situation, the feature blocks the embedded font, causing the website to use a default font. However, not all fonts have all of the characters, so the website might render differently.
 
--   Using desktop Office to look at documents with embedded fonts. In this situation, content shows up using a default font picked by Office.
+- Using desktop Office to look at documents with embedded fonts. In this situation, content shows up using a default font picked by Office.
 
 ## Turn on and use the Blocking Untrusted Fonts feature
 Use Group Policy or the registry to turn this feature on, off, or to use audit mode.
@@ -56,9 +59,9 @@ Use Group Policy or the registry to turn this feature on, off, or to use audit m
 **To turn on and use the Blocking Untrusted Fonts feature through Group Policy**
 1. Open the Group Policy editor (gpedit.msc) and go to `Computer Configuration\Administrative Templates\System\Mitigation Options\Untrusted Font Blocking`.
 
-2. Click **Enabled** to turn the feature on, and then click one of the following **Migitation Options**:
+2. Click **Enabled** to turn the feature on, and then click one of the following **Mitigation Options**:
 
-    - **Block untrusted fonts and log events.** Turns the feature on, blocking untrusted fonts and logging installation attempts to the event log. 
+    - **Block untrusted fonts and log events.** Turns the feature on, blocking untrusted fonts and logging installation attempts to the event log.
 
     - **Do not block untrusted fonts.** Turns the feature on, but doesn't block untrusted fonts nor does it log installation attempts to the event log.
 
@@ -73,9 +76,9 @@ To turn this feature on, off, or to use audit mode:
 
 2. If the **MitigationOptions** key isn't there, right-click and add a new **QWORD (64-bit) Value**, renaming it to **MitigationOptions**.
 
-3. Right click on the **MitigationOptions** key, and then click **Modify**. 
+3. Right click on the **MitigationOptions** key, and then click **Modify**.
 
-    The **Edit QWORD (64-bit) Value** box opens.
+   The **Edit QWORD (64-bit) Value** box opens.
 
 4. Make sure the **Base** option is **Hexadecimal**, and then update the **Value data**, making sure you keep your existing value, like in the important note below:
 
@@ -85,8 +88,8 @@ To turn this feature on, off, or to use audit mode:
 
    - **To audit with this feature.** Type **3000000000000**.
 
-     >[!Important]
-     >Your existing **MitigationOptions** values should be saved during your update. For example, if the current value is *1000*, your updated value should be *1000000001000*. 
+     > [!Important]
+     > Your existing **MitigationOptions** values should be saved during your update. For example, if the current value is *1000*, your updated value should be *1000000001000*.
 
 5. Restart your computer.
 
@@ -104,27 +107,27 @@ After you turn this feature on, or start using Audit mode, you can look at your
     FontType: Memory<br>
     FontPath:<br>
     Blocked: true
-    
-    >[!NOTE]
-    >Because the **FontType** is *Memory*, there’s no associated **FontPath**.
+
+    > [!NOTE]
+    > Because the **FontType** is *Memory*, there’s no associated **FontPath**.
 
     **Event Example 2 - Winlogon**<br>
     Winlogon.exe attempted loading a font that is restricted by font-loading policy.<br>
     FontType: File<br>
     FontPath: `\??\C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\EQUATION\MTEXTRA.TTF`<br>
     Blocked: true
-    
-    >[!NOTE]
-    >Because the **FontType** is *File*, there’s also an associated **FontPath**.
+
+    > [!NOTE]
+    > Because the **FontType** is *File*, there’s also an associated **FontPath**.
 
     **Event Example 3 - Internet Explorer running in Audit mode**<br>
     Iexplore.exe attempted loading a font that is restricted by font-loading policy.<br>
     FontType: Memory<br>
     FontPath:<br>
     Blocked: false
-    
-    >[!NOTE]
-    >In Audit mode, the problem is recorded, but the font isn’t blocked.
+
+    > [!NOTE]
+    > In Audit mode, the problem is recorded, but the font isn’t blocked.
 
 ## Fix apps having problems because of blocked fonts
 Your company may still need apps that are having problems because of blocked fonts, so we suggest that you first run this feature in Audit mode to determine which fonts are causing the problems.
@@ -133,21 +136,15 @@ After you figure out the problematic fonts, you can try to fix your apps in 2 wa
 
 **To fix your apps by installing the problematic fonts (recommended)**
 
--   On each computer with the app installed, right-click on the font name and click **Install**.<p>The font should automatically install into your `%windir%/Fonts` directory. If it doesn’t, you’ll need to manually copy the font files into the **Fonts** directory and run the installation from there.
+- On each computer with the app installed, right-click on the font name and click **Install**.<p>The font should automatically install into your `%windir%/Fonts` directory. If it doesn’t, you’ll need to manually copy the font files into the **Fonts** directory and run the installation from there.
 
 **To fix your apps by excluding processes**
 
 1.  On each computer with the app installed, open regedit.exe and go to `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<process_image_name>`.<br><br>For example, if you want to exclude Microsoft Word processes, you’d use `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe`.
 
-2.  Add any additional processes that need to be excluded here, and then turn the Blocking untrusted fonts feature on, using the steps in the [Turn on and use the Blocking Untrusted Fonts feature](#turn-on-and-use-the-blocking-untrusted-fonts-feature) section of this topic.
+2.  Add any additional processes that need to be excluded here, and then turn the Blocking untrusted fonts feature on, using the steps in [Turn on and use the Blocking Untrusted Fonts feature](#turn-on-and-use-the-blocking-untrusted-fonts-feature), earlier in this article.
+
 
- 
 ## Related content
 
-- [Dropping the “Untrusted Font Blocking” setting](https://blogs.technet.microsoft.com/secguide/2017/06/15/dropping-the-untrusted-font-blocking-setting/)
- 
-
-
-
-
-
+- [Dropping the “Untrusted Font Blocking” setting](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/dropping-the-quot-untrusted-font-blocking-quot-setting/ba-p/701068/)
diff --git a/windows/security/threat-protection/images/linux-mdatp-1.png b/windows/security/threat-protection/images/linux-mdatp-1.png
new file mode 100644
index 0000000000..f8c9c07b16
Binary files /dev/null and b/windows/security/threat-protection/images/linux-mdatp-1.png differ
diff --git a/windows/security/threat-protection/images/linux-mdatp.png b/windows/security/threat-protection/images/linux-mdatp.png
new file mode 100644
index 0000000000..f8c9c07b16
Binary files /dev/null and b/windows/security/threat-protection/images/linux-mdatp.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
index a3d582510d..fd9d16d4b6 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/03/2018
+ms.date: 11/18/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -37,15 +37,16 @@ The following broad categories of features can be configured:
 
 - Cloud-delivered protection
 - Always-on real-time protection, including behavioral, heuristic, and machine-learning-based protection
-- How end-users interact with the client on individual endpoints
+- How end users interact with the client on individual endpoints
 
-The topics in this section describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools).
+The following articles describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each article includes instructions for the applicable configuration tool (or tools).
 
-You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. 
+|Article  |Description  |
+|---------|---------|
+|[Utilize Microsoft cloud-provided Microsoft Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)     | Use cloud-delivered protection for advanced, fast, robust antivirus detection.        |
+|[Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)     |Enable behavior-based, heuristic, and real-time antivirus protection.         |
+|[Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) | Configure how end users in your organization interact with Microsoft Defender Antivirus, what notifications they see, and whether they can override settings. |
+
+> [!TIP]
+> You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. 
 
-## In this section
-Topic | Description
-:---|:---
-[Utilize Microsoft cloud-provided Microsoft Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection
-[Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)|Enable behavior-based, heuristic, and real-time antivirus protection
-[Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md)|Configure how end-users interact with Microsoft Defender Antivirus, what notifications they see, and whether they can override settings
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
index 8ee17ca054..1be93dc8a6 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 07/08/2020
+ms.date: 11/18/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -62,7 +62,7 @@ The table below lists the services and their associated URLs. Make sure that the
 | Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission	| `ussus1eastprod.blob.core.windows.net` <br/>    `ussus1westprod.blob.core.windows.net` <br/>    `usseu1northprod.blob.core.windows.net` <br/>    `usseu1westprod.blob.core.windows.net` <br/>    `ussuk1southprod.blob.core.windows.net` <br/>    `ussuk1westprod.blob.core.windows.net` <br/>    `ussas1eastprod.blob.core.windows.net` <br/>    `ussas1southeastprod.blob.core.windows.net` <br/>    `ussau1eastprod.blob.core.windows.net` <br/>    `ussau1southeastprod.blob.core.windows.net` |
 | Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL	| `http://www.microsoft.com/pkiops/crl/` <br/> `http://www.microsoft.com/pkiops/certs` <br/>   `http://crl.microsoft.com/pki/crl/products` <br/> `http://www.microsoft.com/pki/certs` |
 | Symbol Store|Used by Microsoft Defender Antivirus to restore certain critical files during remediation flows	| `https://msdl.microsoft.com/download/symbols` |
-| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses this for product quality monitoring purposes	| This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   `vortex-win.data.microsoft.com` <br/>   `settings-win.data.microsoft.com`|
+| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses telemetry for product quality monitoring purposes	| The update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   `vortex-win.data.microsoft.com` <br/>   `settings-win.data.microsoft.com`|
 
 ## Validate connections between your network and the cloud
 
@@ -85,8 +85,7 @@ For more information, see [Manage Microsoft Defender Antivirus with the mpcmdrun
 
 You can download a sample file that Microsoft Defender Antivirus will detect and block if you are properly connected to the cloud.
 
-Download the file by visiting the following link:
-- https://aka.ms/ioavtest
+Download the file by visiting [https://aka.ms/ioavtest](https://aka.ms/ioavtest).
 
 >[!NOTE]
 >This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud.
@@ -105,11 +104,11 @@ You will also see a detection under **Quarantined threats** in the **Scan histor
 
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Scan history** label:
+2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Scan history** label:
 
     ![Screenshot of the Scan history label in the Windows Security app](images/defender/wdav-history-wdsc.png)
 
-3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware.
+3. Under the **Quarantined threats** section, select **See full history** to see the detected fake malware.
 
    > [!NOTE]
    > Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md).
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 95de8ec073..725634e323 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -26,15 +26,16 @@ manager: dansimp
 
 You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists.
 
-This topic describes how to configure exclusion lists for the following:
+This article describes how to configure exclusion lists. 
 
-<a id="examples"></a>
+## Examples of exclusions
+
+|Exclusion | Example |
+|---|---|
+|Any file on the machine that is opened by any process with a specific file name | Specifying `test.exe` would exclude files opened by: <br/>`c:\sample\test.exe`<br/>`d:\internal\files\test.exe` |  
+|Any file on the machine that is opened by any process under a specific folder | Specifying `c:\test\sample\*` would exclude files opened by:<br/>`c:\test\sample\test.exe`<br/>`c:\test\sample\test2.exe`<br/>`c:\test\sample\utility.exe` | 
+|Any file on the machine that is opened by a specific process in a specific folder | Specifying `c:\test\process.exe` would exclude files only opened by `c:\test\process.exe` |
 
-Exclusion | Example
----|---
-Any file on the machine that is opened by any process with a specific file name | Specifying "test.exe" would exclude files opened by: <ul><li>c:\sample\test.exe</li><li>d:\internal\files\test.exe</li></ul>  
-Any file on the machine that is opened by any process under a specific folder | Specifying "c:\test\sample\\*" would exclude files opened by:<ul><li>c:\test\sample\test.exe</li><li>c:\test\sample\test2.exe</li><li>c:\test\sample\utility.exe</li></ul> 
-Any file on the machine that is opened by a specific process in a specific folder | Specifying "c:\test\process.exe" would exclude files only opened by c:\test\process.exe
 
 When you add a process to the process exclusion list, Microsoft Defender Antivirus won't scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md).
 
