-
-
-
-
-
-
+ ms.topic: landing-page # Required
+ ms.collection: collection # Optional; Remove if no collection is used.
+ author: shortpatti #Required; your GitHub user alias, with correct capitalization.
+ ms.author: pashort #Required; microsoft alias of author; optional team alias.
+ ms.date: 07/07/2020 #Required; mm/dd/yyyy format.
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+ # Card (optional)
+ - title: About Microsoft Edge
+ linkLists:
+ - linkListType: whats-new
+ links:
+ - text: Documentation for Microsoft Edge version 77 or later
+ url: /DeployEdge
+ - text: Microsoft 365 apps say farewell to Internet Explorer 11 and Windows 10 sunsets Microsoft Edge Legacy
+ url: https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666
+ - text: Latest group policies and features added to Microsoft Edge
+ url: /microsoft-edge/deploy/change-history-for-microsoft-edge
+ - linkListType: overview
+ links:
+ - text: System requirements and supported languages
+ url: /microsoft-edge/deploy/about-microsoft-edge
+ - text: Compare Windows 10 editions
+ url: https://www.microsoft.com/en-us/WindowsForBusiness/Compare
+ - text: Security & protection
+ url: /microsoft-edge/deploy/group-policies/security-privacy-management-gp
+ - text: Interoperability & enterprise guidance
+ url: /microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp
+ - text: Group policies & configuration options
+ url: /microsoft-edge/deploy/group-policies/
+
+ # Card (optional)
+ - title: Microsoft Edge resources
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Minimum system requirements
+ url: /microsoft-edge/deploy/about-microsoft-edge#minimum-system-requirements
+ - text: Supported languages
+ url: /microsoft-edge/deploy/about-microsoft-edge#supported-languages
+ - text: Document change history
+ url: /microsoft-edge/deploy/change-history-for-microsoft-edge
+ - text: Microsoft Edge Dev blog
+ url: https://blogs.windows.com/msedgedev
+ - text: Microsoft Edge Dev on Twitter
+ url: /microsoft-edge/deploy/about-microsoft-edge#supported-languages
+ - text: Microsoft Edge changelog
+ url: /microsoft-edge/deploy/change-history-for-microsoft-edge
+ - text: Measuring the impact of Microsoft Edge
+ url: https://blogs.windows.com/msedgedev
+
+ # Card (optional)
+ - title: IE11 resources
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Deploy Internet Explorer 11 (IE11) - IT Pros
+ url: https://go.microsoft.com/fwlink/p/?LinkId=760644
+ - text: Internet Explorer Administration Kit 11 (IEAK 11)
+ url: /internet-explorer/ie11-ieak
+ - linkListType: download
+ links:
+ - text: Download Internet Explorer 11
+ url: https://go.microsoft.com/fwlink/p/?linkid=290956
+
+ # Card (optional)
+ - title: Additional resources
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Group Policy and the Group Policy Management Console (GPMC)
+ url: https://go.microsoft.com/fwlink/p/?LinkId=617921
+ - text: Group Policy and the Local Group Policy Editor
+ url: https://go.microsoft.com/fwlink/p/?LinkId=617922
+ - text: Group Policy and the Advanced Group Policy Management (AGPM)
+ url: https://go.microsoft.com/fwlink/p/?LinkId=617923
+ - text: Group Policy and Windows PowerShell
+ url: https://go.microsoft.com/fwlink/p/?LinkId=617924
diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
index 8249262926..d906bfc6ce 100644
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@@ -15,6 +15,8 @@ ms.date: 01/17/2020
---
# Deploy Microsoft Edge Legacy kiosk mode
+> [!IMPORTANT]
+> Microsoft 365 apps and services will not support Internet Explorer 11 starting August 17, 2021 (Microsoft Teams will not support Internet Explorer 11 earlier, starting November 30, 2020). [Learn more](https://aka.ms/AA97tsw). Please note that Internet Explorer 11 will remain a supported browser. Internet Explorer 11 is a component of the Windows operating system and [follows the Lifecycle Policy](https://docs.microsoft.com/lifecycle/faq/internet-explorer-microsoft-edge) for the product on which it is installed.
> Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later
> Professional, Enterprise, and Education
diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml
index 5c105dcdc2..797d881911 100644
--- a/browsers/edge/microsoft-edge.yml
+++ b/browsers/edge/microsoft-edge.yml
@@ -1,61 +1,144 @@
-### YamlMime:YamlDocument
+### YamlMime:Landing
+
+title: Microsoft Edge Legacy # < 60 chars
+summary: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # < 160 chars
-documentType: LandingData
-title: Microsoft Edge
metadata:
- document_id:
- title: Microsoft Edge
- description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization.
+ title: Microsoft Edge Legacy # Required; page title displayed in search results. Include the brand. < 60 chars.
+ description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars.
keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories
+ ms.prod: edge
ms.localizationpriority: medium
author: lizap
ms.author: elizapo
manager: dougkim
- ms.topic: article
+ ms.topic: landing-page
ms.devlang: na
+ ms.date: 08/19/2020 #Required; mm/dd/yyyy format.
-sections:
-- items:
- - type: markdown
- text: "
- Find the tools and resources you need to help deploy and use Microsoft Edge in your organization.
- "
-- title: What's new
-- items:
- - type: markdown
- text: "
- Find out the latest and greatest news on Microsoft Edge.
-
**The latest in Microsoft Edge** See what's new for users and developers in the next update to Microsoft Edge - now available with the Windows 10 April 2018 update! Find out more
**Evaluate the impact** Review the latest Forrester Total Economic Impact (TEI) report to learn about the impact Microsoft Edge can have in your organization. Download the reports
**Microsoft Edge for iOS and Android** Microsoft Edge brings familiar features across your PC and phone, which allows browsing to go with you, no matter what device you use. Learn more
**Application Guard** Microsoft Edge with Windows Defender Application Guard is the most secure browser on Windows 10 Enterprise. Learn more
-
- "
-- title: Compatibility
-- items:
- - type: markdown
- text: "
- Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.
-
**Web Application Compatibility Lab Kit** The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge. Find out more
-
- "
-- title: Security
-- items:
- - type: markdown
- text: "
- Microsoft Edge uses Windows Hello and Windows Defender SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.
-
**NSS Labs web browser security reports** See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks. Download the reports
**Microsoft Edge sandbox** See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege. Find out more
**Windows Defender SmartScreen** Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely. Read the docs
-
- "
-- title: Deployment and end user readiness
-- items:
- - type: markdown
- text: "
- Find resources and learn about features to help you deploy Microsoft Edge in your organization to get your users up and running quickly.
-
**Sign up for the Windows IT Pro Insider** Get the latest tools, tips, and expert guidance on deployment, management, security, and more. Learn more
**Microsoft Edge Dev blog** Keep up with the latest browser trends, security tips, and news for IT professionals. Read the blog
**Microsoft Edge Dev on Twitter** Get the latest news and updates from the Microsoft Web Platform team. Visit Twitter
-
- "
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+ # Card (optional)
+ - title: What's new
+ linkLists:
+ - linkListType: whats-new
+ links:
+ - text: Documentation for Microsoft Edge version 77 or later
+ url: https://docs.microsoft.com/DeployEdge/
+ - text: Microsoft Edge Legacy desktop app will reach end of support on March 9, 2021
+ url: https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666
+ - text: The latest in Microsoft Edge
+ url: https://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update/#C7jCBdbPSG6bCXHr.97
+ - text: Microsoft Edge for iOS and Android
+ url: https://blogs.windows.com/windowsexperience/2017/11/30/microsoft-edge-now-available-for-ios-and-android
+ - text: Application Guard
+ url: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview
+ - linkListType: download
+ links:
+ - text: Evaluate the impact
+ url: /microsoft-edge/deploy/microsoft-edge-forrester
+
+ # Card (optional)
+ - title: Test your site on Microsoft Edge
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Test your site on Microsoft Edge for free on BrowserStack
+ url: https://developer.microsoft.com/microsoft-edge/tools/remote/
+ - text: Use sonarwhal to improve your website
+ url: https://sonarwhal.com/
+
+ # Card (optional)
+ - title: Improve compatibility with Enterprise Mode
+ linkLists:
+ - linkListType: how-to-guide
+ links:
+ - text: Use Enterprise mode to improve compatibility
+ url: /microsoft-edge/deploy/emie-to-improve-compatibility
+ - text: Turn on Enterprise Mode and use a site list
+ url: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list
+ - text: Enterprise Site List Portal
+ url: https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal
+
+ # Card (optional)
+ - title: Web Application Compatibility Lab Kit
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Overview
+ url: /microsoft-edge/deploy/emie-to-improve-compatibility
+
+ # Card (optional)
+ - title: Security
+ linkLists:
+ - linkListType: download
+ links:
+ - text: NSS Labs web browser security reports
+ url: https://www.microsoft.com/download/details.aspx?id=54773
+ - linkListType: overview
+ links:
+ - text: Microsoft Edge sandbox
+ url: https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/
+ - text: Windows Defender SmartScreen
+ url: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview
+
+ # Card (optional)
+ - title: Deployment
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Microsoft Edge deployment guide
+ url: /microsoft-edge/deploy/
+ - text: Microsoft Edge FAQ
+ url: /microsoft-edge/deploy/microsoft-edge-faq
+ - text: System requirements and language support
+ url: /microsoft-edge/deploy/hardware-and-software-requirements
+ - text: Group Policy and MDM settings in Microsoft Edge
+ url: /microsoft-edge/deploy/available-policies
+ - text: Microsoft Edge training and demonstrations
+ url: /microsoft-edge/deploy/edge-technical-demos
+ - linkListType: download
+ links:
+ - text: Web Application Compatibility Lab Kit
+ url: https://www.microsoft.com/itpro/microsoft-edge/web-app-compat-toolkit
+
+ # Card (optional)
+ - title: End user readiness
+ linkLists:
+ - linkListType: video
+ links:
+ - text: Microsoft Edge tips and tricks (video, 20:26)
+ url: https://myignite.microsoft.com/sessions/56630?source=sessions
+ - linkListType: download
+ links:
+ - text: Quick Start - Microsoft Edge (PDF, .98 MB)
+ url: https://go.microsoft.com/fwlink/?linkid=825648
+ - text: Find it faster with Microsoft Edge (PDF, 605 KB)
+ url: https://go.microsoft.com/fwlink/?linkid=825661
+ - text: Use Microsoft Edge to collaborate (PDF, 468 KB)
+ url: https://go.microsoft.com/fwlink/?linkid=825653
+ - text: Group Policy and MDM settings in Microsoft Edge
+ url: /microsoft-edge/deploy/available-policies
+ - text: Microsoft Edge training and demonstrations
+ url: /microsoft-edge/deploy/edge-technical-demos
+ - linkListType: how-to-guide
+ links:
+ - text: Import bookmarks
+ url: https://microsoftedgetips.microsoft.com/2/39
+ - text: Password management
+ url: https://microsoftedgetips.microsoft.com/2/18
+
+ # Card (optional)
+ - title: Stay informed
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Sign up for the Windows IT Pro Insider
+ url: https://aka.ms/windows-it-pro-insider
+ - text: Microsoft Edge Dev blog
+ url: https://blogs.windows.com/msedgedev
+ - text: Microsoft Edge Dev on Twitter
+ url: https://twitter.com/MSEdgeDev
diff --git a/browsers/edge/troubleshooting-microsoft-edge.md b/browsers/edge/troubleshooting-microsoft-edge.md
index 3c50d4d50e..5479f689f3 100644
--- a/browsers/edge/troubleshooting-microsoft-edge.md
+++ b/browsers/edge/troubleshooting-microsoft-edge.md
@@ -9,7 +9,6 @@ author: dansimp
ms.author: dansimp
ms.prod: edge
ms.sitesec: library
-title: Deploy Microsoft Edge kiosk mode
ms.localizationpriority: medium
ms.date: 10/15/2018
---
diff --git a/browsers/edge/use-powershell-to manage-group-policy.md b/browsers/edge/use-powershell-to manage-group-policy.md
index 58a6b06b27..1b6d2e9338 100644
--- a/browsers/edge/use-powershell-to manage-group-policy.md
+++ b/browsers/edge/use-powershell-to manage-group-policy.md
@@ -5,7 +5,6 @@ ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
-title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros)
ms.localizationpriority: medium
ms.date: 10/02/2018
ms.reviewer:
diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json
index 50208546bb..576a1de28f 100644
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@@ -7,6 +7,7 @@
"**/*.yml"
],
"exclude": [
+ "**/includes/**",
"**/obj/**"
]
}
diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
index 8fe62f2f79..f09832c403 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
@@ -1,49 +1,53 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: How to use Group Policy to install ActiveX controls.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: ActiveX installation using group policy (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy and ActiveX installation
-
-ActiveX controls are installed and invoked using the HTML object tag with the CODEBASE attribute. This attribute, through a URL, makes Internet Explorer:
-
-- Get the ActiveX control if it's not already installed.
-
-- Download the installation package.
-
-- Perform trust verification on the object.
-
-- Prompt for installation permission, using the IE Information Bar.
-
-During installation, the rendering page registers and invokes the control, so that after installation, any standard user can invoke the control.
-
-**Important** ActiveX control installation requires administrator-level permissions.
-
-## Group Policy for the ActiveX Installer Service
-
-You use the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. The AXIS-related settings can be changed using either the Group Policy Management Console (GPMC) or the Local Group Policy Editor, and include:
-
-- **Approved Installation Sites for ActiveX Controls.** A list of approved installation sites used by AXIS to determine whether it can install a particular ActiveX control.
-
-- **ActiveX installation policy for sites in trusted zones.** Identifies how AXIS should behave when a website tries to install an ActiveX control. First, AXIS looks to see if the site appears in either the list of approved installation sites or in the **Trusted sites** zone. If the does, then AXIS checks to make sure the control meets your company's policy requirements. If the ActiveX control meets all of these requirements, the control is installed.
-
-For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=214503).
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: security
+description: How to use Group Policy to install ActiveX controls.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: ActiveX installation using group policy (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Group Policy and ActiveX installation
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+ActiveX controls are installed and invoked using the HTML object tag with the CODEBASE attribute. This attribute, through a URL, makes Internet Explorer:
+
+- Get the ActiveX control if it's not already installed.
+
+- Download the installation package.
+
+- Perform trust verification on the object.
+
+- Prompt for installation permission, using the IE Information Bar.
+
+During installation, the rendering page registers and invokes the control, so that after installation, any standard user can invoke the control.
+
+**Important** ActiveX control installation requires administrator-level permissions.
+
+## Group Policy for the ActiveX Installer Service
+
+You use the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. The AXIS-related settings can be changed using either the Group Policy Management Console (GPMC) or the Local Group Policy Editor, and include:
+
+- **Approved Installation Sites for ActiveX Controls.** A list of approved installation sites used by AXIS to determine whether it can install a particular ActiveX control.
+
+- **ActiveX installation policy for sites in trusted zones.** Identifies how AXIS should behave when a website tries to install an ActiveX control. First, AXIS looks to see if the site appears in either the list of approved installation sites or in the **Trusted sites** zone. If the does, then AXIS checks to make sure the control meets your company's policy requirements. If the ActiveX control meets all of these requirements, the control is installed.
+
+For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=214503).
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
index 664bc596e1..455bae28bd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
@@ -1,68 +1,72 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to add employees to the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
----
-
-# Add employees to the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups.
-
-The available roles are:
-
-- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests.
-
-- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
-
-- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
-
-- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page.
-
-**To add an employee to the Enterprise Mode Site List Portal**
-1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page.
-
- The **Employee management** page appears.
-
-2. Click **Add a new employee**.
-
- The **Add a new employee** page appears.
-
-3. Fill out the fields for each employee, including:
-
- - **Email.** Add the employee's email address.
-
- - **Name.** This box autofills based on the email address.
-
- - **Role.** Pick a single role for the employee, based on the list above.
-
- - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers.
-
- - **Comments.** Add optional comments about the employee.
-
- - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box.
-
-4. Click **Save**.
-
-**To export all employees to an Excel spreadsheet**
-1. On the **Employee management** page, click **Export to Excel**.
-
-2. Save the EnterpriseModeUsersList.xlsx file.
-
- The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to add employees to the Enterprise Mode Site List Portal.
+author: dansimp
+ms.prod: ie11
+title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+---
+
+# Add employees to the Enterprise Mode Site List Portal
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups.
+
+The available roles are:
+
+- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests.
+
+- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
+
+- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
+
+- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page.
+
+**To add an employee to the Enterprise Mode Site List Portal**
+1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page.
+
+ The **Employee management** page appears.
+
+2. Click **Add a new employee**.
+
+ The **Add a new employee** page appears.
+
+3. Fill out the fields for each employee, including:
+
+ - **Email.** Add the employee's email address.
+
+ - **Name.** This box autofills based on the email address.
+
+ - **Role.** Pick a single role for the employee, based on the list above.
+
+ - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers.
+
+ - **Comments.** Add optional comments about the employee.
+
+ - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box.
+
+4. Click **Save**.
+
+**To export all employees to an Excel spreadsheet**
+1. On the **Employee management** page, click **Export to Excel**.
+
+2. Save the EnterpriseModeUsersList.xlsx file.
+
+ The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 8ead60630e..57c8991c7d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -1,112 +1,116 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)
-
-**Applies to:**
-
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager. You can only add specific URLs, not Internet or Intranet Zones.
-
-If you want to add your websites one at a time, see Add sites to the [Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-You can create and use a custom text file to add multiple sites to your Enterprise Mode site list at the same time.
**Important** This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
-You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-Each XML file must include:
-
-- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important** After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.
**Important** If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
-
-- <docMode> tag.This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-### Enterprise Mode v.1 XML schema example
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-```
-
-
- www.cpandl.com
- www.woodgrovebank.com
- adatum.com
- contoso.com
- relecloud.com
- /about
-
- fabrikam.com
- /products
-
-
-
- contoso.com
- /travel
-
- fabrikam.com
- /products
-
-
-
-```
-
-To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY\CURRENT\USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.
**Important** If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+**Applies to:**
+
+- Windows 8.1
+- Windows 7
+
+You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager. You can only add specific URLs, not Internet or Intranet Zones.
+
+If you want to add your websites one at a time, see Add sites to the [Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
+
+## Create an Enterprise Mode site list (TXT) file
+You can create and use a custom text file to add multiple sites to your Enterprise Mode site list at the same time.
**Important** This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
+
+You must separate each site using commas or carriage returns. For example:
+
+```
+microsoft.com, bing.com, bing.com/images
+```
+**-OR-**
+
+```
+microsoft.com
+bing.com
+bing.com/images
+```
+
+## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
+You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+Each XML file must include:
+
+- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important** After this check, IE11 won’t look for an updated list again until you restart the browser.
+
+- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.
**Important** If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
+
+- <docMode> tag.This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+### Enterprise Mode v.1 XML schema example
+The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+```
+
+
+ www.cpandl.com
+ www.woodgrovebank.com
+ adatum.com
+ contoso.com
+ relecloud.com
+ /about
+
+ fabrikam.com
+ /products
+
+
+
+ contoso.com
+ /travel
+
+ fabrikam.com
+ /products
+
+
+
+```
+
+To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY\CURRENT\USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.
**Important** If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
+
+## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
+After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
+
+ **To add multiple sites**
+
+1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
+
+2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
+Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+3. Click **OK** to close the **Bulk add sites to the list** menu.
+
+4. On the **File** menu, click **Save to XML**, and save your file.
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 78f0903d6f..37ef55dea6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -16,7 +16,10 @@ ms.date: 10/24/2017
---
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
+# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
**Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index 8b8435daff..8c5e4b4426 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -1,66 +1,70 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)
-
-**Applies to:**
-
-- Windows 8.1
-- Windows 7
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important** You can only add specific URLs, not Internet or Intranet Zones.
-
-
Note If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
-
-3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool.
-
-4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE.
-
-The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
-
-Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-5. Click **Save** to validate your website and to add it to the site list for your enterprise.
- If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-
-6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
- You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+**Applies to:**
+
+- Windows 8.1
+- Windows 7
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important** You can only add specific URLs, not Internet or Intranet Zones.
+
+
Note If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2).
+
+ **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
+
+1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
+
+2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
+Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
+
+3. Type any comments about the website into the **Notes about URL** box.
+Administrators can only see comments while they’re in this tool.
+
+4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE.
+
+The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
+
+Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+5. Click **Save** to validate your website and to add it to the site list for your enterprise.
+ If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
+
+6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
+ You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index 0977b87b94..63f0d7bd6f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -16,7 +16,10 @@ ms.date: 07/27/2017
---
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
+# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
**Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
index f08c08fcdb..23bb9ee14a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
@@ -1,82 +1,86 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Administrative templates and Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Administrative templates and Internet Explorer 11
-
-Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including:
-
-- What registry locations correspond to each setting.
-
-- What value options or restrictions are associated with each setting.
-
-- The default value for many settings.
-
-- Text explanations about each setting and the supported version of Internet Explorer.
-
-For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519).
-
-## What are Administrative Templates?
-Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
-
-- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor.
-
-- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language.
-
-## How do I store Administrative Templates?
-As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
-
Important Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see Scenario 1: Editing the Local GPO Using ADMX Files.
-
-## Administrative Templates-related Group Policy settings
-When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
-
Note You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the PolicyDefinitions folder on this computer.
-
-IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
-
-- Computer Configuration\\Administrative Templates\\Windows Components\\
-
-- User Configuration\\Administrative Templates\\Windows Components\\
-
-
-|Catalog |Description |
-| ------------------------------------------------ | --------------------------------------------|
-|IE |Turns standard IE configuration on and off. |
-|Internet Explorer\Accelerators |Sets up and manages Accelerators. |
-|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. |
-|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. |
-|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.|
-|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. |
-|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. |
-|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. |
-|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. |
-|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. |
-|Internet Explorer\Privacy |Turns various privacy-related features on and off. |
-|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. |
-|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. |
-|RSS Feeds |Sets up and manages RSS feeds in the browser. |
-
-
-## Editing Group Policy settings
-Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
-
-- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
-
-- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
-
-## Related topics
-- [Administrative templates (.admx) for Windows 10 April 2018 Update](https://www.microsoft.com/download/details.aspx?id=56880)
-- [Administrative templates (.admx) for Windows 10 October 2018 Update](https://www.microsoft.com/download/details.aspx?id=57576)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: security
+description: Administrative templates and Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Administrative templates and Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including:
+
+- What registry locations correspond to each setting.
+
+- What value options or restrictions are associated with each setting.
+
+- The default value for many settings.
+
+- Text explanations about each setting and the supported version of Internet Explorer.
+
+For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519).
+
+## What are Administrative Templates?
+Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
+
+- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor.
+
+- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language.
+
+## How do I store Administrative Templates?
+As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
+
Important Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see Scenario 1: Editing the Local GPO Using ADMX Files.
+
+## Administrative Templates-related Group Policy settings
+When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
+
Note You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the PolicyDefinitions folder on this computer.
+
+IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
+
+- Computer Configuration\\Administrative Templates\\Windows Components\\
+
+- User Configuration\\Administrative Templates\\Windows Components\\
+
+
+|Catalog |Description |
+| ------------------------------------------------ | --------------------------------------------|
+|IE |Turns standard IE configuration on and off. |
+|Internet Explorer\Accelerators |Sets up and manages Accelerators. |
+|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. |
+|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. |
+|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.|
+|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. |
+|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. |
+|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. |
+|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. |
+|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. |
+|Internet Explorer\Privacy |Turns various privacy-related features on and off. |
+|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. |
+|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. |
+|RSS Feeds |Sets up and manages RSS feeds in the browser. |
+
+
+## Editing Group Policy settings
+Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
+
+- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
+
+- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
+
+## Related topics
+- [Administrative templates (.admx) for Windows 10 April 2018 Update](https://www.microsoft.com/download/details.aspx?id=56880)
+- [Administrative templates (.admx) for Windows 10 October 2018 Update](https://www.microsoft.com/download/details.aspx?id=57576)
+- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
index 977e17394e..07687792a3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
@@ -1,62 +1,66 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
----
-
-# Approve a change request using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
-
-## Approve or reject a change request
-The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
-
-**To approve or reject a change request**
-1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
-
- The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
-
-2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
-
-3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
-
- An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
-
-
-## Send a reminder to the Approver(s) group
-If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
-
-- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
-
- An email is sent to the selected Approver(s).
-
-
-## View rejected change requests
-The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
-
-**To view the rejected change request**
-
-- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
-
- All rejected change requests appear, with role assignment determining which ones are visible.
-
-
-## Next steps
-After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
+author: dansimp
+ms.prod: ie11
+title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+---
+
+# Approve a change request using the Enterprise Mode Site List Portal
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
+
+## Approve or reject a change request
+The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
+
+**To approve or reject a change request**
+1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
+
+ The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
+
+2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
+
+3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
+
+ An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
+
+
+## Send a reminder to the Approver(s) group
+If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
+
+- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
+
+ An email is sent to the selected Approver(s).
+
+
+## View rejected change requests
+The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
+
+**To view the rejected change request**
+
+- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
+
+ All rejected change requests appear, with role assignment determining which ones are visible.
+
+
+## Next steps
+After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
index d45374e404..7dbfc19776 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
@@ -1,62 +1,66 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto configuration and auto proxy problems with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto configuration and auto proxy problems with Internet Explorer 11
-You might experience some problems using automatic configuration and auto-proxy with Internet Explorer 11.
-
-## Branding changes aren't distributed using automatic configuration
-If you've turned on the **Disable external branding of Internet Explorer** Group Policy Object, you won't be able to use automatic configuration to distribute your branding changes to your users' computers. When this object is turned on, it prevents the branding of IE by a non-Microsoft company or entity, such as an Internet service provider or Internet content provider. For more information about automatic configuration, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) and [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). For more information about Group Policy settings, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
-
-## Proxy server setup issues
-If you experience issues while setting up your proxy server, you can try these troubleshooting steps:
-
-- Check to make sure the proxy server address is right.
-
-- Check that both **Automatically detect settings** and **Automatic configuration** are turned on in the browser.
-
-- Check that the browser is pointing to the right automatic configuration script location.
-
- **To check your proxy server address**
-
-1. On the **Tools** menu, click **Internet Options**, and then **Connections**.
-
-2. Click **Settings** or **LAN Settings**, and then look at your proxy server address.
-
-3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.
**Note** If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652).
-
- **To check that you've turned on the correct settings**
-
-4. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
-
-5. Click **Settings** or **LAN Settings**.
-
-6. In the **Automatic configuration** area, check that you've clicked the **Automatically detect settings** box. If you've turned on automatic configuration, check to make sure that you've also clicked the **Use automatic configuration script** box.
**Note** If at this point everything is set up correctly, but the proxy server still isn't behaving properly, click the **Detect my network settings** box in the **Error** dialog box to try to detect the proxy server, again.
-
- **To check that you're pointing to the correct automatic configuration script location**
-
-7. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
-
-8. Click **Settings** or **LAN Settings**.
-
-9. In the **Automatic configuration** area, check that you've chosen the **Use automatic configuration script** box, and that it has the correct location to your automatic configuration script or for your automatic proxy URL.
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: networking
+description: Auto configuration and auto proxy problems with Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Auto configuration and auto proxy problems with Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+You might experience some problems using automatic configuration and auto-proxy with Internet Explorer 11.
+
+## Branding changes aren't distributed using automatic configuration
+If you've turned on the **Disable external branding of Internet Explorer** Group Policy Object, you won't be able to use automatic configuration to distribute your branding changes to your users' computers. When this object is turned on, it prevents the branding of IE by a non-Microsoft company or entity, such as an Internet service provider or Internet content provider. For more information about automatic configuration, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) and [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). For more information about Group Policy settings, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
+
+## Proxy server setup issues
+If you experience issues while setting up your proxy server, you can try these troubleshooting steps:
+
+- Check to make sure the proxy server address is right.
+
+- Check that both **Automatically detect settings** and **Automatic configuration** are turned on in the browser.
+
+- Check that the browser is pointing to the right automatic configuration script location.
+
+ **To check your proxy server address**
+
+1. On the **Tools** menu, click **Internet Options**, and then **Connections**.
+
+2. Click **Settings** or **LAN Settings**, and then look at your proxy server address.
+
+3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.
**Note** If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652).
+
+ **To check that you've turned on the correct settings**
+
+4. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
+
+5. Click **Settings** or **LAN Settings**.
+
+6. In the **Automatic configuration** area, check that you've clicked the **Automatically detect settings** box. If you've turned on automatic configuration, check to make sure that you've also clicked the **Use automatic configuration script** box.
**Note** If at this point everything is set up correctly, but the proxy server still isn't behaving properly, click the **Detect my network settings** box in the **Error** dialog box to try to detect the proxy server, again.
+
+ **To check that you're pointing to the correct automatic configuration script location**
+
+7. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
+
+8. Click **Settings** or **LAN Settings**.
+
+9. In the **Automatic configuration** area, check that you've chosen the **Use automatic configuration script** box, and that it has the correct location to your automatic configuration script or for your automatic proxy URL.
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index 1b9a0ba9c8..82857ac50e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -1,74 +1,78 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto configuration settings for Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto configuration settings for Internet Explorer 11
-Automatic configuration lets you apply custom branding and graphics to your internal Internet Explorer installations, running on Windows 8.1 or Windows Server 2012 R2. For more information about adding custom branding and graphics to your IE package, see [Customize the toolbar button and Favorites List icons using IEAK 11](../ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md).
**Important** You'll only see and be able to use the **IE Customization Wizard 11 - Automatic Configuration** page if you're creating an internal IE installation package. For more information about the **IE Customization Wizard 11 - Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
-
-## Adding the automatic configuration registry key
-For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry key to your IE installation package.
**Important** Follow these directions carefully because serious problems can occur if you update your registry incorrectly. For added protection, back up your registry so you can restore it if a problem occurs.
-
- **To add the registry key**
-
-1. On the **Start** screen, type **regedit**, and then click **Regedit.exe**.
-
-2. Right-click the `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl` subkey, point to **New**, and then click **Key**.
-
-3. Enter the new key name, `FEATURE\AUTOCONFIG\BRANDING`, and then press Enter.
-
-4. Right-click `FEATURE\AUTOCONFIG\BRANDING`, point to **New**, and then click **DWORD (32-bit) Value**.
-
-5. Enter the new DWORD value name, **iexplore.exe**, and then press Enter.
-
-6. Right-click **iexplore.exe**, and then click **Modify**.
-
-7. In the **Value data** box, enter **1**, and then click **OK**.
-
-8. Exit the registry editor.
-
-## Updating your automatic configuration settings
-After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
-
Important Your branding changes won't be added or updated if you've previously chosen the Disable external branding of IE setting in the User Configuration\Administrative Templates\Windows Components\Internet Explorer Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the Group Policy TechCenter.
-
- **To update your settings**
-
-1. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** check box to allow automatic detection of browser settings.
-
-3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
-
- - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that automatic configuration only happens when the computer restarts.
-
- - **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
-
- - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.
**Important** Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
-
-If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
-
-## Locking your automatic configuration settings
-You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
-
-- **Using Microsoft Active Directory.** Choose **Disable changing Automatic Configuration settings** from the Administrative Templates setting.
-
-- **Not Using Active Directory.** Choose the **Disable changing Automatic Configuration settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object.
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: networking
+description: Auto configuration settings for Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Auto configuration settings for Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+Automatic configuration lets you apply custom branding and graphics to your internal Internet Explorer installations, running on Windows 8.1 or Windows Server 2012 R2. For more information about adding custom branding and graphics to your IE package, see [Customize the toolbar button and Favorites List icons using IEAK 11](../ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md).
**Important** You'll only see and be able to use the **IE Customization Wizard 11 - Automatic Configuration** page if you're creating an internal IE installation package. For more information about the **IE Customization Wizard 11 - Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
+
+## Adding the automatic configuration registry key
+For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry key to your IE installation package.
**Important** Follow these directions carefully because serious problems can occur if you update your registry incorrectly. For added protection, back up your registry so you can restore it if a problem occurs.
+
+ **To add the registry key**
+
+1. On the **Start** screen, type **regedit**, and then click **Regedit.exe**.
+
+2. Right-click the `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl` subkey, point to **New**, and then click **Key**.
+
+3. Enter the new key name, `FEATURE\AUTOCONFIG\BRANDING`, and then press Enter.
+
+4. Right-click `FEATURE\AUTOCONFIG\BRANDING`, point to **New**, and then click **DWORD (32-bit) Value**.
+
+5. Enter the new DWORD value name, **iexplore.exe**, and then press Enter.
+
+6. Right-click **iexplore.exe**, and then click **Modify**.
+
+7. In the **Value data** box, enter **1**, and then click **OK**.
+
+8. Exit the registry editor.
+
+## Updating your automatic configuration settings
+After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
+
Important Your branding changes won't be added or updated if you've previously chosen the Disable external branding of IE setting in the User Configuration\Administrative Templates\Windows Components\Internet Explorer Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the Group Policy TechCenter.
+
+ **To update your settings**
+
+1. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
+
+2. Choose the **Automatically detect configuration settings** check box to allow automatic detection of browser settings.
+
+3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
+
+ - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that automatic configuration only happens when the computer restarts.
+
+ - **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
+
+ - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.
**Important** Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
+
+If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
+
+## Locking your automatic configuration settings
+You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
+
+- **Using Microsoft Active Directory.** Choose **Disable changing Automatic Configuration settings** from the Administrative Templates setting.
+
+- **Not Using Active Directory.** Choose the **Disable changing Automatic Configuration settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object.
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index 6d58aac85b..3e2c898988 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -1,55 +1,59 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto detect settings Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto detect settings Internet Explorer 11
-After you specify the specific settings related to automatic detection on your Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers, you can set up your users' browser settings from a central location.