@@ -42,18 +43,16 @@ The exclusions only apply to [always-on real-time protection and monitoring](con
 
 Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Security app **will not show** in the Group Policy lists.
 
-You can add, remove, and review the lists for exclusions in [Group Policy](#gp), [Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app](#man-tools), and you can [use wildcards](#wildcards) to further customize the lists.
+You can add, remove, and review the lists for exclusions in Group Policy, Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app, and you can use wildcards to further customize the lists.
 
-You can also [use PowerShell cmdlets and WMI to configure the exclusion lists](#ps), including [reviewing](#review) your lists.
+You can also use PowerShell cmdlets and WMI to configure the exclusion lists, including reviewing your lists.
 
-By default, local changes made to the lists (by users with administrator privileges; this includes changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in the case of conflicts.
+By default, local changes made to the lists (by users with administrator privileges; changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in the case of conflicts.
 
 You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-microsoft-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings.
 
 ## Configure the list of exclusions for files opened by specified processes
 
-<a id="gp"></a>
-
 ### Use Microsoft Intune to exclude files that have been opened by specified processes from scans
 
 See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details.
@@ -74,14 +73,12 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 
     1. Set the option to **Enabled**.
     2. Under the **Options** section, click **Show...**.
-    3. Enter each process on its own line under the **Value name** column. See the [example table](#examples) for the different types of process exclusions.  Enter **0** in the **Value** column for all processes.
+    3. Enter each process on its own line under the **Value name** column. See the example table for the different types of process exclusions.  Enter **0** in the **Value** column for all processes.
 
 5. Click **OK**.
 
 ![The Group Policy setting for specifying process exclusions](images/defender/wdav-process-exclusions.png)
 
-<a id="ps"></a>
-
 ### Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans
 
 Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess` parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender).
@@ -94,11 +91,11 @@ The format for the cmdlets is:
 
 The following are allowed as the \<cmdlet>:
 
-Configuration action | PowerShell cmdlet
----|---
-Create or overwrite the list | `Set-MpPreference`
-Add to the list | `Add-MpPreference`
-Remove items from the list | `Remove-MpPreference`
+|Configuration action | PowerShell cmdlet |
+|---|---|
+|Create or overwrite the list | `Set-MpPreference` |
+|Add to the list | `Add-MpPreference` |
+|Remove items from the list | `Remove-MpPreference` |
 
 >[!IMPORTANT]
 >If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
@@ -109,7 +106,7 @@ For example, the following code snippet would cause Microsoft Defender AV scans
 Add-MpPreference -ExclusionProcess "c:\internal\test.exe"
 ```
 
-See [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Microsoft Defender Antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+For more information on how to use PowerShell with Microsoft Defender Antivirus, see Manage antivirus with PowerShell cmdlets and [Microsoft Defender Antivirus cmdlets](https://docs.microsoft.com/powershell/module/defender/?view=win10-ps&preserve=true).
 
 ### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans
 
@@ -121,33 +118,24 @@ ExclusionProcess
 
 The use of **Set**, **Add**, and **Remove** is analogous to their counterparts in PowerShell: `Set-MpPreference`, `Add-MpPreference`, and `Remove-MpPreference`.
 
-See the following for more information and allowed parameters:
-
-- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
-
-<a id="man-tools"></a>
+For more information and allowed parameters, see  [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx).
 
 ### Use the Windows Security app to exclude files that have been opened by specified processes from scans
 
 See [Add exclusions in the Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions) for instructions.
 
-<a id="wildcards"></a>
-
 ## Use wildcards in the process exclusion list
 
 The use of wildcards in the process exclusion list is different from their use in other exclusion lists.
 
-In particular, you cannot use the question mark ? wildcard, and the asterisk \* wildcard can only be used at the end of a complete path. You can still use environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the process exclusion list.
+In particular, you cannot use the question mark (`?`) wildcard, and the asterisk (`*`) wildcard can only be used at the end of a complete path. You can still use environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the process exclusion list.
 
 The following table describes how the wildcards can be used in the process exclusion list:
 
-Wildcard | Use | Example use | Example matches
----|---|---|---
-\* (asterisk) | Replaces any number of characters | <ul><li>C:\MyData\\*</li></ul> | <ul><li>Any file opened by C:\MyData\file.exe</li></ul>
-? (question mark) | Not available | \- | \-
-Environment variables | The defined variable will be populated as a path when the exclusion is evaluated |  <ul><li>%ALLUSERSPROFILE%\CustomLogFiles\file.exe</li></ul> | <ul><li>Any file opened by C:\ProgramData\CustomLogFiles\file.exe</li></ul>
-
-<a id="review"></a>
+|Wildcard | Example use | Example matches |
+|:---|:---|:---|
+|`*` (asterisk) <br/><br/> Replaces any number of characters | `C:\MyData\*` | Any file opened by `C:\MyData\file.exe` |
+|Environment variables <br/><br/> The defined variable is populated as a path when the exclusion is evaluated | `%ALLUSERSPROFILE%\CustomLogFiles\file.exe` | Any file opened by `C:\ProgramData\CustomLogFiles\file.exe` |
 
 ## Review the list of exclusions
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
index 8139e27e9a..a7990f4bca 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
@@ -10,8 +10,8 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 01/31/2020
-ms.reviewer: 
+ms.date: 11/18/2020
+ms.reviewer: jesquive
 manager: dansimp
 ---
 
@@ -28,7 +28,7 @@ In addition to standard on-premises or hardware configurations, you can also use
 
 See [Windows Virtual Desktop Documentation](https://docs.microsoft.com/azure/virtual-desktop) for more details on Microsoft Remote Desktop Services and VDI support.
 
-For Azure-based virtual machines, you can also review the [Install Endpoint Protection in Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection) topic.
+For Azure-based virtual machines, see [Install Endpoint Protection in Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection).
 
 With the ability to easily deploy updates to VMs running in VDIs, we've shortened this guide to focus on how you can get updates on your machines quickly and easily. You no longer need to create and seal golden images on a periodic basis, as updates are expanded into their component bits on the host server and then downloaded directly to the VM when it's turned on.
 
@@ -49,7 +49,7 @@ You can also download the whitepaper [Microsoft Defender Antivirus on Virtual De
 
 ## Set up a dedicated VDI file share
 
-In Windows 10, version 1903, we introduced the shared security intelligence feature. This offloads the unpackaging of downloaded security intelligence updates onto a host machine — thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell.
+In Windows 10, version 1903, we introduced the shared security intelligence feature, which offloads the unpackaging of downloaded security intelligence updates onto a host machine—thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell.
 
 ### Use Group Policy to enable the shared security intelligence feature:
 
@@ -63,7 +63,7 @@ In Windows 10, version 1903, we introduced the shared security intelligence feat
 
 5. Double-click **Define security intelligence location for VDI clients**, and then set the option to **Enabled**. A field automatically appears.
 
-6. Enter `\\<sharedlocation\>\wdav-update` (for what this will be, see [Download and unpackage](#download-and-unpackage-the-latest-updates)).
+6. Enter `\\<sharedlocation\>\wdav-update` (for help with this value, see [Download and unpackage](#download-and-unpackage-the-latest-updates)).
 
 7. Click **OK**.
 
@@ -81,7 +81,7 @@ See the [Download and unpackage](#download-and-unpackage-the-latest-updates) sec
 
 ## Download and unpackage the latest updates
 
-Now you can get started on downloading and installing new updates. We’ve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if you’re familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those).
+Now you can get started on downloading and installing new updates. We’ve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if you’re familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those scripts).
 
 ```PowerShell
 $vdmpathbase = 'c:\wdav-update\{00000000-0000-0000-0000-'
@@ -98,7 +98,7 @@ cmd /c "cd $vdmpath & c: & mpam-fe.exe /x"
 ```
 
 You can set a scheduled task to run once a day so that whenever the package is downloaded and unpacked then the VMs will receive the new update. 
-We suggest starting with once a day — but you should experiment with increasing or decreasing the frequency to understand the impact. 
+We suggest starting with once a day—but you should experiment with increasing or decreasing the frequency to understand the impact. 
 
 Security intelligence packages are typically published once every three to four hours. Setting a frequency shorter than four hours isn’t advised because it will increase the network overhead on your management machine for no benefit.
 
@@ -106,23 +106,25 @@ Security intelligence packages are typically published once every three to four
 
 1. On the management machine, open the Start menu and type **Task Scheduler**. Open it and select **Create task…** on the side panel.
 
-2. Enter the name as **Security intelligence unpacker**. Go to the **Trigger** tab. Click **New…** Select **Daily** and click **OK**.
+2. Enter the name as **Security intelligence unpacker**. Go to the **Trigger** tab. Select **New…** > **Daily**, and select **OK**.
 
-3. Go to the **Actions** tab. Click **New…** Enter **PowerShell** in the **Program/Script** field. Enter `-ExecutionPolicy Bypass c:\wdav-update\vdmdlunpack.ps1` in the **Add arguments** field. Click **OK**.
+3. Go to the **Actions** tab. Select **New…** Enter **PowerShell** in the **Program/Script** field. Enter `-ExecutionPolicy Bypass c:\wdav-update\vdmdlunpack.ps1` in the **Add arguments** field. Select **OK**.
 
 4. You can choose to configure additional settings if you wish.
 
-5. Click **OK** to save the scheduled task.
+5. Select **OK** to save the scheduled task.
  
 You can initiate the update manually by right-clicking on the task and clicking **Run**.
 
 ### Download and unpackage manually
 
-If you would prefer to do everything manually, this what you would need to do to replicate the script’s behavior:
+If you would prefer to do everything manually, here's what to do to replicate the script’s behavior:
 
 1. Create a new folder on the system root called `wdav_update` to store intelligence updates, for example, create the folder `c:\wdav_update`.
 
-2. Create a subfolder under *wdav_update* with a GUID name, such as `{00000000-0000-0000-0000-000000000000}`; for example `c:\wdav_update\{00000000-0000-0000-0000-000000000000}`.
+2. Create a subfolder under *wdav_update* with a GUID name, such as `{00000000-0000-0000-0000-000000000000}`
+
+Here's an example: `c:\wdav_update\{00000000-0000-0000-0000-000000000000}`
 
    > [!NOTE]
    > In the script we set it so the last 12 digits of the GUID are the year, month, day, and time when the file was downloaded so that a new folder is created each time. You can change this so that the file is downloaded to the same folder each time.
@@ -138,74 +140,99 @@ If you would prefer to do everything manually, this what you would need to do to
 
 Scheduled scans run in addition to [real-time protection and scanning](configure-real-time-protection-microsoft-defender-antivirus.md).
 
-The start time of the scan itself is still based on the scheduled scan policy — ScheduleDay, ScheduleTime, ScheduleQuickScanTime. Randomization will cause Microsoft Defender AV to start a scan on each machine within a 4 hour window from the time set for the scheduled scan.
+The start time of the scan itself is still based on the scheduled scan policy (**ScheduleDay**, **ScheduleTime**, and **ScheduleQuickScanTime**). Randomization will cause Microsoft Defender Antivirus to start a scan on each machine within a 4-hour window from the time set for the scheduled scan.
 
 See [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) for other configuration options available for scheduled scans.
 
 ## Use quick scans
 
-You can specify the type of scan that should be performed during a scheduled scan.
-Quick scans are the preferred approach as they are designed to look in all places where malware needs to reside to be active.
+You can specify the type of scan that should be performed during a scheduled scan. Quick scans are the preferred approach as they are designed to look in all places where malware needs to reside to be active. The following procedure describes how to set up quick scans using Group Policy.
 
-1. Expand the tree to **Windows components > Windows Defender > Scan**.
+1. In your Group Policy Editor, go to **Administrative templates** > **Windows components** > **Microsoft Defender Antivirus** > **Scan**.
 
-2. Double-click **Specify the scan type to use for a scheduled scan** and set the option to **Enabled** and **Quick scan**.
+2. Select **Specify the scan type to use for a scheduled scan** and then edit the policy setting.
 
-3. Click **OK**.
+3. Set the policy to **Enabled**, and then under **Options**, select  **Quick scan**.
+
+4. Select **OK**. 
+
+5. Deploy your Group Policy object as you usually do.
 
 ## Prevent notifications
 
-Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can use the lock down the Microsoft Defender Antivirus user interface.
+Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can lock down the Microsoft Defender Antivirus user interface. The following procedure describes how to suppress notifications with Group Policy.
 
-1. Expand the tree to **Windows components > Windows Defender > Client Interface**.
+1. In your Group Policy Editor, go to **Windows components** > **Microsoft Defender Antivirus** > **Client Interface**.
 
-2. Double-click **Suppress all notifications** and set the option to **Enabled**.
+2. Select **Suppress all notifications** and then edit the policy settings. 
 
-3. Click **OK**.
+3. Set the policy to **Enabled**, and then select **OK**.
 
-This prevents notifications from Microsoft Defender AV appearing in the action center on Windows 10 when scans or remediation is performed.
+4. Deploy your Group Policy object as you usually do.
+
+Suppressing notifications prevents notifications from Microsoft Defender Antivirus from showing up in the Action Center on Windows 10 when scans are done or remediation actions are taken. However, your security operations team will see the results of the scan in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+
+> [!TIP]
+> To open the Action Center on Windows 10, take one of the following steps:
+> - On the right end of the taskbar, select the Action Center icon.
+> - Press the Windows logo key button + A.
+> - On a touchscreen device, swipe in from the right edge of the screen.
 
 ## Disable scans after an update
 
-This setting will prevent a scan from occurring after receiving an update. You can apply this when creating the base image if you have also run a quick scan. This prevents the newly updated VM from performing a scan again (as you've already scanned it when you created the base image).
+Disabling a scan after an update will prevent a scan from occurring after receiving an update. You can apply this setting when creating the base image if you have also run a quick scan. This way, you can prevent the newly updated VM from performing a scan again (as you've already scanned it when you created the base image).
 
 > [!IMPORTANT]
 > Running scans after an update will help ensure your VMs are protected with the latest Security intelligence updates. Disabling this option will reduce the protection level of your VMs and should only be used when first creating or deploying the base image.
 
-1. Expand the tree to **Windows components > Windows Defender > Signature Updates**.
+1. In your Group Policy Editor, go to **Windows components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates**.
 
-2. Double-click **Turn on scan after signature update** and set the option to **Disabled**.
+2. Select **Turn on scan after security intelligence update** and then edit the policy setting.
 
-3. Click **OK**.
+3. Set the policy to **Disabled**.
 
-This prevents a scan from running immediately after an update.
+4. Select **OK**.
+
+5. Deploy your Group Policy object as you usually do.
+
+This policy prevents a scan from running immediately after an update.
 
 ## Scan VMs that have been offline
 
-1. Expand the tree to **Windows components > Windows Defender > Scan**.
+1. In your Group Policy Editor, go to to **Windows components** > **Microsoft Defender Antivirus** > **Scan**.
 
-2. Double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**.
+2. Select **Turn on catch-up quick scan** and then edit the policy setting.
 
-3. Click **OK**.
+3. Set the policy to **Enabled**.
 
-This forces a scan if the VM has missed two or more consecutive scheduled scans.
+4. Select **OK**.
+
+5. Deploy your Group Policy Object as you usually do.
+
+This policy forces a scan if the VM has missed two or more consecutive scheduled scans.
 
 ## Enable headless UI mode
 
-1. Double-click **Enable headless UI mode** and set the option to **Enabled**.
+1. In your Group Policy Editor, go to **Windows components** > **Microsoft Defender Antivirus** > **Client Interface**.
 
-2. Click **OK**.
+2. Select **Enable headless UI mode** and edit the policy.
 
-This hides the entire Microsoft Defender AV user interface from users.
+3. Set the policy to **Enabled**.
+
+4. Click **OK**.
+
+5. Deploy your Group Policy Object as you usually do.
+ 
+This policy hides the entire Microsoft Defender Antivirus user interface from end users in your organization.
 
 ## Exclusions
 
 Exclusions can be added, removed, or customized to suit your needs.
 
-For more details, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-exclusions-microsoft-defender-antivirus.md).
+For more information, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-exclusions-microsoft-defender-antivirus.md).
 
 ## Additional resources
 
-- [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( https://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s)
+- [Tech Community Blog: Configuring Microsoft Defender Antivirus for non-persistent VDI machines](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/configuring-microsoft-defender-antivirus-for-non-persistent-vdi/ba-p/1489633)
 - [TechNet forums on Remote Desktop Services and VDI](https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS)
 - [SignatureDownloadCustomTask PowerShell script](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 4c9c47828e..cb05c08abe 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -11,7 +11,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 audience: ITPro
-ms.date:
+ms.date: 11/30/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -31,72 +31,73 @@ manager: dansimp
 
 Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender for Endpoint, due to certain kinds of undesirable behavior.
 
-For example:
+Here are some examples:
 
-* **Advertising software**: Software that displays advertisements or promotions, including software that inserts advertisements to webpages.
-* **Bundling software**: Software that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualify as PUA.
-* **Evasion software**: Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.
+- **Advertising software** that displays advertisements or promotions, including software that inserts advertisements to webpages.
+- **Bundling software** that offers to install other software that is not digitally signed by the same entity. Also, software that offers to install other software that qualify as PUA.
+- **Evasion software** that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.
 
-For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](../intelligence/criteria.md).
+> [!TIP]
+> For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](../intelligence/criteria.md).
 
 Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up.
 
-## How it works
+PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016.
 
-### Microsoft Edge
+## Microsoft Edge
 
-The next major version of Microsoft Edge, which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md).
+The [new Microsoft Edge](https://support.microsoft.com/microsoft-edge/get-to-know-microsoft-edge-3f4bb0ff-58de-2188-55c0-f560b7e20bea), which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md).
 
-#### Enable PUA protection in Chromium-based Microsoft Edge
+### Enable PUA protection in Chromium-based Microsoft Edge
 
 Although potentially unwanted application protection in Microsoft Edge (Chromium-based, version 80.0.361.50) is turned off by default, it can easily be turned on from within the browser.
 
 1. Select the ellipses, and then choose **Settings**.
-2. Select **Privacy and services**.
-3. Under the **Services** section, turn on **Block potentially unwanted apps**.
+2. Select **Privacy, search, and services**.
+3. Under the **Security** section, turn on **Block potentially unwanted apps**.
 
 > [!TIP]
-> If you are running Microsoft Edge (Chromium-based), you can safely explore the URL-blocking feature of PUA protection by testing it out on one of our Windows Defender SmartScreen [demo pages](https://demo.smartscreen.msft.net/).
+> If you are running Microsoft Edge (Chromium-based), you can safely explore the URL-blocking feature of PUA protection by testing it out on one of our [Microsoft Defender SmartScreen demo pages](https://demo.smartscreen.msft.net/).
 
-#### Blocking URLs with Windows Defender SmartScreen
+### Blocking URLs with Microsoft Defender SmartScreen
 
-In Chromium-based Edge with PUA protection turned on, Windows Defender SmartScreen will protect you from PUA-associated URLs.
+In Chromium-based Edge with PUA protection turned on, Microsoft Defender SmartScreen will protect you from PUA-associated URLs.
 
-Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Windows Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several group policy [settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Windows
+Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft
 Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can
-[configure Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Windows Defender SmartScreen on or off.
+[configure Microsoft Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off.
 
-Although Microsoft Defender for Endpoint has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender for Endpoint portal, Windows Defender SmartScreen will respect the new settings.
+Although Microsoft Defender for Endpoint has its own block list based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen will respect the new settings.
 
-### Microsoft Defender Antivirus
+## Microsoft Defender Antivirus
 
 The potentially unwanted application (PUA) protection feature in Microsoft Defender Antivirus can detect and block PUAs on endpoints in your network.
 
 > [!NOTE]
-> This feature is only available in Windows 10.
+> This feature is available in Windows 10, Windows Server 2019, and Windows Server 2016.
 
 Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine.
 
-When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification will be prefaced with _PUA:_ to indicate its content.
+When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification is prefaced with `PUA:` to indicate its content.
 
 The notification appears in the usual [quarantine list within the Windows Security app](microsoft-defender-security-center-antivirus.md#detection-history).
 
-#### Configure PUA protection in Microsoft Defender Antivirus
+### Configure PUA protection in Microsoft Defender Antivirus
 
-You can enable PUA protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, or via PowerShell cmdlets.
+You can enable PUA protection with [Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/device-protect), [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection), [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy), or via [PowerShell cmdlets](https://docs.microsoft.com/powershell/module/defender/?view=win10-ps&preserve-view=true).
 
-You can also use the PUA audit mode to detect PUAs without blocking them. The detections will be captured in the Windows event log.
+You can also use PUA protection in audit mode to detect potentially unwanted applications without blocking them. The detections will be captured in the Windows event log.
 
 > [!TIP]
-> You can visit the Microsoft Defender for Endpoint demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com/Page/UrlRep) to confirm that the feature is working, and see it in action.
+> Visit the Microsoft Defender for Endpoint demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com/Page/UrlRep) to confirm that the feature is working, and see it in action.
 
-PUA audit mode is useful if your company is conducting an internal software security compliance check and you'd like to avoid any false positives.
+PUA protection in audit mode is useful if your company is conducting an internal software security compliance check and you'd like to avoid any false positives.
 
-##### Use Intune to configure PUA protection
+#### Use Intune to configure PUA protection
 
 See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details.
 
-##### Use Configuration Manager to configure PUA protection
+#### Use Configuration Manager to configure PUA protection
 
 PUA protection is enabled by default in the Microsoft Endpoint Configuration Manager (Current Branch).
 
@@ -107,37 +108,39 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
 > [!NOTE]
 > PUA events blocked by Microsoft Defender Antivirus are reported in the Windows Event Viewer and not in Microsoft Endpoint Configuration Manager.
 
-##### Use Group Policy to configure PUA protection
+#### Use Group Policy to configure PUA protection
 
 1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure, and select **Edit**.
 
 2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 
-3. Expand the tree to **Windows components > Microsoft Defender Antivirus**.
+3. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus**.
 
-4. Double-click **Configure protection for potentially unwanted applications**.
+4. Double-click **Configure detection for potentially unwanted applications**.
 
 5. Select **Enabled** to enable PUA protection.
 
 6. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting will work in your environment. Select **OK**.
 
-##### Use PowerShell cmdlets to configure PUA protection
+7. Deploy your Group Policy object as you usually do.
 
-###### To enable PUA protection
+#### Use PowerShell cmdlets to configure PUA protection
+
+##### To enable PUA protection
 
 ```PowerShell
 Set-MpPreference -PUAProtection enable
 ```
 Setting the value for this cmdlet to `Enabled` will turn the feature on if it has been disabled.
 
-###### To set PUA protection to audit mode
+##### To set PUA protection to audit mode
 