-
-Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
-
-- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
-
-- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses.
**Note** DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
-
-## Updating your automatic detection settings
-To use automatic detection, you have to set up your DHCP and DNS servers.
**Note** Your DHCP servers must support the `DHCPINFORM` message, to obtain the DHCP options.
-
- **To turn on automatic detection for DHCP servers**
-
-1. Open the Internet Explorer Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
-
-3. Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
-
- **To turn on automatic detection for DNS servers**
-
-4. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-5. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings.
-
-6. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
**-OR-**
Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
**Note** For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).
-
-7. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
**Note** Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
-
-
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: networking
+description: Auto detect settings Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Auto detect settings Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+After you specify the specific settings related to automatic detection on your Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers, you can set up your users' browser settings from a central location.
+
+Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
+
+- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
+
+- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses.
**Note** DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
+
+## Updating your automatic detection settings
+To use automatic detection, you have to set up your DHCP and DNS servers.
**Note** Your DHCP servers must support the `DHCPINFORM` message, to obtain the DHCP options.
+
+ **To turn on automatic detection for DHCP servers**
+
+1. Open the Internet Explorer Customization Wizard 11, and go to the **Automatic Configuration** page.
+
+2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
+
+3. Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
+
+ **To turn on automatic detection for DNS servers**
+
+4. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
+
+5. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings.
+
+6. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
**-OR-**
Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
**Note** For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).
+
+7. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
**Note** Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
index bd7bd5c030..f285933bcb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
@@ -1,50 +1,54 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto proxy configuration settings for Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Auto proxy configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto proxy configuration settings for Internet Explorer 11
-Configure and maintain your proxy settings, like pointing your users' browsers to your automatic proxy script, through the Internet Explorer Customization Wizard 11 running on either Windows 8.1 or Windows Server 2012 R2.
-
-## Updating your auto-proxy settings
-You can use your Internet settings (.ins) files to set up your standard proxy settings. You can also specify script files (.js, .jvs, or .pac) to configure and maintain your advanced proxy settings. IE uses your auto-proxy script files to dynamically determine whether to connect to a host or use a proxy server. If a proxy server connection fails, Internet Explorer 11 automatically attempts to connect to another proxy server that you have specified.
-
- **To update your settings**
-
-1. Create a script file with your proxy information, copying it to a server location.
-
-2. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
-
- - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that updates only happen when the computer restarts.
-
- - **Automatic Configuration URL (.INS file) box:** Type the location of the .ins file you want to use for automatic configuration. For more information about setting up **Automatic Configuration**, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md).
-
- - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.
**Important** IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
-
-## Locking your auto-proxy settings
-You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
-
-- **Using Microsoft Active Directory.** Choose **Disable changing proxy settings** from the Administrative Templates setting.
-
-- **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: networking
+description: Auto proxy configuration settings for Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Auto proxy configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Auto proxy configuration settings for Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+Configure and maintain your proxy settings, like pointing your users' browsers to your automatic proxy script, through the Internet Explorer Customization Wizard 11 running on either Windows 8.1 or Windows Server 2012 R2.
+
+## Updating your auto-proxy settings
+You can use your Internet settings (.ins) files to set up your standard proxy settings. You can also specify script files (.js, .jvs, or .pac) to configure and maintain your advanced proxy settings. IE uses your auto-proxy script files to dynamically determine whether to connect to a host or use a proxy server. If a proxy server connection fails, Internet Explorer 11 automatically attempts to connect to another proxy server that you have specified.
+
+ **To update your settings**
+
+1. Create a script file with your proxy information, copying it to a server location.
+
+2. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
+
+3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
+
+ - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that updates only happen when the computer restarts.
+
+ - **Automatic Configuration URL (.INS file) box:** Type the location of the .ins file you want to use for automatic configuration. For more information about setting up **Automatic Configuration**, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md).
+
+ - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.
**Important** IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
+
+## Locking your auto-proxy settings
+You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
+
+- **Using Microsoft Active Directory.** Choose **Disable changing proxy settings** from the Administrative Templates setting.
+
+- **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
index 12bd5502e3..17f6488e0a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
@@ -1,43 +1,47 @@
----
-title: Blocked out-of-date ActiveX controls
-description: This page is periodically updated with new ActiveX controls blocked by this feature.
-author: dansimp
-ms.author: dansimp
-audience: itpro
manager: dansimp
-ms.date: 05/10/2018
-ms.topic: article
-ms.prod: ie11
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-ms.assetid: ''
-ms.reviewer:
-ms.sitesec: library
----
-
-# Blocked out-of-date ActiveX controls
-
-ActiveX controls are small apps that let websites provide content, like videos and games, and let you interact with content, like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. It's very important that you keep your ActiveX controls up to date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a security feature called _out-of-date ActiveX control blocking_.
-
-We'll periodically update this page with new ActiveX controls blocked by this feature. We'll typically provide one month's advance notice before adding new controls to the list.
-
-You will receive a notification if a webpage tries to load one of the following of ActiveX control versions:
-
-**Java**
-
-| Java 2 Platform, Standard Edition (J2SE) 1.4, everything below (but not including) update 43 |
-|----------------------------------------------------------------------------------------------|
-| J2SE 5.0, everything below (but not including) update 99 |
-| Java SE 6, everything below (but not including) update 181 |
-| Java SE 7, everything below (but not including) update 171 |
-| Java SE 8, everything below (but not including) update 161 |
-| Java SE 9, everything below (but not including) update 4 |
-
-**Silverlight**
-
-
-| Everything below (but not including) Silverlight 5.1.50907.0 |
-|--------------------------------------------------------------|
-| |
-
-For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864).
+---
+title: Blocked out-of-date ActiveX controls
+description: This page is periodically updated with new ActiveX controls blocked by this feature.
+author: dansimp
+ms.author: dansimp
+audience: itpro
+manager: dansimp
+ms.date: 05/10/2018
+ms.topic: article
+ms.prod: ie11
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: security
+ms.assetid: ''
+ms.reviewer:
+ms.sitesec: library
+---
+
+# Blocked out-of-date ActiveX controls
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+ActiveX controls are small apps that let websites provide content, like videos and games, and let you interact with content, like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. It's very important that you keep your ActiveX controls up to date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a security feature called _out-of-date ActiveX control blocking_.
+
+We'll periodically update this page with new ActiveX controls blocked by this feature. We'll typically provide one month's advance notice before adding new controls to the list.
+
+You will receive a notification if a webpage tries to load one of the following of ActiveX control versions:
+
+**Java**
+
+| Java 2 Platform, Standard Edition (J2SE) 1.4, everything below (but not including) update 43 |
+|----------------------------------------------------------------------------------------------|
+| J2SE 5.0, everything below (but not including) update 99 |
+| Java SE 6, everything below (but not including) update 181 |
+| Java SE 7, everything below (but not including) update 171 |
+| Java SE 8, everything below (but not including) update 161 |
+| Java SE 9, everything below (but not including) update 4 |
+
+**Silverlight**
+
+
+| Everything below (but not including) Silverlight 5.1.50907.0 |
+|--------------------------------------------------------------|
+| |
+
+For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
index fe61c67cf5..9aca832f3e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
@@ -1,38 +1,42 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: performance
-description: Browser cache changes and roaming profiles
-author: dansimp
-ms.prod: ie11
-ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/16/2017
----
-
-
-# Browser cache changes and roaming profiles
-We’ve redesigned the browser cache to improve the performance, flexibility, reliability, and scalability of Internet Explorer and the apps that rely on the Windows Internet (WinINet) cache. Our new database design stops multiple clients from simultaneously accessing and using cached information, while also providing a higher level of data integrity.
-
-You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](https://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.
**Note** Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Microsoft Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
-
-To get the best results while using roaming profiles, we strongly recommend the following:
-
-- Create a separate roaming repository for each domain account that uses roaming.
-
-- Restrict roaming user profiles so they work on only one computer at a time. Using a single roaming profile on multiple computers isn’t supported (via console or Remote Desktop) and can cause unpredictable results, including cookie loss.
-
-- Allow all computers that let users sign-on with a roaming profile have identical IE cookie policies and settings.
-
-- Make sure to delete the user’s local roaming profile at sign off for any computer using user profile roaming. You can do this by turning on the **Delete cached copies of roaming profiles** Group Policy Object.
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: performance
+description: Browser cache changes and roaming profiles
+author: dansimp
+ms.prod: ie11
+ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 10/16/2017
+---
+
+
+# Browser cache changes and roaming profiles
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+We’ve redesigned the browser cache to improve the performance, flexibility, reliability, and scalability of Internet Explorer and the apps that rely on the Windows Internet (WinINet) cache. Our new database design stops multiple clients from simultaneously accessing and using cached information, while also providing a higher level of data integrity.
+
+You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](https://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.
**Note** Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Microsoft Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
+
+To get the best results while using roaming profiles, we strongly recommend the following:
+
+- Create a separate roaming repository for each domain account that uses roaming.
+
+- Restrict roaming user profiles so they work on only one computer at a time. Using a single roaming profile on multiple computers isn’t supported (via console or Remote Desktop) and can cause unpredictable results, including cookie loss.
+
+- Allow all computers that let users sign-on with a roaming profile have identical IE cookie policies and settings.
+
+- Make sure to delete the user’s local roaming profile at sign off for any computer using user profile roaming. You can do this by turning on the **Delete cached copies of roaming profiles** Group Policy Object.
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
index d3cae2a67a..f358312bbc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
@@ -1,56 +1,60 @@
----
-ms.localizationpriority: medium
-title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
-description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10 and Windows 10 Mobile.
-ms.mktglfcycl: deploy
-ms.prod: ie11
-ms.sitesec: library
-author: dansimp
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
----
-
-
-# Change history for Internet Explorer 11
-This topic lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile.
-
-## April 2017
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)|Updates to the Enterprise Mode section to include info about the Enterprise Mode Site List Portal. |
-
-## March 2017
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to add the Allow VBScript to run in Internet Explorer and the Hide the button (next to the New Tab button) that opens Microsoft Edge settings. |
-
-## November 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Updated the DocMode reason section to correct Code 8 and to add Code 9.|
-
-## August 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
-
-## July 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to include the comprehensive list of Group Policies that were added with Internet Explorer 11. |
-
-## June 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated with 2 new policies, Send all sites not included in the Enterprise Mode Site List to Microsoft Edge and Show message when opening sites in Microsoft Edge using Enterprise Mode. |
-
-
-## May 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) | Added info about using <emie> and <docMode> together. |
-
+---
+ms.localizationpriority: medium
+title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
+description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10 and Windows 10 Mobile.
+ms.mktglfcycl: deploy
+ms.prod: ie11
+ms.sitesec: library
+author: dansimp
+ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+---
+
+
+# Change history for Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+This topic lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile.
+
+## April 2017
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)|Updates to the Enterprise Mode section to include info about the Enterprise Mode Site List Portal. |
+
+## March 2017
+|New or changed topic | Description |
+|----------------------|-------------|
+|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to add the Allow VBScript to run in Internet Explorer and the Hide the button (next to the New Tab button) that opens Microsoft Edge settings. |
+
+## November 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Updated the DocMode reason section to correct Code 8 and to add Code 9.|
+
+## August 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
+|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
+|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
+
+## July 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to include the comprehensive list of Group Policies that were added with Internet Explorer 11. |
+
+## June 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated with 2 new policies, Send all sites not included in the Enterprise Mode Site List to Microsoft Edge and Show message when opening sites in Microsoft Edge using Enterprise Mode. |
+
+
+## May 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) | Added info about using <emie> and <docMode> together. |
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
index 0b2d9ff141..9b4b3e6f1f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -1,51 +1,55 @@
----
-title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
-description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
-ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.date: 08/14/2017
-ms.localizationpriority: medium
----
-
-
-# Check for a new Enterprise Mode site list xml file
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
-
-**How Internet Explorer 11 looks for an updated site list**
-
-1. Internet Explorer starts up and looks for an updated site list in the following places:
-
- 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
-
- 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
-
- 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
-
-2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
**Note** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
-
-
-
-
-
-
-
-
-
+---
+title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
+description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
+ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: ie11
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.date: 08/14/2017
+ms.localizationpriority: medium
+---
+
+
+# Check for a new Enterprise Mode site list xml file
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
+
+**How Internet Explorer 11 looks for an updated site list**
+
+1. Internet Explorer starts up and looks for an updated site list in the following places:
+
+ 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
+
+ 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
+
+ 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
+
+2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
**Note** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
index c35d115df7..810264c501 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
@@ -1,31 +1,35 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Choose how to deploy Internet Explorer 11 (IE11)
-author: dansimp
-ms.prod: ie11
-ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Choose how to deploy Internet Explorer 11 (IE11)
-In this section, you can learn about how to deploy your custom version of Internet Explorer using Automatic Version Synchronization (AVS) or using your software distribution tools.
-
-## In this section
-
-| Topic | Description |
-|------------------------------------------------------------- | ------------------------------------------------------ |
-|[Deploy IE11 using Automatic Version Synchronization (AVS)](deploy-ie11-using-automatic-version-synchronization-avs.md) |Guidance about how to deploy your custom browser packages using Automatic Version Synchronization (AVS). |
-|[Deploy IE11 using software distribution tools](deploy-ie11-using-software-distribution-tools.md) |Guidance about how to deploy your custom browser packages using System Center 2012 R2, Windows Server Update Services (WSUS), Group Policy software installation, or Microsoft Deployment toolkit (MDT). |
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: Choose how to deploy Internet Explorer 11 (IE11)
+author: dansimp
+ms.prod: ie11
+ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Choose how to deploy Internet Explorer 11 (IE11)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+In this section, you can learn about how to deploy your custom version of Internet Explorer using Automatic Version Synchronization (AVS) or using your software distribution tools.
+
+## In this section
+
+| Topic | Description |
+|------------------------------------------------------------- | ------------------------------------------------------ |
+|[Deploy IE11 using Automatic Version Synchronization (AVS)](deploy-ie11-using-automatic-version-synchronization-avs.md) |Guidance about how to deploy your custom browser packages using Automatic Version Synchronization (AVS). |
+|[Deploy IE11 using software distribution tools](deploy-ie11-using-software-distribution-tools.md) |Guidance about how to deploy your custom browser packages using System Center 2012 R2, Windows Server Update Services (WSUS), Group Policy software installation, or Microsoft Deployment toolkit (MDT). |
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index 563f38160c..72a5766494 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -1,37 +1,41 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Choose how to install Internet Explorer 11 (IE11)
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Choose how to install Internet Explorer 11 (IE11)
-Before you install Internet Explorer 11, you should:
-
-- **Migrate Group Policy Objects.** Decide if your Group Policy Objects should migrate to the new version.
-
-- **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
-
-- **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
-
-- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
-
- - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
-
- - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669).
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: Choose how to install Internet Explorer 11 (IE11)
+author: dansimp
+ms.prod: ie11
+ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Choose how to install Internet Explorer 11 (IE11)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+Before you install Internet Explorer 11, you should:
+
+- **Migrate Group Policy Objects.** Decide if your Group Policy Objects should migrate to the new version.
+
+- **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
+
+- **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
+
+- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
+
+ - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
+
+ - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669).
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index 12049fdcb9..0ffe059374 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Collect data using Enterprise Site Discovery
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
index d01fccf729..db62af6aab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
@@ -16,6 +16,9 @@ ms.author: dansimp
# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
index 278408ab38..ad4441c9e3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
@@ -16,6 +16,9 @@ ms.author: dansimp
# Create a change request using the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
index 6c260e93aa..395703b43d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Create packages for multiple operating systems or languages
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You'll create multiple versions of your custom browser package if:
- You support more than 1 version of Windows®.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
index fc43585ae7..342b139714 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Customize Internet Explorer 11 installation packages
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You can customize Internet Explorer 11 to support various browser behaviors, multiple operating system versions and languages, and Setup information (.inf) files.
|Topic |Description |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index b2c4c0f80a..843d917596 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
index b9089ee16a..0f0c56de35 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
@@ -15,6 +15,9 @@ ms.date: 07/27/2017
---
# Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
## What is Automatic Version Synchronization?
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index dc31c3230e..c3940fbefd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Deploy Internet Explorer 11 using software distribution tools
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include:
- **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
index 567b8fbeb8..0177418299 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index f0f44c2897..e8d1ec3d7d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Deprecated document modes and Internet Explorer 11
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index 8ad5f3e6ad..29574ab860 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index cb419efe7f..e21f3e41ed 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -17,6 +17,9 @@ ms.date: 4/12/2018
# Enable and disable add-ons using administrative templates and group policy
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Add-ons let your employees personalize Internet Explorer. You can manage IE add-ons using Group Policy and Group Policy templates.
There are four types of add-ons:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
index d0998607dc..7f00307378 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Enhanced Protected Mode problems with Internet Explorer
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Enhanced Protected Mode further restricts Protected Mode to deny potential attackers access to sensitive or personal information. If this feature is turned on, users might start to see errors asking them to turn it off, like **This webpage wants to run "npctrl.dll. If you trust this site, you can disable Enhanced Protected Mode for this site to run the control**. If your users click the **Disable** box, Enhanced Protected Mode is turned off for only the single visit to that specific site. After the user leaves the site, Enhanced Protected Mode is automatically turned back on.
You can use your company’s Group Policy to turn Enhanced Protected Mode on or off for all users. For more information, see the [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md) information in this guide.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
index 71104a8786..e5e3c31095 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Enterprise Mode for Internet Explorer 11
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 09160baadd..6832c2797b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Enterprise Mode schema v.1 guidance
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index a321e5a744..299c6c093f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -18,6 +18,9 @@ ms.date: 12/04/2017
# Enterprise Mode schema v.2 guidance
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index cf235b25aa..ce2f14b162 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Export your Enterprise Mode site list from the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index f1d72eb1a1..a5abdb8400 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Fix web compatibility issues using document modes and the Enterprise Mode site list
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site. This addition to the site list is a continuation of our commitment to help you upgrade and stay up-to-date on the latest version of Internet Explorer, while still preserving your investments in existing apps.
## What does this mean for me?
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index c3c7ead8ff..54da1d4ba1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Fix validation problems using the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index d2fadc609c..93486e7113 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Advanced Group Policy Management (AGPM) is an add-on license that available for the Microsoft Desktop Optimization Pack (MDOP). This license gives you change control and a role assignment-model that helps optimize Group Policy management and reduce the risk of widespread failures.
From AGPM you can:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
index df5754f0b6..e1e763af4c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
A Microsoft Management Console (MMC)-based tool that uses scriptable interfaces to manage Group Policy. The 32-bit and 64-bit versions are included with Windows Server R2 with Service Pack 1 (SP1) and Windows Server 2012 R2.
## Why use the GPMC?
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
index d80c5af350..7e8c419582 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Group Policy and Internet Explorer 11 (IE11)
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index 4ca3868ed5..dce572d812 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group Policy, the Local Group Policy Editor, and Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
A Microsoft Management Console (MMC)-based tool that manages both computer and user-related configurations for an individual computer policy. This tool is included with Windows® 7 Service Pack 1 (SP1) and Windows 8.1.
Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=294912).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
index 8a5b6d7859..12b360b126 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group Policy and compatibility with Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Internet Explorer 11 has many Group Policy entries that can be configured for keeping your environment managed and safe. This table includes all of our recommendations around security, performance, and compatibility with the previous versions of Internet Explorer, regardless of which Zone the website is in.
|Activity |Location |Setting the policy object |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
index 403471f4c7..3eafec01ac 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group Policy management tools
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Group Policy, based on Microsoft Active Directory Domain Services (AD DS), lets you manage your organization's computer and user settings as part of your Group Policy objects (GPOs), which are added and changed in the Group Policy Management Console (GPMC). GPOs can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. The most effective way to target a specific GPO is to use Windows Management Instrumentation (WMI) filters. Like, creating a WMI filter that applies a GPO only to computers with a specific make and model.
By using Group Policy, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple Internet Explorer 11 security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index ae5c5f783e..938e3e036e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group policy preferences and Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Group Policy preferences are less strict than Group Policy settings, based on:
| |Group Policy preferences |Group Policy settings |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index d94601a9d5..26cf3ae659 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group Policy problems with Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](https://go.microsoft.com/fwlink/p/?LinkId=279872).
## Group Policy Object-related Log Files
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index 1f0caf9bc3..cd9e8a1740 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group Policy, Shortcut Extensions, and Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Group Policy includes the Shortcuts preference extension, which lets you configure shortcuts to:
- **File system objects.** Traditional shortcuts that link to apps, files, folders, drives, shares, or computers. For example, linking a shortcut to an app from the **Start** screen.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
index 2de349942d..6f57e982ec 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Group Policy, Windows Powershell, and Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Your domain-joined Group Policy Objects (GPOs) can use any of Group Policy-related “cmdlets” that run within Windows PowerShell.
Each cmdlet is a single-function command-line tool that can:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
index 9fe7dca247..edcb50cb9e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
@@ -17,6 +17,9 @@ ms.date: 05/22/2018
---
# Internet Explorer 11 delivery through automatic updates
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Internet Explorer 11 makes browsing the web faster, easier, safer, and more reliable than ever. To help customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 11 through Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 11 will be available for users of the 32-bit and 64-bit versions of Windows 7 Service Pack 1 (SP1), and 64-bit version of Windows Server 2008 R2 SP1. This article provides an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 11 is deployed to their organization through Automatic Updates.
- [Automatic updates delivery process](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#automatic-updates-delivery-process)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index 6b34fcc195..30de0a2c97 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -11,6 +11,9 @@ ms.author: dansimp
# Full-sized flowchart detailing how document modes are chosen in IE11
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index 5ab9dd5e58..f585e3210d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Import your Enterprise Mode site list to the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md
index 74f09e116d..c40ba230ff 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@@ -14,6 +14,9 @@ manager: dansimp
# Internet Explorer 11 (IE11) - Deployment Guide for IT Pros
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
index e9fcf44f0e..47a4d07569 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Install and Deploy Internet Explorer 11 (IE11)
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index 7dd92ecc08..027cf25129 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -15,6 +15,9 @@ ms.date: 07/27/2017
# Install Internet Explorer 11 (IE11) using Microsoft Intune
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301805).
## Adding and deploying the IE11 package
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index 5dade69199..c6bd4e15e8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
You can install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images.
You'll need to extract the .cab file for each supported operating system and platform combination and the .msu file for each prerequisite update. Download the IE11 update and prerequisites here:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
index 2b40174159..e08ca5dffe 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?linkid=276664). Complete these steps for each operating system and platform combination.
**To install IE11**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
index 9da3cd91fa..d0d9d17be1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Install Internet Explorer 11 (IE11) using your network
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You can install Internet Explorer 11 (IE11) over your network by putting your custom IE11 installation package in a shared network folder and letting your employees run the Setup program on their own computers. You can create the network folder structure manually, or you can run Internet Explorer Administration Kit 11 (IEAK 11).
**Note** If you support multiple architectures and operating systems, create a subfolder for each combination. If you support multiple languages, create a subfolder for each localized installation file.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
index 5d230773e3..d593de27c6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Install Internet Explorer 11 (IE11) using third-party tools
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You can install Internet Explorer 11 (IE11) using third-party electronic software distribution (ESD) systems and these command-line options:
## Setup Modes
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 62bfab42b9..662514e102 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790).
**To import from Windows Update to WSUS**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
index 3ebe727aeb..3e6ffbfad8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Install problems with Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Most Internet Explorer 11 installations are straightforward and work the way they should. But it's possible that you might have problems.
If you do, you can:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
index 16331ab49c..803fc7fb83 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Fix intranet search problems with Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
After upgrading to Internet Explorer 11, you might experience search issues while using your intranet site.
## Why is my intranet redirecting me to search results?
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index 2270749c81..66b29a20c4 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Manage Internet Explorer 11
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index c0087953b7..e0dbd2bdab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Missing Internet Explorer Maintenance settings for Internet Explorer 11
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
index fbc40cbf73..faa927931e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Missing the Compatibility View Button
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index 31261bbf7e..6c68a1ec01 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# .NET Framework problems with Internet Explorer 11
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
## Summary
If you’re having problems launching your legacy apps while running Internet Explorer 11, it’s most likely because Internet Explorer no longer starts apps that use managed browser hosting controls, like in .NET Framework 1.1 and 2.0.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 65e099eb37..9b8ab9eb33 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# New group policy settings for Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index 5591606f32..a2f12352fd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -18,6 +18,9 @@ ms.date: 05/10/2018
# Out-of-date ActiveX control blocking
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
@@ -105,7 +108,10 @@ reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVe
```
Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. Use this configuration option at your own risk.
-## Out-of-date ActiveX control blocking on managed devices
+## Out-of-date ActiveX control blocking
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+ on managed devices
Out-of-date ActiveX control blocking includes four new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
### Group Policy settings
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index 80a59c9305..fbcbcbadb9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -16,6 +16,9 @@ ms.date: 10/16/2017
# Problems after installing Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
After you install Internet Explorer 11 in your organization, you might run into the following issues. By following these suggestions, you should be able to fix them.
## Internet Explorer is in an unusable state
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index df8a2b1707..4c973ffad6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
index 4995a12e9a..f30c495bb3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Remove sites from a local compatibility view list
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
index c9b859509b..93b323b78a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Remove sites from a local Enterprise Mode site list
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
index bb22b43b3f..acfe82d2a5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
@@ -17,6 +17,9 @@ ms.date: 04/02/2020
# Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index 28b18117e1..7b80dd178d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Save your site list to XML in the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
index 4565b9f0c1..4d5e66ec80 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
@@ -16,6 +16,9 @@ ms.author: dansimp
# Schedule approved change requests for production using the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 0f35b04d1c..f96a952626 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Search your Enterprise Mode site list in the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index b6c1af8258..6edccdda73 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Set the default browser using Group Policy
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You can use the Group Policy setting, **Set a default associations configuration file**, to set the default browser for your company devices running Windows 10.
**To set the default browser as Internet Explorer 11**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index fd55a40ebd..94f9336c89 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Set up Enterprise Mode logging and data collection
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
index 7b0dd491aa..c022c08569 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
@@ -16,6 +16,9 @@ ms.author: dansimp
# Set up the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
index 7dd3e837c0..70d197c391 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Setup problems with Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Installing Internet Explorer creates the following log files, which are stored in the Windows installation folder (typically, the C:\\Windows folder):
- `IE11_main.log`
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index a8953ad3f4..37b7bc16cf 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# System requirements and language support for Internet Explorer 11 (IE11)
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
index 1f9a047156..14bd40e745 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
@@ -17,6 +17,9 @@ ms.date: 05/10/2018
# Tips and tricks to manage Internet Explorer compatibility
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
Jump to:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
index 39d999c947..bf8ceeb867 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Troubleshoot Internet Explorer 11 (IE11)
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
index 1df0d6b95e..7e4561fa2a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Turn off Enterprise Mode
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
index 90442b3bbc..178085c2ad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Fix font rendering problems by turning off natural metrics
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
By default, Internet Explorer 11 uses “natural metrics”. Natural metrics use inter-pixel spacing that creates more accurately rendered and readable text, avoiding many common font rendering problems with Windows Internet Explorer 9 or older sites.
However, you might find that many intranet sites need you to use Windows Graphics Device Interface (GDI) metrics. To avoid potential compatibility issues, you must turn off natural metrics for those sites.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index 744df8c766..8c84054dc3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -18,6 +18,9 @@ ms.localizationpriority: medium
# Turn on Enterprise Mode and use a site list
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index 1324c12963..b4db0fb7a4 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Turn on local control and logging for Enterprise Mode
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
index 446375289c..750bca0e82 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# List of updated features and tools - Internet Explorer 11 (IE11)
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
index c26e39ddcc..fe55abfdc6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
@@ -16,6 +16,9 @@ author: dansimp
# Use the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
index 3cbc140f4b..cbfcfecf93 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@@ -18,6 +18,9 @@ ms.date: 12/04/2017
# Use the Enterprise Mode Site List Manager
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
index 14fcd048fc..b7669cf1ca 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# User interface problems with Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Some of the features in both Internet Explorer 11 and IEAK 11 have moved around. Here are some of the more common changes.
## Where did features go in the Internet Explorer Customization Wizard 11?
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
index 6bff79cc82..677f1c974a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
@@ -18,6 +18,9 @@ ms.date: 07/27/2017
# Using IE7 Enterprise Mode or IE8 Enterprise Mode
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
index 07e3ce2e2b..7015595563 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Internet Explorer Administration Kit 11 (IEAK 11) helps you set up, deploy, and maintain Internet Explorer 11.
**Note** IEAK 11 works in network environments, with or without Microsoft Active Directory.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
index 1f7b62dfa5..afc27104af 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Using Setup Information (.inf) files to create install packages
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](https://go.microsoft.com/fwlink/p/?LinkId=327959).
**To add uninstallation instructions to the .inf files**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
index a3fce1731d..a31c831abd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
@@ -16,6 +16,9 @@ ms.author: dansimp
# Verify your changes using the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
index 42db6c85c5..1ccd3e4d0c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
@@ -16,6 +16,9 @@ ms.author: dansimp
# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
index 2be252275c..9aa736bacb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
@@ -16,6 +16,9 @@ ms.author: dansimp
# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
index 20ad5ac557..f2db72080d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
@@ -16,6 +16,9 @@ ms.author: dansimp
# View the available Enterprise Mode reports from the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
index e5de6fffdd..771f7b3439 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Virtualization and compatibility with Internet Explorer 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
If your company is considering upgrading to the latest version of Internet Explorer, but is hesitant because of a large number of web apps that need to be tested and moved, we recommend that you consider virtualization. Virtualization lets you set up a virtual environment where you can run earlier versions of IE.
**Important**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index 1a2c6fc17a..b9fb67f961 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -18,6 +18,9 @@ ms.date: 10/25/2018
# Enterprise Mode and the Enterprise Mode Site List
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
@@ -61,7 +64,10 @@ Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microso
- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
-## Enterprise Mode and the Enterprise Mode Site List XML file
+## Enterprise Mode and the Enterprise Mode Site List
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+ XML file
The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your employees can easily view this site list by typing _about:compat_ in either Microsoft Edge or IE11.
Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
index 4f1c56a922..1fd67f656b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@@ -19,6 +19,9 @@ ms.date: 05/10/2018
# What is the Internet Explorer 11 Blocker Toolkit?
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
index de71b3a8ff..dd8e3bcce6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
@@ -17,6 +17,9 @@ ms.author: dansimp
# Workflow-based processes for employees using the Enterprise Mode Site List Portal
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows 10
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
index 8917b1de22..c27e670fd6 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
@@ -16,6 +16,9 @@ ms.date: 10/16/2017
# Internet Explorer 11 - FAQ for IT Pros
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Answering frequently asked questions about Internet Explorer 11 (IE11) features, operating system support, integration with the Windows operating system, Group Policy, and general configuration.
## Frequently Asked Questions
diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
index e35b64b8a4..cf59b670d6 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
@@ -16,6 +16,9 @@ ms.date: 05/10/2018
# Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
> [!Important]
diff --git a/browsers/internet-explorer/ie11-faq/faq-ieak11.md b/browsers/internet-explorer/ie11-faq/faq-ieak11.md
index 7405392094..929acbed39 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ieak11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-ieak11.md
@@ -18,6 +18,9 @@ ms.date: 05/10/2018
# IEAK 11 - Frequently Asked Questions
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
Get answers to commonly asked questions about the Internet Explorer Administration Kit 11 (IEAK 11), and find links to additional material you might find helpful.
**What is IEAK 11?**
diff --git a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
index b211933353..40a7886b0a 100644
--- a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Accelerators page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Accelerators** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you add accelerators to your employee computers. Accelerators are contextual menu options that can quickly get to a web service from any webpage. For example, an accelerator can look up a highlighted word in the dictionary or a selected location on a map.
**Note**
diff --git a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
index 7e89dab65d..b4d0459c78 100644
--- a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Add and approve ActiveX controls using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
There are two main approaches to how you can control the use of ActiveX controls in your company. For more info about ActiveX controls, including how to manage the controls using Group Policy, see [Group Policy and ActiveX installation](../ie11-deploy-guide/activex-installation-using-group-policy.md) in the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
**Note**
diff --git a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
index eae4f678e5..c04501eea7 100644
--- a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Add a Root Certificate page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
We’re sorry. While we continue to recommend that you digitally sign your package, we’ve removed all of the functionality that allowed you to add a root certificate using the Internet Explorer Customization Wizard 11. The wizard page itself will be removed in a future version of the IEAK.
Click **Next** to go to the [Programs](programs-ieak11-wizard.md) page or **Back** to go to the [Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) page.
diff --git a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
index 60be35bc0d..ebff04a24a 100644
--- a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Additional Settings page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Additional Settings** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you pick additional custom, corporate, and Internet settings that relate to your employee’s desktop, operating system, and security. If you don’t change a setting, it’ll be ignored.
The additional settings appear in administration (.adm) files that are stored in your `:\Program Files\Windows IEAK 11\policies` folder. You can also create your own .adm files with options that can be configured using the wizard. Any edits you make to your own .adm file are stored as .ins files, which are used to build the .inf files for your custom install package.
diff --git a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
index d3883b39ca..879c328e43 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Automatic Configuration page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Automatic Configuration** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you provide URLs to the files that’ll automatically configure Internet Explorer 11 for a group of employees or devices.
**Note**
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
index 1a46247c5c..7d4f9344c9 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Set up auto detection for DHCP or DNS servers using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Set up your network to automatically detect and customize Internet Explorer 11 when it’s first started. Automatic detection is supported on both Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), letting your servers detect and set up your employee’s browser settings from a central location, using a configuration URL (.ins file) or a JavaScript proxy configuration file (.js, .jvs, or .pac).