 ```PowerShell
 Set-MpPreference -PUAProtection auditmode
 ```
 Setting `AuditMode` will detect PUAs without blocking them.
 
-###### To disable PUA protection
+##### To disable PUA protection
 
 We recommend keeping PUA protection turned on. However, you can turn it off by using the following cmdlet:
 
@@ -148,7 +151,7 @@ Setting the value for this cmdlet to `Disabled` will turn the feature off if it
 
 See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 
-#### View PUA events
+### View PUA events
 
 PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Configuration Manager or in Intune.
 
@@ -156,9 +159,11 @@ You can turn on email notifications to receive mail about PUA detections.
 
 See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for details on viewing Microsoft Defender Antivirus events. PUA events are recorded under event ID **1160**.
 
-#### Allow-listing apps
+### Allow-listing apps
 
-Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed. See [How to Configure Endpoint Protection in Configuration Manager](https://docs.microsoft.com/previous-versions/system-center/system-center-2012-R2/hh508770(v=technet.10)#to-exclude-specific-files-or-folders) for information on allowing files which are currently blocked by PUA protection in Microsoft Defender Antivirus.
+Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed. 
+
+For more information, see [Recommended antivirus exclusions for Configuration Manager site servers, site systems, and clients](https://docs.microsoft.com/troubleshoot/mem/configmgr/recommended-antivirus-exclusions#exclusions).
 
 ## Related articles
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 964923be28..567fc845b6 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -14,7 +14,7 @@ audience: ITPro
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 11/12/2020
+ms.date: 11/19/2020
 ---
 
 # Protect security settings with tamper protection
@@ -48,7 +48,7 @@ Tamper protection essentially locks Microsoft Defender Antivirus and prevents yo
 - Changing settings through PowerShell cmdlets
 - Editing or removing security settings through group policies
 
-Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; this is managed by your security team.
+Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; tamper protection is managed by your security team.
 
 ### What do you want to do?
 
@@ -72,7 +72,7 @@ Tamper protection doesn't prevent you from viewing your security settings. And,
 >
 > Once you’ve made this update, tamper protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors.
 
-If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do this.
+If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do change security settings, such as tamper protection.
 
 1. Click **Start**, and start typing *Defender*. In the search results, select **Windows Security**.
 
@@ -93,7 +93,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-
 1. Make sure your organization meets all of the following requirements to manage tamper protection using Intune:
 
     - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.)
-    - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) for more details about releases.)
+    - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).)
     - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
     - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
 
@@ -132,7 +132,7 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release
 > [!IMPORTANT]
 > The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure.
 
-If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 by using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices.
+If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices.
 
 1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions).
 
@@ -207,17 +207,6 @@ If you are an organization using [Microsoft Defender for Endpoint](https://www.m
 
 Your regular group policy doesn’t apply to tamper protection, and changes to Microsoft Defender Antivirus settings are ignored when tamper protection is on. 
 
-> [!NOTE]
-> A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Microsoft Defender Antivirus features protected by tamper protection.
-
-To avoid any potential delays, we recommend that you remove settings that control Microsoft Defender Antivirus related behavior using GPO and allow tamper protection to protect your Microsoft Defender Antivirus settings.
-
-Some sample Microsoft Defender Antivirus settings:
-
-- *Turn off real-time protection* <br />
-  Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\<br />
-  Value `DisableRealtimeMonitoring` = 0
-
 ### For Microsoft Defender for Endpoint, is configuring tamper protection in Intune targeted to the entire organization only?
 
 Configuring tamper protection in Intune or Microsoft Endpoint Manager can be targeted to your entire organization as well as to specific devices and user groups.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index d2c6d68716..f5e542e2f6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -14,7 +14,7 @@ ms.author: deniseb
 ms.reviewer: sugamar, jcedola
 manager: dansimp
 ms.custom: asr
-ms.date: 10/08/2020
+ms.date: 11/30/2020
 ---
 
 # Reduce attack surfaces with attack surface reduction rules
@@ -26,21 +26,35 @@ ms.date: 10/08/2020
 
 * [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Your attack surface is the total number of places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means offering attackers fewer ways to perform attacks.
+## Overview
 
-Attack surface reduction rules target software behaviors that are often abused by attackers, such as:
+Your attack surface includes all the places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means protecting your organization's devices and network, which leaves attackers with fewer ways to perform attacks.
 
-- Launching executable files and scripts that attempt to download or run files
-- Running obfuscated or otherwise suspicious scripts
-- Performing behaviors that apps don't usually initiate during normal day-to-day work
+Attack surface reduction rules target certain software behaviors that are often abused by attackers. Such behaviors include:
 
-Such behaviors are sometimes seen in legitimate applications; however, they are considered risky because they are commonly abused by malware. Attack surface reduction rules can constrain these kinds of risky behaviors and help keep your organization safe.
+- Launching executable files and scripts that attempt to download or run files;
+- Running obfuscated or otherwise suspicious scripts; and 
+- Performing behaviors that apps don't usually initiate during normal day-to-day work.
+
+Such software behaviors are sometimes seen in legitimate applications; however, these behaviors are often considered risky because they are commonly abused by malware. Attack surface reduction rules can constrain risky behaviors and help keep your organization safe.
+
+For more information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
+
+## Assess rule impact before deployment  
+
+You can assess how an attack surface reduction rule might impact your network by opening the security recommendation for that rule in [threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/#tvm). 
+
+:::image type="content" source="images/asrrecommendation.png" alt-text="Security recommendation for ASR rule":::
+
+In the recommendation details pane, check the user impact to determine what percentage of your devices can accept a new policy enabling the rule in blocking mode without adverse impact to user productivity.
+
+## Audit mode for evaluation
 
 Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks in ways that seem similar to malware. By monitoring audit data and [adding exclusions](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity.
 
-Whenever a rule is triggered, a notification will be displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays within the Microsoft Defender Security Center and the Microsoft 365 security center.
+## Notifications when a rule is triggered
 
-For more information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
+Whenever a rule is triggered, a notification will be displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays within the Microsoft Defender Security Center and the Microsoft 365 security center.
 
 ## Attack surface reduction features across Windows versions
 
@@ -54,7 +68,7 @@ To use the entire feature-set of attack surface reduction rules, you need a [Win
 
 ## Review attack surface reduction events in the Microsoft Defender Security Center
 
-Defender for Endpoint provides detailed reporting for events and blocks, as part of its alert investigation scenarios.
+Defender for Endpoint provides detailed reporting for events and blocks as part of alert investigation scenarios.
 
 You can query Defender for Endpoint data by using [advanced hunting](advanced-hunting-query-language.md). If you're running [audit mode](audit-windows-defender.md), you can use advanced hunting to understand how attack surface reduction rules could affect your environment.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 3e1ede3c5e..6c6a1ea7cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -152,7 +152,7 @@ You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windo
 > - The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs).
 > - A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.
 
-Support for Windows Server, provide deeper insight into activities happening on the Windows server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
+Support for Windows Server provides deeper insight into server activities, coverage for kernel and memory attack detection, and enables response actions.
 
 1. Configure Defender for Endpoint onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 298867cbc0..f311d48c09 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -27,25 +27,50 @@ ms.topic: article
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-There are three phases in deploying Defender for Endpoint:
 
-|Phase | Description | 
-|:-------|:-----|
-| ![Phase 1: Prepare](images/prepare.png)<br>[Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Defender for Endpoint: <br><br>- Stakeholders and sign-off <br> - Environment considerations <br>- Access <br> - Adoption order
-|  ![Phase 2: Setup](images/setup.png) <br>[Phase 2: Setup](production-deployment.md)|  Take the initial steps to access Microsoft Defender Security Center. You'll be guided on:<br><br>- Validating the licensing <br>  - Completing the setup wizard within the portal<br>- Network configuration|
-|  ![Phase 3: Onboard](images/onboard.png) <br>[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them. 
+Microsoft Defender for Endpoint has the capabilities to effectively protect your enterprise from cyber threats.
+
+Learn how to deploy Microsoft Defender for Endpoint so that your enterprise can take advantage of preventative protection, post-breach detection, automated investigation, and response. 
 
 
+This solution provides guidance on the three phases of deployment. Each section corresponds to a separate article in this solution.
 
-The deployment guide will guide you through the recommended path in deploying Defender for Endpoint. 
+![Image of deployment phases](images/deployment-phases.png)
 
-If you're unfamiliar with the general deployment planning steps, check out the [Plan deployment](deployment-strategy.md) topic to get a  high-level overview of the general deployment steps and methods.
+Regardless of the environment architecture and method of deployment you choose outlined in the [Plan deployment](deployment-strategy.md) guidance, this guide is going to support you in onboarding endpoints. 
 
 
+## Prepare
+Learn about what you need to consider when deploying Defender for Endpoint such as stakeholder approvals, environment considerations, access permissions, and adoption order of capabilities. 
 
-## In Scope
+## Setup
+Get guidance on the initial steps you need to take so that you can access the portal such as validating licensing, completing the setup wizard, and network configuration. 
 
-The following is in scope for this deployment guide:
+## Onboard
+Learn how to make use of deployment rings, supported onboarding tools based on the type of endpoint, and configuring available capabilities.
+
+
+## Key capabilities
+
+This solution provides the following key capabilities:
+
+Capability | Description 
+:---|:---
+Eliminate risks and reduce your attack surface| Use attack surface reduction to minimize the areas where your organization could be vulnerable to threats.
+Block sophisticated threats and malware | Defend against never-before-seen polymorphic and metamorphic malware and fileless and file-based threats with next-generation protection.
+Remediation at scale with automation | Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to determine whether a threat is active and what action to take.
+Discover vulnerabilities and misconfigurations in real time | Bring security and IT together with Microsoft Threat & Vulnerability Management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.
+Get expert-level threat monitoring and analysis | Empower your security operations centers with Microsoft Threat Experts. Get deep knowledge, advanced threat monitoring, analysis, and support to identify critical threats in your unique environment.
+Detect and respond to advanced attacks with behavioral monitoring | Spot attacks and zero-day exploits using advanced behavioral analytics and machine learning.
+Cross-platform support | Microsoft Defender for Endpoint provides security for non-Windows platforms including Mac, Linux servers, and Android.
+Evaluate capabilities | Fully evaluate our capabilities with a few simple clicks in the Microsoft Defender for Endpoint evaluation lab.
+Streamline and integrate via APIs | Integrate Microsoft Defender for Endpoint with your security solutions and streamline and automate security workflows with rich APIs.
+Simplify endpoint security management | Use a single pane of glass for all endpoint security actions, such as endpoint configuration, deployment, and management with Microsoft Endpoint Manager.
+
+
+## Scope
+
+### In scope
 
 -   Use of Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to onboard endpoints into the service and configure capabilities
 
@@ -59,10 +84,19 @@ The following is in scope for this deployment guide:
     -   Attack surface reduction
 
 
-## Out of scope
+### Out of scope
 
 The following are out of scope of this deployment guide:
 
 -   Configuration of third-party solutions that might integrate with Defender for Endpoint
 
 -   Penetration testing in production environment
+
+
+
+
+## See also
+- [Phase 1: Prepare](prepare-deployment.md)
+- [Phase 2: Set up](production-deployment.md)
+- [Phase 3: Onboard](onboarding.md)
+- [Plan deployment](deployment-strategy.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
index 9c14158aa2..b7def4676f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
@@ -25,15 +25,14 @@ ms.topic: article
 
 >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
 
-Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Defender for Endpoint. 
 
-These are the general steps you need to take to deploy Defender for Endpoint:
+Plan your Microsoft Defender for Endpoint deployment so that you can maximize the security capabilities within the suite and better protect your enterprise from cyber threats.
 
-![Image of deployment flow](images/onboarding-flow-diagram.png)
 
-- Identify architecture
-- Select deployment method
-- Configure capabilities
+This solution provides guidance on how to identify your environment architecture, select the type of deployment tool that best fits your needs, and guidance on how to configure capabilities.
+
+
+![Image of deployment flow](images/plan-deployment.png)
 
 
 ## Step 1: Identify architecture
@@ -43,7 +42,7 @@ Depending on your environment, some tools are better suited for certain architec
 
 Use the following material to select the appropriate Defender for Endpoint architecture that best suites your organization.
 
-|**Item**|**Description**|
+| Item | Description |
 |:-----|:-----|
 |[![Thumb image for Defender for Endpoint deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)<br/> [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: <ul><li> Cloud-native </li><li> Co-management </li><li> On-premise</li><li>Evaluation and local onboarding</li>
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
index ba855cf88a..99f4521685 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
@@ -9,11 +9,11 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
 audience: ITPro
-author: appcompatguy
-ms.author: cjacks
+author: denisebmsft
+ms.author: deniseb
 ms.date: 07/20/2020
-ms.reviewer: 
-manager: saudm
+ms.reviewer: cjacks
+manager: dansimp
 ms.custom: asr
 ---
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
index 3ab82897fa..fd7da12f88 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
@@ -50,14 +50,14 @@ To have your company listed as a partner in the in-product partner page, you wil
 4. Link to the landing page for the customer to complete the integration or blog post that will include sufficient information for customers. Any press release including the Microsoft Defender ATP product name should be reviewed by the marketing and engineering teams. Wait for at least 10 days for the review process to be done.
 5.	If you use a multi-tenant Azure AD approach, we will need the Azure AD application name to track usage of the application.
 6. Include the User-Agent field in each API call made to Microsoft Defender for Endpoint public set of APIs or Graph Security APIs. This will be used for statistical purposes, troubleshooting, and partner recognition. In addition, this step is a requirement for membership in Microsoft Intelligent Security Association (MISA).
-    Follow these steps:
-    1.	Identify a name adhering to the following nomenclature that includes your company name and the Microsoft Defender ATP-integrated product with the version of the product that includes this integration. 
-      - ISV Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{Version}`
-      - Security partner Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{TenantID}` 
 
-    2.	Set the User-Agent field in each HTTP request header to the name based on the above nomenclature. 
-    For more information, see [RFC 2616 section-14.43](https://tools.ietf.org/html/rfc2616#section-14.43). For example, User-Agent: `MdatpPartner-Contoso-ContosoCognito/1.0.0`
+   	- Set the User-Agent field in each HTTP request header to the name based on the Following nomenclature.
 
+    - `MsdePartner-{CompanyName}-{ProductName}/{Version}`
+    
+    - For example, User-Agent: `MdatpPartner-Contoso-ContosoCognito/1.0.0`
+    
+    - For more information, see [RFC 2616 section-14.43](https://tools.ietf.org/html/rfc2616#section-14.43).
 
 Partnerships with Microsoft Defender for Endpoint help our mutual customers to further streamline, integrate, and orchestrate defenses. We are happy that you chose to become a Microsoft Defender for Endpoint partner and to achieve our common goal of effectively protecting customers and their assets by preventing and responding to modern threats together.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/asrrecommendation.png b/windows/security/threat-protection/microsoft-defender-atp/images/asrrecommendation.png
new file mode 100644
index 0000000000..1ce1089fbf
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/asrrecommendation.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/deployment-phases.png b/windows/security/threat-protection/microsoft-defender-atp/images/deployment-phases.png
new file mode 100644
index 0000000000..0875ace467
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/deployment-phases.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-actions.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-actions.png
new file mode 100644
index 0000000000..46a71a3ab6
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-actions.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-policy.png
new file mode 100644
index 0000000000..efd5173cfb
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-policy.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-settings.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-settings.png
new file mode 100644
index 0000000000..a09b5f9a3a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-settings.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/plan-deployment.png b/windows/security/threat-protection/microsoft-defender-atp/images/plan-deployment.png
new file mode 100644
index 0000000000..60313bb2da
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/plan-deployment.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report-small.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report-small.png
new file mode 100644
index 0000000000..c71d67f43f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report-small.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png
index 8106b9e665..957d61d441 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png and b/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
index feab52dd1a..f0439ebf7f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
@@ -42,8 +42,8 @@ It's important to understand the following requirements prior to creating indica
 - This feature is available if your organization uses Windows Defender Antivirus and Cloud-based protection is enabled. For more information, see [Manage cloud-based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
 - The Antimalware client version must be  4.18.1901.x or later.
 - Supported on machines on Windows 10, version 1703 or later, Windows server 2016 and 2019.
-- The virus and threat protection definitions must be up-to-date.
-- This feature currently supports entering .CER or .PEM file extensions.
+- The virus and threat protection definitions must be up to date.
+- This feature currently supports entering .CER or .PEM (Base64 ASCII) encoding based certificates.
 
 >[!IMPORTANT]
 > - A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft.  Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine 'Trusted Root Certification Authorities').
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
index ad2a51ab8f..733c2fdbd1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
@@ -27,6 +27,42 @@ ms.topic: conceptual
 > [!NOTE]
 > Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
 
+> [!IMPORTANT]
+> **PUBLIC PREVIEW EDITION**
+> 
+> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
+> 
+> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
+
+
+## Configure compliance policy against jailbroken devices
+
+To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
+
+> [!NOTE]
+> Currently Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. Some data like your corporate email id and corporate profile picture (if available) will be exposed to the attacker on the jailbroken device.
+
+Follow the steps below to create a compliance policy against jailbroken devices.
+
+1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> click on **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.
+
+    > [!div class="mx-imgBorder"]
+    > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-policy.png)
+
+1. Specify a name of the policy, example "Compliance Policy for Jailbreak".
+1. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field.
+
+    > [!div class="mx-imgBorder"]
+    > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-settings.png)
+
+1. In the *Action for noncompliance* section, select the actions as per your requirements and click **Next**.
+
+    > [!div class="mx-imgBorder"]
+    > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-actions.png)
+
+1. In the *Assignments* section, select the user groups that you want to include for this policy and then click **Next**.
+1. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
+
 ## Configure custom indicators
 
 Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. Refer to [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) on how to configure custom indicators.
@@ -37,4 +73,3 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i
 ## Web Protection
 
 By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks.
-
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
index 31ee7b41b6..361ee24da1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
@@ -1,78 +1,96 @@
 ---
-title: Microsoft Defender ATP for iOS note on Privacy
+title: Privacy information - Microsoft Defender for Endpoint for iOS
 ms.reviewer:
-description: Describes the Microsoft Defender ATP for iOS Privacy
-keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, 
+description: Describes privacy information for Microsoft Defender for Endpoint for iOS
+keywords: microsoft, defender, atp, ios, policy, overview
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: sunasing
-author: sunasing
+ms.author: macapara
+author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
-hideEdit: true
 ---
 
-# Microsoft Defender ATP for iOS - Privacy information
+# Privacy information - Microsoft Defender for Endpoint for iOS
 
 **Applies to:**
 
 - [Microsoft Defender for Endpoint](microsoft-defender-atp-ios.md)
 
->[!NOTE]
-> Defender for Endpoint for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Microsoft or your organization **does not see your browsing activity**.
+> [!NOTE]
+> Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.**
 
-Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint.
+Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected, and to support the service.
 
-Information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected and to support the service.
+For more information about data storage, see [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md).
 
-## Required data
+## Required data 
 
-Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. Here's a list of the types of data being collected:
+Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. 
 
-### Web page / Network information
+Here is a list of the types of data being collected: 
 
-- Connection information
-- Protocol type (such as HTTP, HTTPS, etc.)
+### Web page or Network information 
 
-### Device and account information
+- Connection information only when a malicious connection or web page is detected. 
 
-- Device information such as date & time, iOS version, CPU info, and Device identifier
-- Device identifier is one of the below:
-    - Wi-Fi adapter MAC address
-    - Randomly generated globally unique identifier (GUID)
+- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. 
 
-- Tenant, Device, and User information
-    - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory.
-    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory
-    - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted
-    - User Principal Name - Email ID of the user
+### Device and account information 
 
-### Product and service usage data
+- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following: 
 
-- App package info, including name, version, and app upgrade status
-- Actions performed in the app
-- Crash report logs generated by iOS
-- Memory usage data
+    - Wi-Fi adapter MAC address 
 
-## Optional data
+    - Randomly generated globally unique identifier (GUID) 
 
-Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself.
+- Tenant, Device, and User information 
 
-Optional diagnostic data includes:
+    - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. 
 
-- App, CPU, and network usage
-- Features configured by the admin
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. 
 
-**Feedback Data** is collected through in-app feedback provided by the user.
+    - Microsoft Defender for Endpoint org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify if there are issues affecting a select set of enterprises and the number of enterprises impacted. 
+
+    - User Principal Name - Email ID of the user. 
+
+### Product and service usage data 
+
+The following information is collected only for Microsoft Defender for Endpoint app installed on the device. 
+
+- App package info, including name, version, and app upgrade status. 
+
+- Actions done in the app. 
+
+- Crash report logs generated by iOS. 
+
+- Memory usage data. 
+
+## Optional Data 
+
+Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. 
+
+Optional diagnostic data includes: 
+
+- App, CPU, and network usage for Defender for Endpoint. 
+
+- Features configured by the admin for Defender for Endpoint. 
+
+Feedback Data is collected through in-app feedback provided by the user. 
+
+- The user's email address, if they choose to provide it.
+
+- Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
+
+For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatement).
 
-- The user's email address, if they choose to provide it
-- Feedback type (smile, frown, idea) and any feedback comments submitted by the user
 
-[More on Privacy](https://aka.ms/mdatpiosprivacystatement)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
new file mode 100644
index 0000000000..fe7f0dbd32
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
@@ -0,0 +1,167 @@
+---
+title: How to schedule scans with Microsoft Defender for Endpoint (Linux)
+description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint (Linux) to better protect your organization's assets.
+keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux)
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Schedule scans with Microsoft Defender for Endpoint (Linux)
+
+To run a scan for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands).
+
+Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks.
+
+## Pre-requisite
+
+> [!NOTE]
+> To get a list of all the time zones, run the following command:
+> `timedatectl list-timezones`<br>
+> Examples for timezones:
+> - `America/Los_Angeles`
+> - `America/New_York`
+> - `America/Chicago`
+> - `America/Denver`
+
+## To set the Cron job
+Use the following commands:
+
+**To backup crontab entries**
+
+`sudo crontab -l > /var/tmp/cron_backup_200919.dat`
+
+> [!NOTE]
+> Where 200919 == YRMMDD
+
+> [!TIP]
+> Do this before you edit or remove. <br>
+
+To edit the crontab, and add a new job as a root user: <br>
+`sudo crontab -e`
+
+> [!NOTE]
+> The default editor is VIM.
+
+You might see:
+
+0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
+
+Press “Insert”
+
+Add the following entries:
+
+CRON_TZ=America/Los_Angeles
+
+0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log
+
+> [!NOTE]
+>In this example, we have  set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8).
+
+Press “Esc”
+
+Type “:wq” without the double quotes.
+
+> [!NOTE]
+> w == write, q == quit
+
+To view your cron jobs, type `sudo crontab -l`
+
+:::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp":::
+
+**To inspect cron job runs**
+
+`sudo grep mdatp /var/log/cron`
+
+**To inspect the mdatp_cron_job.log**
+
+`sudo nano mdatp_cron_job.log`