Before you can set up your environment to use automatic detection, you need to turn the feature on.
diff --git a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
index c317a46e0e..b4565ed485 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Automatic Version Synchronization page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Automatic Version Synchronization** page of the Internet Explorer Customization Wizard 11 runs the synchronization process every time you run the wizard, downloading the Internet Explorer 11 Setup file to your computer. The Setup file includes the required full and express packages.
**Important**
diff --git a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
index 3508c186af..7271837b2e 100644
--- a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
@@ -18,6 +18,9 @@ ms.date: 04/24/2018
# Before you start using IEAK 11
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
Before you run IEAK 11 and the Customization Wizard, make sure you have met the following requirements:
- Have you determined which licensing version of the Internet Explorer Administration Kit 11 to install? For info, see [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md).
diff --git a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
index 5c9c189f24..351b1bbb76 100644
--- a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Branding .INS file to create custom branding and setup info
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about the custom branding and setup information in your browser package.
|Name |Value | Description |
diff --git a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
index c1f3999a3a..0116384f6d 100644
--- a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Browser User Interface page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Browser User Interface** page of the Internet Explorer Customization Wizard 11 lets you change the toolbar buttons and the title bar text in IE.
**Note** The customizations you make on this page apply only to Internet Explorer for the desktop.
diff --git a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
index b2b123ff69..05fb2324f7 100644
--- a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about how to customize the Internet Explorer toolbar.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
index a39adaff3e..3214ea32c0 100644
--- a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Browsing Options page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Browsing Options** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you decide how you want to manage items in the **Favorites, Favorites Bar, and Feeds** section, including the Microsoft-provided default items.
The choices that you make on this page affect only the items shown on the **Favorites, Favorites Bar, and Feeds** page.
diff --git a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
index e5bf7ebb40..321f45caf5 100644
--- a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the CabSigning .INS file to customize the digital signature info for your apps
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about how to customize the digital signature info for your apps.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
index cda9702eb4..b6138064be 100644
--- a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
@@ -17,6 +17,9 @@ ms.date: 07/27/2017
# Use the Compatibility View page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
We’re sorry. We’ve changed the way Compatibility View works in Internet Explorer 11 and have removed all of the functionality included on the **Compatibility View** page of the Internet Explorer Customization Wizard 11. For more info about the changes we’ve made to the Compatibility View functionality, see [Missing the Compatibility View Button](../ie11-deploy-guide/missing-the-compatibility-view-button.md).
Click **Next** to go to the [Programs](programs-ieak11-wizard.md) page or **Back** to go to the [Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) page.
diff --git a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
index aaec7b0fa2..e9051c955b 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Connection Manager page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
We're sorry. We've removed all of the functionality included on the Connection Manager page of the Internet Explorer Customization Wizard 11.
Click **Next** to go to the [Connection Settings](connection-settings-ieak11-wizard.md) page or **Back** to go to the [Compatibility View](compat-view-ieak11-wizard.md) page.
diff --git a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
index 66beabdbca..bc00c58bec 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Connection Settings page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Connection Settings** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you import the connection settings from your computer, to preset the connection settings on your employee’s computers.
**Note** Using the options on the **Additional Settings** page of the wizard, you can let your employees change their connection settings. For more information see the [Additional Settings](additional-settings-ieak11-wizard.md) page. You can also customize additional connection settings using the **Automatic Configuration** page in the wizard. For more information see the [Automatic Configuration](auto-config-ieak11-wizard.md) page.
diff --git a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
index 779e024e57..0e7777a64e 100644
--- a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the ConnectionSettings .INS file to review the network connections for install
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about the network connection settings used to install your custom package. This section creates a common configuration on all of your employee’s computers.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
index 91f26adf5b..0befbc922f 100644
--- a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Create the build computer folder structure using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Create your build environment on the computer that you’ll use to build your custom browser package. Your license agreement determines your folder structure and which version of Internet Explorer Administration Kit 11 (IEAK 11) you’ll use: **Internal** or **External**.
|Name |Version |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
index 3e8043c959..e2a0fb48a9 100644
--- a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Tasks and references to consider before creating and deploying custom packages using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Review this list of tasks and references to help you use the Internet Explorer Administration Kit 11 (IEAK 11) to set up, deploy, and manage Internet Explorer 11 in your company.
|Task |References |
diff --git a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
index 6196fabf79..5d88bfa81a 100644
--- a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Create multiple versions of your custom package using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You'll need to create multiple versions of your custom browser package if:
- You support more than 1 version of the Windows operating system.
diff --git a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
index 3cf498605c..ba3904ae39 100644
--- a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
+++ b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use uninstallation .INF files to uninstall custom components
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The Internet Explorer Administration Kit 11 (IEAK 11) uses Setup information (.inf) files to provide installation instructions for your custom browser packages. You can also use this file to uninstall your custom components by removing the files, registry entries, and shortcuts, and adding your custom component to the list of programs that can be uninstalled from **Uninstall or change a program**.
**To uninstall your custom components**
diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
index 571b73d327..1a981a5a16 100644
--- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Custom Components page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Custom Components** page of the Internet Explorer Customization Wizard 11 lets you add up to 10 additional components that your employees can install at the same time they install IE. These components can be created by Microsoft or your organization as either compressed cabinet (.cab) or self-extracting executable (.exe) files. If you’re using Microsoft components, make sure you have the latest version and software patches from the [Microsoft Support](https://go.microsoft.com/fwlink/p/?LinkId=258658) site. To include Microsoft Update components, you must bundle the associated files into a custom component.
**Important** You should sign any custom code that’s being downloaded over the Internet. The default settings of Internet Explorer 11 will automatically reject any unsigned code. For more info about digitally signing custom components, see [Security features and IEAK 11](security-and-ieak11.md).
diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
index e7469fa864..7a5556235d 100644
--- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the CustomBranding .INS file to create custom branding and setup info
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Provide the URL to your branding cabinet (.cab) file.
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index 3c0af97192..9ed59cf64e 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Customize Automatic Search for Internet Explorer using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ( [OpenSearch 1.1 Draft 5](https://go.microsoft.com/fwlink/p/?LinkId=208582)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
Using the **Administrative Templates** section of Group Policy, you can prevent the search box from appearing, you can add a list of acceptable search providers, or you can restrict your employee’s ability to add or remove search providers.
diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
index 06e8d6c3f3..7d0a2f9882 100644
--- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the ExtRegInf .INS file to specify installation files and mode
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about how to specify your Setup information (.inf) files and the installation mode for your custom components.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
index 47bf04d6e2..030dc054d2 100644
--- a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Favorites, Favorites Bar, and Feeds** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you add:
- **Links.** Used so your employees can quickly connect with your important websites. These links can appear in the **Links** folder or on the **Favorites Bar**.
diff --git a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
index 694b8d994d..ac736e20df 100644
--- a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the FavoritesEx .INS file for your Favorites icon and URLs
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about where you store your **Favorites** icon file, whether your **Favorites** are available offline, and the URLs for each **Favorites** site.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
index b27bc3273a..f72747f486 100644
--- a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
@@ -15,6 +15,9 @@ ms.sitesec: library
# Use the Feature Selection page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Feature Selection** page of the Internet Explorer Customization Wizard 11 lets you choose which parts of the setup processes and Internet Explorer 11 to change for your company, including:
- **Setup Customizations.** Lets you add custom components, decide which components to install, provide your download site information, and modify the Setup title bar and graphics.
diff --git a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
index f3224c2055..0aee908cd4 100644
--- a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the File Locations page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **File Locations** page of the Internet Explorer Customization Wizard 11 lets you change the location of your folders, including:
- Where you’ll create and store your custom installation package.
diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
index 38703f9131..616e3b9938 100644
--- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# File types used or created by IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
A list of the file types used or created by tools in IEAK 11:
|File type |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
index 507450938d..9d6fe74f8a 100644
--- a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **First Run Wizard and Welcome Page Options** page of the Internet Explorer Customization Wizard 11 lets you decide what your employee’s see the first time they log on to IE, based on their operating system.
- **Windows 8.1 Update and newer.** No longer includes a **Welcome** page, so if you pick the **Use Internet Explorer 11 Welcome Page** or the **Use a custom Welcome page** option, IEAK creates an initial **Home** page that loads before all other **Home** pages, as the first tab. This only applies to the Internet Explorer for the desktop.
diff --git a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
index 0864538448..e3d95badec 100644
--- a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Customize the Toolbar button and Favorites List icons using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Use these customization guidelines to change the browser toolbar button and the **Favorites List** icons, using your own branding and graphics.
**Important** Check your license agreement to make sure this customization is available.
diff --git a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
index 0ba0f580a8..2da43b7f38 100644
--- a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Hardware and software requirements for Internet Explorer 11 and the IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Before you can use the Internet Explorer Administration Kit 11 and the Internet Explorer Customization Wizard 11, you must first install Internet Explorer 11. For more info about installing IE11, see the [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md) page.
## Hardware requirements
diff --git a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
index 7d50512355..6c46e306f3 100644
--- a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the HideCustom .INS file to hide the GUID for each custom component
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about whether to hide the globally unique identifier (GUID) for each of your custom components.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
index 51dc959759..c9d24160a9 100644
--- a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
+++ b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Internet Explorer Setup command-line options and return codes
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
You can use command-line options along with a tool like IExpress to package your custom version of Internet Explorer and to perform a batch installation across your organization.
## IE Setup command-line options
diff --git a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
index b8c3d25c24..1d8b34786a 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
@@ -18,6 +18,9 @@ ms.date: 05/10/2018
# Internet Explorer Administration Kit (IEAK) information and downloads
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
>Applies to: Windows 10
The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment. To find more information on the IEAK, see [What IEAK can do for you](what-ieak-can-do-for-you.md).
diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
index f27ec8b5b9..0aa9964807 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Use the Internet Explorer Administration Kit 11 (IEAK 11) and the Internet Explorer Customization Wizard 11 to customize your browser install packages for deployment to your employee's devices.
## IE Customization Wizard 11 options
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index cd7c730569..57128dfefe 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# IExpress Wizard command-line options
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
**Applies to:**
- Windows Server 2008 R2 with SP1
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
index 35dc9f9cc5..fe4bb3a985 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# IExpress Wizard for Windows Server 2008 R2 with SP1
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Use the IExpress Wizard and its associated command-line options to create self-extracting files that automatically run your custom Internet Explorer Setup (.inf or .exe file) program that’s contained inside.
## IExpress Wizard location
diff --git a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
index 022767b179..b32b5bacab 100644
--- a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Important URLS – Home Page and Support** page of the Internet Explorer Customization Wizard 11 lets you choose one or more **Home** pages and an online support page for your customized version of IE.
**To use the Important URLS – Home Page and Support page**
diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md
index 29b8c0ceca..946a42e72a 100644
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ b/browsers/internet-explorer/ie11-ieak/index.md
@@ -14,6 +14,9 @@ manager: dansimp
# Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
Use this guide to learn about the several options and processes you'll need to consider while you're using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
diff --git a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
index 15db2bc20f..6936f198d0 100644
--- a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Internal Install page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Internal Install** page of the Internet Explorer Customization Wizard 11 lets you customize Setup for the default browser and the latest browser updates, based on your company’s guidelines.
**Note** The customizations made on this page only apply to Internet Explorer for the desktop on Windows 7.
diff --git a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
index b625916fd1..666c5f8b17 100644
--- a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the ISP_Security .INS file to add your root certificate
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about where you store the root certificate you’re adding to your custom package.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
index b2f66781b7..a343a30e51 100644
--- a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Language Selection page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Language Selection** page of the Internet Explorer Customization Wizard 11 lets you choose the language for your Internet Explorer Administration Kit 11 (IEAK 11) custom package. You can create custom Internet Explorer 11 packages in any of the languages your operating system version is available in.
**Important** Make sure that the language of your IEAK 11 installation matches the language of your custom IE11 package. If the languages don’t match, IEAK 11 won’t work properly.
diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
index ea1f1cb9e1..4c14f5ec98 100644
--- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 10/23/2018
# Determine the licensing version and features to use in IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11, referred to as the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (referred to as the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment.
During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
diff --git a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
index a441fe7be2..f628def610 100644
--- a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Media .INS file to specify your install media
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The types of media on which your custom install package is available.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
index ce2517bf60..ae7b3c6150 100644
--- a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Package Type Selection page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Package Type Selection** page of the Internet Explorer Customization Wizard 11 lets you pick which type of media you’ll use to distribute your custom installation package. You can pick more than one type, if you need it.
**Important** You can't create a full installation package for deployment to Windows 10 computers. That option only works for computers running Windows 7 or Windows 8.1.
diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
index 342ac46d58..67d9caac65 100644
--- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
@@ -15,6 +15,9 @@ ms.date: 07/27/2017
# Use the Platform Selection page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Platform Selection** page of the Internet Explorer Customization Wizard 11 lets you pick the operating system and architecture (32-bit or 64-bit) for the devices on which you’re going to install the custom installation package.
**To use the Platform Selection page**
diff --git a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
index 809110fc8b..4720c446af 100644
--- a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Before you install your package over your network using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Employees can install the custom browser package using a network server. However, you must either lower the intranet security level or make the server a trusted site.
**To lower your intranet security**
diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
index 8b46cc1615..acfbbc74ae 100644
--- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
@@ -15,6 +15,9 @@ ms.date: 07/27/2017
# Use the Programs page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Programs** page of the Internet Explorer Customization Wizard 11 lets you pick the default programs to use for Internet services, like email, contact lists, and newsgroups, by importing settings from your computer.
**Important** The customizations you make on this page only apply to Internet Explorer for the desktop.
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
index 06213a78ae..56a0823f9a 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use proxy auto-configuration (.pac) files with IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
These are various ways you can use a proxy auto-configuration (.pac) file to specify an automatic proxy URL. We've included some examples here to help guide you, but you'll need to change the proxy names, port numbers, and IP addresses to match your organization's info.
Included examples:
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
index 80e2e5d2c0..9def48f2d3 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Proxy .INS file to specify a proxy server
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about whether to use a proxy server. If yes, this also includes the host names for the proxy server.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
index a99dc70ae0..ba113af6cc 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Proxy Settings page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Proxy Settings** page of the Internet Explorer Customization Wizard 11 lets you pick the proxy servers used by your employees to connect for services required by the custom install package.
Using a proxy server lets you limit access to the Internet. You can also use the **Additional Settings** page of the wizard to further restrict your employees from changing the proxy settings.
diff --git a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
index c6fb131002..f3b4414183 100644
--- a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
@@ -15,6 +15,9 @@ ms.date: 07/27/2017
# Register an uninstall app for custom components using IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Register the uninstall apps for any custom components you’ve included in your Internet Explorer 11 package. Registering these apps lets your employees remove the components later, using **Uninstall or change a program** in the Control Panel.
## Register your uninstallation program
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
index 8bf7232c7c..340327e916 100644
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Using the Resultant Set of Policy (RSoP) snap-in to review policy settings
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](https://go.microsoft.com/fwlink/p/?LinkId=259479).
**To add the RSoP snap-in**
diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
index f66425a743..c092a2101b 100644
--- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Search Providers page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Search Providers** page of the Internet Explorer Customization Wizard 11 lets you add a default search provider (typically, Bing®) and additional providers to your custom version of IE.
**Note** The Internet Explorer Customization Wizard 11 offers improved and extended search settings. However, you can still optionally include support for Search Suggestions and Favicons, as well as Accelerator previews by using an .ins file from a previous version of IEAK.
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
index 71d99f8b9f..336ad87ef1 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Security features and IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Use Internet Explorer in conjunction with your new and existing security measures, to make sure the computers in your company aren’t compromised while on the Internet.
## Enhanced Protection Mode
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
index 16ffc69435..c78a131719 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Security and Privacy Settings page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
The **Security and Privacy Settings** page of the Internet Explorer Customization Wizard 11 lets you manage your security zones, privacy settings, and content ratings. These settings help restrict the types of content your employees can access from the Internet, including any content that might be considered offensive or otherwise inappropriate in a corporate setting.
**To use the Security and Privacy Settings page**
diff --git a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
index e65b0e2b77..b4fd0c45b2 100644
--- a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Use the Security Imports .INS file to import security info
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
Info about how to import security information from your local device to your custom package.
|Name |Value |Description |
diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
index 9ae559b4b4..e4fcd7c739 100644
--- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
@@ -16,6 +16,9 @@ ms.date: 07/27/2017
# Troubleshoot custom package and IEAK 11 problems
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
While the Internet Explorer Customization Wizard has been around for quite a while, there are still some known issues that you might encounter while deploying or managing your custom IE install package.
## I am unable to locate some of the wizard pages
diff --git a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
index 965fda174e..06a1d3c029 100644
--- a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
@@ -1,40 +1,44 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[URL\] .INS file setting to decide whether to use an auto-configured proxy server.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 05b09dfa-cf11-408d-92c2-b4ae434a59a7
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Use the URL .INS file to use an auto-configured proxy server (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the URL .INS file to use an auto-configured proxy server
-Info about whether to use an auto-configured proxy server. If yes, this also includes the URLs to the pages that appear when your employees first connect to that server.
-
-|Name |Value |Description |
-|-----|------|------------|
-|AutoConfig |
**0.** Don’t automatically configure the browser.
**1.** Automatically configure the browser.
|Determines whether to automatically configure the customized browser on your employee’s device. |
-|AutoConfigJSURL |`` |The URL for the proxy auto-config file (.js or .jvs) |
-|AutoConfigTime |*integer* |Automatically configures the browser on your employee’s device after its run for a specified length of time. |
-|AutoConfigURL |`` |The URL for the proxy auto-config (.pac) file. |
-|FirstHomePage |`` |The page (URL) that appears the first time the custom browser is opened on the employee’s device. |
-|Help_Page |`` |The URL to your internal technical support site. |
-|Home_Page |`` |The URL to your default **Home** page. |
-|NoWelcome |
**0.** Display the **Welcome** page.
**1.** Don’t display the **Welcome** page.
|Determines whether to show the **Welcome** page the first time the browser’s used on an employee’s device. |
-|Quick_Link_1 |`` |The URL to your first Quick Link. |
-|Quick_Link_1_Name |`` |The name of the site associated with Quick_Link_1. |
-|Quick_Link_2 |`` |The URL to your second Quick Link. |
-|Quick_Link_2_Name |`` |The name of the site associated with Quick_Link_2. |
-|Quick_Link_X |`` |The URL to another Quick Link. |
-|Quick_Link_X_Icon |`` |A Quick Links icon (.ico) file. |
-|Quick_Link_X_Name |`` |The name of the site associated with another Quick Link. |
-|Quick_Link_X_Offline |
**0.** Don’t make the Quick Links available offline.
**1.** Make the Quick Links available offline.
|Determines whether to make the Quick Links available for offline browsing. |
-|Search_Page |`` |The URL to the default search page. |
-|UseLocalIns |
**0.** Don’t use a local .ins file.
**1.** Use a local .ins file.
|Determines whether to use a local Internet Settings (.ins) file |
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: Use the \[URL\] .INS file setting to decide whether to use an auto-configured proxy server.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 05b09dfa-cf11-408d-92c2-b4ae434a59a7
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Use the URL .INS file to use an auto-configured proxy server (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Use the URL .INS file to use an auto-configured proxy server
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+Info about whether to use an auto-configured proxy server. If yes, this also includes the URLs to the pages that appear when your employees first connect to that server.
+
+|Name |Value |Description |
+|-----|------|------------|
+|AutoConfig |
**0.** Don’t automatically configure the browser.
**1.** Automatically configure the browser.
|Determines whether to automatically configure the customized browser on your employee’s device. |
+|AutoConfigJSURL |`` |The URL for the proxy auto-config file (.js or .jvs) |
+|AutoConfigTime |*integer* |Automatically configures the browser on your employee’s device after its run for a specified length of time. |
+|AutoConfigURL |`` |The URL for the proxy auto-config (.pac) file. |
+|FirstHomePage |`` |The page (URL) that appears the first time the custom browser is opened on the employee’s device. |
+|Help_Page |`` |The URL to your internal technical support site. |
+|Home_Page |`` |The URL to your default **Home** page. |
+|NoWelcome |
**0.** Display the **Welcome** page.
**1.** Don’t display the **Welcome** page.
|Determines whether to show the **Welcome** page the first time the browser’s used on an employee’s device. |
+|Quick_Link_1 |`` |The URL to your first Quick Link. |
+|Quick_Link_1_Name |`` |The name of the site associated with Quick_Link_1. |
+|Quick_Link_2 |`` |The URL to your second Quick Link. |
+|Quick_Link_2_Name |`` |The name of the site associated with Quick_Link_2. |
+|Quick_Link_X |`` |The URL to another Quick Link. |
+|Quick_Link_X_Icon |`` |A Quick Links icon (.ico) file. |
+|Quick_Link_X_Name |`` |The name of the site associated with another Quick Link. |
+|Quick_Link_X_Offline |
**0.** Don’t make the Quick Links available offline.
**1.** Make the Quick Links available offline.
|Determines whether to make the Quick Links available for offline browsing. |
+|Search_Page |`` |The URL to the default search page. |
+|UseLocalIns |
**0.** Don’t use a local .ins file.
**1.** Use a local .ins file.
|Determines whether to use a local Internet Settings (.ins) file |
+
diff --git a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
index ed8f2be8f1..364daedbbc 100644
--- a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
@@ -1,60 +1,64 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
-author: dansimp
-ms.prod: ie11
-ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the User Experience page in the IEAK 11 Wizard
-The **User Experience** page of the Internet Explorer Customization Wizard 11 lets you decide how much you want your employees to interact with the custom package’s Setup process.
-
-**Note** You’ll only see this page if you are running the **Internal** version of the Internet Explorer Customization Wizard 11.
The customizations you make on this page only apply to Internet Explorer for the desktop on Windows 7.
-
-**To use the User Experience page**
-
-1. Choose how your employee should interact with Setup, including:
-
- - **Interactive installation**. Lets your employees change installation options while installing your custom package. This experience shows all of the progress and error messages throughout the process.
-
- - **Hands-free installation**. Lets you make all of the decisions for your employees. However, they’ll still see all of the progress and error messages throughout the process.
-
- - **Completely silent installation**. Lets you make all of the decisions for your employees and hides all of the progress and error messages. Because this mode is completely silent, if the installation fails, your employees won’t know and they won’t be able to run the installation package again.
-
Both the hands-free and completely silent installation options will:
-
- - Answer prompts so Setup can continue.
-
- - Accept the license agreement.
-
- - Determine that Internet Explorer 11 is installed and not just downloaded.
-
- - Perform your specific installation type.
-
- - Install IE in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.
-
-2. Choose if your employee’s device will restart at the end of Setup.
-
- - **Default**. Prompts your employees to restart after installing IE.
-
- - **No restart**. Doesn’t restart the computer after installing IE. The employee will have to manually restart later.
-
- - **Force restart**. Automatically restarts the computer after installing IE.
-
-3. Click **Next** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page or **Back** to go to the [Internal Install](internal-install-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
+author: dansimp
+ms.prod: ie11
+ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Use the User Experience page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+The **User Experience** page of the Internet Explorer Customization Wizard 11 lets you decide how much you want your employees to interact with the custom package’s Setup process.
+
+**Note** You’ll only see this page if you are running the **Internal** version of the Internet Explorer Customization Wizard 11.
The customizations you make on this page only apply to Internet Explorer for the desktop on Windows 7.
+
+**To use the User Experience page**
+
+1. Choose how your employee should interact with Setup, including:
+
+ - **Interactive installation**. Lets your employees change installation options while installing your custom package. This experience shows all of the progress and error messages throughout the process.
+
+ - **Hands-free installation**. Lets you make all of the decisions for your employees. However, they’ll still see all of the progress and error messages throughout the process.
+
+ - **Completely silent installation**. Lets you make all of the decisions for your employees and hides all of the progress and error messages. Because this mode is completely silent, if the installation fails, your employees won’t know and they won’t be able to run the installation package again.
+
Both the hands-free and completely silent installation options will:
+
+ - Answer prompts so Setup can continue.
+
+ - Accept the license agreement.
+
+ - Determine that Internet Explorer 11 is installed and not just downloaded.
+
+ - Perform your specific installation type.
+
+ - Install IE in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.
+
+2. Choose if your employee’s device will restart at the end of Setup.
+
+ - **Default**. Prompts your employees to restart after installing IE.
+
+ - **No restart**. Doesn’t restart the computer after installing IE. The employee will have to manually restart later.
+
+ - **Force restart**. Automatically restarts the computer after installing IE.
+
+3. Click **Next** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page or **Back** to go to the [Internal Install](internal-install-ieak11-wizard.md) page.
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
index 3efd12ffa8..c9bb888bed 100644
--- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
+++ b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
@@ -1,37 +1,41 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using Internet Settings (.INS) files with IEAK 11
-Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file.
-
-Here's a list of the available .INS file settings:
-
-|Setting |Description |
-|-----------------------------------------|------------------------------------------------------------------------------|
-|[Branding](branding-ins-file-setting.md) |Customize the branding and setup information in your browser package. |
-|[BrowserToolbars](browsertoolbars-ins-file-setting.md) |Customize the appearance of the IE toolbar. |
-|[CabSigning](cabsigning-ins-file-setting.md) |Digital signature information for your programs. |
-|[ConnectionSettings](connectionsettings-ins-file-setting.md) |Info about the networking connection settings used to install your custom package. |
-|[CustomBranding](custombranding-ins-file-setting.md) |URL location to your branding cabinet (.cab) file. |
-|[ExtRegInf](extreginf-ins-file-setting.md) |Names of your Setup information (.inf) files and the installation mode for components. |
-|[FavoritesEx](favoritesex-ins-file-setting.md) |Add a path to your icon file for **Favorites**, decide whether **Favorites** are available offline, and add URLs to each**Favorites** site. |
-|[HideCustom](hidecustom-ins-file-setting.md) |Whether to hide the globally unique identifier (GUID) for each custom component. |
-|[ISP_Security](isp-security-ins-file-setting.md) |The root certificate you’re adding to your custom package. |
-|[Media](media-ins-file-setting.md) |Types of media in which your custom installation package is available. |
-|[Proxy](proxy-ins-file-setting.md) |Whether to use a proxy server. |
-|[Security Imports](security-imports-ins-file-setting.md) |Whether to import security information for your custom package. |
-|[URL](url-ins-file-setting.md) |Whether to use an auto-configured proxy server. |
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
+author: dansimp
+ms.prod: ie11
+ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Using Internet Settings (.INS) files with IEAK 11
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file.
+
+Here's a list of the available .INS file settings:
+
+|Setting |Description |
+|-----------------------------------------|------------------------------------------------------------------------------|
+|[Branding](branding-ins-file-setting.md) |Customize the branding and setup information in your browser package. |
+|[BrowserToolbars](browsertoolbars-ins-file-setting.md) |Customize the appearance of the IE toolbar. |
+|[CabSigning](cabsigning-ins-file-setting.md) |Digital signature information for your programs. |
+|[ConnectionSettings](connectionsettings-ins-file-setting.md) |Info about the networking connection settings used to install your custom package. |
+|[CustomBranding](custombranding-ins-file-setting.md) |URL location to your branding cabinet (.cab) file. |
+|[ExtRegInf](extreginf-ins-file-setting.md) |Names of your Setup information (.inf) files and the installation mode for components. |
+|[FavoritesEx](favoritesex-ins-file-setting.md) |Add a path to your icon file for **Favorites**, decide whether **Favorites** are available offline, and add URLs to each**Favorites** site. |
+|[HideCustom](hidecustom-ins-file-setting.md) |Whether to hide the globally unique identifier (GUID) for each custom component. |
+|[ISP_Security](isp-security-ins-file-setting.md) |The root certificate you’re adding to your custom package. |
+|[Media](media-ins-file-setting.md) |Types of media in which your custom installation package is available. |
+|[Proxy](proxy-ins-file-setting.md) |Whether to use a proxy server. |
+|[Security Imports](security-imports-ins-file-setting.md) |Whether to import security information for your custom package. |
+|[URL](url-ins-file-setting.md) |Whether to use an auto-configured proxy server. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
index 06b86bce15..d62e11e507 100644
--- a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
+++ b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
@@ -1,68 +1,72 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-ms.pagetype: security
-description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-author: dansimp
-ms.author: dansimp
-ms.manager: elizapo
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
manager: dansimp
-title: What IEAK can do for you
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-# What IEAK can do for you
-
-Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-
-IEAK 10 and newer includes the ability to install using one of the following installation modes:
-
-- Internal
-
-- External
-
-## IEAK 11 users
-Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-
-IEAK 10 and newer includes the ability to install using one of the following installation modes:
-- Internal
-- External
-
-> [!NOTE]
-> IEAK 11 works in network environments, with or without Microsoft Active Directory service.
-
-
-### Corporations
-IEAK helps corporate administrators establish version control, centrally distribute and manage browser installation, configure automatic connection profiles, and customize large portions of Internet Explorer, including features, security, communications settings, and other important functionality.
-
-Corporate administrators install IEAK using Internal mode (for Internet Explorer 10 or newer) or Corporate mode (for Internet Explorer 9 or older).
-
-### Internet service providers
-IEAK helps ISPs customize, deploy and distribute, add third-party add-ons, search providers, and custom components, as well as include web slices and accelerators all as part of a custom Internet Explorer installation package.
-
-ISPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Service Provider (ISP) mode (for Internet Explorer 9 or older).
-
-### Internet content providers
-IEAK helps ICPs customize the appearance of Internet Explorer and its Setup program, including letting you add your company name or specific wording to the Title bar, set up a customer support webpage, set up the user home page and search providers, add links to the Favorites and the Explorer bars, add optional components, web slices and accelerators, and determine which compatibility mode Internet Explorer should use.
-
-ICPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older)
-
-### Independent software vendors
-IEAK helps ISVs distribute (and redistribute) a custom version of Internet Explorer that can include custom components, programs, and controls (like the web browser control) that you create for your users. ISVs can also determine home pages, search providers, and add websites to the Favorites bar.
-
-ISVs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older).
-
-## Additional resources
-
-- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.md)
-- [Download IEAK 11](ieak-information-and-downloads.md)
-- [IEAK 11 overview](index.md)
-- [IEAK 11 administrators guide](https://docs.microsoft.com/internet-explorer/ie11-ieak/index)
-- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
-- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: support
+ms.pagetype: security
+description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
+author: dansimp
+ms.author: dansimp
+ms.manager: elizapo
+ms.prod: ie11
+ms.assetid:
+ms.reviewer:
+audience: itpro
+manager: dansimp
+title: What IEAK can do for you
+ms.sitesec: library
+ms.date: 05/10/2018
+---
+
+# What IEAK can do for you
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+
+Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
+
+IEAK 10 and newer includes the ability to install using one of the following installation modes:
+
+- Internal
+
+- External
+
+## IEAK 11 users
+Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
+
+IEAK 10 and newer includes the ability to install using one of the following installation modes:
+- Internal
+- External
+
+> [!NOTE]
+> IEAK 11 works in network environments, with or without Microsoft Active Directory service.
+
+
+### Corporations
+IEAK helps corporate administrators establish version control, centrally distribute and manage browser installation, configure automatic connection profiles, and customize large portions of Internet Explorer, including features, security, communications settings, and other important functionality.
+
+Corporate administrators install IEAK using Internal mode (for Internet Explorer 10 or newer) or Corporate mode (for Internet Explorer 9 or older).
+
+### Internet service providers
+IEAK helps ISPs customize, deploy and distribute, add third-party add-ons, search providers, and custom components, as well as include web slices and accelerators all as part of a custom Internet Explorer installation package.
+
+ISPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Service Provider (ISP) mode (for Internet Explorer 9 or older).
+
+### Internet content providers
+IEAK helps ICPs customize the appearance of Internet Explorer and its Setup program, including letting you add your company name or specific wording to the Title bar, set up a customer support webpage, set up the user home page and search providers, add links to the Favorites and the Explorer bars, add optional components, web slices and accelerators, and determine which compatibility mode Internet Explorer should use.
+
+ICPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older)
+
+### Independent software vendors
+IEAK helps ISVs distribute (and redistribute) a custom version of Internet Explorer that can include custom components, programs, and controls (like the web browser control) that you create for your users. ISVs can also determine home pages, search providers, and add websites to the Favorites bar.
+
+ISVs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older).
+
+## Additional resources
+
+- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.md)
+- [Download IEAK 11](ieak-information-and-downloads.md)
+- [IEAK 11 overview](index.md)
+- [IEAK 11 administrators guide](https://docs.microsoft.com/internet-explorer/ie11-ieak/index)
+- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
+- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
+- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
diff --git a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
index e81b0eedea..03de7ed423 100644
--- a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
@@ -1,31 +1,35 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.author: dansimp
-title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard
-The **Wizard Complete – Next Steps** page of the Internet Explorer Customization Wizard 11 lets you build your custom installation package, after you click **Finish**.
-
-In most cases, your next steps will be to prepare your files for installation from your network or from another distribution method. If you haven’t already done it, you’ll need to digitally sign any program or .cab files that are going to be distributed over the Internet or over an intranet that isn’t configured to allow downloads.
-
-After that, the steps you’ll use to distribute your customized browser will vary, depending on your version of IEAK (Internal or External) and the media you’re using to distribute the package. For more information, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
-
-
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
+author: dansimp
+ms.prod: ie11
+ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+
+The **Wizard Complete – Next Steps** page of the Internet Explorer Customization Wizard 11 lets you build your custom installation package, after you click **Finish**.
+
+In most cases, your next steps will be to prepare your files for installation from your network or from another distribution method. If you haven’t already done it, you’ll need to digitally sign any program or .cab files that are going to be distributed over the Internet or over an intranet that isn’t configured to allow downloads.