+
+## For those who use Ansible, Chef, or Puppet
+
+Use the following commands:
+### To set cron jobs in Ansible
+
+`cron – Manage cron.d and crontab entries`
+
+See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information.
+
+### To set crontabs in Chef
+`cron resource`
+
+See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information.
+
+### To set cron jobs in Puppet
+Resource Type: cron
+
+See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information.
+
+Automating with Puppet: Cron jobs and scheduled tasks
+
+See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information.
+
+## Additional information
+
+**To get help with crontab**
+
+`man crontab`
+
+**To get a list of crontab file of the current user**
+
+`crontab -l`
+
+**To get a list of crontab file of another user**
+
+`crontab -u username -l`
+
+**To backup crontab entries**
+
+`crontab -l > /var/tmp/cron_backup.dat`
+
+> [!TIP]
+> Do this before you edit or remove. <br>
+
+**To restore crontab entries**
+
+`crontab /var/tmp/cron_backup.dat`
+
+**To edit the crontab and add a new job as a root user**
+
+`sudo crontab -e`
+
+**To edit the crontab and add a new job**
+
+`crontab -e`
+
+**To edit other user’s crontab entries**
+
+`crontab -u username -e`
+
+**To remove all crontab entries**
+
+`crontab -r`
+
+**To remove other user’s crontab entries**
+
+`crontab -u username -r`
+
+**Explanation**
+
++—————- minute (values: 0 – 59) (special characters: , – * /)  <br>
+| +————- hour (values: 0 – 23) (special characters: , – * /) <br>
+| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C)  <br>
+| | | +——- month (values: 1 – 12) (special characters: ,- * / )  <br>
+| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) <br>
+| | | | |*****command to be executed
+
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
index 960de74bcc..8714aeb2e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
@@ -97,7 +97,9 @@ Then rerun step 2.
 4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details.
 Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
 
-5. Ensure that the daemon has executable permission.
+5. If `/opt` directory is a symbolic link, create a bind mount for `/opt/microsoft`. 
+
+6. Ensure that the daemon has executable permission.
     ```bash
     ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
     ```
@@ -110,7 +112,7 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
     ```
     and retry running step 2.
 
-6. Ensure that the file system containing wdavdaemon isn't mounted with "noexec".
+7. Ensure that the file system containing wdavdaemon isn't mounted with "noexec".
 
 ## If mdatp service is running, but EICAR text file detection doesn't work
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
index e8173e8958..e6585fc97f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
@@ -54,7 +54,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
     > [!NOTE]
     > This feature is available in version 100.90.70 or newer.
 
-    This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
+    This feature is enabled by default on the `Dogfood` and `InsiderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
  
     ```bash
     mdatp config real-time-protection-statistics --value enabled
@@ -78,16 +78,63 @@ The following steps can be used to troubleshoot and mitigate these issues:
     To collect current statistics, run:
 
     ```bash
-    mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file
+    mdatp diagnostic real-time-protection-statistics --output json > real_time_protection.json
+    ```
+    > [!NOTE]
+    > Using ```--output json``` (note the double dash) ensures that the output format is ready for parsing.
+
+    The output of this command will show all processes and their associated scan activity. 
+
+3. On your Linux system, download the sample Python parser **high_cpu_parser.py** using the command: 
+
+    ```bash
+    wget -c https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/diagnostic/high_cpu_parser.py
+    ```
+    The output of this command should be similar to the following:
+
+    ```Output
+    --2020-11-14 11:27:27-- https://raw.githubusercontent.com/microsoft.mdatp-xplat/master/linus/diagnostic/high_cpu_parser.py
+    Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.xxx.xxx
+    Connecting to raw.githubusercontent.com (raw.githubusercontent.com)| 151.101.xxx.xxx| :443... connected.
+    HTTP request sent, awaiting response... 200 OK
+    Length: 1020 [text/plain]
+    Saving to: 'high_cpu_parser.py'
+
+    100%[===========================================>] 1,020    --.-K/s   in 0s
+    ```
+4. Next, type the following commands:
+    ```bash
+    chmod +x high_cpu_parser.py
+    ```
+    ```bash
+    cat real_time_protection.json | python high_cpu_parser.py  > real_time_protection.log
     ```
 
-    The output of this command will show all processes and their associated scan activity. To improve the performance of Defender for Endpoint for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
+      The output of the above is a list of the top contributors to performance issues. The first column is the process identifier (PID), the second column is te process name, and the last column is the number of scanned files, sorted by impact.
+    
+    For example, the output of the command will be something like the below: 
 
-    > [!NOTE]
+    ```Output
+    ... > python ~/repo/mdatp-xplat/linux/diagnostic/high_cpu_parser.py <~Downloads/output.json | head -n 10
+	27432 None 76703
+	73467 actool     1249
+	73914 xcodebuild 1081
+	73873 bash 1050
+	27475 None 836
+	1    launchd    407
+	73468 ibtool     344
+	549  telemetryd_v1   325
+	4764 None 228
+	125  CrashPlanService 164
+    ```
+     
+    To improve the performance of Defender for Endpoint for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).                
+    
+    >[!NOTE]
     > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted.
 
-3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers.
+5. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
+
+    For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md).    
 
-4. Configure Defender for Endpoint for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
 
-    For more details, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
index 87c1b96104..319d2756e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@@ -1,6 +1,6 @@
 ---
 title: Intune-based deployment for Microsoft Defender ATP for Mac
-description: Install Microsoft Defender ATP for Mac, using Microsoft Intune.
+description: Install Microsoft Defender for Endpoint for Mac, using Microsoft Intune.
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -42,7 +42,7 @@ This topic describes how to deploy Microsoft Defender for Endpoint for Mac throu
 
 ## Prerequisites and system requirements
 
-Before you get started, see [the main MIcrosoft Defender for EndpointP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender for Endpoint for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
 
 ## Overview
 
@@ -56,7 +56,7 @@ The following table summarizes the steps you would need to take to deploy and ma
 | [Grant full disk access to Microsoft Defender for Endpoint](#create-system-configuration-profiles-step-8) | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc |
 | [Network Extension policy](#create-system-configuration-profiles-step-9) | MDATP_NetExt.xml | N/A |
 | [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#intune) | MDATP_Microsoft_AutoUpdate.xml | com.microsoft.autoupdate2 |
-| [Microsoft Defender for Endpoint configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)<br/><br/> **Note:** If you are planning to run a third party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
+| [Microsoft Defender for Endpoint configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)<br/><br/> **Note:** If you are planning to run a third-party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
 | [Configure Microsoft Defender for Endpoint and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-10) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
 
 ## Download installation and onboarding packages
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
index 9b20ff2260..73bb94faf9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@@ -150,13 +150,13 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender
 4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file:
 
     ```bash
-    $ security cms -S -N "<CertificateName>" -i <PathToFile>/com.apple.webcontent-filter.mobileconfig -o <PathToSignedFile>/com.microsoft.network-extension.signed.mobileconfig
+    $ security cms -S -N "<CertificateName>" -i <PathToFile>/com.microsoft.network-extension.mobileconfig -o <PathToSignedFile>/com.microsoft.network-extension.signed.mobileconfig
     ```
     
     For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents:
     
     ```bash
-    $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig
+    $ security cms -S -N "SigningCertificate" -i ~/Documents/com.microsoft.network-extension.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig
     ```
     
 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index b40f3ea88c..336b9f1519 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -27,7 +27,7 @@ ms.topic: conceptual
 > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
 
 > [!IMPORTANT]
-> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app.
+> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic.
 
 ## 101.13.75
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 858c7f0d06..6e55918615 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -91,6 +91,12 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
    
    `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
 
+> [!NOTE]
+> When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
+> Example:<br/>
+> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`<br/>
+> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`<br/>
+
 3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
    
    `Get-Service -Name windefend`
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
deleted file mode 100644
index b5143827c8..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ /dev/null
@@ -1,92 +0,0 @@
----
-title: Microsoft Defender ATP for iOS - Privacy information
-ms.reviewer:
-description: Describes privacy information for Microsoft Defender ATP for iOS
-keywords: microsoft, defender, atp, ios, policy, overview
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
-ms.topic: conceptual
----
-
-# Privacy information - Microsoft Defender for Endpoint for iOS
-
-> [!NOTE]
-> Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.**
-
-Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected, and to support the service.
-
-For more details about data storage, see [Microsoft Defender for Endpoint data storage and privacy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy).
-
-## Required data 
-
-Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. 
-
-Here is a list of the types of data being collected: 
-
-### Web page or Network information 
-
-- Connection information only when a malicious connection or web page is detected. 
-
-- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. 
-
-### Device and account information 
-
-- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following: 
-
-    - Wi-Fi adapter MAC address 
-
-    - Randomly generated globally unique identifier (GUID) 
-
-- Tenant, Device and User information 
-
-    - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. 
-
-    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. 
-
-    - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. 
-
-    - User Principal Name – Email ID of the user. 
-
-### Product and service usage data 
-
-The following information is collected only for Microsoft Defender for Endpoint app installed on the device. 
-
-- App package info, including name, version, and app upgrade status. 
-
-- Actions performed in the app. 
-
-- Crash report logs generated by iOS. 
-
-- Memory usage data. 
-
-## Optional Data 
-
-Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. 
-
-Optional diagnostic data includes: 
-
-- App, CPU, and network usage for Defender for Endpoint. 
-
-- Features configured by the admin for Defender for Endpoint. 
-
-Feedback Data is collected through in-app feedback provided by the user. 
-
-- The user’s email address, if they choose to provide it.
-
-- Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
-
-For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatement).
-
-
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
index 63eee7a042..1a4cbac837 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
@@ -24,49 +24,46 @@ ms.topic: conceptual
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-**Microsoft Defender for Endpoint for iOS** will offer protection against phishing and unsafe network connections from websites, emails, and apps. All alerts will be available through a single pane of glass in the Microsoft Defender Security Center. The portal gives security teams a centralized view of threats on
-iOS devices along with other platforms.
 
-> [!CAUTION]
-> Running other third-party endpoint protection products alongside Defender for Endpoint for iOS is likely to cause performance problems and unpredictable system errors.
+> [!IMPORTANT]
+> **PUBLIC PREVIEW EDITION**
+> 
+> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
+> 
+> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
+
+
+The public preview of Defender for Endpoint for iOS will offer protection
+against phishing and unsafe network connections from websites, emails, and apps.
+All alerts will be available through a single pane of glass in the Microsoft
+Defender Security Center. The portal gives security teams a centralized view of threats on
+iOS devices along with other platforms.
 
 ## Pre-requisites
 
+
 **For End Users**
 
-- Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
-
-- Device(s) are [enrolled](https://docs.microsoft.com/mem/intune/user-help/enroll-your-device-in-intune-ios) via the Intune Company Portal app to enforce Intune device compliance policies. This requires the end user to be assigned a Microsoft Intune license.
-    - Intune Company Portal app can be downloaded from [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358).
-
-- For more information on how to assign licenses, see [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign).
-
+-   Defender for Endpoint license assigned to the end user(s) of the app. Refer
+    [Assign licenses to
+    users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign)
+    for instructions on how to assign licenses.
 
 **For Administrators**
 
 -   Access to the Microsoft Defender Security Center portal
- 
-    > [!NOTE]
-    > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for iOS. Currently only enrolled devices are supported for enforcing Defender for Endpoint for iOS related device compliance policies in Intune. 
 
 -   Access to [Microsoft Endpoint Manager admin
-    center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization
+    center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app
+    to enrolled user groups in your organization
 
 **System Requirements**
 
--   iOS devices running iOS 11.0 and above
+-   iOS devices running iOS 11.0 and later
 
 -   Device is enrolled with Intune Company Portal
     [app](https://apps.apple.com/us/app/intune-company-portal/id719171358)
 
-> [!NOTE]
-> **Microsoft Defender ATP (Microsoft Defender for Endpoint) for iOS is now available on [Apple App Store](https://aka.ms/mdatpiosappstore).**
-
-## Installation instructions
-
-Deployment of Microsoft Defender for Endpoint for iOS is via Microsoft Intune (MDM) and both supervised and unsupervised devices are supported.
-For more information, see [Deploy Microsoft Defender for Endpoint for iOS](ios-install.md).
-
 ## Resources
 
 -   Stay informed about upcoming releases by visiting our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS)
@@ -78,4 +75,4 @@ For more information, see [Deploy Microsoft Defender for Endpoint for iOS](ios-i
 ## Next steps
 
 - [Deploy Microsoft Defender for Endpoint for iOS](ios-install.md)
-- [Configure Microsoft Defender for Endpoint for iOS features](ios-configure-features.md)
\ No newline at end of file
+- [Configure Microsoft Defender for Endpoint for iOS features](ios-configure-features.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 1e18c177a2..e09cef38f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -69,7 +69,7 @@ The three most recent major releases of macOS are supported.
 > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
 
 > [!IMPORTANT]
-> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app.
+> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic.
 
 - 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
 - Disk space: 1GB
diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index 51421ea4a3..0b6737027d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -52,6 +52,11 @@ Windows 10 version | Microsoft Defender Antivirus
 -|-
 Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled
 
+After you have enabled the services, you may need to configure your network or firewall to allow the connections between the services and your endpoints.  
+
+- .smartscreen.microsoft.com
+- .smartscreen-prod.microsoft.com
+
 ## Review network protection events in the Microsoft Defender for Endpoint Security Center
 
 Microsoft Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
index 0027824386..1c87de1aa1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@@ -104,12 +104,13 @@ needs.<br>
 In the following section, you'll create a number of configuration policies.
 
 First is a configuration policy to select which groups of users or devices will
-be onboarded to Defender for Endpoint. 
+be onboarded to Defender for Endpoint:
+
+- [Endpoint detection and response](#endpoint-detection-and-response) 
 
 Then you will continue by creating several
-different types of endpoint security policies.
+different types of endpoint security policies:
 
-- [Endpoint detection and response](#endpoint-detection-and-response)
 - [Next-generation protection](#next-generation-protection)
 - [Attack surface reduction](#attack-surface-reduction--attack-surface-reduction-rules)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
index 9e61246a70..7aa3fdcc1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
@@ -31,19 +31,26 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 ## Before you begin:
 
 1. Create an [event hub](https://docs.microsoft.com/azure/event-hubs/) in your tenant.
-2. Log in to your [Azure tenant](https://ms.portal.azure.com/), go to **Subscriptions > Your subscription > Resource Providers > Register to **Microsoft.insights****.
+
+2. Log in to your [Azure tenant](https://ms.portal.azure.com/), go to **Subscriptions > Your subscription > Resource Providers > Register to **Microsoft.insights**.
 
 ## Enable raw data streaming:
 
 1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) with a Global Admin user.
-2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center.
-3. Click on **Add data export settings**.
-4. Choose a name for your new settings.
-5. Choose **Forward events to Azure Event Hubs**.
-6. Type your **Event Hubs name** and your **Event Hubs resource ID**.
-  In order to get your **Event Hubs resource ID**, go to your Azure Event Hubs namespace page on [Azure](https://ms.portal.azure.com/) > properties tab > copy the text under **Resource ID**:
 
-  ![Image of event hub resource Id](images/event-hub-resource-id.png)
+2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center.
+
+3. Click on **Add data export settings**.
+
+4. Choose a name for your new settings.
+
+5. Choose **Forward events to Azure Event Hubs**.
+
+6. Type your **Event Hubs name** and your **Event Hubs resource ID**.
+
+   In order to get your **Event Hubs resource ID**, go to your Azure Event Hubs namespace page on [Azure](https://ms.portal.azure.com/) > properties tab > copy the text under **Resource ID**:
+
+   ![Image of event hub resource Id](images/event-hub-resource-id.png)
 
 7. Choose the events you want to stream and click **Save**.
 
@@ -64,8 +71,11 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 ```
 
 - Each event hub message in Azure Event Hubs contains list of records.
+
 - Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
+
 - For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md).
+
 - In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](machine-groups.md) for more information.
 
 ## Data types mapping:
@@ -73,21 +83,22 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 To get the data types for event properties do the following:
 
 1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) and go to [Advanced Hunting page](https://securitycenter.windows.com/hunting-package).
+
 2. Run the following query to get the data types mapping for each event:
  
-```
-{EventType}
-| getschema
-| project ColumnName, ColumnType 
-
-```
+   ```
+   {EventType}
+   | getschema
+   | project ColumnName, ColumnType 
+   ```
 
 - Here is an example for Device Info event: 
 
-![Image of event hub resource Id](images/machine-info-datatype-example.png)
+  ![Image of event hub resource Id](images/machine-info-datatype-example.png)
 
 ## Related topics
 - [Overview of Advanced Hunting](advanced-hunting-overview.md)
 - [Microsoft Defender for Endpoint streaming API](raw-data-export.md)
 - [Stream Microsoft Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)
 - [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/)
+- [Troubleshoot connectivity issues - Azure Event Hubs](https://docs.microsoft.com/azure/event-hubs/troubleshooting-guide)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
index 804a1ff98e..8dae2a2358 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
@@ -31,19 +31,24 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 ## Before you begin:
 
 1. Create a [Storage account](https://docs.microsoft.com/azure/storage/common/storage-account-overview) in your tenant.
+
 2. Log in to your [Azure tenant](https://ms.portal.azure.com/), go to **Subscriptions > Your subscription > Resource Providers > Register to Microsoft.insights**.
-3. Go to **Settings > Advanced Features > Preview features** and turn Preview features **On**.
 
 ## Enable raw data streaming:
 
 1. Log in to [Microsoft Defender for Endpoint portal](https://securitycenter.windows.com) with Global Admin user.
-2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center.
-3. Click on **Add data export settings**.
-4. Choose a name for your new settings.
-5. Choose **Forward events to Azure Storage**.
-6. Type your **Storage Account Resource Id**. In order to get your **Storage Account Resource Id**, go to your Storage account page on [Azure portal](https://ms.portal.azure.com/) > properties tab > copy the text under **Storage account resource ID**:
 
-  ![Image of event hub resource Id](images/storage-account-resource-id.png)
+2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center.
+
+3. Click on **Add data export settings**.
+
+4. Choose a name for your new settings.
+
+5. Choose **Forward events to Azure Storage**.
+
+6. Type your **Storage Account Resource ID**. In order to get your **Storage Account Resource ID**, go to your Storage account page on [Azure portal](https://ms.portal.azure.com/) > properties tab > copy the text under **Storage account resource ID**:
+
+   ![Image of event hub resource ID](images/storage-account-resource-id.png)
 
 7. Choose the events you want to stream and click **Save**.
 
@@ -51,22 +56,25 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 
 - A blob container will be created for each event type: 
 
-![Image of event hub resource Id](images/storage-account-event-schema.png)
+  ![Image of event hub resource ID](images/storage-account-event-schema.png)
 
 - The schema of each row in a blob is the following JSON: 
 
-```
-{
-        "time": "<The time WDATP received the event>"
-        "tenantId": "<Your tenant ID>"
-        "category": "<The Advanced Hunting table name with 'AdvancedHunting-' prefix>"
-        "properties": { <WDATP Advanced Hunting event as Json> }
-}               
-```
+  ```
+  {
+          "time": "<The time WDATP received the event>"
+          "tenantId": "<Your tenant ID>"
+          "category": "<The Advanced Hunting table name with 'AdvancedHunting-' prefix>"
+          "properties": { <WDATP Advanced Hunting event as Json> }
+  }               
+  ```
 
 - Each blob contains multiple rows.
+
 - Each row contains the event name, the time Defender for Endpoint received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
+
 - For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md).
+
 - In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](machine-groups.md) for more information.
 
 ## Data types mapping:
@@ -74,18 +82,18 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 In order to get the data types for our events properties do the following:
 
 1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) and go to [Advanced Hunting page](https://securitycenter.windows.com/hunting-package).
+
 2. Run the following query to get the data types mapping for each event: 
 
-```
-{EventType}
-| getschema
-| project ColumnName, ColumnType 
-
-```
+   ```
+   {EventType}
+   | getschema
+   | project ColumnName, ColumnType 
+   ```
 
 - Here is an example for Device Info event: 
 
-![Image of event hub resource ID](images/machine-info-datatype-example.png)
+  ![Image of event hub resource ID](images/machine-info-datatype-example.png)
 
 ## Related topics
 - [Overview of Advanced Hunting](advanced-hunting-overview.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index 336099ffa7..691d1f29c5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -139,7 +139,7 @@ You can prevent further propagation of an attack in your organization by banning
 
 >[!IMPORTANT]
 >
->- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md).
+>- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–delivered protection is enabled. For more information, see [Manage cloud–delivered protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md).
 >
 >- The Antimalware client version must be 4.18.1901.x or later.
 >- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index b8c66898af..28403de16e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -87,6 +87,12 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
    
    `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
 
+> [!NOTE]
+> When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
+> Example:<br/>
+> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`<br/>
+> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`<br/>
+
 3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
    
    `Get-Service -Name windefend`
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index f36e72d95c..53f1a5d9d1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -18,7 +18,7 @@ ms.collection:
 - M365-security-compliance
 - m365solution-symantecmigrate 
 ms.topic: article
-ms.date: 09/24/2020
+ms.date: 11/30/2020
 ms.custom: migrationguides
 ms.reviewer: depicker, yongrhee, chriggs
 ---
@@ -68,6 +68,12 @@ Now that you're moving from Symantec to Microsoft Defender for Endpoint, you'll
    `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features` <br/>
    `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
 
+> [!NOTE]
+> When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
+> Example:<br/>
+> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`<br/>
+> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`<br/>
+
 3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
    `Get-Service -Name windefend`
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md
new file mode 100644
index 0000000000..30c8152b76
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md
@@ -0,0 +1,85 @@
+---
+title: Understand the analyst report section in threat analytics
+ms.reviewer: 
+description: Learn about the analyst report section of each threat analytics report. Understand how it provides information about threats, mitigations, detections, advanced hunting queries, and more.
+keywords: analyst report, threat analytics, detections, advanced hunting queries, mitigations, 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: lomayor
+author: lomayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Understand the analyst report in threat analytics
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Each [threat analytics report](threat-analytics.md) includes dynamic sections and a comprehensive written section called the _analyst report_. To access this section, open the report about the tracked threat and select the **Analyst report** tab.
+
+![Image of the analyst report section of a threat analytics report](images/ta-analyst-report-small.png)
+
+_Analyst report section of a threat analytics report_
+
+## Scan the analyst report 
+Each section of the analyst report is designed to provide actionable information. While reports vary, most reports include the sections described in the following table.
+
+| Report section | Description |
+|--|--|
+| Executive summary | Overview of the threat, including when it was first seen, its motivations, notable events, major targets, and distinct tools and techniques. You can use this information to further assess how to prioritize the threat in the context of your industry, geographic location, and network. |
+| Analysis | Technical information about the threats, including the details of an attack and how attackers might utilize a new technique or attack surface | 
+| MITRE ATT&CK techniques observed | How observed techniques map to the [MITRE ATT&CK attack framework](https://attack.mitre.org/) | 
+| [Mitigations](#apply-additional-mitigations) | Recommendations that can stop or help reduce the impact of the threat. This section also includes mitigations that aren't tracked dynamically as part of the threat analytics report. |
+| [Detection details](#understand-how-each-threat-can-be-detected) | Specific and generic detections provided by Microsoft security solutions that can surface activity or components associated with the threat. | 
+| [Advanced hunting](#find-subtle-threat-artifacts-using-advanced-hunting) | [Advanced hunting queries](advanced-hunting-overview.md) for proactively identifying possible threat activity. Most queries are provided to supplement detections, especially for locating potentially malicious components or behaviors that couldn't be dynamically assessed to be malicious. | 
+| References | Microsoft and third-party publications referenced by analysts during the creation of the report. Threat analytics content is based on data validated by Microsoft researchers. Information from publicly available, third-party sources are identified clearly as such. | 
+| Change log | The time the report was published and when significant changes were made to the report. |
+
+## Apply additional mitigations