+
+After that, the steps you’ll use to distribute your customized browser will vary, depending on your version of IEAK (Internal or External) and the media you’re using to distribute the package. For more information, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
new file mode 100644
index 0000000000..96a04e5f70
--- /dev/null
+++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
@@ -0,0 +1,13 @@
+---
+author: pamgreen-msft
+ms.author: pamgreen
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: pamgreen
+ms.prod: ie11
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> Microsoft 365 apps and services will not support Internet Explorer 11 starting August 17, 2021 (Microsoft Teams will not support Internet Explorer 11 earlier, starting November 30, 2020). [Learn more](https://aka.ms/AA97tsw). Please note that Internet Explorer 11 will remain a supported browser. Internet Explorer 11 is a component of the Windows operating system and [follows the Lifecycle Policy](https://docs.microsoft.com/lifecycle/faq/internet-explorer-microsoft-edge) for the product on which it is installed.
\ No newline at end of file
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 4c11b5c85e..7a2759960e 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -1,69 +1,174 @@
-### YamlMime:YamlDocument
+### YamlMime:Landing
-documentType: LandingData
-title: Internet Explorer 11
+title: Internet Explorer 11 documentation
+summary: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
metadata:
- document_id:
- title: Internet Explorer 11
- description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
- keywords: Internet Explorer 11. IE11
- ms.localizationpriority: medium
- author: lizap
+ title: Internet Explorer 11 documentation
+ description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
+ ms.topic: landing-page
+ author: lizap
ms.author: elizapo
- manager: dougkim
- ms.topic: article
- ms.devlang: na
+ ms.date: 07/06/2020
-sections:
-- items:
- - type: markdown
- text: "
- Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
- "
-- title: Explore
-- items:
- - type: markdown
- text: "
- Find tools, step-by-step guides, updates, and other resources to help you get started.
-
- "
-- title: Plan
-- items:
- - type: markdown
- text: "
- Find information and tips to help you assess compatibility and prioritize processes as you plan for Internet Explorer 11.
-
- "
-- title: Deploy
-- items:
- - type: markdown
- text: "
- Find the resources you need to successfully deploy Internet Explorer 11 in your organization.
-
- "
-- title: Manage
-- items:
- - type: markdown
- text: "
- Find everything you need to manage Internet Explorer 11 effectively in your organization. Get information on Group Policy, blocked out-of-date ActiveX controls, scripts, and more.
-
- "
-- title: Support
-- items:
- - type: markdown
- text: "
- Get help from product specialists and community experts, and find solutions to commonly encountered issues.
-
**Sign up for the Windows IT Pro Insider** Get the latest tools, tips, and expert guidance on deployment, management, security, and more. Learn more
**Microsoft Edge Dev blog** Keep up with the latest browser trends, security tips, and news for IT professionals. Read the blog
**Microsoft Edge Dev on Twitter** Get the latest news and updates from the Microsoft Web Platform team. Visit Twitter
-
- "
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+ # Card
+ - title: Explore
+ linkLists:
+ - linkListType: get-started
+ links:
+ - text: IE11 features and tools
+ url: /internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11
+ - text: System requirements and language support
+ url: /internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11
+ - text: Frequently asked questions
+ url: /internet-explorer/ie11-faq/faq-for-it-pros-ie11
+ - text: Internet Explorer 11 deployment guide
+ url: /internet-explorer/ie11-deploy-guide/
+ - text: Use Enterprise Mode to improve compatibility
+ url: /microsoft-edge/deploy/emie-to-improve-compatibility
+ - text: Lifecycle FAQ - Internet Explorer
+ url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer
+ - linkListType: download
+ links:
+ - text: Download IE11 with Windows 10
+ url: https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise
+ - text: Enterprise Mode Site List Manager (schema, v.2)
+ url: https://www.microsoft.com/download/details.aspx?id=49974
+ - text: Cumulative security updates for Internet Explorer 11
+ url: https://www.catalog.update.microsoft.com/Search.aspx?q=cumulative%20security%20update%20for%20internet%20explorer%2011
+ - linkListType: learn
+ links:
+ - text: Getting started with Windows 10 for IT professionals
+ url: https://mva.microsoft.com/training-courses/getting-started-with-windows-10-for-it-professionals-10629?l=fCowqpy8_5905094681
+ - text: 'Windows 10: Top Features for IT Pros'
+ url: https://mva.microsoft.com/training-courses/windows-10-top-features-for-it-pros-16319?l=xBnT2ihhC_7306218965
+ - text: Manage and modernize Internet Explorer with Enterprise Mode
+ url: https://channel9.msdn.com/events/teched/newzealand/2014/pcit307
+ - text: 'Virtual Lab: Enterprise Mode'
+ url: https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02
+
+ # Card
+ - title: Plan
+ linkLists:
+ - linkListType: get-started
+ links:
+ - text: What is Enterprise Mode?
+ url: /internet-explorer/ie11-deploy-guide/what-is-enterprise-mode
+ - text: Tips and tricks to manage Internet Explorer compatibility
+ url: /internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility
+ - text: Download the Enterprise Site Discovery Toolkit
+ url: https://www.microsoft.com/download/details.aspx?id=44570
+ - text: Collect data using Enterprise Site Discovery
+ url: /internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery
+ - text: Manage Windows upgrades with Upgrade Readiness
+ url: /windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness
+ - text: 'Demo: Plan and manage Windows 10 upgrades and feature updates with'
+ url: https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Windows-Analytics-Plan-and-manage-Windows-10-upgrades-and/td-p/98639
+ - linkListType: how-to-guide
+ links:
+ - text: Turn on Enterprise Mode and use a site list
+ url: /internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list
+ - text: Add sites to the Enterprise Mode site list
+ url: /internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool
+ - text: Edit the Enterprise Mode site list
+ url: /internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager
+ - text: Turn on local control and logging for Enterprise Mode
+ url: /internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode
+
+ # Card
+ - title: Deploy
+ linkLists:
+ - linkListType: get-started
+ links:
+ - text: IEAK 11 user's guide
+ url: /internet-explorer/ie11-ieak/
+ - text: Download IEAK 11
+ url: /internet-explorer/ie11-ieak/ieak-information-and-downloads
+ - text: Frequently asked questions about IEAK 11
+ url: /internet-explorer/ie11-faq/faq-ieak11
+ - text: Customization and distribution guidelines
+ url: /internet-explorer/ie11-ieak/licensing-version-and-features-ieak11#customization-guidelines
+ - linkListType: deploy
+ links:
+ - text: Install Internet Explorer 11 through automatic updates (recommended)
+ url: /internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates
+ - text: Install Internet Explorer 11 as part of an operating system deployment
+ url: /internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems
+ - text: Install Internet Explorer 11 over the network
+ url: /internet-explorer/ie11-deploy-guide/install-ie11-using-the-network
+ - text: Install Internet Explorer 11 with System Center 2012 R2 Configuration Manager
+ url: /internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager
+ - text: Install Internet Explorer 11 with Windows Server Update Services (WSUS)
+ url: /internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus
+ - text: Install Internet Explorer 11 with Microsoft Intune
+ url: /internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune
+ - text: Install Internet Explorer 11 with third-party tools
+ url: /internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools
+
+ # Card
+ - title: Manage
+ linkLists:
+ - linkListType: tutorial
+ links:
+ - text: Group Policy for beginners
+ url: /previous-versions/windows/it-pro/windows-7/hh147307(v=ws.10)
+ - text: New Group Policy settings for IE11
+ url: /internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11
+ - text: Administrative templates for IE11
+ url: https://www.microsoft.com/download/details.aspx?id=40905
+ - text: Group Policy preferences for IE11
+ url: /internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11
+ - text: Configure Group Policy preferences
+ url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2
+ - text: Blocked out-of-date ActiveX controls
+ url: /internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls
+ - text: Out-of-date ActiveX control blocking
+ url: /internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking
+ - text: Update to block out-of-date ActiveX controls in Internet Explorer
+ url: https://support.microsoft.com/help/2991000/update-to-block-out-of-date-activex-controls-in-internet-explorer
+ - text: Script to join user to AD with automatic Local user Profile Migration
+ url: https://gallery.technet.microsoft.com/scriptcenter/script-to-join-active-7b16d9d3
+ - text: Scripts for IT professionals
+ url: https://gallery.technet.microsoft.com/scriptcenter/site/search?query=Microsoft%20Edge%20or%20Internet
+
+ # Card
+ - title: Support
+ linkLists:
+ - linkListType: get-started
+ links:
+ - text: Change or reset Internet Explorer settings
+ url: https://support.microsoft.com/help/17441/windows-internet-explorer-change-reset-settings
+ - text: Troubleshoot problems with setup, installation, auto configuration, and more
+ url: /internet-explorer/ie11-deploy-guide/troubleshoot-ie11
+ - text: Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone
+ url: https://support.microsoft.com/help/4012494/option-to-disable-vbscript-execution-in-internet-explorer-for-internet
+ - text: Frequently asked questions about IEAK 11
+ url: /internet-explorer/ie11-faq/faq-ieak11
+ - text: Internet Explorer 8, 9, 10, 11 forum
+ url: https://social.technet.microsoft.com/forums/ie/home?forum=ieitprocurrentver
+ - text: Contact a Microsoft support professional
+ url: https://support.microsoft.com/contactus
+ - text: Support options for Microsoft Partners
+ url: https://mspartner.microsoft.com/Pages/Support/get-support.aspx
+ - text: Microsoft Services Premier Support
+ url: https://www.microsoft.com/en-us/microsoftservices/support.aspx
+ - text: Microsoft Small Business Support Center
+ url: https://smallbusiness.support.microsoft.com/product/internet-explorer
+ - text: General support
+ url: https://support.microsoft.com/products/internet-explorer
+
+ # Card
+ - title: Stay informed
+ linkLists:
+ - linkListType: get-started
+ links:
+ - text: Sign up for the Windows IT Pro Insider
+ url: https://aka.ms/windows-it-pro-insider
+ - text: Microsoft Edge Dev blog
+ url: https://blogs.windows.com/msedgedev
+ - text: Microsoft Edge Dev on Twitter
+ url: https://twitter.com/MSEdgeDev
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
index 4f53494c32..5228341de6 100644
--- a/devices/hololens/docfx.json
+++ b/devices/hololens/docfx.json
@@ -48,9 +48,7 @@
}
},
"fileMetadata": {},
- "template": [
- null
- ],
+ "template": [],
"dest": "devices/hololens",
"markdownEngineName": "markdig"
},
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index 69d4efc9c1..1bfa750d6f 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -145,8 +145,8 @@ To set up a test account through Windows Configuration Designer, follow these st
- username@tenant.com
4. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
- 1. In **LaunchURI**, enter the assessment URL.
- 2. In **TesterAccount**, enter the test account you entered in step 3.
+ - In **LaunchURI**, enter the assessment URL.
+ - In **TesterAccount**, enter the test account you entered in step 3.
3. Follow the steps to [build a package](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package#build-package).
@@ -166,9 +166,9 @@ This sample PowerShell script configures the tester account and the assessment U
- Use your tester account for **-UserName**
>[!NOTE]
->The account that you specify for the tester account must already exist on the device.
+>The account that you specify for the tester account must already exist on the device. For steps to create the tester account, see [Set up a dedicated test account](https://docs.microsoft.com/education/windows/take-a-test-single-pc#set-up-a-dedicated-test-account).
-```
+```powershell
$obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'";
$obj.LaunchURI='https://www.foo.com';
$obj.TesterAccount='TestAccount';
@@ -232,7 +232,7 @@ One of the ways you can present content in a locked down manner is by embedding
1. Embed a link or create a desktop shortcut with:
- ```
+ ```http
ms-edu-secureassessment:#enforceLockdown
```
diff --git a/mdop/docfx.json b/mdop/docfx.json
index e6f79ff24a..abcead924c 100644
--- a/mdop/docfx.json
+++ b/mdop/docfx.json
@@ -34,7 +34,7 @@
"ms.topic": "article",
"ms.date": "04/05/2017",
"feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+ "feedback_github_repo": "https://github.com/MicrosoftDocs/mdop-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index 1ef657304d..8e37f9eb2f 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -1,6 +1,6 @@
---
title: How to Add or Remove an Administrator by Using the Management Console (Windows 10)
-description: How to add or remove an administrator by using the Management Console
+description: Add or remove an administrator on the Microsoft Application Virtualization (App-V) server by using the Management Console.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index ce050e817b..c26f77e8e4 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -1,6 +1,6 @@
---
title: How to Add or Upgrade Packages by Using the Management Console (Windows 10)
-description: How to add or upgrade packages by using the Management Console
+description: Add or remove an administrator on the Microsoft Application Virtualization (App-V) server by using the Management Console.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index ea02c9ad1f..58a0c8b25d 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -1,6 +1,6 @@
---
title: Administering App-V by using Windows PowerShell (Windows 10)
-description: Administering App-V by Using Windows PowerShell
+description: Administer App-V by using Windows PowerShell and learn where to find more information about PowerShell for App-V.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index a913ce8a38..88430660e3 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -1,6 +1,6 @@
---
title: Application Publishing and Client Interaction (Windows 10)
-description: Application publishing and client interaction.
+description: Learn technical information about common App-V Client operations and their integration with the local operating system.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md
index 6bb52f7eb3..8c4f4b2b2d 100644
--- a/windows/application-management/app-v/appv-available-mdm-settings.md
+++ b/windows/application-management/app-v/appv-available-mdm-settings.md
@@ -1,6 +1,6 @@
---
title: Available Mobile Device Management (MDM) settings for App-V (Windows 10)
-description: A list of the available MDM settings for App-V on Windows 10.
+description: Learn the available Mobile Device Management (MDM) settings you can use to configure App-V on Windows 10.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index 099bcdf1c4..d3c80a88c9 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -1,6 +1,6 @@
---
title: App-V Capacity Planning (Windows 10)
-description: App-V Capacity Planning
+description: Use these recommendations as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index 693a058d7e..f641b232d6 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -1,6 +1,6 @@
---
title: About Client Configuration Settings (Windows 10)
-description: About Client Configuration Settings
+description: Learn about the App-V client configuration settings and how to use Windows PowerShell to modify the client configuration settings.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index ae887fc389..52632f558e 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -1,6 +1,6 @@
---
title: How to make a connection group ignore the package version (Windows 10)
-description: How to make a connection group ignore the package version.
+description: Learn how to make a connection group ignore the package version with the App-V Server Management Console.
author: dansimp
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index f878e5f7a4..009019e015 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -1,6 +1,6 @@
---
title: How to connect to the Management Console (Windows 10)
-description: How to Connect to the App-V Management Console.
+description: In this article, learn the procedure for connecting to the App-V Management Console through your web browser.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index ed2d425dc4..a16ae77ec8 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -1,6 +1,6 @@
---
title: About the connection group virtual environment (Windows 10)
-description: Overview of how the connection group virtual environment works.
+description: Learn how the connection group virtual environment works and how package priority is determined.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 794615f010..60c1c72c77 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -1,6 +1,6 @@
---
title: How to convert a package created in a previous version of App-V (Windows 10)
-description: How to convert a package created in a previous version of App-V.
+description: Use the package converter utility to convert a virtual application package created in a previous version of App-V.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 9f08b25b41..829708fe4f 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -1,6 +1,6 @@
---
title: How to create a connection group (Windows 10)
-description: How to create a connection group with the App-V Management Console.
+description: Learn how to create a connection group with the App-V Management Console and where to find information about managing connection groups.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index fb72cbc762..600df5f713 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -1,6 +1,6 @@
---
title: How to create a package accelerator by using Windows PowerShell (Windows 10)
-description: How to create a package accelerator with Windows PowerShell.
+description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index 29d79221c5..b7ee707a61 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -1,6 +1,6 @@
---
title: Creating and managing App-V virtualized applications (Windows 10)
-description: Creating and managing App-V virtualized applications
+description: Create and manage App-V virtualized applications to monitor and record the installation process for an application to be run as a virtualized application.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 9747e3066d..20c62b4398 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -1,6 +1,6 @@
---
title: How to delete a connection group (Windows 10)
-description: How to delete a connection group.
+description: Learn how to delete an existing App-V connection group in the App-V Management Console and where to find information about managing connection groups.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index 3b5027c30b..16a77e0287 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -1,6 +1,6 @@
---
title: How to delete a package in the Management Console (Windows 10)
-description: How to delete a package in the Management Console.
+description: Learn how to delete a package in the App-V Management Console and where to find information about operations for App-V.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index e866c21b92..4717b5e4ef 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -1,6 +1,6 @@
---
title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
-description: These instructions can be used to deploy App-V databases by using SQL scripts.
+description: Learn how to use SQL scripts to install the App-V databases and upgrade the App-V databases to a later version.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 0c013faf96..3c47fd5076 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -1,6 +1,6 @@
---
title: How to deploy App-V packages using electronic software distribution (Windows 10)
-description: How to deploy App-V packages using electronic software distribution.
+description: Learn how use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 728f4943a1..07407291fe 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -1,6 +1,6 @@
---
title: How to Deploy the App-V Server Using a Script (Windows 10)
-description: Information, lists, and tables that can help you deploy the App-V server using a script
+description: 'Learn how to deploy the App-V server by using a script (appv_server_setup.exe) from the command line.'
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 837d0e6a32..9284a9bfc6 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -1,6 +1,6 @@
---
title: How to Deploy the App-V Server (Windows 10)
-description: Use these instructions to deploy the App-V Server in App-V for Windows 10.
+description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index b125e5282e..736d772dfc 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -1,6 +1,6 @@
---
title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
-description: See the methods for creating Microsoft Office 2010 packages by Using App-V.
+description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index 4379625ee0..fee5c296a1 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -1,6 +1,6 @@
---
title: Deploying Microsoft Office 2013 by Using App-V (Windows 10)
-description: Deploying Microsoft Office 2013 by Using App-V
+description: Use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 4edf732dd1..8cb954168b 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -1,6 +1,6 @@
---
title: Deploying the App-V Sequencer and configuring the client (Windows 10)
-description: Deploying the App-V Sequencer and configuring the client
+description: Learn how to deploy the App-V Sequencer and configure the client by using the ADMX template and Group Policy.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 576764fb91..97f97275be 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -1,6 +1,6 @@
---
title: Deploying the App-V Server (Windows 10)
-description: Deploying the App-V Server in App-V for Windows 10
+description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10 by using different deployment configurations described in this article.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index bb97e27472..d09d0141d8 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -1,6 +1,6 @@
---
title: App-V Deployment Checklist (Windows 10)
-description: App-V Deployment Checklist
+description: Use the App-V deployment checklist to understand the recommended steps and items to consider when deploying App-V features.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 13a82055b6..196cb62ece 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -1,6 +1,6 @@
---
title: About App-V Dynamic Configuration (Windows 10)
-description: About App-V Dynamic Configuration
+description: Learn how to create or edit an existing Application Virtualization (App-V) dynamic configuration file.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 656f0264ce..601bfd8297 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -1,6 +1,6 @@
---
title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10)
-description: How to Enable Only Administrators to Publish Packages by Using an ESD
+description: Learn how to enable only administrators to publish packages by bsing an electronic software delivery (ESD).
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index d9644226fb..c7985565d4 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -1,6 +1,6 @@
---
title: Enable the App-V in-box client (Windows 10)
-description: How to enable the App-V in-box client installed with Windows 10.
+description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 2e1556cb8a..03f116312a 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -1,6 +1,6 @@
---
title: Getting Started with App-V (Windows 10)
-description: Get started with Microsoft Application Virtualization (App-V) for Windows 10.
+description: Get started with Microsoft Application Virtualization (App-V) for Windows 10. App-V for Windows 10 delivers Win32 applications to users as virtual applications.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index ab25607096..941e4f58e7 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,6 +1,6 @@
---
title: High-level architecture for App-V (Windows 10)
-description: High-level Architecture for App-V.
+description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index 93180520e7..7a13e789c6 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -1,6 +1,6 @@
---
title: Install the App-V Sequencer (Windows 10)
-description: Install the App-V Sequencer
+description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 5a94cbc421..9b5aa14320 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -1,6 +1,6 @@
---
title: Managing Connection Groups (Windows 10)
-description: Managing Connection Groups
+description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index dff030f470..a3600bfa4c 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -1,6 +1,6 @@
---
title: Migrating to App-V from a Previous Version (Windows 10)
-description: Migrating to App-V for Windows 10 from a previous version
+description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10 from a previous version.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index e2cb4eca48..c065c9a2a5 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -1,6 +1,6 @@
---
title: How to Modify an Existing Virtual Application Package (Windows 10)
-description: How to Modify an Existing Virtual Application Package
+description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 7fe2f3896f..816015f740 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -1,6 +1,6 @@
---
title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
-description: How to Modify Client Configuration by Using Windows PowerShell
+description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 5305207fe6..e34dd4f7dc 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -1,6 +1,6 @@
---
title: How to Move the App-V Server to Another Computer (Windows 10)
-description: How to Move the App-V Server to Another Computer
+description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index c45c9ab9cf..b68da536ab 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -1,6 +1,6 @@
---
title: Operations for App-V (Windows 10)
-description: Operations for App-V
+description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 65ccf02292..ea4f11a42b 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -1,6 +1,6 @@
---
title: Performance Guidance for Application Virtualization (Windows 10)
-description: Performance Guidance for Application Virtualization
+description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index edaf668a89..4c098ba090 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -1,6 +1,6 @@
---
title: App-V Planning Checklist (Windows 10)
-description: App-V Planning Checklist
+description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index c9c570009a..2a6724419a 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -1,6 +1,6 @@
---
title: Planning to Use Folder Redirection with App-V (Windows 10)
-description: Planning to Use Folder Redirection with App-V
+description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index eaf7729f22..8aa07c226e 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -1,6 +1,6 @@
---
title: Planning for the App-V Server Deployment (Windows 10)
-description: Planning for the App-V 5.1 Server Deployment
+description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index d54d848a2c..0ebf3ccaf3 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -1,6 +1,6 @@
---
title: Planning for App-V (Windows 10)
-description: Planning for App-V
+description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index af66e545e4..29d772054e 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -1,6 +1,6 @@
---
title: Planning for High Availability with App-V Server
-description: Planning for High Availability with App-V Server
+description: Learn what you need to know so you can plan for high availability with Application Virtualization (App-V) server.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
@@ -18,7 +18,7 @@ ms.topic: article
Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high available service level.
-The following sections will he following sections to help you understand the options to deploy App-V in a highly available configuration.
+The following sections will help you understand the options to deploy App-V in a highly available configuration.
## Support for Microsoft SQL Server clustering
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 4fa3630f7f..0f797ad9d7 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -1,6 +1,6 @@
---
title: Planning for the App-V Sequencer and Client Deployment (Windows 10)
-description: Planning for the App-V Sequencer and Client Deployment
+description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index da919b1dbf..91ade82d46 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -1,6 +1,6 @@
---
title: Planning for Deploying App-V with Office (Windows 10)
-description: Planning for Using App-V with Office
+description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index ee9e0b73a9..be621c72e2 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -1,6 +1,6 @@
---
title: Planning to Deploy App-V (Windows 10)
-description: Planning to Deploy App-V
+description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index bc458a3f94..652eabd063 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -1,6 +1,6 @@
---
title: App-V Prerequisites (Windows 10)
-description: App-V Prerequisites
+description: Learn about the prerequisites you need before you begin installing Application Virtualization (App-V).
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index 41d35e29a0..e48f4c43c6 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -1,6 +1,6 @@
---
title: How to Publish a Connection Group (Windows 10)
-description: How to Publish a Connection Group
+description: Learn how to publish a connection group to computers that run the Application Virtualization (App-V) client.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index 57a4526ecf..41c995543f 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -1,6 +1,6 @@
---
title: About App-V Reporting (Windows 10)
-description: About App-V Reporting
+description: Learn how the App-V reporting feature collects information about computers running the App-V client and virtual application package usage.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index ab6c1c4c32..d2dd484a97 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -1,6 +1,6 @@
---
title: App-V Security Considerations (Windows 10)
-description: App-V Security Considerations
+description: Learn about accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index c3e16261db..2eb919d9b5 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -1,6 +1,6 @@
---
title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
-description: How to manually sequence a new app using the App-V Sequencer
+description: Learn how to manually sequence a new app by using the App-V Sequencer that's included with the Windows ADK.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 349ead11a5..2a353b9121 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -1,6 +1,6 @@
---
title: How to sequence a package by using Windows PowerShell (Windows 10)
-description: How to sequence a package by using Windows PowerShell
+description: Learn how to sequence a new Microsoft Application Virtualization (App-V) package by using Windows PowerShell.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index e0f6e0f48d..8cd6653c77 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -1,6 +1,6 @@
---
title: Technical Reference for App-V (Windows 10)
-description: Technical Reference for App-V
+description: Learn strategy and context for a number of performance optimization practices in this techincal reference for Application Virtualization (App-V).
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index fd794d1044..29240949b5 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -1,6 +1,6 @@
---
title: Troubleshooting App-V (Windows 10)
-description: Troubleshooting App-V
+description: Learn how to find information about troubleshooting Application Virtualization (App-V) and information about other App-V topics.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index 4aedf60d24..8660d86846 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -1,6 +1,6 @@
---
title: Upgrading to App-V for Windows 10 from an existing installation (Windows 10)
-description: Upgrading to App-V for Windows 10 from an existing installation
+description: Learn about upgrading to Application Virtualization (App-V) for Windows 10 from an existing installation.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index b6691c2fc5..7dc0a15d0a 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -1,6 +1,6 @@
---
title: Using the App-V Client Management Console (Windows 10)
-description: Using the App-V Client Management Console
+description: Learn how to use the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index eac57684c6..acbd96ca6e 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -1,6 +1,6 @@
---
title: Viewing App-V Server Publishing Metadata (Windows 10)
-description: Viewing App-V Server Publishing Metadata
+description: Use this procedure to view App-V Server publishing metadata, which can help you resolve publishing-related issues.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index c27ad32063..9d150d9583 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -51,13 +51,13 @@ Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, a
| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes |
-| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | |
| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No |
@@ -77,10 +77,10 @@ Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, a
| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No |
| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | No |
diff --git a/windows/application-management/index.md b/windows/application-management/index.md
index fef303c216..f9a00fdc84 100644
--- a/windows/application-management/index.md
+++ b/windows/application-management/index.md
@@ -1,6 +1,6 @@
---
title: Windows 10 application management
-description: Windows 10 application management
+description: Learn about managing applications in Windows 10 and Windows 10 Mobile clients, including how to remove background task resource restrictions.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 082fa016f4..4414bb6e96 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -1,8 +1,8 @@
---
title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10)
+description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
ms.reviewer:
manager: dansimp
-description: Learn how to enable or block Windows Mixed Reality apps.
keyboards: ["mr", "mr portal", "mixed reality portal", "mixed reality"]
ms.prod: w10
ms.mktglfcycl: manage
@@ -38,11 +38,10 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
> [!NOTE]
> You must download the FOD .cab file that matches your operating system version.
- 1. Use `Add-Package` to add Windows Mixed Reality FOD to the image.
+ 1. Use `Dism` to add Windows Mixed Reality FOD to the image.
```powershell
- Add-Package
- Dism /Online /add-package /packagepath:(path)
+ Dism /Online /Add-Package /PackagePath:(path)
```
> [!NOTE]
diff --git a/windows/application-management/msix-app-packaging-tool.md b/windows/application-management/msix-app-packaging-tool.md
index 91ef9b0c48..b1c60124ea 100644
--- a/windows/application-management/msix-app-packaging-tool.md
+++ b/windows/application-management/msix-app-packaging-tool.md
@@ -1,6 +1,6 @@
---
title: Repackage your existing win32 applications to the MSIX format.
-description: Learn how to install and use the MSIX packaging tool.
+description: Learn how to install and use the MSIX packaging tool to repackage your existing win32 applications to the MSIX format.
keywords: ["MSIX", "application", "app", "win32", "packaging tool"]
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 2dc4591d51..7305ea48e2 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -1,6 +1,6 @@
---
title: Sideload LOB apps in Windows 10 (Windows 10)
-description: Sideload line-of-business apps in Windows 10.
+description: Learn how to sideload line-of-business (LOB) apps in Windows 10. When you sideload an app, you deploy a signed app package to a device.
ms.assetid: C46B27D0-375B-4F7A-800E-21595CF1D53D
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index 5986263a1e..29e2d01d30 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -1,6 +1,6 @@
---
title: Advanced troubleshooting for Windows boot problems
-description: Learn how to troubleshoot when Windows is unable to boot
+description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals.
ms.prod: w10
ms.sitesec: library
author: dansimp
@@ -220,6 +220,9 @@ If Windows cannot load the system registry hive into memory, you must restore th
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
+> [!NOTE]
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
+
## Kernel Phase
If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following:
@@ -392,3 +395,6 @@ If the dump file shows an error that is related to a driver (for example, window
3. Navigate to C:\Windows\System32\Config\.
4. Rename the all five hives by appending ".old" to the name.
5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
+
+> [!NOTE]
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
index c04dae805a..ce50bd2b54 100644
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
@@ -2,7 +2,7 @@
title: Advanced Troubleshooting Wireless Network Connectivity
ms.reviewer:
manager: dansimp
-description: Learn how troubleshooting of establishing Wi-Fi connections
+description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine.
keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi
ms.prod: w10
ms.mktglfcycl:
diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md
index 5de58be176..ee8a044508 100644
--- a/windows/client-management/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/change-default-removal-policy-external-storage-media.md
@@ -5,7 +5,6 @@ ms.prod: w10
author: Teresa-Motiv
ms.author: v-tea
ms.date: 12/13/2019
-ms.prod: w10
ms.topic: article
ms.custom:
- CI 111493
diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md
index fa3febbd0f..3c7c213761 100644
--- a/windows/client-management/change-history-for-client-management.md
+++ b/windows/client-management/change-history-for-client-management.md
@@ -1,6 +1,6 @@
---
title: Change history for Client management (Windows 10)
-description: View changes to documentation for client management in Windows 10.
+description: Learn about new and updated topics in the Client management documentation for Windows 10 and Windows 10 Mobile.
keywords:
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index 52a10357c5..835007dc33 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -1,6 +1,6 @@
---
title: Generate a kernel or complete crash dump
-description: Learn how to generate a kernel or complete crash dump.
+description: Learn how to generate a kernel or complete crash dump, and then use the output to troubleshoot several issues.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md
index dbcd186131..b1077e5be6 100644
--- a/windows/client-management/img-boot-sequence.md
+++ b/windows/client-management/img-boot-sequence.md
@@ -1,6 +1,6 @@
---
title: Boot sequence flowchart
-description: A full-sized view of the boot sequence flowchart.
+description: View a full-sized view of the boot sequence flowchart. Use the link to return to the Advanced troubleshooting for Windows boot problems article.
ms.date: 11/16/2018
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
index 2f12bd900f..b1964db01a 100644
--- a/windows/client-management/introduction-page-file.md
+++ b/windows/client-management/introduction-page-file.md
@@ -1,6 +1,6 @@
---
title: Introduction to the page file
-description: Learn about the page files in Windows.
+description: Learn about the page files in Windows. A page file is an optional, hidden system file on a hard disk.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 97ea145013..dc31960057 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -1,6 +1,6 @@
---
title: Manage the Settings app with Group Policy (Windows 10)
-description: Find out how to manage the Settings app with Group Policy.
+description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 476d73c694..2d6a0b7bda 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -171,6 +171,11 @@
#### [AboveLock](policy-csp-abovelock.md)
#### [Accounts](policy-csp-accounts.md)
#### [ActiveXControls](policy-csp-activexcontrols.md)
+#### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md)
+#### [ADMX_AppCompat](policy-csp-admx-appcompat.md)
+#### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md)
+#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md)
+#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md)
#### [ApplicationDefaults](policy-csp-applicationdefaults.md)
#### [ApplicationManagement](policy-csp-applicationmanagement.md)
#### [AppRuntime](policy-csp-appruntime.md)
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
index c4a1538d53..c1b570d222 100644
--- a/windows/client-management/mdm/accounts-ddf-file.md
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Accounts DDF file
-description: XML file containing the device description framework for the Accounts configuration service provider.
+description: XML file containing the device description framework (DDF) for the Accounts configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index e2f9441b9c..37f6157570 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -1,6 +1,6 @@
---
title: ActiveSync CSP
-description: ActiveSync CSP
+description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync.
ms.assetid: c65093ef-bd36-4f32-9dab-edb7bcfb3188
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index 6e4c1c5000..1b1ae61c78 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -1,6 +1,6 @@
---
title: ActiveSync DDF file
-description: ActiveSync DDF file
+description: Learn about the OMA DM device description framework (DDF) for the ActiveSync configuration service provider.
ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md
index 2c8cfbc647..4ad36bbd99 100644
--- a/windows/client-management/mdm/alljoynmanagement-ddf.md
+++ b/windows/client-management/mdm/alljoynmanagement-ddf.md
@@ -1,6 +1,6 @@
---
title: AllJoynManagement DDF
-description: Learn the OMA DM device description framework (DDF) for the **AllJoynManagement** configuration service provider.
+description: Learn the OMA DM device description framework (DDF) for the AllJoynManagement configuration service provider.
ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md
index d4fe92e943..69a0b61ca3 100644
--- a/windows/client-management/mdm/application-csp.md
+++ b/windows/client-management/mdm/application-csp.md
@@ -1,6 +1,6 @@
---
title: APPLICATION configuration service provider
-description: APPLICATION configuration service provider
+description: Learn how the APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning.
ms.assetid: 0705b5e9-a1e7-4d70-a73d-7f758ffd8099
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 4fe03939a0..cfe9b24bd5 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -1,6 +1,6 @@
---
title: AppLocker CSP
-description: AppLocker CSP
+description: Learn how the AppLocker configuration service provider is used to specify which applications are allowed or disallowed.
ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index ffd93b2784..4ea2ef6556 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -1,6 +1,6 @@
---
title: AppLocker DDF file
-description: See the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider.
+description: Learn about the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider.
ms.assetid: 79E199E0-5454-413A-A57A-B536BDA22496
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md
index d07e9eea71..3e03f501a8 100644
--- a/windows/client-management/mdm/applocker-xsd.md
+++ b/windows/client-management/mdm/applocker-xsd.md
@@ -1,6 +1,6 @@
---
title: AppLocker XSD
-description: Here's the XSD for the AppLocker CSP.
+description: View the XSD for the AppLocker CSP. The AppLocker CSP XSD provides an example of how the schema is organized.
ms.assetid: 70CF48DD-AD7D-4BCF-854F-A41BFD95F876
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index c4844e943d..703958aa0e 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -1,6 +1,6 @@
---
title: AssignedAccess DDF
-description: AssignedAccess DDF
+description: Learn how the OMA DM device description framework (DDF) for the AssignedAccess configuration service provider.
ms.assetid: 224FADDB-0EFD-4E5A-AE20-1BD4ABE24306
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 3a1ecfb0f9..07f3aa7f0f 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -1,6 +1,6 @@
---
title: BitLocker CSP
-description: BitLocker CSP
+description: Learn how the BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1072,6 +1072,16 @@ Each server-side recovery key rotation is represented by a request ID. The serve
Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
+> [!TIP]
+> Key rotation feature will only work when:
+>
+> - For Operating system drives:
+> - OSRequireActiveDirectoryBackup_Name is set to 1 ("Required")
+> - OSActiveDirectoryBackup_Name is set to true
+> - For Fixed data drives:
+> - FDVRequireActiveDirectoryBackup_Name is set to 1 = ("Required")
+> - FDVActiveDirectoryBackup_Name is set to true
+
**Status**
Interior node. Supported operation is Get.
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index edf7ea7a4b..693a48b687 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -1,6 +1,6 @@
---
title: BitLocker DDF file
-description: BitLocker DDF file
+description: Learn about the OMA DM device description framework (DDF) for the BitLocker configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/bootstrap-csp.md b/windows/client-management/mdm/bootstrap-csp.md
index 00e4fe59b5..2381889266 100644
--- a/windows/client-management/mdm/bootstrap-csp.md
+++ b/windows/client-management/mdm/bootstrap-csp.md
@@ -1,6 +1,6 @@
---
title: BOOTSTRAP CSP
-description: Use the BOOTSTRAP configuration service provider sets the Trusted Provisioning Server (TPS) for the device.
+description: Use the BOOTSTRAP configuration service provider to set the Trusted Provisioning Server (TPS) for the device.
ms.assetid: b8acbddc-347f-4543-a45b-ad2ffae3ffd0
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md
index 9e1c5633df..908672c4ef 100644
--- a/windows/client-management/mdm/browserfavorite-csp.md
+++ b/windows/client-management/mdm/browserfavorite-csp.md
@@ -1,6 +1,6 @@
---
title: BrowserFavorite CSP
-description: BrowserFavorite CSP
+description: Learn how the BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md
index edb5e3bdfa..953ddf78ae 100644
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@@ -1,6 +1,6 @@
---
title: CellularSettings CSP
-description: CellularSettings CSP
+description: Learn how the CellularSettings configuration service provider is used to configure cellular settings on a mobile device.
ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
index f6b0b2998b..0db0669275 100644
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
@@ -1,6 +1,6 @@
---
title: Certificate Renewal
-description: Find all the resources needed to provide continuous access to client certificates.
+description: Learn how to find all the resources that you need to provide continuous access to client certificates.
MS-HAID:
- 'p\_phdevicemgmt.certificate\_renewal'
- 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm'
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index 6e878defd1..f709de39d0 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -17,7 +17,9 @@ ms.date: 02/28/2020
The CertificateStore configuration service provider is used to add secure socket layers (SSL), intermediate, and self-signed certificates.
-> **Note** The CertificateStore configuration service provider does not support installing client certificates.
+> [!Note]
+> The CertificateStore configuration service provider does not support installing client certificates.
+> The Microsoft protocol version of Open Mobile Alliance (OMA) is case insensitive.
@@ -643,4 +645,3 @@ Configure the device to automatically renew an MDM client certificate with the s
-
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index 8601f82b20..ed787a3b0f 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -1,6 +1,6 @@
---
title: ClientCertificateInstall DDF file
-description: ClientCertificateInstall DDF file
+description: Learn about the OMA DM device description framework (DDF) for the ClientCertificateInstall configuration service provider.
ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index 02f2910d16..5063181c3f 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -1,6 +1,6 @@
---
title: CM\_CellularEntries CSP
-description: Configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
+description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md
index 828700b85a..816b5c188b 100644
--- a/windows/client-management/mdm/cm-proxyentries-csp.md
+++ b/windows/client-management/mdm/cm-proxyentries-csp.md
@@ -1,6 +1,6 @@
---
title: CM\_ProxyEntries CSP
-description: Configure proxy connections on mobile devices using CM\_ProxyEntries CSP.
+description: Learn how the CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device.
ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index 08d0040594..df773dcb43 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -1,6 +1,6 @@
---
title: CMPolicyEnterprise CSP
-description: CMPolicyEnterprise CSP
+description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request.
ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index 1eb4a02627..5c1c136c23 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -1,6 +1,6 @@
---
title: CMPolicyEnterprise DDF file
-description: CMPolicyEnterprise DDF file
+description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider.
ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 2b0f4e8ae8..fb69460ed8 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -1108,7 +1108,7 @@ Additional lists:
Mobile Enterprise
-
+
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 05add93e6a..17b165ed51 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -1,6 +1,6 @@
---
title: CustomDeviceUI CSP
-description: CustomDeviceUI CSP
+description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application.
ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index 12b590ef8c..7623b155f2 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -1,6 +1,6 @@
---
title: CustomDeviceUI DDF
-description: CustomDeviceUI DDF
+description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider.
ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index ecfd84d7fa..da9959c0a2 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -1,6 +1,6 @@
---
title: Defender CSP
-description: See how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
+description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C
ms.reviewer:
manager: dansimp
@@ -10,11 +10,14 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 10/21/2019
+ms.date: 08/11/2020
---
# Defender CSP
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
The following image shows the Windows Defender configuration service provider in tree format.
@@ -48,7 +51,7 @@ Supported operation is Get.
**Detections/*ThreatId*/Severity**
Threat severity ID.
-The data type is a integer.
+The data type is integer.
The following list shows the supported values:
@@ -63,7 +66,7 @@ Supported operation is Get.
**Detections/*ThreatId*/Category**
Threat category ID.
-The data type is a integer.
+The data type is integer.
The following table describes the supported values:
@@ -125,7 +128,7 @@ Supported operation is Get.
**Detections/*ThreatId*/CurrentStatus**
Information about the current status of the threat.
-The data type is a integer.
+The data type is integer.
The following list shows the supported values:
@@ -146,7 +149,7 @@ Supported operation is Get.
**Detections/*ThreatId*/ExecutionStatus**
Information about the execution status of the threat.
-The data type is a integer.
+The data type is integer.
Supported operation is Get.
@@ -167,7 +170,7 @@ Supported operation is Get.
**Detections/*ThreatId*/NumberOfDetections**
Number of times this threat has been detected on a particular client.
-The data type is a integer.
+The data type is integer.
Supported operation is Get.
@@ -179,7 +182,7 @@ Supported operation is Get.
**Health/ProductStatus**
Added in Windows 10, version 1809. Provide the current state of the product. This is a bitmask flag value that can represent one or multiple product states from below list.
-Data type is integer. Supported operation is Get.
+The data type is integer. Supported operation is Get.
Supported product status values:
- No status = 0
@@ -230,7 +233,7 @@ Example:
**Health/ComputerState**
Provide the current state of the device.
-The data type is a integer.
+The data type is integer.
The following list shows the supported values:
@@ -391,7 +394,7 @@ When enabled or disabled exists on the client and admin moves the setting to not
Enables or disables file hash computation feature.
When this feature is enabled Windows defender will compute hashes for files it scans.
-The data type is a integer.
+The data type is integer.
Supported operations are Add, Delete, Get, Replace.
@@ -399,6 +402,26 @@ Valid values are:
- 1 – Enable.
- 0 (default) – Disable.
+**Configuration/SupportLogLocation**
+The support log location setting allows the administrator to specify where the Microsoft Defender Antivirus diagnostic data collection tool (**MpCmdRun.exe**) will save the resulting log files. This setting is configured with an MDM solution, such as Intune, and is available for Windows 10 Enterprise.
+
+Data type is string.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Intune Support log location setting UX supports three states:
+
+- Not configured (default) - Does not have any impact on the default state of the device.
+- 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path.
+- 0 - Disabled. Turns off the Support log location feature.
+
+When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
+
+More details:
+
+- [Microsoft Defender AV diagnostic data](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data)
+- [Collect investigation package from devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices)
+
**Scan**
Node that can be used to start a Windows Defender scan on a device.
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 60c2372aed..a63f4dec92 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,6 +1,6 @@
---
title: Defender DDF file
-description: See how the the OMA DM device description framework (DDF) for the **Defender** configuration service provider is used.
+description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used.
ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65
ms.reviewer:
manager: dansimp
@@ -10,7 +10,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 10/21/2019
+ms.date: 08/11/2020
---
# Defender DDF file
@@ -45,7 +45,7 @@ The XML below is the current version for this CSP.
- com.microsoft/1.2/MDM/Defender
+ com.microsoft/1.3/MDM/Defender
@@ -734,6 +734,29 @@ The XML below is the current version for this CSP.
+
+ SupportLogLocation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ Scan
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 285d96ddf8..11ab51bf9e 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,6 +1,6 @@
---
title: DevDetail CSP
-description: DevDetail CSP
+description: Learn how the DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server.
ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 0ab07220b6..25be11c21b 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,6 +1,6 @@
---
title: DevDetail DDF file
-description: DevDetail DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider.
ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md
index 09d6af05e4..f24564545c 100644
--- a/windows/client-management/mdm/deviceinstanceservice-csp.md
+++ b/windows/client-management/mdm/deviceinstanceservice-csp.md
@@ -1,6 +1,6 @@
---
title: DeviceInstanceService CSP
-description: DeviceInstanceService CSP
+description: Learn how the DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise.
ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 246408076e..cef65071ec 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -1,6 +1,6 @@
---
title: DeviceLock CSP
-description: DeviceLock CSP
+description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies.
ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index 545ebcdb9b..eb63ef11fe 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -1,6 +1,6 @@
---
title: DeviceLock DDF file
-description: DeviceLock DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP).
ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index b81a21b82e..aec2b4cc91 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,6 +1,6 @@
---
title: DevInfo DDF file
-description: DevInfo DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP).
ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 2f00912ad8..2c49067d90 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -1,6 +1,6 @@
---
title: DiagnosticLog CSP
-description: DiagnosticLog CSP
+description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area.
ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 8bedac1205..f635ed44c6 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,6 +1,6 @@
---
title: DiagnosticLog DDF
-description: DiagnosticLog DDF
+description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index aa61f9d50b..4a45bf4eb2 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -1,6 +1,6 @@
---
title: DMAcc CSP
-description: DMAcc CSP
+description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects.
ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 232f5672cd..b10dcad38a 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,6 +1,6 @@
---
title: DMAcc DDF file
-description: DMAcc DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP).
ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 9469f12408..6ed30e55f1 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -21,11 +21,15 @@ The following diagram shows the DMClient CSP in tree format.
+
+**./Vendor/MSFT**
+All the nodes in this CSP are supported in the device context, except for the **ExchangeID** node, which is supported in the user context. For the device context, use the **./Device/Vendor/MSFT** path and for the user context, use the **./User/Vendor/MSFT** path.
+
**DMClient**
Root node for the CSP.
**UpdateManagementServiceAddress**
-For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node.
+For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node.
**HWDevID**
Added in Windows 10, version 1703. Returns the hardware device ID.
@@ -221,7 +225,7 @@ Added in Windows 10, version 1607. Returns the hardware device ID.
Supported operation is Get.
**Provider/*ProviderID*/CommercialID**
-Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization..
+Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization.
Supported operations are Add, Get, Replace, and Delete.
@@ -265,7 +269,7 @@ Supported operations are Add, Delete, Get, and Replace. Value type is integer.
**Provider/*ProviderID*/AADSendDeviceToken**
-Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained.
+Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token cannot be obtained.
Supported operations are Add, Delete, Get, and Replace. Value type is bool.
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 15b21d0197..c5ba87da90 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,6 +1,6 @@
---
title: DMClient DDF file
-description: DMClient DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP).
ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0
ms.reviewer:
manager: dansimp
@@ -1022,7 +1022,6 @@ The XML below is for Windows 10, version 1803.
-
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 2e1b590d91..b9ed5780d0 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -1,6 +1,6 @@
---
title: DMProcessConfigXMLFiltered function
-description: Configures phone settings by using OMA Client Provisioning XML.
+description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML.
Search.Refinement.TopicID: 184
ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F
ms.reviewer:
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index b395c7c3ba..65aeb1a961 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -1,6 +1,6 @@
---
title: DMSessionActions CSP
-description: DMSessionActions CSP
+description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low power state.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index aef1210842..61b4b4754a 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -1,6 +1,6 @@
---
title: DMSessionActions DDF file
-description: DMSessionActions DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMSessionActions configuration service provider (CSP).
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index e7d55aedc0..b6fe50d931 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -1,6 +1,6 @@
---
title: DynamicManagement CSP
-description: DynamicManagement CSP
+description: Learn how the Dynamic Management configuration service provider (CSP) enables configuration of policies that change how the device is managed.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 3439bf646a..2690fa4e23 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -1,6 +1,6 @@
---
title: DynamicManagement DDF file
-description: DynamicManagement DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP).
ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index ddb14a8d3f..844fc1be39 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -1,6 +1,6 @@
---
title: EMAIL2 CSP
-description: EMAIL2 CSP
+description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts.
ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index f24a64e3e3..4f11b5b64d 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,6 +1,6 @@
---
title: EMAIL2 DDF file
-description: EMAIL2 DDF file
+description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP).
ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 00caaaa35d..805f9ee481 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -1,6 +1,6 @@
---
title: Enable ADMX-backed policies in MDM
-description: Use this is a step-by-step guide to configuring ADMX-backed policies in MDM.
+description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX-backed policies) in Mobile Device Management (MDM).
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -17,7 +17,7 @@ manager: dansimp
This is a step-by-step guide to configuring ADMX-backed policies in MDM.
-Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy.
+Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX-backed policies)](https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy.
Summary of steps to enable a policy:
- Find the policy from the list ADMX-backed policies.
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index a1b759f011..349687ed6c 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -1,12 +1,12 @@
---
title: Enroll a Windows 10 device automatically using Group Policy
-description: Enroll a Windows 10 device automatically using Group Policy
+description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 07/29/2019
+ms.date:
ms.reviewer:
manager: dansimp
---
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index e70eed0ce5..98739efcb1 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -1,6 +1,6 @@
---
title: EnrollmentStatusTracking DDF
-description: View the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: View the OMA DM DDF for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 319356f336..5e7af9b60d 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -1,6 +1,6 @@
---
title: EnterpriseAPN DDF
-description: EnterpriseAPN DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP).
ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 22445122ec..272f60f44f 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseAppVManagement CSP
-description: Examine the tree format for EnterpriseAppVManagement configuration service provider (CSP) to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions).
+description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions).
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 626981e0ff..8cf951cf55 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -1,6 +1,6 @@
---
title: EnterpriseAppVManagement DDF file
-description: EnterpriseAppVManagement DDF file
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAppVManagement configuration service provider (CSP).
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
index 2df97c9bf4..45d11904d5 100644
--- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md
+++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseAssignedAccess CSP
-description: Use the EnterpriseAssignedAccess CSP to configure custom layouts on a device.
+description: Use the EnterpriseAssignedAccess configuration service provider (CSP) to configure custom layouts on a device.
ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md
index 782bc735ed..24cadf3270 100644
--- a/windows/client-management/mdm/enterpriseext-csp.md
+++ b/windows/client-management/mdm/enterpriseext-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseExt CSP
-description: EnterpriseExt CSP
+description: Learn how the EnterpriseExt CSP allows OEMs to set their own unique ID for their devices, set display brightness values, and set the LED behavior.
ms.assetid: ACA5CD79-BBD5-4DD1-86DA-0285B93982BD
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md
index e30ceeb37f..4b3d4b0afd 100644
--- a/windows/client-management/mdm/enterpriseext-ddf.md
+++ b/windows/client-management/mdm/enterpriseext-ddf.md
@@ -1,6 +1,6 @@
---
title: EnterpriseExt DDF
-description: EnterpriseExt DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExt configuration service provider (CSP).
ms.assetid: 71BF81D4-FBEC-4B03-BF99-F7A5EDD4F91B
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
index 997493aee9..7efb54af20 100644
--- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
+++ b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
@@ -1,6 +1,6 @@
---
title: EnterpriseExtFileSystem DDF
-description: EnterpriseExtFileSystem DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExtFileSystem configuration service provider (CSP).
ms.assetid: 2D292E4B-15EE-4AEB-8884-6FEE8B92D2D1
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 5384ce0168..77b6e72ff9 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,6 +1,6 @@
---
title: EnterpriseModernAppManagement CSP
-description: EnterpriseModernAppManagement CSP
+description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps.
ms.assetid: 9DD0741A-A229-41A0-A85A-93E185207C42
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index aa2cdb680b..237000b2f0 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,6 +1,6 @@
---
title: EnterpriseModernAppManagement DDF
-description: EnterpriseModernAppManagement DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP).
ms.assetid:
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index f7544b10a4..f8b15504cc 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -1,6 +1,6 @@
---
title: EnterpriseModernAppManagement XSD
-description: Use the EnterpriseModernAppManagement XSD for set application parameters.
+description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters.
ms.assetid: D393D094-25E5-4E66-A60F-B59CC312BF57
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 9251f6a755..79545b45cc 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -1,6 +1,6 @@
---
title: eSIM Enterprise Management
-description: Managing eSIM devices in an enterprise
+description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
keywords: eSIM enterprise management
ms.prod: w10
ms.mktglfcycl:
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 43626310a0..1f42e3e43d 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -1,6 +1,6 @@
---
title: eUICCs CSP
-description: eUICCs CSP
+description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 3f3e71df8d..38bb8e5f6f 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,6 +1,6 @@
---
title: eUICCs DDF file
-description: eUICCs DDF file
+description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP).
ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md
index 653b03b527..9bad3fe712 100644
--- a/windows/client-management/mdm/filesystem-csp.md
+++ b/windows/client-management/mdm/filesystem-csp.md
@@ -1,6 +1,6 @@
---
title: FileSystem CSP
-description: FileSystem CSP
+description: Learn how the FileSystem CSP is used to query, add, modify, and delete files, file directories, and file attributes on the mobile device.
ms.assetid: 9117ee16-ca7a-4efa-9270-c9ac8547e541
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 20172a8f10..72829fc3a9 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Firewall DDF file
-description: Firewall DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Firewall configuration service provider.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index e24210c9e0..0124df555f 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -1,6 +1,6 @@
---
title: Device HealthAttestation CSP
-description: Device HealthAttestation CSP
+description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 21934f6452..d7209b1cf2 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,6 +1,6 @@
---
title: HealthAttestation DDF
-description: HealthAttestation DDF
+description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider.
ms.assetid: D20AC78D-D2D4-434B-B9FD-294BCD9D1DDE
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/hotspot-csp.md b/windows/client-management/mdm/hotspot-csp.md
index 025ce63385..f4a14359a1 100644
--- a/windows/client-management/mdm/hotspot-csp.md
+++ b/windows/client-management/mdm/hotspot-csp.md
@@ -1,6 +1,6 @@
---
title: HotSpot CSP
-description: HotSpot CSP
+description: Learn how HotSpot configuration service provider (CSP) is used to configure and enable Internet sharing on a device.
ms.assetid: ec49dec1-fa79-420a-a9a7-e86668b3eebf
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/images/Provisioning_CSP_Defender.png b/windows/client-management/mdm/images/Provisioning_CSP_Defender.png
deleted file mode 100644
index 6ee31a8f16..0000000000
Binary files a/windows/client-management/mdm/images/Provisioning_CSP_Defender.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/autoenrollment-policy.png b/windows/client-management/mdm/images/autoenrollment-policy.png
index 61421babee..1de089a0c6 100644
Binary files a/windows/client-management/mdm/images/autoenrollment-policy.png and b/windows/client-management/mdm/images/autoenrollment-policy.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png
index 793b1568ff..ccf57208df 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-defender.png and b/windows/client-management/mdm/images/provisioning-csp-defender.png differ
diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
index 44d416b67a..aef061ccd2 100644
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@@ -33,7 +33,7 @@ With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM secur
The MDM security baseline includes policies that cover the following areas:
-- Microsoft inbox security technology (not deprecated) such as Bitlocker, Windows Defender Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
+- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
- Restricting remote access to devices
- Setting credential requirements for passwords and PINs
- Restricting use of legacy technology
@@ -42,12 +42,13 @@ The MDM security baseline includes policies that cover the following areas:
For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see:
+- [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
-For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
+For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows).
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 7b8e606d40..1c9ca9aba5 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -1,6 +1,6 @@
---
title: MDM enrollment of Windows 10-based devices
-description: MDM enrollment of Windows 10-based devices
+description: Learn about mobile device management (MDM) enrollment of Windows 10-based devices to simplify access to your organization’s resources.
MS-HAID:
- 'p\_phdevicemgmt.enrollment\_ui'
- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md
index cc739605f3..e9383e871f 100644
--- a/windows/client-management/mdm/messaging-csp.md
+++ b/windows/client-management/mdm/messaging-csp.md
@@ -1,6 +1,6 @@
---
title: Messaging CSP
-description: Use the Messaging CSP to configure the ability to get text messages audited on a mobile device.
+description: Use the Messaging configuration service provider (CSP) to configure the ability to get text messages audited on a mobile device.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index 7d719b40aa..3597ffa5fe 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -1,6 +1,6 @@
---
title: MultiSIM CSP
-description: MultiSIM CSP allows the enterprise to manage devices with dual SIM single active configuration.
+description: MultiSIM configuration service provider (CSP) allows the enterprise to manage devices with dual SIM single active configuration.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md
index c4dbd6410a..dcaef76767 100644
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@@ -1,6 +1,6 @@
---
title: NAP CSP
-description: NAP CSP
+description: Learn how the Network Access Point (NAP) configuration service provider (CSP) is used to manage and query GPRS and CDMA connections.
ms.assetid: 82f04492-88a6-4afd-af10-a62b8d444d21
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md
index 80a87e53d1..1b5f5ecdd4 100644
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@@ -1,6 +1,6 @@
---
title: NAPDEF CSP
-description: NAPDEF CSP
+description: Learn how the NAPDEF configuration service provider (CSP) is used to add, modify, or delete WAP network access points (NAPs).
ms.assetid: 9bcc65dd-a72b-4f90-aba7-4066daa06988
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index c82e246263..43aff61d37 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -1,6 +1,6 @@
---
title: NetworkProxy CSP
-description: NetworkProxy CSP
+description: Learn how the NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 7535a3ce20..c2d3ea4a5e 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -1,6 +1,6 @@
---
title: NetworkQoSPolicy DDF
-description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML
+description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.assetid:
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index aa0f6ee57d..83fd0ea765 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -13,7 +13,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 07/01/2019
+ms.date: 08/18/2020
---
# What's new in mobile device enrollment and management
@@ -58,6 +58,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What is dmwappushsvc?](#what-is-dmwappushsvc)
- **Change history in MDM documentation**
+ - [August 2020](#august-2020)
- [July 2020](#july-2020)
- [June 2020](#june-2020)
- [May 2020](#may-2020)
@@ -314,11 +315,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
Privacy/DisablePrivacyExperience
Privacy/UploadUserActivities
Security/RecoveryEnvironmentAuthentication
-
System/AllowDesktopAnalyticsProcessing
System/AllowDeviceNameInDiagnosticData
-
System/AllowMicrosoftManagedDesktopProcessing
-
System/AllowUpdateComplianceProcessing
-
System/AllowWUfBCloudProcessing
System/ConfigureMicrosoft365UploadEndpoint
System/DisableDeviceDelete
System/DisableDiagnosticDataViewer
@@ -1998,10 +1995,16 @@ What data is handled by dmwappushsvc? | It is a component handling the internal
How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. |
## Change history in MDM documentation
+
+### August 2020
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP - System](policy-csp-system.md)|Removed the following policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing |
+
### July 2020
|New or updated topic | Description|
|--- | ---|
-|[Policy CSP - System](policy-csp-system.md)|Added the following new policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing
Updated the following policy setting: - System/AllowCommercialDataPipeline |
+|[Policy CSP - System](policy-csp-system.md)|Added the following new policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing
Updated the following policy setting: - System/AllowCommercialDataPipeline |
### June 2020
|New or updated topic | Description|
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index 7d58ebbea3..06a74f2979 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -1,6 +1,6 @@
---
title: NodeCache DDF file
-description: NodeCache DDF file
+description: Learn about the OMA DM device description framework (DDF) for the NodeCache configuration service provider (CSP).
ms.assetid: d7605098-12aa-4423-89ae-59624fa31236
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index eef4903c8c..5a9ac5cc69 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,6 +1,6 @@
---
title: Personalization DDF file
-description: Learn how to set the OMA DM device description framework (DDF) for the **Personalization** configuration service provider.
+description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP).
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 5e23762281..7986a6fae0 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,6 +1,6 @@
---
title: Policy CSP
-description: Policy CSP
+description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10.
ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F
ms.reviewer:
manager: dansimp
@@ -168,6 +168,165 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_AddRemovePrograms policies
+
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index bcc38faea5..23c1bb8142 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - AboveLock
-description: Learn the various AboveLock Policy CSP for Windows editions of Home, Pro, Business, and more.
+description: Learn the various AboveLock Policy configuration service provider (CSP) for Windows editions of Home, Pro, Business, and more.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -161,14 +161,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 83d4831dcb..4367ed3ed6 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Accounts
-description: Policy CSP - Accounts
+description: Learn about the Policy configuration service provider (CSP). This articles describes account policies.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -248,14 +248,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 7a981c49d8..d760021b1e 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ActiveXControls
-description: Learn the ins and outs of various Policy CSP - ActiveXControls settings, including SyncML, for Windows 10.
+description: Learn about various Policy configuration service provider (CSP) - ActiveXControls settings, including SyncML, for Windows 10.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@@ -103,14 +103,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
new file mode 100644
index 0000000000..37cf49d46f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -0,0 +1,954 @@
+---
+title: Policy CSP - ADMX_AddRemovePrograms
+description: Policy CSP - ADMX_AddRemovePrograms
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 08/13/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AddRemovePrograms
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## Policy CSP - ADMX_AddRemovePrograms
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories.
+
+To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
+
+If you disable this setting or do not configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens. You can use this setting to direct users to the programs they are most likely to need.
+
+> [!NOTE]
+> This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New Programs page" setting is enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Specify default category for Add New Programs*
+- GP name: *DefaultCategory*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoAddFromCDorFloppy**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
+
+If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting does not prevent users from using other tools and methods to add or remove program components.
+
+> [!NOTE]
+> If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Hide the "Add a program from CD-ROM or floppy disk" option*
+- GP name: *NoAddFromCDorFloppy*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoAddFromInternet**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
+
+If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. This setting does not prevent users from using other tools and methods to connect to Windows Update.
+
+> [!NOTE]
+> If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Hide the "Add programs from Microsoft" option*
+- GP name: *NoAddFromInternet*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoAddFromNetwork**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.
+
+If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.
+
+If you disable this setting or do not configure it, "Add programs from your network" is available to all users.
+
+> [!NOTE]
+> If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Hide the "Add programs from your network" option*
+- GP name: *NoAddFromNetwork*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoAddPage**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
+
+If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Hide Add New Programs page*
+- GP name: *NoAddPage*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoAddRemovePrograms**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.
+
+If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Remove Add or Remove Programs*
+- GP name: *NoAddRemovePrograms*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoChooseProgramsPage**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
+
+If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Hide the Set Program Access and Defaults page*
+- GP name: *NoChooseProgramsPage*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoRemovePage**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
+
+If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Hide Change or Remove Programs page*
+- GP name: *NoRemovePage*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoServices**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
+
+If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using other methods to configure services.
+
+> [!NOTE]
+> When "Set up services" does not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Go directly to Components Wizard*
+- GP name: *NoServices*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoSupportInfo**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
+
+If you disable this setting or do not configure it, the Support Info hyperlink appears.
+
+> [!NOTE]
+> Not all programs provide a support information hyperlink.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Remove Support Information*
+- GP name: *NoSupportInfo*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**ADMX_AddRemovePrograms/NoWindowsSetupPage**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
+
+If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Hide Add/Remove Windows Components page*
+- GP name: *NoWindowsSetupPage*
+- GP path: *Control Panel/Add or Remove Programs*
+- GP ADMX file name: *addremoveprograms.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
new file mode 100644
index 0000000000..527d07b981
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -0,0 +1,744 @@
+---
+title: Policy CSP - ADMX_AppCompat
+description: Policy CSP - ADMX_AppCompat
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 08/20/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AppCompat
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## Policy CSP - ADMX_AppCompat
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
+
+You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, **ntvdm.exe** must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.
+
+If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run.
+
+If the status is set to Disabled, the MS-DOS subsystem runs for all users on this computer.
+
+If the status is set to Not Configured, the OS falls back on a local policy set by the registry DWORD value **HKLM\System\CurrentControlSet\Control\WOW\DisallowedPolicyDefault**. If that value is non-0, this prevents all 16-bit applications from running. If that value is 0, 16-bit applications are allowed to run. If that value is also not present, on Windows 10 and above, the OS will launch the 16-bit application support control panel to allow an elevated administrator to make the decision; on Windows 7 and down-level, the OS will allow 16-bit applications to run.
+
+> [!NOTE]
+> This setting appears only in Computer Configuration.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Prevent access to 16-bit applications*
+- GP name: *AppCompatPrevent16BitMach*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+
+
+
+**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
+
+The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications.
+
+Enabling this policy setting removes the property page from the context-menus, but does not affect previous compatibility settings applied to application using this interface.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Remove Program Compatibility Property Page*
+- GP name: *AppCompatRemoveProgramCompatPropPage*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+
+
+
+**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Application Telemetry engine in the system.
+
+Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.
+
+Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.
+
+If the customer Experience Improvement program is turned off, Application Telemetry will be turned off regardless of how this policy is set.
+
+Disabling telemetry will take effect on any newly launched applications. To ensure that telemetry collection has stopped for all applications, please reboot your machine.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off Application Telemetry*
+- GP name: *AppCompatTurnOffApplicationImpactTelemetry*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+
+
+
+**ADMX_AppCompat/AppCompatTurnOffSwitchBack**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Switchback compatibility engine in the system.
+
+Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications.
+
+Switchback is on by default.
+
+If you enable this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applications they are using.
+
+If you disable or do not configure this policy setting, the Switchback will be turned on.
+
+Reboot the system after changing the setting to ensure that your system accurately reflects those changes.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off SwitchBack Compatibility Engine*
+- GP name: *AppCompatTurnOffSwitchBack*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+
+
+
+**ADMX_AppCompat/AppCompatTurnOffEngine**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the application compatibility engine in the system.
+
+The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.
+
+Turning off the application compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, and will not block known incompatible applications from installing. For example, this may result in a blue screen if an old anti-virus application is installed.
+
+The Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations will not be applied to applications and their installers and these applications may fail to install or run properly.
+
+This option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they are using. It is particularly useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential.
+
+> [!NOTE]
+> Many system processes cache the value of this setting for performance reasons. If you make changes to this setting, reboot to ensure that your system accurately reflects those changes.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off Application Compatibility Engine*
+- GP name: *AppCompatTurnOffEngine*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+
+
+
+**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off Program Compatibility Assistant*
+- GP name: *AppCompatTurnOffProgramCompatibilityAssistant_1*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+
+
+
+**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+
+If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
+
+If you disable or do not configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+
+> [!NOTE]
+> The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off Program Compatibility Assistant*
+- GP name: *AppCompatTurnOffProgramCompatibilityAssistant_2*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+
+
+
+**ADMX_AppCompat/AppCompatTurnOffUserActionRecord**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of Steps Recorder.
+
+Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screenshots. Steps Recorder includes an option to turn on and off data collection.
+
+If you enable this policy setting, Steps Recorder will be disabled.
+
+If you disable or do not configure this policy setting, Steps Recorder will be enabled.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off Steps Recorder*
+- GP name: *AppCompatTurnOffUserActionRecord*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+
+
+
+**ADMX_AppCompat/AppCompatTurnOffProgramInventory**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Inventory Collector.
+
+The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
+
+If you enable this policy setting, the Inventory Collector will be turned off and data will not be sent to Microsoft. Collection of installation data through the Program Compatibility Assistant is also disabled.
+
+If you disable or do not configure this policy setting, the Inventory Collector will be turned on.
+
+> [!NOTE]
+> This policy setting has no effect if the Customer Experience Improvement Program is turned off. The Inventory Collector will be off.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off Inventory Collector*
+- GP name: *AppCompatTurnOffProgramInventory*
+- GP path: *Windows Components/Application Compatibility*
+- GP ADMX file name: *AppCompat.admx*
+
+
+
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
new file mode 100644
index 0000000000..2f91449316
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -0,0 +1,119 @@
+---
+title: Policy CSP - ADMX_AuditSettings
+description: Policy CSP - ADMX_AuditSettings
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/13/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AuditSettings
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_AuditSettings policies
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
+
+If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
+
+If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.
+
+Default is Not configured.
+
+> [!NOTE]
+> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Include command line in process creation events*
+- GP name: *IncludeCmdLine*
+- GP path: *System/Audit Process Creation*
+- GP ADMX file name: *AuditSettings.admx*
+
+
+
+
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
new file mode 100644
index 0000000000..e3fef30269
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -0,0 +1,1725 @@
+---
+title: Policy CSP - ADMX_DnsClient
+description: Policy CSP - ADMX_DnsClient
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/12/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DnsClient
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DnsClient policies
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names.
+
+If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names, such as "www.example.com" in addition to single-label names.
+
+If you disable this policy setting, or if you do not configure this policy setting, NetBT queries will only be issued for single-label names, such as "example" and not for multi-label and fully qualified domain names.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Allow NetBT queries for fully qualified domain names*
+- GP name: *DNS_AllowFQDNNetBiosQueries*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_AppendToMultiLabelName**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
+
+A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot.
+
+For example, if attaching suffixes is allowed, an unqualified multi-label name query for "server.corp" will be queried by the DNS client first. If the query succeeds, the response is returned to the client. If the query fails, the unqualified multi-label name is appended with DNS suffixes. These suffixes can be derived from a combination of the local DNS client's primary domain suffix, a connection-specific domain suffix, and a DNS suffix search list.
+
+If attaching suffixes is allowed, and a DNS client with a primary domain suffix of "contoso.com" performs a query for "server.corp" the DNS client will send a query for "server.corp" first, and then a query for "server.corp.contoso.com." second if the first query fails.
+
+If you enable this policy setting, suffixes are allowed to be appended to an unqualified multi-label name if the original name query fails.
+
+If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails.
+
+If you do not configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Allow DNS suffix appending to unqualified multi-label name queries*
+- GP name: *DNS_AppendToMultiLabelName*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_Domain**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
+
+If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Connection-specific DNS suffix*
+- GP name: *DNS_Domain*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_DomainNameDevolutionLevel**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process.
+
+With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.
+
+The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
+
+Devolution is not enabled if a global suffix search list is configured using Group Policy.
+
+If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
+
+- The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
+- Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.
+
+For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
+
+If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+
+For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.
+
+If you enable this policy setting and DNS devolution is also enabled, DNS clients use the DNS devolution level that you specify.
+
+If you disable this policy setting or do not configure it, DNS clients use the default devolution level of two provided that DNS devolution is enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Primary DNS suffix devolution level*
+- GP name: *DNS_DomainNameDevolutionLevel*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_IdnEncoding**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
+
+If this policy setting is enabled, IDNs are not converted to Punycode.
+
+If this policy setting is disabled, or if this policy setting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off IDN encoding*
+- GP name: *DNS_IdnEncoding*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_IdnMapping**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.
+
+If this policy setting is enabled, IDNs are converted to the Nameprep form.
+
+If this policy setting is disabled, or if this policy setting is not configured, IDNs are not converted to the Nameprep form.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *IDN mapping*
+- GP name: *DNS_IdnMapping*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_NameServer**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
+
+To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.
+
+If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *DNS servers*
+- GP name: *DNS_NameServer*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_PreferLocalResponsesOverLowerOrderDns**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
+
+If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order.
+
+If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order.
+
+> [!NOTE]
+> This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Prefer link local responses over DNS when received over a network with higher precedence*
+- GP name: *DNS_PreferLocalResponsesOverLowerOrderDns*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_PrimaryDnsSuffix**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.
+
+To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com.
+
+> [!IMPORTANT]
+> In order for changes to this policy setting to be applied on computers that receive it, you must restart Windows.
+
+If you enable this policy setting, it supersedes the primary DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel.
+
+You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix.
+
+If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Primary DNS suffix*
+- GP name: *DNS_PrimaryDnsSuffix*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_RegisterAdapterName**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
+
+By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com.
+
+If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting.
+
+For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
+
+Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
+
+If you disable this policy setting, or if you do not configure this policy setting, a DNS client computer will not register any A and PTR resource records using a connection-specific DNS suffix.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Register DNS records with connection-specific DNS suffix*
+- GP name: *DNS_RegisterAdapterName*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_RegisterReverseLookup**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if DNS client computers will register PTR resource records.
+
+By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record.
+
+If you enable this policy setting, registration of PTR records will be determined by the option that you choose under Register PTR records.
+
+To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
+
+- Do not register: Computers will not attempt to register PTR resource records
+- Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records was not successful.
+- Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use locally configured settings.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Register PTR records*
+- GP name: *DNS_RegisterReverseLookup*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_RegistrationEnabled**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
+
+If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.
+
+If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Dynamic update*
+- GP name: *DNS_RegistrationEnabled*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_RegistrationOverwritesInConflict**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
+
+This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.
+
+During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
+
+If you enable this policy setting or if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
+
+If you disable this policy setting, existing A resource records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event Viewer.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Replace addresses in conflicts*
+- GP name: *DNS_RegistrationOverwritesInConflict*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_RegistrationRefreshInterval**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
+
+Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records.
+
+> [!WARNING]
+> If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records.
+
+To specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example, 1800 seconds is 30 minutes.
+
+If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Registration refresh interval*
+- GP name: *DNS_RegistrationRefreshInterval*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_RegistrationTtl**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.
+
+To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes).
+
+If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *TTL value for A and PTR records*
+- GP name: *DNS_RegistrationTtl*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_SearchList**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.
+
+An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."
+
+Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com."
+
+To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes.
+
+If you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful or all suffixes are tried.
+
+If you disable this policy setting, or if you do not configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *DNS suffix search list*
+- GP name: *DNS_SearchList*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_SmartMultiHomedNameResolution**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept.
+
+If you enable this policy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.
+
+If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off smart multi-homed name resolution*
+- GP name: *DNS_SmartMultiHomedNameResolution*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_SmartProtocolReorder**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
+
+If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.
+
+If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks.
+
+> [!NOTE]
+> This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off smart protocol reordering*
+- GP name: *DNS_SmartProtocolReorder*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_UpdateSecurityLevel**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the security level for dynamic DNS updates.
+
+To use this policy setting, click Enabled and then select one of the following values:
+
+- Unsecure followed by secure - computers send secure dynamic updates only when nonsecure dynamic updates are refused.
+- Only unsecure - computers send only nonsecure dynamic updates.
+- Only secure - computers send only secure dynamic updates.
+
+If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Update security level*
+- GP name: *DNS_UpdateSecurityLevel*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_UpdateTopLevelDomainZones**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com."
+
+By default, a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone.
+
+If you enable this policy setting, computers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone.
+
+If you disable this policy setting, or if you do not configure this policy setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Update top level domain zones*
+- GP name: *DNS_UpdateTopLevelDomainZones*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/DNS_UseDomainNameDevolution**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.
+
+With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.
+
+The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
+
+Devolution is not enabled if a global suffix search list is configured using Group Policy.
+
+If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
+
+The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
+
+Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.
+
+For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
+
+If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+
+For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two.
+
+If you enable this policy setting, or if you do not configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
+
+If you disable this policy setting, DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Primary DNS suffix devolution*
+- GP name: *DNS_UseDomainNameDevolution*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+
+
+
+**ADMX_DnsClient/Turn_Off_Multicast**
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
+
+LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.
+
+If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer.
+
+If you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Turn off multicast name resolution*
+- GP name: *Turn_Off_Multicast*
+- GP path: *Network/DNS Client*
+- GP ADMX file name: *DnsClient.admx*
+
+
+
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
new file mode 100644
index 0000000000..b964fbde10
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -0,0 +1,200 @@
+---
+title: Policy CSP - ADMX_EventForwarding
+description: Policy CSP - ADMX_EventForwarding
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/17/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_EventForwarding
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_EventForwarding policies
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
+
+If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.
+
+If you disable or do not configure this policy setting, forwarder resource usage is not specified.
+
+This setting applies across all subscriptions for the forwarder (source computer).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Configure forwarder resource usage*
+- GP name: *MaxForwardingRate*
+- GP path: *Windows Components/Event Forwarding*
+- GP ADMX file name: *EventForwarding.admx*
+
+
+
+
+
+
+
+
+**ADMX_EventForwarding/SubscriptionManager**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
+
+
+
Business
+
+
+
+
Enterprise
+
+
+
+
Education
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
+
+If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
+
+Use the following syntax when using the HTTPS protocol:
+
+``` syntax
+
+Server=https://:5986/wsman/SubscriptionManager/WEC,Refresh=,IssuerCA=.
+```
+
+When using the HTTP protocol, use port 5985.
+
+If you disable or do not configure this policy setting, the Event Collector computer will not be specified.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Configure target Subscription Manager*
+- GP name: *SubscriptionManager*
+- GP path: *Windows Components/Event Forwarding*
+- GP ADMX file name: *EventForwarding.admx*
+
+
+
+
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 8171271589..eb4a7086d1 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ApplicationDefaults
-description: Policy CSP - ApplicationDefaults
+description: Learn about various Policy configuration service provider (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -219,14 +219,14 @@ This setting supports a range of values between 0 and 1.
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index b2bfd70f15..1f128f9b64 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ApplicationManagement
-description: Policy CSP - ApplicationManagement
+description: Learn about various Policy configuration service provider (CSP) - ApplicationManagement, including SyncML, for Windows 10.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1102,13 +1102,13 @@ XSD:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index faf5c4b079..2a224f8bfe 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - AppRuntime
-description: Control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in.Policy CSP - AppRuntime.
+description: Learn how the Policy CSP - AppRuntime setting controls whether Microsoft accounts are optional for Windows Store apps that require an account to sign in.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -101,14 +101,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index e995b03a11..63cdb4036d 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - AppVirtualization
-description: Policy CSP - AppVirtualization
+description: Learn how the Policy CSP - AppVirtualization setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -2060,14 +2060,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index b68b6cc6cc..e808f11e13 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - AttachmentManager
-description: Manage Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local).
+description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, internet, intranet, local.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -253,14 +253,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index a789c492c3..7d0997f275 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Audit
-description: Policy CSP - Audit
+description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't log on to a computer because the account is locked out.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -4794,14 +4794,14 @@ The following are the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 09c3eaa3ce..51f56ffbbb 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Authentication
-description: Policy CSP - Authentication
+description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign in screen.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -569,14 +569,14 @@ Value type is string.
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index bf7a6a2b3c..15b769497e 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Autoplay
-description: Policy CSP - Autoplay
+description: Learn how the Policy CSP - Autoplay setting disallows AutoPlay for MTP devices like cameras or phones.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -269,14 +269,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index 751c0e3c9c..2f4c7acf11 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -97,14 +97,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index 9024caaee9..2bcc10ea45 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -542,14 +542,14 @@ Supported values range: 0 - 999
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 74dbe86c25..6426fba5e8 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Bluetooth
-description: Policy CSP - Bluetooth
+description: Learn how the Policy CSP - Bluetooth setting specifies whether the device can send out Bluetooth advertisements.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -460,14 +460,14 @@ For more information on allowed key sizes, refer to Bluetooth Core Specification
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 3f68b4b8cb..d2c9190e0b 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Browser
-description: Learn how to set the Policy CSP - Browser settings for Microsoft Edge, version 45 and earlier.
+description: Learn how to use the Policy CSP - Browser settings so you can configure Microsoft Edge browser, version 45 and earlier.
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -4297,13 +4297,13 @@ Most restricted value: 0
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 98202881f8..93e5c5d6cf 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Camera
-description: Policy CSP - Camera
+description: Learn how to use the Policy CSP - Camera setting so that you can configure it to disable or enable the camera.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -99,14 +99,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index dfd4e76549..ccd0ab26c1 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Cellular
-description: Policy CSP - Cellular
+description: Learn how to use the Policy CSP - Cellular setting so you can specify whether Windows apps can access cellular data.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -372,14 +372,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 5a058b41e4..503ee130bc 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Connectivity
-description: Policy CSP - Connectivity
+description: Learn how to use the Policy CSP - Connectivity setting to allow the user to enable Bluetooth or restrict access.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1020,14 +1020,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index d3c88d948c..9a867b0778 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ControlPolicyConflict
-description: Policy CSP - ControlPolicyConflict
+description: Use the Policy CSP - ControlPolicyConflict setting to control which policy is used whenever both the MDM policy and its equivalent Group Policy are set on the device.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -118,14 +118,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index d9cc3f9647..89e4817ce7 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - CredentialProviders
-description: Learn the policy CSP for credential provider set up, sign in, PIN requests and so on.
+description: Learn how to use the policy CSP for credential provider so you can control whether a domain user can sign in using a convenience PIN.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -243,14 +243,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index e59b5c4f9b..71447f45ab 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - CredentialsDelegation
-description: Policy CSP - CredentialsDelegation
+description: Learn how to use the Policy CSP - CredentialsDelegation setting so that remote host can allow delegation of non-exportable credentials.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -103,14 +103,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 7a91173c71..5ccf34a12e 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - CredentialsUI
-description: Policy CSP - CredentialsUI
+description: Learn how to use the Policy CSP - CredentialsUI setting to configure the display of the password reveal button in password entry user experiences.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -179,14 +179,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 536c9f26f4..b141d4387b 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Cryptography
-description: Policy CSP - Cryptography
+description: Learn how to use the Policy CSP - Cryptography setting to allow or disallow the Federal Information Processing Standard (FIPS) policy.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -166,14 +166,14 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index 48da5e5f49..9da8c6ce2c 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - DataProtection
-description: Policy CSP - DataProtection
+description: Use the Policy CSP - DataProtection setting to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -152,14 +152,14 @@ Setting used by Windows 8.1 Selective Wipe.
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index f77f3b029f..cb540b3415 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - DataUsage
-description: Policy CSP - DataUsage
+description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -123,14 +123,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 49855399e3..79fe896cdf 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Defender
-description: Policy CSP - Defender
+description: Learn how to use the Policy CSP - Defender setting so you can allow or disallow scanning of archives.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -3101,14 +3101,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 902ef8e8be..4061074c76 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - DeliveryOptimization
-description: Policy CSP - DeliveryOptimization
+description: Learn how to use the Policy CSP - DeliveryOptimization setting to configure one or more Microsoft Connected Cache servers to be used by Delivery Optimization.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -2027,14 +2027,14 @@ This policy allows an IT Admin to define the following:
Footnotes:
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 5bd60e0feb..dfbed26745 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Desktop
-description: Policy CSP - Desktop
+description: Learn how to use the Policy CSP - Desktop setting to prevent users from changing the path to their profile folders.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -101,14 +101,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index c728512377..2eae3ea3be 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - DeviceGuard
-description: Policy CSP - DeviceGuard
+description: Learn how to use the Policy CSP - DeviceGuard setting to allow the IT admin to configure the launch of System Guard.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -90,7 +90,7 @@ Secure Launch configuration:
- 1 - Enables Secure Launch if supported by hardware
- 2 - Disables Secure Launch.
-For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How hardware-based containers help protect Windows 10](https://docs.microsoft.com/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows).
+For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How a hardware-based root of trust helps protect Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows).
@@ -317,14 +317,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 3d3d4bb035..60d4832fae 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - DeviceHealthMonitoring
-description: Learn which DeviceHealthMonitoring policies are supported for your edition of Windows.
+description: Learn how the Policy CSP - DeviceHealthMonitoring setting is used as an opt-in health monitoring connection between the device and Microsoft.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -227,14 +227,14 @@ In most cases, an IT Pro does not need to define this policy. Instead, it is exp
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 7cd828fb5c..24c7b04cbf 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -2,7 +2,7 @@
title: Policy CSP - DeviceInstallation
ms.reviewer:
manager: dansimp
-description: Policy CSP - DeviceInstallation
+description: Use the Policy CSP - DeviceInstallation setting to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install.
ms.author: dansimp
ms.date: 09/27/2019
ms.topic: article
@@ -946,14 +946,14 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 295364f046..f68a71f820 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - DeviceLock
-description: Policy CSP - DeviceLock
+description: Learn how to use the Policy CSP - DeviceLock setting to specify whether the user must input a PIN or password when the device resumes from an idle state.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1119,14 +1119,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index e0c4a7e431..82dbb630ae 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Display
-description: Policy CSP - Display
+description: Learn how to use the Policy CSP - Display setting to disable Per-Process System DPI for a semicolon-separated list of applications.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -393,14 +393,14 @@ To validate on Desktop, do the following:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 0f3bb358f2..0d8f6b40f8 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - DmaGuard
-description: Policy CSP - DmaGuard
+description: Learn how to use the Policy CSP - DmaGuard setting to provide additional security against external DMA capable devices.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -113,14 +113,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index df04232bea..18cce493eb 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Education
-description: Control graphing functionality in the Windows Calculator app.
+description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -274,14 +274,14 @@ The policy value is expected to be a `````` separated list of printer na
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index 9916989938..e9d1cb8436 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - EnterpriseCloudPrint
-description: Policy CSP - EnterpriseCloudPrint
+description: Use the Policy CSP - EnterpriseCloudPrint setting to define the maximum number of printers that should be queried from a discovery end point.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -376,14 +376,14 @@ The default value is an empty string. Otherwise, the value should contain a URL.
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 751350e7ae..b4f27cc7c0 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ErrorReporting
-description: Policy CSP - ErrorReporting
+description: Learn how to use the Policy CSP - ErrorReporting setting to determine the consent behavior of Windows Error Reporting for specific event types.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -407,14 +407,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 36e7be1042..d86bd44edc 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - EventLogService
-description: Policy CSP - EventLogService
+description: Learn how to use the Policy CSP - EventLogService settting to control Event Log behavior when the log file reaches its maximum size.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -322,14 +322,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index f00b37efad..d9e072c7c3 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Experience
-description: Learn the various Experience policy CSP for Cortana, Sync, Spotlight and more.
+description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1492,14 +1492,14 @@ Supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 4a13105f17..92829f957e 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ExploitGuard
-description: Policy CSP - ExploitGuard
+description: Use the Policy CSP - ExploitGuard setting to push out the desired system configuration and application mitigation options to all the devices in the organization.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -120,14 +120,14 @@ Here is an example:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 0b74f58211..58b2bf5175 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - FileExplorer
-description: Policy CSP - FileExplorer
+description: Use the Policy CSP - FileExplorer setting so you can allow certain legacy plug-in applications to function without terminating Explorer.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -166,14 +166,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index eb633b2e2e..f62143e2a6 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Games
-description: Policy CSP - Games
+description: Learn to use the Policy CSP - Games setting so that you can specify whether advanced gaming services can be used.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -89,14 +89,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index 00a2e84360..dea9168e36 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Handwriting
-description: Policy CSP - Handwriting
+description: Use the Policy CSP - Handwriting setting to allow an enterprise to configure the default mode for the handwriting panel.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -103,14 +103,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 4a4b22eef5..c63c654abe 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - InternetExplorer
-description: Policy CSP - InternetExplorer
+description: Use the Policy CSP - InternetExplorer setting to add a specific list of search providers to the user's default list of search providers.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -19457,14 +19457,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 19eb607a74..b5331fa661 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Kerberos
-description: Policy CSP - Kerberos
+description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -464,14 +464,14 @@ Devices joined to Azure Active Directory in a hybrid environment need to interac
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 4275bfaa7a..be0176ca9b 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - KioskBrowser
-description: Policy CSP - KioskBrowser
+description: Use the Policy CSP - KioskBrowser setting to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -429,14 +429,14 @@ The value is an int 1-1440 that specifies the amount of minutes the session is i
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index e4183f08b5..bb03f10884 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - LanmanWorkstation
-description: Policy CSP - LanmanWorkstation
+description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest logons to an SMB server.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -100,14 +100,14 @@ This setting supports a range of values between 0 and 1.
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index d99c044bcb..bfef6090cc 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Licensing
-description: Policy CSP - Licensing
+description: Use the Policy CSP - Licensing setting to enable or disable Windows license reactivation on managed devices.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -166,14 +166,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 1426fad1c3..8920a8ba90 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -3834,13 +3834,13 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 0858f3de45..bc065532ed 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - LockDown
-description: Policy CSP - LockDown
+description: Use the Policy CSP - LockDown setting to allow the user to invoke any system user interface by swiping in from any screen edge using touch.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -99,14 +99,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 1824c9956a..34c246f134 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Maps
-description: Policy CSP - Maps
+description: Use the Policy CSP - Maps setting to allow the download and update of map data over metered connections.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -164,14 +164,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index 5887db04eb..43fe8e0e47 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -98,14 +98,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 15c99eedf9..d464f4c063 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - MSSecurityGuide
-description: See how this ADMX-backed policy requires a special SyncML format to enable or disable.
+description: Learn how Policy CSP - MSSecurityGuide, an ADMX-backed policy, requires a special SyncML format to enable or disable.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -424,14 +424,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index 768f18e3e2..d4a5030052 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - MSSLegacy
-description: Policy CSP - MSSLegacy
+description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -292,14 +292,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 0613b4b8d8..95d9af4a93 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - NetworkIsolation
-description: Policy CSP - NetworkIsolation
+description: Learn how Policy CSP - NetworkIsolation contains a list of Enterprise resource domains hosted in the cloud that need to be protected.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -544,14 +544,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 76818866d9..fb3651acb0 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -264,14 +264,14 @@ Validation:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 377bc2e1b2..d17cdbe1bc 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Power
-description: Learn the ins and outs of various Policy CSP - Power settings, including SyncML, for Windows 10.
+description: Learn how the Policy CSP - Power setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1731,14 +1731,14 @@ Default value for unattended sleep timeout (plugged in):
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 315f762dff..e93f27025d 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -287,14 +287,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 52e0e7fde5..ca873b0393 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Privacy
-description: Policy CSP - Privacy
+description: Learn how the Policy CSP - Privacy setting allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -5964,14 +5964,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index e36df3ff42..340bef38c2 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - RemoteAssistance
-description: Policy CSP - RemoteAssistance
+description: Learn how the Policy CSP - RemoteAssistance setting allows you to specify a custom message to display.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -371,14 +371,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 5f404f8750..a33ad83d33 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - RemoteDesktopServices
-description: Policy CSP - RemoteDesktopServices
+description: Learn how the Policy CSP - RemoteDesktopServices setting allows you to configure remote access to computers by using Remote Desktop Services.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -498,14 +498,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 692699bfb9..fae950baec 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - RemoteManagement
-description: Policy CSP - RemoteManagement
+description: Learn how the Policy CSP - RemoteManagement setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1152,14 +1152,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index dde7ff458c..493027a454 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - RemoteProcedureCall
-description: Policy CSP - RemoteProcedureCall
+description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they are making contains authentication information.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -190,14 +190,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index e233f89f47..ac6201611a 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - RemoteShell
-description: Policy CSP - RemoteShell
+description: Learn details about the Policy CSP - RemoteShell setting so that you can configure access to remote shells.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -543,14 +543,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 24b822bab5..204cf968b0 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - RestrictedGroups
-description: Policy CSP - RestrictedGroups
+description: Learn how the Policy CSP - RestrictedGroups setting allows an administrator to define the members that are part of a security-sensitive (restricted) group.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -170,13 +170,13 @@ The following table describes how this policy setting behaves in different Windo
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 340ced4d5b..5fe588c782 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Search
-description: Policy CSP - Search
+description: Learn how the Policy CSP - Search setting allows search and Cortana to search cloud sources like OneDrive and SharePoint.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -959,14 +959,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 03d507debd..7c7feb1aeb 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Security
-description: Policy CSP - Security
+description: Learn how the Policy CSP - Security setting can specify whether to allow the runtime configuration agent to install provisioning packages.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -707,14 +707,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 337b071faf..762c801e6c 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - ServiceControlManager
-description: Policy CSP - ServiceControlManager
+description: Learn how the Policy CSP - ServiceControlManager setting enables process mitigation options on svchost.exe processes.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -112,14 +112,14 @@ Supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 63725c1e2e..1e16989ede 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Settings
-description: Policy CSP - Settings
+description: Learn how to use the Policy CSP - Settings setting so that you can allow the user to change Auto Play settings.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -897,13 +897,13 @@ To validate on Desktop, do the following:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 0c11e9b882..2cdf136faf 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - SmartScreen
-description: Policy CSP - SmartScreen
+description: Use the Policy CSP - SmartScreen setting to allow IT Admins to control whether users are allowed to install apps from places other than the Store.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -239,14 +239,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index 3e6b2173c0..39cd9db038 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Speech
-description: Policy CSP - Speech
+description: Learn how the Policy CSP - Speech setting specifies whether the device will receive updates to the speech recognition and speech synthesis models.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -97,14 +97,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 1431f9c0b2..0b6888322b 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Start
-description: Use this policy CSP to control the visibility of the Documents shortcut on the Start menu.
+description: Use the Policy CSP - Start setting to control the visibility of the Documents shortcut on the Start menu.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -2094,14 +2094,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 823f724dd8..52f43753a2 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Storage
-description: Policy CSP - Storage
+description: Learn to use the Policy CSP - Storage settings to automatically clean some of the user’s files to free up disk space.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -731,14 +731,14 @@ See [Use custom settings for Windows 10 devices in Intune](https://docs.microsof
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 5eec6fbe04..9c05c19f4f 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 06/25/2020
+ms.date: 08/12/2020
ms.reviewer:
manager: dansimp
---
@@ -28,9 +28,6 @@ manager: dansimp
@@ -257,88 +245,7 @@ The following list shows the supported values:
-
-
-
-**System/AllowDesktopAnalyticsProcessing**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Desktop Analytics service is configured to use Windows diagnostic data collected from devices.
-
-If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
-
-If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
-
->[!Note]
-> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
-
-
-
-ADMX Info:
-- GP English name: *Allow Desktop Analytics Processing*
-- GP name: *AllowDesktopAnalyticsProcessing*
-- GP path: *Data Collection and Preview Builds*
-- GP ADMX file name: *DataCollection.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Diagnostic data is not processed by Desktop Analytics.
-- 2 – Diagnostic data is allowed to be processed by Desktop Analytics.
-
-
-
-
-
-
-
-
-
-
-
-
**System/AllowDeviceNameInDiagnosticData**
@@ -691,71 +598,6 @@ The following list shows the supported values:
-
-**System/AllowMicrosoftManagedDesktopProcessing**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Microsoft Managed Desktop service is configured to use Windows diagnostic data collected from devices.
-
-If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
-
-If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
-
-> [!Note]
-> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
-
-
-
-The following list shows the supported values:
-
-- 0 (default)– Diagnostic data is not processed by Microsoft Managed Desktop.
-- 32 – Diagnostic data is processed by Microsoft Managed Desktop.
-
-
-
-
-
-
**System/AllowStorageCard**
@@ -950,78 +792,6 @@ ADMX Info:
-
-**System/AllowUpdateComplianceProcessing**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Update Compliance service is configured to use Windows diagnostic data collected from devices.
-
-If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
-
-If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
-
->[!Note]
-> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) setting to limit the diagnostic data that can be collected from the device.
-
-
-
-ADMX Info:
-- GP English name: *Enable Update Compliance Processing*
-- GP name: *AllowUpdateComplianceProcessing*
-- GP path: *Data Collection and Preview Builds*
-- GP ADMX file name: *DataCollection.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default)– Diagnostic data is not processed by Update Compliance.
-- 16 – Diagnostic data is allowed to be processed by Update Compliance.
-
-
-
-
-
**System/AllowUserToResetPhone**
@@ -1081,71 +851,6 @@ The following list shows the supported values:
-
-
-**System/AllowWUfBCloudProcessing**
-
-
-
-
-
Windows Edition
-
Supported?
-
-
-
Home
-
-
-
-
Pro
-
-
-
-
Business
-
-
-
-
Enterprise
-
-
-
-
Education
-
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Windows Update for Business cloud service is configured to use Windows diagnostic data collected from devices.
-
-If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
-
-If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
-
->[!Note]
-> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
-
-
-
-
-The following list shows the supported values:
-- 0 (default) – Diagnostic data is not processed by Windows Update for Business cloud.
-- 8 – Diagnostic data is allowed to be processed by Windows Update for Business cloud.
-
-
-
-
-
**System/BootStartDriverInitialization**
@@ -2064,13 +1769,13 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 8318b0cc11..a7f98a6c0c 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - SystemServices
-description: Policy CSP - SystemServices
+description: Learn how to use the Policy CSP - SystemServices setting to determine whether the service's start type is Automatic(2), Manual(3), Disabled(4).
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -388,14 +388,14 @@ GP Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 186e946c60..ce84398393 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - TaskManager
-description: Policy CSP - TaskManager
+description: Learn how to use the Policy CSP - TaskManager setting to determine whether non-administrators can use Task Manager to end tasks.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -97,14 +97,14 @@ When the policy is set to 0 - users CANNOT execute 'End task' on processes in Ta
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 2e1ccf2db8..ab6ec4d46c 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - TaskScheduler
-description: Policy CSP - TaskScheduler
+description: Learn how to use the Policy CSP - TaskScheduler setting to determine whether the specific task is enabled (1) or disabled (0).
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -82,13 +82,13 @@ Added in Windows 10, version 1803. This setting determines whether the specific
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 79e47c91f8..99360d692b 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - TextInput
-description: Policy CSP - TextInput
+description: The Policy CSP - TextInput setting allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1708,14 +1708,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 506b7fce62..8ef9349148 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - TimeLanguageSettings
-description: Learn which TimeLanguageSettings policies are supported for your edition of Windows.
+description: Learn to use the Policy CSP - TimeLanguageSettings setting to specify the time zone to be applied to the device.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -91,14 +91,14 @@ Specifies the time zone to be applied to the device. This is the standard Window
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index 125cc2149f..c7862d0866 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Troubleshooting
-description: Policy CSP - Troubleshooting
+description: The Policy CSP - Troubleshooting setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -140,14 +140,14 @@ By default, this policy is not configured and the SKU based defaults are used fo
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 3c5cf80686..38e9dd4066 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Update
-description: Manage a range of active hours for when update reboots are not scheduled.
+description: The Policy CSP - Update allows the IT admin, when used with Update/ActiveHoursStart, to manage a range of active hours where update reboots aren't scheduled.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -4442,14 +4442,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 69a0f091d0..df12efd32b 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - UserRights
-description: Policy CSP - UserRights
+description: Learn how user rights are assigned for user accounts or groups, and how the name of the policy defines the user right in question.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1881,12 +1881,12 @@ GP Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 1d300f2268..db63da7a5a 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - Wifi
-description: Policy CSP - Wifi
+description: Learn how the Policy CSP - Wifi setting allows or disallows the device to automatically connect to Wi-Fi hotspots.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -436,14 +436,14 @@ Supported operations are Add, Delete, Get, and Replace.
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 12e05d914f..4f89b78bcf 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - WindowsConnectionManager
-description: Policy CSP - WindowsConnectionManager
+description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain based network and a non-domain based network simultaneously.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -109,14 +109,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index ab032c05be..a4cd3536f0 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - WindowsDefenderSecurityCenter
-description: Policy CSP - WindowsDefenderSecurityCenter
+description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -1602,14 +1602,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 3306ca9d6e..e60269d795 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - WindowsInkWorkspace
-description: Policy CSP - WindowsInkWorkspace
+description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -168,14 +168,14 @@ Value type is int. The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index ec19f8ef3e..c7ccb54106 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - WindowsLogon
-description: Policy CSP - WindowsLogon
+description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -606,14 +606,14 @@ To validate on Desktop, do the following:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 7ad19cb828..b60def1361 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - WindowsPowerShell
-description: Policy CSP - WindowsPowerShell
+description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -106,14 +106,14 @@ ADMX Info:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index e261f4ec6b..3aff9aac6c 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - WirelessDisplay
-description: Policy CSP - WirelessDisplay
+description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -540,14 +540,14 @@ The following list shows the supported values:
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md
index fed6d0138d..6e3d43c649 100644
--- a/windows/client-management/mdm/policy-csps-admx-backed.md
+++ b/windows/client-management/mdm/policy-csps-admx-backed.md
@@ -9,7 +9,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 07/18/2019
+ms.date: 08/18/2020
---
# ADMX-backed policy CSPs
@@ -21,6 +21,51 @@ ms.date: 07/18/2019
>
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
+- [ADMX_AddRemovePrograms/DefaultCategory](/policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-defaultcategory)
+- [ADMX_AddRemovePrograms/NoAddFromCDorFloppy](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfromcdorfloppy)
+- [ADMX_AddRemovePrograms/NoAddFromInternet](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfrominternet)
+- [ADMX_AddRemovePrograms/NoAddFromNetwork](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddfromnetwork)
+- [ADMX_AddRemovePrograms/NoAddPage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddpage)
+- [ADMX_AddRemovePrograms/NoAddRemovePrograms](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noaddremoveprograms)
+- [ADMX_AddRemovePrograms/NoChooseProgramsPage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nochooseprogramspage)
+- [ADMX_AddRemovePrograms/NoRemovePage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noremovepage)
+- [ADMX_AddRemovePrograms/NoServices](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noservices)
+- [ADMX_AddRemovePrograms/NoSupportInfo](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nosupportinfo)
+- [ADMX_AddRemovePrograms/NoWindowsSetupPage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nowindowssetuppage)
+- [ADMX_AppCompat/AppCompatPrevent16BitMach](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatprevent16bitmach)
+- [ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatremoveprogramcompatproppage)
+- [ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffapplicationimpacttelemetry)
+- [ADMX_AppCompat/AppCompatTurnOffSwitchBack](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffswitchback)
+- [ADMX_AppCompat/AppCompatTurnOffEngine](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffengine)
+- [ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprogramcompatibilityassistant_1)
+- [ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprogramcompatibilityassistant_2)
+- [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord)
+- [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory)
+- [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline)
+- [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries)
+- [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname)
+- [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain)
+- [ADMX_DnsClient/DNS_DomainNameDevolutionLevel](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domainnamedevolutionlevel)
+- [ADMX_DnsClient/DNS_IdnEncoding](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-idnencoding)
+- [ADMX_DnsClient/DNS_IdnMapping](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-idnmapping)
+- [ADMX_DnsClient/DNS_NameServer](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-nameserver)
+- [ADMX_DnsClient/DNS_PreferLocalResponsesOverLowerOrderDns](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-preferlocalresponsesoverlowerorderdns)
+- [ADMX_DnsClient/DNS_PrimaryDnsSuffix](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-primarydnssuffix)
+- [ADMX_DnsClient/DNS_RegisterAdapterName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registeradaptername)
+- [ADMX_DnsClient/DNS_RegisterReverseLookup](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registerreverselookup)
+- [ADMX_DnsClient/DNS_RegistrationEnabled](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationenabled)
+- [ADMX_DnsClient/DNS_RegistrationOverwritesInConflict](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationoverwritesinconflict)
+- [ADMX_DnsClient/DNS_RegistrationRefreshInterval](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationrefreshinterval)
+- [ADMX_DnsClient/DNS_RegistrationTtl](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-registrationttl)
+- [ADMX_DnsClient/DNS_SearchList](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-searchlist)
+- [ADMX_DnsClient/DNS_SmartMultiHomedNameResolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-smartmultihomednameresolution)
+- [ADMX_DnsClient/DNS_SmartProtocolReorder](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-smartprotocolreorder)
+- [ADMX_DnsClient/DNS_UpdateSecurityLevel](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatesecuritylevel)
+- [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones)
+- [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution)
+- [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast)
+- [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage)
+- [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager)
- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
@@ -406,8 +451,6 @@ ms.date: 07/18/2019
- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
-- [System/AllowDesktopAnalyticsProcessing](./policy-csp-system.md#system-allowdesktopanalyticsprocessing)
-- [System/AllowUpdateComplianceProcessing](./policy-csp-system.md#system-allowppdatecomplianceprocessing)
- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md
index 0a0040f58c..e5cdb0f0ca 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md
@@ -97,14 +97,14 @@ ms.date: 05/11/2020
Footnotes:
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
## Related topics
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 7a522ee312..27c1aceaf0 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Policy DDF file
-description: Policy DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md
index ad4bb24be7..656e292b4e 100644
--- a/windows/client-management/mdm/policymanager-csp.md
+++ b/windows/client-management/mdm/policymanager-csp.md
@@ -1,6 +1,6 @@
---
title: PolicyManager CSP
-description: PolicyManager CSP
+description: Learn how PolicyManager CSP is deprecated. For Windows 10 devices you should use Policy CSP, which replaces PolicyManager CSP.
ms.assetid: 048427b1-6024-4660-8660-bd91c583f7f9
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md
index cced09bc2b..c1d9034fe8 100644
--- a/windows/client-management/mdm/proxy-csp.md
+++ b/windows/client-management/mdm/proxy-csp.md
@@ -1,6 +1,6 @@
---
title: PROXY CSP
-description: PROXY CSP
+description: Learn how the PROXY configuration service provider (CSP) is used to configure proxy connections.
ms.assetid: 9904d44c-4a1e-4ae7-a6c7-5dba06cb16ce
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index e7cb92b9c4..d906bca3da 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -1,6 +1,6 @@
---
title: Reboot CSP
-description: Reboot CSP
+description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings.
ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md
index 61d34774a7..4978cc70e0 100644
--- a/windows/client-management/mdm/registry-csp.md
+++ b/windows/client-management/mdm/registry-csp.md
@@ -1,6 +1,6 @@
---
title: Registry CSP
-description: Registry CSP
+description: In this article, learn how to use the Registry configuration service provider (CSP) to update registry settings.
ms.assetid: 2307e3fd-7b61-4f00-94e1-a639571f2c9d
ms.reviewer:
manager: dansimp
@@ -17,7 +17,8 @@ ms.date: 06/26/2017
The Registry configuration service provider is used to update registry settings. However, if there is configuration service provider that is specific to the settings that need to be updated, use the specific configuration service provider.
-> **Note** The Registry CSP is only supported in Windows 10 Mobile for OEM configuration. Do not use this CSP for enterprise remote management.
+> [!NOTE]
+> The Registry CSP is only supported in Windows 10 Mobile for OEM configuration. Do not use this CSP for enterprise remote management.
For Windows 10 Mobile only, this configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application.
@@ -32,13 +33,12 @@ For OMA Client Provisioning, the follows notes apply:
- This documentation describes the default characteristics. Additional characteristics may be added.
-- Because the **Registry** configuration service provider uses the backslash (\) character as a separator between key names, backslashes which occur in the name of a registry key must be escaped. Backslashes can be escaped by using two sequential backslashes (\\\).
+- Because the **Registry** configuration service provider uses the backslash (\\) character as a separator between key names, backslashes which occur in the name of a registry key must be escaped. Backslashes can be escaped by using two sequential backslashes (\\\\).
The default security role maps to each subnode unless specific permission is granted to the subnode. The security role for subnodes is implementation specific, and can be changed by OEMs and mobile operators.
## Microsoft Custom Elements
-
The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
@@ -75,11 +75,10 @@ The following table shows the Microsoft custom elements that this configuration
-
Use these elements to build standard OMA Client Provisioning configuration XML. For information about specific elements, see MSPROV DTD elements.
-## Supported Data Types
+## Supported Data Types
The following table shows the data types this configuration service provider supports.
diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md
index 164f8d4a66..6b6bc9c191 100644
--- a/windows/client-management/mdm/registry-ddf-file.md
+++ b/windows/client-management/mdm/registry-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Registry DDF file
-description: Registry DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Registry configuration service provider (CSP).
ms.assetid: 29b5cc07-f349-4567-8a77-387d816a9d15
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md
index 2408353c86..d740994fc1 100644
--- a/windows/client-management/mdm/remotelock-ddf-file.md
+++ b/windows/client-management/mdm/remotelock-ddf-file.md
@@ -1,6 +1,6 @@
---
title: RemoteLock DDF file
-description: RemoteLock DDF file
+description: Learn about the OMA DM device description framework (DDF) for the RemoteLock configuration service provider (CSP).
ms.assetid: A301AE26-1BF1-4328-99AB-1ABBA4960797
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md
index 726df442f0..999d8b629e 100644
--- a/windows/client-management/mdm/remotering-csp.md
+++ b/windows/client-management/mdm/remotering-csp.md
@@ -1,6 +1,6 @@
---
title: RemoteRing CSP
-description: RemoteRing CSP
+description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device.
ms.assetid: 70015243-c07f-46cb-a0f9-4b4ad13a5609
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 3ee8a2cd21..efd8cdac2b 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -1,6 +1,6 @@
---
title: RemoteWipe CSP
-description: RemoteWipe CSP
+description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device.
ms.assetid: 6e89bd37-7680-4940-8a67-11ed062ffb70
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index 12a8de389a..36a83bee33 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -1,6 +1,6 @@
---
title: RemoteWipe DDF file
-description: RemoteWipe DDF file
+description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider.
ms.assetid: 10ec4fb7-f911-4d0c-9a8f-e96bf5faea0c
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
index 1b4f1ec6bc..ad6dd045e3 100644
--- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
+++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
@@ -1,6 +1,6 @@
---
title: REST API reference for Microsoft Store for Business
-description: REST API reference for Microsoft Store for Business--includes available operations and data structures.
+description: Learn how the REST API reference for Microsoft Store for Business includes available operations and data structures.
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference'
- 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business'
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 132e196cc0..1c5b7912aa 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -1,6 +1,6 @@
---
title: RootCATrustedCertificates CSP
-description: RootCATrustedCertificates CSP
+description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates.
ms.assetid: F2F25DEB-9DB3-40FB-BC3C-B816CE470D61
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index a80fb75af6..166dfc0d43 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -1,6 +1,6 @@
---
title: RootCATrustedCertificates DDF file
-description: RootCATrustedCertificates DDF file
+description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP).
ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index 7d972a5a96..6585261229 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -1,6 +1,6 @@
---
title: SecureAssessment CSP
-description: SecureAssessment CSP
+description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser.
ms.assetid: 6808BE4B-961E-4638-BF15-FD7841D1C00A
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md
index 9b8b3ce65d..9e203d4d39 100644
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@@ -1,6 +1,6 @@
---
title: SecurityPolicy CSP
-description: SecurityPolicy CSP
+description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
ms.assetid: 6014f8fe-f91b-49f3-a357-bdf625545bc9
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md
index 50b8b73b30..032469c901 100644
--- a/windows/client-management/mdm/server-requirements-windows-mdm.md
+++ b/windows/client-management/mdm/server-requirements-windows-mdm.md
@@ -1,6 +1,6 @@
---
title: Server requirements for using OMA DM to manage Windows devices
-description: Server requirements for using OMA DM to manage Windows devices
+description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM.
MS-HAID:
- 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm'
- 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm'
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index b9ea9c1767..61e26ea7a0 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -1,6 +1,6 @@
---
title: SharedPC DDF file
-description: SharedPC DDF file
+description: Learn how the OMA DM device description framework (DDF) for the SharedPC configuration service provider (CSP).
ms.assetid: 70234197-07D4-478E-97BB-F6C651C0B970
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index 6ed19c97e1..3cb5d8920c 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -1,6 +1,6 @@
---
title: Storage CSP
-description: Storage CSP
+description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings.
ms.assetid: b19bdb54-53ed-42ce-a5a1-269379013f57
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index 9d9be94f93..17340fbf2d 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Storage DDF file
-description: See how storage configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP).
ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
index 0e0293bca8..2b482383bd 100644
--- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
@@ -1,6 +1,6 @@
---
title: Structure of OMA DM provisioning files
-description: Structure of OMA DM provisioning files
+description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
ms.assetid: 7bd3ef57-c76c-459b-b63f-c5a333ddc2bc
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 28d0b9c42e..45e335fdf9 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -1,6 +1,6 @@
---
title: SUPL CSP
-description: SUPL CSP
+description: Learn how the SUPL configuration service provider (CSP) is used to configure the location client.
ms.assetid: afad0120-1126-4fc5-8e7a-64b9f2a5eae1
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index ad901702a5..b064d57b68 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -1,6 +1,6 @@
---
title: TenantLockdown DDF file
-description: XML file containing the device description framework for the TenantLockdown configuration service provider.
+description: XML file containing the device description framework for the TenantLockdown configuration service provider (CSP).
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index 36f46f9df1..f97ea96a00 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -1,6 +1,6 @@
---
title: TPMPolicy CSP
-description: TPMPolicy CSP
+description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md
index fcdb101ad2..fd463047e0 100644
--- a/windows/client-management/mdm/tpmpolicy-ddf-file.md
+++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md
@@ -1,6 +1,6 @@
---
title: TPMPolicy DDF file
-description: TPMPolicy DDF file
+description: Learn about the OMA DM device description framework (DDF) for the TPMPolicy configuration service provider (CSP).
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md
index 808685d36d..1432ef811a 100644
--- a/windows/client-management/mdm/uefi-ddf.md
+++ b/windows/client-management/mdm/uefi-ddf.md
@@ -1,6 +1,6 @@
---
title: UEFI DDF file
-description: UEFI DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Uefi configuration service provider (CSP).
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index 310b0192c6..183c89df6d 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -1,6 +1,6 @@
---
title: Update CSP
-description: Update CSP
+description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates.
ms.assetid: F1627B57-0749-47F6-A066-677FDD3D7359
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index 731adeeb60..44f580cb4f 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Update DDF file
-description: Update DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP).
ms.assetid: E236E468-88F3-402A-BA7A-834ED38DD388
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 7b8f154145..60702d4f69 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -1,6 +1,6 @@
---
title: VPN CSP
-description: VPN CSP
+description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
ms.assetid: 05ca946a-1c0b-4e11-8d7e-854e14740707
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index b3e8aef28c..889a2f8f25 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -1,6 +1,6 @@
---
title: VPN DDF file
-description: VPN DDF file
+description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP).
ms.assetid: 728FCD9C-0B8E-413B-B54A-CD72C9F2B9EE
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index c7555d45bf..df6b648e6e 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -1,6 +1,6 @@
---
title: VPNv2 CSP
-description: VPNv2 CSP
+description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index e4c93ad525..51a1739756 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -1,6 +1,6 @@
---
title: w4 APPLICATION CSP
-description: w4 APPLICATION CSP
+description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS).
ms.assetid: ef42b82a-1f04-49e4-8a48-bd4e439fc43a
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index eff35b4fd4..20f21f79bc 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -1,6 +1,6 @@
---
title: w7 APPLICATION CSP
-description: w7 APPLICATION CSP
+description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account.
ms.assetid: 10f8aa16-5c89-455d-adcd-d7fb45d4e768
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index 70f5a31c7c..174c633ba4 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -1,6 +1,6 @@
---
title: WiFi CSP
-description: The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device.
+description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device.
ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index 2c51e50a62..8dff039754 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -1,6 +1,6 @@
---
title: WiFi DDF file
-description: WiFi DDF file
+description: Learn about the OMA DM device description framework (DDF) for the WiFi configuration service provider (CSP).
ms.assetid: 00DE1DA7-23DE-4871-B3F0-28EB29A62D61
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index abcbb92914..f6b422ce6d 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -1,6 +1,6 @@
---
title: Win32AppInventory CSP
-description: Win32AppInventory CSP
+description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device.
ms.assetid: C0DEDD51-4EAD-4F8E-AEE2-CBE9658BCA22
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index b22b7284fa..1f20685d75 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -1,6 +1,6 @@
---
title: Win32AppInventory DDF file
-description: See the OMA DM device description framework (DDF) for the **Win32AppInventory** configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP).
ms.assetid: F6BCC10B-BFE4-40AB-AEEE-34679A4E15B0
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index 2570e65b3d..be248b783d 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -1,6 +1,6 @@
---
-title: Win32CompatibilityAppraiser CSP
-description:
+title: Win32CompatibilityAppraiser CSP
+description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health.
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index 2508fa2863..c68424cd04 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -1,6 +1,6 @@
---
title: WindowsAdvancedThreatProtection CSP
-description: WindowsAdvancedThreatProtection CSP
+description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
ms.assetid: 6C3054CA-9890-4C08-9DB6-FBEEB74699A8
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 583ea67e75..5877c32e22 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -1,6 +1,6 @@
---
title: WindowsAdvancedThreatProtection DDF file
-description: WindowsAdvancedThreatProtection DDF file
+description: Learn how the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP).
ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 63373c2a34..59f3f7c19e 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -30,9 +30,11 @@ Turn on Microsoft Defender Application Guard in Enterprise Mode.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-The following list shows the supported values:
-- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
-- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
+The following list shows the supported values:
+- 0 - Disable Microsoft Defender Application Guard
+- 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
+- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
+- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments
**Settings/ClipboardFileType**
Determines the type of content that can be copied from the host to Application Guard environment and vice versa.
@@ -297,4 +299,4 @@ ADMX Info:
- GP name: *AuditApplicationGuard*
- GP path: *Windows Components/Microsoft Defender Application Guard*
- GP ADMX file name: *AppHVSI.admx*
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index e519d6dcd8..847d9d69c8 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,6 +1,6 @@
---
title: WindowsDefenderApplicationGuard DDF file
-description: See the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider.
+description: learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP).
ms.author: dansimp
ms.topic: article
ms.prod: w10
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 58a5040b72..b46f76e935 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -1,6 +1,6 @@
---
title: WindowsLicensing CSP
-description: WindowsLicensing CSP
+description: Learn how the WindowsLicensing configuration service provider (CSP) is designed for licensing related management scenarios.
ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index c5037971d9..7b8cb3437e 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -1,6 +1,6 @@
---
title: WindowsLicensing DDF file
-description: WindowsLicensing DDF file
+description: Learn about the OMA DM device description framework (DDF) for the WindowsLicensing configuration service provider (CSP).
ms.assetid: 2A24C922-A167-4CEE-8F74-08E7453800D2
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 3462504a92..4693bb6596 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -1,6 +1,6 @@
---
title: New policies for Windows 10 (Windows 10)
-description: Windows 10 includes the following new policies for management.
+description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components.
ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md
index d0806c95e1..4f7a2555e1 100644
--- a/windows/client-management/system-failure-recovery-options.md
+++ b/windows/client-management/system-failure-recovery-options.md
@@ -1,6 +1,6 @@
---
title: Configure system failure and recovery options in Windows
-description: Learn about the system failure and recovery options in Windows.
+description: Learn how to configure the actions that Windows takes when a system error occurs and what the recovery options are.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md
index 667776a7f8..0bdc744338 100644
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@@ -1,6 +1,6 @@
---
title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device
-description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device
+description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error may occur after some changes are made to the computer,
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md
index 57398a2764..7ff85215fe 100644
--- a/windows/client-management/troubleshoot-networking.md
+++ b/windows/client-management/troubleshoot-networking.md
@@ -2,7 +2,7 @@
title: Advanced troubleshooting for Windows networking
ms.reviewer:
manager: dansimp
-description: Learn how to troubleshoot networking
+description: Learn about the topics that are available to help you troubleshoot common problems related to Windows networking.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index 3fe73d34ec..7eabdf0411 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -2,7 +2,7 @@
title: Advanced troubleshooting for Stop error or blue screen error issue
ms.reviewer:
manager: dansimp
-description: Learn how to troubleshoot Stop error or blue screen issues.
+description: Learn advanced options for troubleshooting Stop errors, also known as blue screen errors or bug check errors.
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md
index fe6e32ce59..0d4f00510a 100644
--- a/windows/client-management/troubleshoot-tcpip-connectivity.md
+++ b/windows/client-management/troubleshoot-tcpip-connectivity.md
@@ -1,6 +1,6 @@
---
title: Troubleshoot TCP/IP connectivity
-description: Learn how to troubleshoot TCP/IP connectivity.
+description: Learn how to troubleshoot TCP/IP connectivity and what you should do if you come across TCP reset in a network capture.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md
index 739c11d55d..f708897928 100644
--- a/windows/client-management/troubleshoot-tcpip-netmon.md
+++ b/windows/client-management/troubleshoot-tcpip-netmon.md
@@ -16,6 +16,9 @@ manager: dansimp
In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic.
+> [Note]
+> Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide).
+
To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image.
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index a33d808d2f..40c0ff98c2 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -1,6 +1,6 @@
---
title: Troubleshoot port exhaustion issues
-description: Learn how to troubleshoot port exhaustion issues.
+description: Learn how to troubleshoot port exhaustion issues. Port exhaustion occurs when all the ports on a machine are used.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
index 7fd5ff086f..37b4dfa002 100644
--- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md
+++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
@@ -1,6 +1,6 @@
---
title: Troubleshoot Remote Procedure Call (RPC) errors
-description: Learn how to troubleshoot Remote Procedure Call (RPC) errors
+description: Learn how to troubleshoot Remote Procedure Call (RPC) errors when connecting to Windows Management Instrumentation (WMI), SQL Server, or during a remote connection.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-tcpip.md b/windows/client-management/troubleshoot-tcpip.md
index 378c042899..48a95cd4e0 100644
--- a/windows/client-management/troubleshoot-tcpip.md
+++ b/windows/client-management/troubleshoot-tcpip.md
@@ -1,6 +1,6 @@
---
title: Advanced troubleshooting for TCP/IP issues
-description: Learn how to troubleshoot common problems in a TCP/IP network environment.
+description: Learn how to troubleshoot common problems in a TCP/IP network environment, for example by collecting data using Network monitor.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index 3a584ddb8f..b50e43abae 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -2,7 +2,7 @@
title: Advanced troubleshooting for Windows-based computer freeze issues
ms.reviewer:
manager: dansimp
-description: Learn how to troubleshoot computer freeze issues on Windows-based computers and servers.
+description: Learn how to troubleshoot computer freeze issues on Windows-based computers and servers. Also, you can learn how to diagnose, identify, and fix these issues.
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md
index 0e39db4b3f..bd9f09bfd0 100644
--- a/windows/client-management/troubleshoot-windows-startup.md
+++ b/windows/client-management/troubleshoot-windows-startup.md
@@ -1,6 +1,6 @@
---
title: Advanced troubleshooting for Windows start-up issues
-description: Learn how to troubleshoot Windows start-up issues.
+description: Learn advanced options for how to troubleshoot common Windows start-up issues, like system crashes and freezes.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index 8c30018235..671e14612b 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -1,6 +1,6 @@
---
title: Troubleshooting Windows 10
-description: Get links to troubleshooting articles for Windows 10 issues
+description: Learn where to find information about troubleshooting Windows 10 issues, for example Bitlocker issues and bugcheck errors.
ms.reviewer: kaushika
manager: dansimp
ms.prod: w10
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 700b2a16cc..875beb0290 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -2,7 +2,7 @@
title: Change history for Configure Windows 10 (Windows 10)
ms.reviewer:
manager: dansimp
-description: View changes to documentation for configuring Windows 10.
+description: Learn about new and updated topics in the Configure Windows 10 documentation for Windows 10 and Windows 10 Mobile.
keywords:
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
index 0a333370c9..fe5186f6cf 100644
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@@ -1,6 +1,6 @@
---
title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
-description: Windows 10 has a brand new Start experience.
+description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
ms.assetid: 612FB68A-3832-451F-AA97-E73791FEAA9F
ms.reviewer:
manager: dansimp
diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md
index 037e389943..1e6ec5db4b 100644
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/configure-windows-10-taskbar.md
@@ -1,6 +1,6 @@
---
title: Configure Windows 10 taskbar (Windows 10)
-description: Admins can pin apps to users' taskbars.
+description: Administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
keywords: ["taskbar layout","pin apps"]
ms.prod: w10
ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
index 9b2fcfb9c3..d89ff3d90b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
@@ -1,6 +1,6 @@
---
title: Send feedback about Cortana at work back to Microsoft
-description: How to send feedback to Microsoft about Cortana at work.
+description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues..
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index 5158bc4ada..5d8a6999f8 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -32,11 +32,11 @@ Cortana requires a PC running Windows 10, version 1703 or later, as well as the
>[!NOTE]
>A microphone isn't required to use Cortana.
-|**Software** |**Minimum version** |
+| Software | Minimum version |
|---------|---------|
|Client operating system | Desktop: - Windows 10, version 2004 (recommended)
- Windows 10, version 1703 (legacy version of Cortana)
Mobile: Windows 10 mobile, version 1703 (legacy version of Cortana)
For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-overview#how-is-my-data-processed-by-cortana) below. |
-|Azure Active Directory (Azure AD) | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn’t required. |
-|Additional policies (Group Policy and Mobile Device Management (MDM)) |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn Cortana off. For example, if you turn **Speech** off, your employees won't be able to use the wake word (“Cortana”) for hands-free activation or voice commands to easily ask for help. |
+|Azure Active Directory (Azure AD) | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn't required. |
+|Additional policies (Group Policy and Mobile Device Management (MDM)) |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn Cortana off. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help. |
## Signing in using Azure AD
@@ -55,7 +55,7 @@ Cortana enterprise services that can be accessed using Azure AD through Cortana
The table below describes the data handling for Cortana enterprise services.
-|**Name** |**Description** |
+| Name | Description |
|---------|---------|
|**Storage** |Customer Data is stored on Microsoft servers inside the Office 365 cloud. Your data is part of your tenant. Speech audio is not retained. |
|**Stays in Geo** |Customer Data is stored on Microsoft servers inside the Office 365 cloud in Geo. Your data is part of your tenant. |
@@ -66,7 +66,7 @@ The table below describes the data handling for Cortana enterprise services.
#### How does the wake word (Cortana) work? If I enable it, is Cortana always listening?
>[!NOTE]
->The wake word has been temporarily disabled in the latest version of Cortana in Windows but will be restored soon. You can still click on the microphone button to use your voice with Cortana.
+>The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.
Cortana only begins listening for commands or queries when the wake word is detected, or the microphone button has been selected.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index de5e546244..e2dfea47f8 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -1,5 +1,5 @@
---
-title: Sign-in to Azure AD and manage notebook with Cortana (Windows 10)
+title: Sign into Azure AD, enable the wake word, and try a voice query
description: A test scenario walking you through signing in and managing the notebook.
ms.prod: w10
ms.mktglfcycl: manage
@@ -7,7 +7,6 @@ ms.sitesec: library
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
-ms.date: 10/05/2017
ms.reviewer:
manager: dansimp
---
@@ -15,7 +14,7 @@ manager: dansimp
# Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query
>[!NOTE]
->The wake word has been temporarily disabled in the latest version of Cortana in Windows but will be restored soon.
+>The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.
1. Select the **Cortana** icon in the task bar and sign in using your Azure AD account.
@@ -23,13 +22,13 @@ manager: dansimp
3. Toggle **Wake word** to **On** and close Cortana.
-4. Say **Cortana, what can you do?**.
+4. Say **Cortana, what can you do?**
-When you say **Cortana**, Cortana will open in listening mode to acknowledge the wake word.
+ When you say **Cortana**, Cortana will open in listening mode to acknowledge the wake word.
-:::image type="content" source="../screenshot4.png" alt-text="Screenshot: Cortana listening mode":::
+ :::image type="content" source="../screenshot4.png" alt-text="Screenshot: Cortana listening mode":::
-Once you finish saying your query, Cortana will open with the result.
+ Once you finish saying your query, Cortana will open with the result.
>[!NOTE]
->If you've disabled the wake word using MDM or Group Policy, you will need to manually activate the microphone by selecting Cortana, then the mic button.
\ No newline at end of file
+>If you've disabled the wake word using MDM or Group Policy, you will need to manually activate the microphone by selecting Cortana, then the mic button.
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index c319385e70..0ff39ff4c9 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -3,7 +3,7 @@ title: Configure kiosks and digital signs on Windows desktop editions (Windows 1
ms.reviewer:
manager: dansimp
ms.author: dansimp
-description: Learn about the methods for configuring kiosks.
+description: In this article, learn about the methods for configuring kiosks and digital signs on Windows desktop editions.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index f4825a951e..f7be8e35d2 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -1,6 +1,6 @@
---
title: Prepare a device for kiosk configuration (Windows 10)
-description: Some tips for device settings on kiosks.
+description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer:
manager: dansimp
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index 6a42e81700..479b7ca96e 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -1,6 +1,6 @@
---
title: Troubleshoot kiosk mode issues (Windows 10)
-description: Tips for troubleshooting multi-app kiosk configuration.
+description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
ms.reviewer:
manager: dansimp
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 34b8124fa2..02e0fbc422 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -1,6 +1,6 @@
---
title: Validate kiosk configuration (Windows 10)
-description: Learn what to expect on a multi-app kiosk in Windows 10 Pro, Enterprise, and Education.
+description: In this article, learn what to expect on a multi-app kiosk in Windows 10 Pro, Enterprise, and Education.
ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
ms.reviewer:
manager: dansimp
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index 3de98a5454..f82225a7fe 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,6 +1,6 @@
---
title: Provision PCs with apps (Windows 10)
-description: Add apps to a Windows 10 provisioning package.
+description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
keywords: ["runtime provisioning", "provisioning package"]
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 035bdf4010..5b464073a9 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,6 +1,6 @@
---
title: Create a provisioning package (Windows 10)
-description: Learn how to create a provisioning package for Windows 10. Provisioning packages let you quickly configure a device without having to install a new image.
+description: Learn how to create a provisioning package for Windows 10, which lets you quickly configure a device without having to install a new image.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
@@ -21,44 +21,46 @@ manager: dansimp
- Windows 10
- Windows 10 Mobile
-You use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10 or Windows 10 Mobile.
+You can use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings, and then apply the provisioning package to a device running Windows 10 or Windows 10 Mobile.
>[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
->[!TIP]
->We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain.
+> [!TIP]
+> We recommend creating a local admin account when you develop and test your provisioning package. We also recommend using a *least privileged* domain user account to join devices to the Active Directory domain.
## Start a new project
1. Open Windows Configuration Designer:
- - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
+ - From either the Start screen or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut.
or
- - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
+ - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then select **ICD.exe**.
2. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image:
- - The wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices. Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizardS](provisioning-packages.md#configuration-designer-wizards).
+ - The following wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices:
- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
- [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
- [Instructions for HoloLens wizard](https://technet.microsoft.com/itpro/hololens/hololens-provisioning)
- [Instructions for Surface Hub wizard](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub)
+
+ Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
- - The **Advanced provisioning** option opens a new project with all **Runtime settings** available. *The rest of this procedure uses advanced provisioning.*
+ - The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
>[!TIP]
> You can start a project in the simple wizard editor and then switch the project to the advanced editor.
>
> 
-3. Enter a name for your project, and then click **Next**.
+3. Enter a name for your project, and then select **Next**.
-4. Select the settings you want to configure, based on the type of device, and then click **Next**. The following table describes the options.
+4. Select the settings you want to configure, based on the type of device, and then select **Next**. The following table describes the options.
| Windows edition | Settings available for customization | Provisioning package can apply to |
@@ -71,12 +73,12 @@ You use Windows Configuration Designer to create a provisioning package (.ppkg)
| Common to Windows 10 Team edition | Common settings and settings specific to Windows 10 Team | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) |
-5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then click **Finish**.
+5. On the **Import a provisioning package (optional)** page, you can select **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then select **Finish**.
>[!TIP]
->**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages you create so you don't have to reconfigure those common settings repeatedly.
+>**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages that you create so you don't have to reconfigure those common settings repeatedly.
-After you click **Finish**, Windows Configuration Designer will open the **Available customizations** pane and you can then configure settings for the package.
+6. In the **Available customizations** pane, you can now configure settings for the package.
@@ -94,7 +96,7 @@ The process for configuring settings is similar for all settings. The following
Expand a category.
Select a setting.
-
Enter a value for the setting. Click Add if the button is displayed.
+
Enter a value for the setting. Select Add if the button is displayed.
Some settings, such as this example, require additional information. In Available customizations, select the value you just created, and additional settings are displayed.
When the setting is configured, it is displayed in the Selected customizations pane.
@@ -106,39 +108,39 @@ For details on each specific setting, see [Windows Provisioning settings referen
## Build package
-1. After you're done configuring your customizations, click **Export** and select **Provisioning Package**.
+1. After you're done configuring your customizations, select **Export**, and then select **Provisioning Package**.
-2. In the **Describe the provisioning package** window, enter the following information, and then click **Next**:
+2. In the **Describe the provisioning package** window, enter the following information, and then select **Next**:
- **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field.
- - **Version (in Major.Minor format** - - Optional. You can change the default package version by specifying a new value in the **Version** field.
+ - **Version (in Major.Minor format** - Optional. You can change the default package version by specifying a new value in the **Version** field.
- **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages).
- **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.
-3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click **Next** after you make your selections.
+3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate, and then select **Next**. Both selections are optional:
- **Encrypt package** - If you select this option, an auto-generated password will be shown on the screen.
- - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
+ - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
>[!NOTE]
- >You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
+ >You should only configure provisioning package security when the package is used for device provisioning and when the package has content with sensitive security data, such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
>
>If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
-4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then click **Next**. By default, Windows Configuration Designer uses the project folder as the output location.
+4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then select **Next**. By default, Windows Configuration Designer uses the project folder as the output location.
-5. In the **Build the provisioning package** window, click **Build**. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+5. In the **Build the provisioning package** window, select **Build**. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
- If you need to cancel the build, click Cancel. This cancels the current build process, closes the wizard, and takes you back to the Customizations Page.
+ If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations** page.
-6. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+6. If your build fails, an error message will appear that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+ If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
-7. When you are done, click **Finish** to close the wizard and go back to the Customizations page.
+7. When you are done, select **Finish** to close the wizard and go back to the **Customizations** page.
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index f1bf1aa323..6fc7d6234f 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,6 +1,6 @@
---
title: Install Windows Configuration Designer (Windows 10)
-description: Learn how to install and run Windows Configuration Designer.
+description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index beff0509a7..37c8bc44ec 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -1,6 +1,6 @@
---
title: Troubleshoot Start menu errors
-description: Troubleshoot common errors related to Start menu in Windows 10.
+description: Learn how to troubleshoot common Start menu errors in Windows 10. For example, learn to troubleshoot errors related to deployment, crashes, and performance.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index e6a50b2114..110c062f57 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -1,6 +1,6 @@
---
title: Administering UE-V with Windows PowerShell and WMI
-description: Administering UE-V with Windows PowerShell and WMI
+description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
author: trudyha
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index 16154765ea..1b5004453a 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -1,6 +1,6 @@
---
title: Administering UE-V
-description: Administering UE-V
+description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
author: trudyha
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index f9fb4b255a..6ca0f295e0 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -1,6 +1,6 @@
---
title: Application Template Schema Reference for UE-V
-description: Application Template Schema Reference for UE-V
+description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
author: trudyha
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index 63eb702d7d..508ec913ff 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -1,6 +1,6 @@
---
title: Changing the Frequency of UE-V Scheduled Tasks
-description: Changing the Frequency of UE-V Scheduled Tasks
+description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
author: trudyha
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index fbaeb69dbf..169e31075f 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -1,6 +1,6 @@
---
title: Configuring UE-V with Group Policy Objects
-description: Configuring UE-V with Group Policy Objects
+description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
author: trudyha
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index f7f8d70fcd..f4ea6d2a5f 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -1,6 +1,6 @@
---
title: Configuring UE-V with Microsoft Endpoint Configuration Manager
-description: Configuring UE-V with Microsoft Endpoint Configuration Manager
+description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index b8b4cb2155..04cf9543e9 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -1,6 +1,6 @@
---
title: Deploy required UE-V features
-description: Deploy required UE-V features
+description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example a network share that stores and retrieves user settings.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 918e018c48..8e69dc7cf3 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -1,6 +1,6 @@
---
title: Use UE-V with custom applications
-description: Use UE-V with custom applications
+description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index d67437503a..28a035aedc 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -1,6 +1,6 @@
---
title: Get Started with UE-V
-description: Get Started with UE-V
+description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index 9b68ba56df..375f826703 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -1,6 +1,6 @@
---
title: Manage Administrative Backup and Restore in UE-V
-description: Manage Administrative Backup and Restore in UE-V
+description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md
index 71d5841793..7189998439 100644
--- a/windows/configuration/ue-v/uev-manage-configurations.md
+++ b/windows/configuration/ue-v/uev-manage-configurations.md
@@ -1,6 +1,6 @@
---
title: Manage Configurations for UE-V
-description: Manage Configurations for UE-V
+description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md
index 4ed5adc8a9..f9658f41a1 100644
--- a/windows/configuration/ue-v/uev-migrating-settings-packages.md
+++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md
@@ -1,6 +1,6 @@
---
title: Migrating UE-V settings packages
-description: Migrating UE-V settings packages
+description: Learn to relocate User Experience Virtualization (UE-V) user settings packages either when you migrate to a new server or when you perform backups.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md
index c56e5b4661..e10d20444a 100644
--- a/windows/configuration/ue-v/uev-prepare-for-deployment.md
+++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md
@@ -1,6 +1,6 @@
---
title: Prepare a UE-V Deployment
-description: Prepare a UE-V Deployment
+description: Learn about the types of User Experience Virtualization (UE-V) deployment you can execute and what preparations you can make beforehand to be successful.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index d61075e1bd..663afd38eb 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -1,6 +1,6 @@
---
title: User Experience Virtualization (UE-V) Release Notes
-description: Read the latest information required to successfully install and use UE-V that is not included in the User Experience Virtualization (UE-V) documentation.
+description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that is not included in the UE-V documentation.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index a036b1fb3a..c45565ed5f 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -1,6 +1,6 @@
---
title: Security Considerations for UE-V
-description: Security Considerations for UE-V
+description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index ebe670eed2..02d1e1d9af 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -1,6 +1,6 @@
---
title: Sync Methods for UE-V
-description: Sync Methods for UE-V
+description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index 3dc4b9727d..0db2a582f4 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -1,6 +1,6 @@
---
title: Sync Trigger Events for UE-V
-description: Sync Trigger Events for UE-V
+description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index 3bf783b488..32ed4968bb 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -1,6 +1,6 @@
---
title: Synchronizing Microsoft Office with UE-V
-description: Synchronizing Office with UE-V
+description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md
index 5edddf9109..8f0feaabbc 100644
--- a/windows/configuration/ue-v/uev-technical-reference.md
+++ b/windows/configuration/ue-v/uev-technical-reference.md
@@ -1,6 +1,6 @@
---
title: Technical Reference for UE-V
-description: Technical Reference for UE-V
+description: Use this technical reference to learn about the various features of User Experience Virtualization (UE-V).
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md
index 9683bd771d..7e51868298 100644
--- a/windows/configuration/ue-v/uev-troubleshooting.md
+++ b/windows/configuration/ue-v/uev-troubleshooting.md
@@ -1,6 +1,6 @@
---
title: Troubleshooting UE-V
-description: Find resources for troubleshooting UE-V for Windows 10.
+description: Use this technical reference to find resources for troubleshooting User Experience Virtualization (UE-V) for Windows 10.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index c17b9cedb8..09d5d2ace3 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -1,6 +1,6 @@
---
title: What's New in UE-V for Windows 10, version 1607
-description: What's New in UE-V for Windows 10, version 1607
+description: Learn about what's new in User Experience Virtualization (UE-V) for Windows 10, including new features and capabilities.
author: dansimp
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy
diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md
index fa8b0e3378..5fcc9f5c5c 100644
--- a/windows/configuration/windows-spotlight.md
+++ b/windows/configuration/windows-spotlight.md
@@ -44,7 +44,7 @@ For managed devices running Windows 10 Enterprise and Windows 10 Education, en
- **Feature suggestions, fun facts, tips**
- The lock screen background will occasionally suggest Windows 10 features that the user hasn't tried yet, such as **Snap assist**.
+ The lock screen background will occasionally make recommendations on how to enhance your productivity and enjoyment of Microsoft products including suggesting other relevant Microsoft products and services.
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index bd4751ea90..b558969815 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -44,7 +44,7 @@
- name: Define your servicing strategy
href: update/plan-define-strategy.md
- name: Delivery Optimization for Windows 10 updates
- href: update/waas-delivery-optimization-reference.md
+ href: update/waas-delivery-optimization.md
- name: Best practices for feature updates on mission-critical devices
href: update/feature-update-mission-critical.md
- name: Windows 10 deployment considerations
@@ -74,8 +74,6 @@
href: update/waas-branchcache.md
- name: Prepare your deployment tools
items:
- - name: Register devices for deployment with Windows Autopilot
- href: windows-autopilot/add-devices.md
- name: Prepare for deployment with MDT
href: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
- name: Prepare for deployment with Configuration Manager
@@ -94,7 +92,7 @@
- name: Deploy Windows 10
items:
- name: Deploy Windows 10 with Autopilot
- href: windows-autopilot/windows-autopilot-scenarios.md
+ href: windows-autopilot/index.yml
- name: Deploy Windows 10 with Configuration Manager
items:
- name: Deploy to a new device
diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md
index ae15ebea5c..a57384798d 100644
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ b/windows/deployment/Windows-AutoPilot-EULA-note.md
@@ -1,24 +1,25 @@
----
-title: Windows Autopilot EULA dismissal – important information
-description: A notice about EULA dismissal through Windows Autopilot
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-ms.localizationpriority: medium
-ms.audience: itpro
author: greg-lindsay
-ms.date: 08/22/2017
-ms.reviewer:
-manager: laurawi
-audience: itpro
author: greg-lindsay
-ROBOTS: noindex,nofollow
-ms.topic: article
----
-# Windows Autopilot EULA dismissal – important information
-
->[!IMPORTANT]
->The information below isn't the EULA. It is a notice of awareness to the administrator that's configuring to skip End User License Agreement (EULA) during the OOBE (Out-of-Box Experience).
-
-Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen.
-
-By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors.
+---
+title: Windows Autopilot EULA dismissal – important information
+description: A notice about EULA dismissal through Windows Autopilot
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+ms.localizationpriority: medium
+ms.audience: itpro
+author: greg-lindsay
+ms.date: 08/22/2017
+ms.reviewer:
+manager: laurawi
+audience: itpro
+ROBOTS: noindex,nofollow
+ms.topic: article
+---
+# Windows Autopilot EULA dismissal – important information
+
+>[!IMPORTANT]
+>The information below isn't the EULA. It is a notice of awareness to the administrator that's configuring to skip End User License Agreement (EULA) during the OOBE (Out-of-Box Experience).
+
+Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen.
+
+By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors.
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index f9405d730e..834b94f381 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -11,8 +11,6 @@ audience: itpro
author: greg-lindsay
ms.reviewer:
manager: laurawi
-audience: itpro
-author: greg-lindsay
ms.author: greglin
ms.topic: article
---
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index e90d44c1b5..c28a60db3e 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -3,7 +3,7 @@ title: Deploy Windows 10 with Microsoft 365
ms.reviewer:
manager: laurawi
ms.author: greglin
-description: Concepts about deploying Windows 10 for M365
+description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index cff09982d3..519ec80cf3 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -3,7 +3,7 @@ title: What's new in Windows 10 deployment
ms.reviewer:
manager: laurawi
ms.author: greglin
-description: Changes and new features related to Windows 10 deployment
+description: Use this article to learn about new solutions and online content related to deploying Windows 10 in your organization.
keywords: deployment, automate, tools, configure, news
ms.mktglfcycl: deploy
ms.localizationpriority: medium
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index 7e06abfeb3..5c8972471b 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -170,13 +170,16 @@ The key to successful management of drivers for MDT, as well as for any other de
On **MDT01**:
+> [!IMPORTANT]
+> In the steps below, it is critical that the folder names used for various computer makes and models exactly match the results of **wmic computersystem get model,manufacturer** on the target system.
+
1. Using File Explorer, create the **D:\\drivers** folder.
2. In the **D:\\drivers** folder, create the following folder structure:
1. WinPE x86
2. WinPE x64
3. Windows 10 x64
3. In the new Windows 10 x64 folder, create the following folder structure:
- - Dell
+ - Dell Inc
- Latitude E7450
- Hewlett-Packard
- HP EliteBook 8560w
@@ -185,8 +188,8 @@ On **MDT01**:
- Microsoft Corporation
- Surface Laptop
->[!NOTE]
->Even if you are not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use.
+> [!NOTE]
+> Even if you are not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use.
### Create the logical driver structure in MDT
@@ -197,7 +200,7 @@ When you import drivers to the MDT driver repository, MDT creates a single insta
2. WinPE x64
3. Windows 10 x64
3. In the **Windows 10 x64** folder, create the following folder structure:
- - Dell
+ - Dell Inc
- Latitude E7450
- Hewlett-Packard
- HP EliteBook 8560w
@@ -281,12 +284,12 @@ The folder you select and all sub-folders will be checked for drivers, expanding
For the Dell Latitude E7450 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544).
-In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell\\Latitude E7450** folder.
+In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc\\Latitude E7450** folder.
On **MDT01**:
-1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell** node.
-2. Right-click the **Latitude E7450** folder and select **Import Drivers** and use the following Driver source directory to import drivers: **D:\\Drivers\\Windows 10 x64\\Dell\\Latitude E7450**
+1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell Inc** node.
+2. Right-click the **Latitude E7450** folder and select **Import Drivers** and use the following Driver source directory to import drivers: **D:\\Drivers\\Windows 10 x64\\Dell Inc\\Latitude E7450**
### For the HP EliteBook 8560w
diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md
index 52cc80097b..e0be07468b 100644
--- a/windows/deployment/deploy-windows-to-go.md
+++ b/windows/deployment/deploy-windows-to-go.md
@@ -1,18 +1,18 @@
---
title: Deploy Windows To Go in your organization (Windows 10)
-description: This topic helps you to deploy Windows To Go in your organization.
+description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface as well as programatically with Windows PowerShell.
ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f
ms.reviewer:
manager: laurawi
ms.audience: itpro
author: greg-lindsay
+ms.author: greglin
keywords: deployment, USB, device, BitLocker, workspace, security, data
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobility
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index d86cb2f2a8..5afc9307e1 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -1,17 +1,17 @@
---
title: Deploy Windows 10 (Windows 10)
-description: Learn Windows 10 upgrade options for planning, testing, and managing your production deployment.
+description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment.
ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
ms.reviewer:
manager: laurawi
ms.audience: itpro
author: greg-lindsay
+ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index 4383221147..dbd960b4a7 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -1,7 +1,7 @@
### YamlMime:Landing
title: Windows 10 deployment resources and documentation # < 60 chars
-summary: Learn about deploying and and keeping Windows 10 up to date. # < 160 chars
+summary: Learn about deploying and keeping Windows 10 up to date. # < 160 chars
metadata:
title: Windows 10 deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
@@ -13,7 +13,7 @@ metadata:
ms.collection: windows-10
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
- ms.date: 06/09/2020 #Required; mm/dd/yyyy format.
+ ms.date: 08/05/2020 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -53,7 +53,7 @@ landingContent:
- linkListType: deploy
links:
- text: Deploy Windows 10 with Autopilot
- url: windows-autopilot/windows-autopilot-scenarios.md
+ url: https://docs.microsoft.com/mem/autopilot
- text: Assign devices to servicing channels
url: update/waas-servicing-channels-windows-10-updates.md
- text: Deploy Windows updates with Configuration Manager
@@ -71,7 +71,7 @@ landingContent:
- text: Basics of Windows updates, channels, and tools
url: update/get-started-updates-channels-tools.md
- text: Overview of Windows Autopilot
- url: windows-autopilot/windows-autopilot.md
+ url: https://docs.microsoft.com/mem/autopilot/windows-autopilot
# Card
- title: Support remote work
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 45e00f7007..94f57a06d9 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -1,6 +1,6 @@
---
title: MBR2GPT
-description: How to use the MBR2GPT tool to convert MBR partitions to GPT
+description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk.
keywords: deploy, troubleshoot, windows, 10, upgrade, partition, mbr, gpt
ms.prod: w10
ms.mktglfcycl: deploy
@@ -8,11 +8,11 @@ ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
+ms.author: greglin
ms.date: 02/13/2018
ms.reviewer:
manager: laurawi
ms.audience: itpro
-author: greg-lindsay
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
index a202b57844..f128528a5e 100644
--- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
+++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
@@ -1,238 +1,239 @@
----
-title: Available Data Types and Operators in Compatibility Administrator (Windows 10)
-description: The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
-ms.assetid: 67d9c03e-ab9d-4fda-8a55-8c5b90266d3b
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Available Data Types and Operators in Compatibility Administrator
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
-
-## Available Data Types
-
-
-Customized-compatibility databases in Compatibility Administrator contain the following data types.
-
-- **Integer**. A numerical value with no fractional part. All integers are unsigned because none of the attributes can have a negative value.
-
-- **String**. A series of alphanumeric characters manipulated as a group.
-
-- **Boolean**. A value of True or False.
-
-## Available Attributes
-
-
-The following table shows the attributes you can use for querying your customized-compatibility databases in Compatibility Administrator.
-
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
Data type
-
-
-
-
-
APP_NAME
-
Name of the application.
-
String
-
-
-
DATABASE_GUID
-
Unique ID for your compatibility database.
-
String
-
-
-
DATABASE_INSTALLED
-
Specifies if you have installed the database.
-
Boolean
-
-
-
DATABASE_NAME
-
Descriptive name of your database.
-
String
-
-
-
DATABASE_PATH
-
Location of the database on your computer.
-
String
-
-
-
FIX_COUNT
-
Number of compatibility fixes applied to a specific application.
-
Integer
-
-
-
FIX_NAME
-
Name of your compatibility fix.
-
String
-
-
-
MATCH_COUNT
-
Number of matching files for a specific, fixed application.
-
Integer
-
-
-
MATCHFILE_NAME
-
Name of a matching file used to identify a specific, fixed application.
-
String
-
-
-
MODE_COUNT
-
Number of compatibility modes applied to a specific, fixed application.
-
Integer
-
-
-
MODE_NAME
-
Name of your compatibility mode.
-
String
-
-
-
PROGRAM_APPHELPTYPE
-
Type of AppHelp message applied to an entry. The value can be 1 or 2, where 1 enables the program to run and 2 blocks the program.
-
Integer
-
-
-
PROGRAM_DISABLED
-
Specifies if you disabled the compatibility fix for an application. If True, Compatibility Administrator does not apply the fixes to the application.
-
Boolean
-
-
-
PROGRAM_GUID
-
Unique ID for an application.
-
String
-
-
-
PROGRAM_NAME
-
Name of the application that you are fixing.
-
String
-
-
-
-
-
-
-## Available Operators
-
-
-The following table shows the operators that you can use for querying your customized-compatibility databases in the Compatibility Administrator.
-
-
-
-
-
-
-
-
-
-
-
Symbol
-
Description
-
Data type
-
Precedence
-
-
-
-
-
>
-
Greater than
-
Integer or string
-
1
-
-
-
>=
-
Greater than or equal to
-
Integer or string
-
1
-
-
-
<
-
Less than
-
Integer or string
-
1
-
-
-
<=
-
Less than or equal to
-
Integer or string
-
1
-
-
-
<>
-
Not equal to
-
Integer or string
-
1
-
-
-
=
-
Equal to
-
Integer, string, or Boolean
-
1
-
-
-
HAS
-
A special SQL operator used to check if the left-hand operand contains a substring specified by the right-hand operand.
Only the HAS operator can be applied to the MATCHFILE_NAME, MODE_NAME, and FIX_NAME attributes.
-
-
-
-
-
Right-hand operand. String
-
1
-
-
-
OR
-
Logical OR operator
-
Boolean
-
2
-
-
-
AND
-
Logical AND operator
-
Boolean
-
2
-
-
-
-
-
-
-## Related topics
-[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
-
-
-
-
-
-
-
-
-
+---
+title: Available Data Types and Operators in Compatibility Administrator (Windows 10)
+description: The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
+ms.assetid: 67d9c03e-ab9d-4fda-8a55-8c5b90266d3b
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Available Data Types and Operators in Compatibility Administrator
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
+
+## Available Data Types
+
+
+Customized-compatibility databases in Compatibility Administrator contain the following data types.
+
+- **Integer**. A numerical value with no fractional part. All integers are unsigned because none of the attributes can have a negative value.
+
+- **String**. A series of alphanumeric characters manipulated as a group.
+
+- **Boolean**. A value of True or False.
+
+## Available Attributes
+
+
+The following table shows the attributes you can use for querying your customized-compatibility databases in Compatibility Administrator.
+
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
Data type
+
+
+
+
+
APP_NAME
+
Name of the application.
+
String
+
+
+
DATABASE_GUID
+
Unique ID for your compatibility database.
+
String
+
+
+
DATABASE_INSTALLED
+
Specifies if you have installed the database.
+
Boolean
+
+
+
DATABASE_NAME
+
Descriptive name of your database.
+
String
+
+
+
DATABASE_PATH
+
Location of the database on your computer.
+
String
+
+
+
FIX_COUNT
+
Number of compatibility fixes applied to a specific application.
+
Integer
+
+
+
FIX_NAME
+
Name of your compatibility fix.
+
String
+
+
+
MATCH_COUNT
+
Number of matching files for a specific, fixed application.
+
Integer
+
+
+
MATCHFILE_NAME
+
Name of a matching file used to identify a specific, fixed application.
+
String
+
+
+
MODE_COUNT
+
Number of compatibility modes applied to a specific, fixed application.
+
Integer
+
+
+
MODE_NAME
+
Name of your compatibility mode.
+
String
+
+
+
PROGRAM_APPHELPTYPE
+
Type of AppHelp message applied to an entry. The value can be 1 or 2, where 1 enables the program to run and 2 blocks the program.
+
Integer
+
+
+
PROGRAM_DISABLED
+
Specifies if you disabled the compatibility fix for an application. If True, Compatibility Administrator does not apply the fixes to the application.
+
Boolean
+
+
+
PROGRAM_GUID
+
Unique ID for an application.
+
String
+
+
+
PROGRAM_NAME
+
Name of the application that you are fixing.
+
String
+
+
+
+
+
+
+## Available Operators
+
+
+The following table shows the operators that you can use for querying your customized-compatibility databases in the Compatibility Administrator.
+
+
+
+
+
+
+
+
+
+
+
Symbol
+
Description
+
Data type
+
Precedence
+
+
+
+
+
>
+
Greater than
+
Integer or string
+
1
+
+
+
>=
+
Greater than or equal to
+
Integer or string
+
1
+
+
+
<
+
Less than
+
Integer or string
+
1
+
+
+
<=
+
Less than or equal to
+
Integer or string
+
1
+
+
+
<>
+
Not equal to
+
Integer or string
+
1
+
+
+
=
+
Equal to
+
Integer, string, or Boolean
+
1
+
+
+
HAS
+
A special SQL operator used to check if the left-hand operand contains a substring specified by the right-hand operand.
Only the HAS operator can be applied to the MATCHFILE_NAME, MODE_NAME, and FIX_NAME attributes.
+
+
+
+
+
Right-hand operand. String
+
1
+
+
+
OR
+
Logical OR operator
+
Boolean
+
2
+
+
+
AND
+
Logical AND operator
+
Boolean
+
2
+
+
+
+
+
+
+## Related topics
+[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
index 41c34aec02..36a7463bcc 100644
--- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
+++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
@@ -1,6 +1,6 @@
---
title: Best practice recommendations for Windows To Go (Windows 10)
-description: Best practice recommendations for Windows To Go
+description: Learn about best practice recommendations for using Windows To Go, like using a USB 3.0 port with Windows to Go if it's available.
ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
index 8724e8278a..13c1aa16fd 100644
--- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
@@ -1,6 +1,6 @@
---
title: Deployment considerations for Windows To Go (Windows 10)
-description: Deployment considerations for Windows To Go
+description: Learn about deployment considerations for Windows To Go, such as the boot experience, deployment methods, and tools that you can use with Windows To Go.
ms.assetid: dcfc5d96-b96b-44cd-ab65-416b5611c65e
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index a59b98bcff..0f635b9f80 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,6 +1,6 @@
---
title: Windows 10 features lifecycle
-description: Learn about the lifecycle of Windows 10 features
+description: Learn about the lifecycle of Windows 10 features, as well as features that are no longer developed, removed features, and terminology assigned to a feature.
ms.prod: w10
ms.mktglfcycl: plan
ms.localizationpriority: medium
diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
index 98986e0bfd..ea3a21ed29 100644
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
@@ -1,76 +1,77 @@
----
-title: Fixing Applications by Using the SUA Tool (Windows 10)
-description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
-ms.assetid: 7f5947b1-977b-4d7e-bb52-fbe8e76f6b8b
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Fixing Applications by Using the SUA Tool
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
-
-**To fix an application by using the SUA tool**
-
-1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
-
-2. After you finish testing, open the SUA tool.
-
-3. On the **Mitigation** menu, click the command that corresponds to the action that you want to take. The following table describes the commands.
-
-
-
-
-
-
-
-
-
Mitigation menu command
-
Description
-
-
-
-
-
Apply Mitigations
-
Opens the Mitigate AppCompat Issues dialog box, in which you can select the fixes that you intend to apply to the application.
-
-
-
Undo Mitigations
-
Removes the application fixes that you just applied.
-
This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using Programs and Features in Control Panel.
-
-
-
Export Mitigations as Windows Installer file
-
Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+---
+title: Fixing Applications by Using the SUA Tool (Windows 10)
+description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
+ms.assetid: 7f5947b1-977b-4d7e-bb52-fbe8e76f6b8b
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Fixing Applications by Using the SUA Tool
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
+
+**To fix an application by using the SUA tool**
+
+1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
+
+2. After you finish testing, open the SUA tool.
+
+3. On the **Mitigation** menu, click the command that corresponds to the action that you want to take. The following table describes the commands.
+
+
+
+
+
+
+
+
+
Mitigation menu command
+
Description
+
+
+
+
+
Apply Mitigations
+
Opens the Mitigate AppCompat Issues dialog box, in which you can select the fixes that you intend to apply to the application.
+
+
+
Undo Mitigations
+
Removes the application fixes that you just applied.
+
This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using Programs and Features in Control Panel.
+
+
+
Export Mitigations as Windows Installer file
+
Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
index 08db3b24d6..d4b510cd08 100644
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
@@ -1,80 +1,81 @@
----
-title: Showing Messages Generated by the SUA Tool (Windows 10)
-description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
-ms.assetid: 767eb7f2-d6c4-414c-a7b3-a997337d904a
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Showing Messages Generated by the SUA Tool
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
-
-**To show the messages that the SUA tool has generated**
-
-1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
-
-2. After you finish testing, in the SUA tool, click the **App Info** tab.
-
-3. On the **View** menu, click the command that corresponds to the messages that you want to see. The following table describes the commands.
-
-
-
-
-
-
-
-
-
View menu command
-
Description
-
-
-
-
-
Error Messages
-
When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink.
-
This command is selected by default.
-
-
-
Warning Messages
-
When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow.
-
-
-
Information Messages
-
When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green.
-
-
-
Detailed Information
-
When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+---
+title: Showing Messages Generated by the SUA Tool (Windows 10)
+description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
+ms.assetid: 767eb7f2-d6c4-414c-a7b3-a997337d904a
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Showing Messages Generated by the SUA Tool
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
+
+**To show the messages that the SUA tool has generated**
+
+1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md).
+
+2. After you finish testing, in the SUA tool, click the **App Info** tab.
+
+3. On the **View** menu, click the command that corresponds to the messages that you want to see. The following table describes the commands.
+
+
+
+
+
+
+
+
+
View menu command
+
Description
+
+
+
+
+
Error Messages
+
When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink.
+
This command is selected by default.
+
+
+
Warning Messages
+
When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow.
+
+
+
Information Messages
+
When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green.
+
+
+
Detailed Information
+
When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
index d58bf1d2ce..d3c279c3eb 100644
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
@@ -1,105 +1,106 @@
----
-title: Tabs on the SUA Tool Interface (Windows 10)
-description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
-ms.assetid: 0d705321-1d85-4217-bf2c-0ca231ca303b
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Tabs on the SUA Tool Interface
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
-
-The following table provides a description of each tab on the user interface for the SUA tool.
-
-
-
-
-
-
-
-
-
Tab name
-
Description
-
-
-
-
-
App Info
-
Provides the following information for the selected application:
-
-
Debugging information
-
Error, warning, and informational messages (if they are enabled)
-
Options for running the application
-
-
-
-
File
-
Provides information about access to the file system.
-
For example, this tab might show an attempt to write to a file that only administrators can typically access.
-
-
-
Registry
-
Provides information about access to the system registry.
-
For example, this tab might show an attempt to write to a registry key that only administrators can typically access.
-
-
-
INI
-
Provides information about WriteProfile API issues.
-
For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from Standard to Scientific, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.
-
-
-
Token
-
Provides information about access-token checking.
-
For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user.
-
-
-
Privilege
-
Provides information about permissions.
-
For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user.
-
-
-
Name Space
-
Provides information about creation of system objects.
-
For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user.
-
-
-
Other Objects
-
Provides information related to applications accessing objects other than files and registry keys.
-
-
-
Process
-
Provides information about process elevation.
-
For example, this tab might show the use of the CreateProcess API to open an executable (.exe) file that, in turn, requires process elevation that will not function for a standard user.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+---
+title: Tabs on the SUA Tool Interface (Windows 10)
+description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
+ms.assetid: 0d705321-1d85-4217-bf2c-0ca231ca303b
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Tabs on the SUA Tool Interface
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
+
+The following table provides a description of each tab on the user interface for the SUA tool.
+
+
+
+
+
+
+
+
+
Tab name
+
Description
+
+
+
+
+
App Info
+
Provides the following information for the selected application:
+
+
Debugging information
+
Error, warning, and informational messages (if they are enabled)
+
Options for running the application
+
+
+
+
File
+
Provides information about access to the file system.
+
For example, this tab might show an attempt to write to a file that only administrators can typically access.
+
+
+
Registry
+
Provides information about access to the system registry.
+
For example, this tab might show an attempt to write to a registry key that only administrators can typically access.
+
+
+
INI
+
Provides information about WriteProfile API issues.
+
For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from Standard to Scientific, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.
+
+
+
Token
+
Provides information about access-token checking.
+
For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user.
+
+
+
Privilege
+
Provides information about permissions.
+
For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user.
+
+
+
Name Space
+
Provides information about creation of system objects.
+
For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user.
+
+
+
Other Objects
+
Provides information related to applications accessing objects other than files and registry keys.
+
+
+
Process
+
Provides information about process elevation.
+
For example, this tab might show the use of the CreateProcess API to open an executable (.exe) file that, in turn, requires process elevation that will not function for a standard user.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
index b38891eae2..cb84beaa58 100644
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
@@ -1,94 +1,95 @@
----
-title: Using the Compatibility Administrator Tool (Windows 10)
-description: This section provides information about using the Compatibility Administrator tool.
-ms.assetid: 57271e47-b9b9-4018-a0b5-7115a533166d
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Using the Compatibility Administrator Tool
-
-
-**Applies to**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
-
-This section provides information about using the Compatibility Administrator tool.
-
-## In this section
-
-
-
With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.
The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.
Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases.
The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.
The Events screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.
The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+---
+title: Using the Compatibility Administrator Tool (Windows 10)
+description: This section provides information about using the Compatibility Administrator tool.
+ms.assetid: 57271e47-b9b9-4018-a0b5-7115a533166d
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Using the Compatibility Administrator Tool
+
+
+**Applies to**
+
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
+
+This section provides information about using the Compatibility Administrator tool.
+
+## In this section
+
+
+
With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.
The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.
Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases.
The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.
The Events screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.
The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md
index 464e7e03de..965ad4dad7 100644
--- a/windows/deployment/planning/windows-10-compatibility.md
+++ b/windows/deployment/planning/windows-10-compatibility.md
@@ -1,60 +1,61 @@
----
-title: Windows 10 compatibility (Windows 10)
-description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
-ms.assetid: 829BE5B5-330A-4702-807A-8908B4FC94E8
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: deploy, upgrade, update, appcompat
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Windows 10 compatibility
-
-
-**Applies to**
-
-- Windows 10
-
-Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
-
-For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
-
-Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Some applications that interface with Windows at a low level, those that use undocumented APIs, or those that do not follow recommended coding practices could experience issues.
-
-Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
-
-For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](https://go.microsoft.com/fwlink/p/?LinkId=734031)
-
-## Recommended application testing process
-
-
-Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to leverage more optimized testing processes, which reflects the higher levels of compatibility that are expected. At a high level:
-
-- Identify mission-critical applications and websites, those that are absolutely essential to the organization’s operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release.
-
-- For less critical applications, leverage an “internal flighting” or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines.
-
-## Related topics
-
-
-[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)
-
-[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
-
-[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
-
-
-
-
-
-
-
-
-
+---
+title: Windows 10 compatibility (Windows 10)
+description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
+ms.assetid: 829BE5B5-330A-4702-807A-8908B4FC94E8
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: deploy, upgrade, update, appcompat
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: appcompat
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Windows 10 compatibility
+
+
+**Applies to**
+
+- Windows 10
+
+Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
+
+For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
+
+Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Some applications that interface with Windows at a low level, those that use undocumented APIs, or those that do not follow recommended coding practices could experience issues.
+
+Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
+
+For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](https://go.microsoft.com/fwlink/p/?LinkId=734031)
+
+## Recommended application testing process
+
+
+Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to leverage more optimized testing processes, which reflects the higher levels of compatibility that are expected. At a high level:
+
+- Identify mission-critical applications and websites, those that are absolutely essential to the organization’s operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release.
+
+- For less critical applications, leverage an “internal flighting” or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines.
+
+## Related topics
+
+
+[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)
+
+[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
+
+[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md
index 764b8d1ca5..546b8de3af 100644
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md
@@ -6,14 +6,12 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
-audience: itpro
author: greg-lindsay
ms.date: 08/18/2017
ms.reviewer:
manager: laurawi
ms.author: greglin
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md
index b79a9e0b9d..7085ba9fb5 100644
--- a/windows/deployment/planning/windows-10-removed-features.md
+++ b/windows/deployment/planning/windows-10-removed-features.md
@@ -1,6 +1,6 @@
---
title: Windows 10 - Features that have been removed
-description: Learn about features and functionality that has been removed or replaced in Windows 10
+description: In this article, learn about the features and functionality that have been removed or replaced in Windows 10.
ms.prod: w10
ms.mktglfcycl: plan
ms.localizationpriority: medium
@@ -27,6 +27,8 @@ The following features and functionalities have been removed from the installed
|Feature | Details and mitigation | Removed in version |
| ----------- | --------------------- | ------ |
+| Connect app | The **Connect** app for wireless projection using Miracast is no longer installed by default, but is available as an optional feature. To install the app, click on **Settings** > **Apps** > **Optional features** > **Add a feature** and then install the **Wireless Display** app. | 2004 |
+| Rinna and Japanese Address suggestion | The Rinna and Japanese Address suggestion service for Microsoft Japanese Input Method Editor (IME) ended on August 13th, 2020. For more information, see [Rinna and Japanese Address suggestion will no longer be offered](https://support.microsoft.com/help/4576767/windows-10-rinna-and-japanese-address-suggestion) | 2004 |
| Cortana | Cortana has been updated and enhanced in the Windows 10 May 2020 Update. With [these changes](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana), some previously available consumer skills such as music, connected home, and other non-Microsoft skills are no longer available. | 2004 |
| Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 |
| Mobile Plans and Messaging apps | Both apps are still supported, but are now distributed in a different way. OEMs can now include these apps in Windows images for cellular enabled devices. The apps are removed for non-cellular devices.| 2004 |
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index bd9b8af4d0..37b3315a1d 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -11,8 +11,8 @@ ms.reviewer:
manager: laurawi
ms.audience: itpro
author: greg-lindsay
+ms.author: greglin
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
index 3534c08c5c..97f6eb21e1 100644
--- a/windows/deployment/update/WIP4Biz-intro.md
+++ b/windows/deployment/update/WIP4Biz-intro.md
@@ -7,9 +7,7 @@ ms.mktglfcycl: manage
audience: itpro
itproauthor: jaimeo
author: jaimeo
-ms.localizationprioauthor: jaimeo
ms.audience: itpro
-author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article
diff --git a/windows/deployment/update/change-history-for-update-windows-10.md b/windows/deployment/update/change-history-for-update-windows-10.md
index 99bb88d5a4..fc8013e00c 100644
--- a/windows/deployment/update/change-history-for-update-windows-10.md
+++ b/windows/deployment/update/change-history-for-update-windows-10.md
@@ -4,7 +4,6 @@ description: This topic lists new and updated topics in the Update Windows 10 do
ms.prod: w10
ms.mktglfcycl: manage
audience: itpro
-itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.reviewer:
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index af6fe156e8..77795ce1c4 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -10,7 +