+Threat analytics dynamically tracks the [status of security updates and secure configurations](threat-analytics.md#mitigations-review-list-of-mitigations-and-the-status-of-your-devices). This information is available as charts and tables in the **Mitigations** tab.
+
+In addition to these tracked mitigations, the analyst report also discusses mitigations that are _not_ dynamically monitored. Here are some examples of important mitigations that are not dynamically tracked:
+
+- Block emails with _.lnk_ attachments or other suspicious file types
+- Randomize local administrator passwords
+- Educate end users about phishing email and other threat vectors
+- Turn on specific [attack surface reduction rules](attack-surface-reduction.md)
+
+While you can use the **Mitigations** tab to assess your security posture against a threat, these recommendations let you take additional steps towards improving your security posture. Carefully read all the mitigation guidance in the analyst report and apply them whenever possible.
+
+## Understand how each threat can be detected
+The analyst report also provides the detections from Microsoft Defender for Endpoint antivirus and _endpoint detection and response_ (EDR) capabilities.
+
+### Antivirus detections
+These detections are available on devices with [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) turned on. When these detections occur on devices that have been onboarded to Microsoft Defender for Endpoint, they also trigger alerts that light up the charts in the report.
+
+>[!NOTE]
+>The analyst report also lists **generic detections** that can identify a wide-range of threats, in addition to components or behaviors specific to the tracked threat. These generic detections don't reflect in the charts.
+
+### Endpoint detection and response (EDR) alerts
+EDR alerts are raised for [devices onboarded to Microsoft Defender for Endpoint](onboard-configure.md). These alerts generally rely on security signals collected by the Microsoft Defender for Endpoint sensor and other endpoint capabilities—such as antivirus, network protection, tamper protection—that serve as powerful signal sources.
+
+Like the list of antivirus detections, some EDR alerts are designed to generically flag suspicious behavior that might not be associated with the tracked threat. In such cases, the report will clearly identify the alert as "generic" and that it doesn't influence any of the charts in the report.
+
+## Find subtle threat artifacts using advanced hunting
+While detections allow you to identify and stop the tracked threat automatically, many attack activities leave subtle traces that require additional inspection. Some attack activities exhibit behaviors that can also be normal, so detecting them dynamically can result in operational noise or even false positives.
+
+[Advanced hunting](advanced-hunting-overview.md) provides a query interface based on Kusto Query Language that simplifies locating subtle indicators of threat activity. It also allows you to surface contextual information and verify whether indicators are connected to a threat.
+
+Advanced hunting queries in the analyst reports have been vetted by Microsoft analysts and are ready for you to run in the [advanced hunting query editor](https://securitycenter.windows.com/advanced-hunting). You can also use the queries to create [custom detection rules](custom-detection-rules.md) that trigger alerts for future matches.
+
+
+## Related topics
+- [Threat analytics overview](threat-analytics.md)
+- [Proactively find threats with advanced hunting](advanced-hunting-overview.md) 
+- [Custom detection rules](custom-detection-rules.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
index cb44743101..5618f4c5a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
@@ -41,7 +41,7 @@ Threat analytics is a set of reports from expert Microsoft security researchers
 - Common attack surfaces
 - Prevalent malware
 
-Each report provides a detailed analysis of a threat and extensive guidance on how to defend against the threat. It also incorporates data from your network, indicating whether the threat is active and if you have applicable security updates and recommended settings in place.
+Each report provides a detailed analysis of a threat and extensive guidance on how to defend against that threat. It also incorporates data from your network, indicating whether the threat is active and if you have applicable protections in place.
 
 Watch this short video to learn more about how threat analytics can help you track the latest threats and stop them.
 <p></p>
@@ -54,7 +54,7 @@ The threat analytics dashboard is a great jump off point for getting to the repo
 
 - **Latest threats**—lists the most recently published threat reports, along with the number of devices with active and resolved alerts.
 - **High-impact threats**—lists the threats that have had the highest impact to the organization. This section ranks threats by the number of devices that have active alerts.
-- **Threat summary**—shows the overall impact of all the threats reported in threat analytics by showing the number of threats with active and resolved alerts.
+- **Threat summary**—shows the overall impact of tracked threats by showing the number of threats with active and resolved alerts.
 
 Select a threat from the dashboard to view the report for that threat.
 
@@ -64,38 +64,43 @@ Select a threat from the dashboard to view the report for that threat.
 
 Each threat analytics report provides information in three sections: **Overview**, **Analyst report**, and **Mitigations**.
 
-### Quickly understand a threat and assess its impact to your network in the overview
+### Overview: Quickly understand the threat, assess its impact, and review defenses
 
 The **Overview** section provides a preview of the detailed analyst report. It also provides charts that highlight the impact of the threat to your organization and your exposure through misconfigured and unpatched devices.
 
 ![Image of the overview section of a threat analytics report](images/ta-overview.png)
 _Overview section of a threat analytics report_
 
-#### Organizational impact
+#### Assess the impact to your organization
 Each report includes charts designed to provide information about the organizational impact of a threat:
 - **Devices with alerts**—shows the current number of distinct devices that have been impacted by the threat. A device is categorized as **Active** if there is at least one alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved.
 - **Devices with alerts over time**—shows the number of distinct devices with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
 
-#### Organizational resilience and exposure
+#### Review security resilience and posture
 Each report includes charts that provide an overview of how resilient your organization is against a given threat:
 - **Security configuration status**—shows the number of devices that have applied the recommended security settings that can help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings.
 - **Vulnerability patching status**—shows the number of devices that have applied security updates or patches that address vulnerabilities exploited by the threat.
 
-### Get expert insight from the analyst report
+### Analyst report: Get expert insight from Microsoft security researchers
 Go to the **Analyst report** section to read through the detailed expert write-up. Most reports provide detailed descriptions of attack chains, including tactics and techniques mapped to the MITRE ATT&CK framework, exhaustive lists of recommendations, and powerful [threat hunting](advanced-hunting-overview.md) guidance.
 
-![Image of the analyst report section of a threat analytics report](images/ta-analyst-report.png)
-_Analyst report section of a threat analytics report_
+[Learn more about the analyst report](threat-analytics-analyst-reports.md)
 
-### Review list of mitigations and the status of your devices
-In the **Mitigations** section, review the list of specific actionable recommendations that can help you increase your organizational resilience against the threat. The list of tracked mitigations includes recommended settings and vulnerability patches. It also shows the number of devices that don't have these mitigations in place.
+### Mitigations: Review list of mitigations and the status of your devices
+In the **Mitigations** section, review the list of specific actionable recommendations that can help you increase your organizational resilience against the threat. The list of tracked mitigations includes:
 
+- **Security updates**—deployment of security updates or patches for vulnerabilities
+- **Microsoft Defender Antivirus settings**
+  - Security intelligence version
+  - Cloud-delivered protection  
+  - Potentially unwanted application (PUA) protection
+  - Real-time protection
+ 
 Mitigation information in this section incorporates data from [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md), which also provides detailed drill-down information from various links in the report.
 
 ![Image of the mitigations section of a threat analytics report](images/ta-mitigations.png)
 _Mitigations section of a threat analytics report_
 
-
 ## Additional report details and limitations
 When using the reports, keep the following in mind: 
 
@@ -107,4 +112,5 @@ When using the reports, keep the following in mind:
 
 ## Related topics
 - [Proactively find threats with advanced hunting](advanced-hunting-overview.md) 
-- [Assess and resolve security weaknesses and exposures](next-gen-threat-and-vuln-mgt.md)
+- [Understand the analyst report section](threat-analytics-analyst-reports.md)
+- [Assess and resolve security weaknesses and exposures](next-gen-threat-and-vuln-mgt.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
index 6f64c59f54..ef781abcdd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
@@ -42,6 +42,7 @@ Ensure that your devices:
 > Windows 10 Version 1903 | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
 
 - Are onboarded to [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and  [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure) to help remediate threats found by threat and vulnerability management. If you're using Configuration Manager, update your console to the latest version.
+    - **Note**: If you have the Intune connection enabled, you get an option to create an Intune security task when creating a remediation request. This option does not appear if the connection is not set.
 - Have at least one security recommendation that can be viewed in the device page
 - Are tagged or marked as co-managed
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
index edc7850d76..37f460afea 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
@@ -36,6 +36,8 @@ The threat and vulnerability management capability in Microsoft Defender for End
 
 To use this capability, enable your Microsoft Intune connections. In the Microsoft Defender Security Center, navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle **On**.
 
+**Note**: If you have the Intune connection enabled, you get an option to create an Intune security task when creating a remediation request. This option does not appear if the connection is not set.
+
 See [Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
 
 ### Remediation request steps
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
index fa51efb6f6..5ce499f8fe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
@@ -23,11 +23,6 @@ ms.topic: article
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-> [!IMPORTANT]
-> **Vulnerable devices report is currently in public preview**<br>
-> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
-> For more information, see [Microsoft Defender for Endpoint preview features](preview.md).
-
 **Applies to:**
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index 48024183fa..9f908b83c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -67,6 +67,8 @@ For more information preview features, see [Preview features](https://docs.micro
  
  - [Threat & Vulnerability Management role-based access controls](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) <BR>Use the new permissions to allow maximum flexibility to create SecOps-oriented roles, Threat & Vulnerability Management-oriented roles, or hybrid roles so only authorized users are accessing specific data to do their task. You can also achieve even further granularity by specifying whether a Threat & Vulnerability Management role can only view vulnerability-related data, or can create and manage remediation and exceptions.
 
+- [Device health and compliance report](machine-reports.md) <br/> The device health and compliance report provides high-level information about the devices in your organization.
+
 ## October 2019
 
 - [Indicators for IP addresses, URLs/Domains](manage-indicators.md) <BR> You can now allow or block URLs/domains using your own threat intelligence. 
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index 56d43dafc5..0c20744eee 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -67,12 +67,12 @@ When submitting Microsoft Defender SmartScreen products, make sure to select **M
 ## Viewing Microsoft Defender SmartScreen anti-phishing events
 
 > [!NOTE]
-> No Smartscreen events will be logged when using  Microsoft Edge version 77 or later.
+> No SmartScreen events will be logged when using  Microsoft Edge version 77 or later.
 
-When Microsoft Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx).
+When Microsoft Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](https://docs.microsoft.com/previous-versions/windows/internet-explorer/ie-developer/compatibility/dd565657(v=vs.85)).
 
 ## Viewing Windows event logs for Microsoft Defender SmartScreen
-Microsoft Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug login Event Viewer.
+Microsoft Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log, in the Event Viewer.
 
 Windows event log for SmartScreen is disabled by default, users can use Event Viewer UI to enable the log or use the command line to enable it:
 
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index 54140d60f7..c1ccd042f6 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -27,10 +27,10 @@ Describes the best practices, location, values, and security considerations for
 
 The **Passwords must meet complexity requirements** policy setting determines whether passwords must meet a series of strong-password guidelines. When enabled, this setting requires passwords to meet the following requirements:
 
-1.  Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case sensitive.
+1.  Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case-sensitive.
 
     The samAccountName is checked in its entirety only to determine whether it is part of the password. If the samAccountName is fewer than three characters long, this check is skipped.
-    The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed not to be included in the password. Tokens that are shorter than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Havens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "grin" or "hagens" as a substring anywhere in the password.
+    The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed not to be included in the password. Tokens that are shorter than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Havens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "havens" as a substring anywhere in the password.
 
 2.  The password contains characters from three of the following categories: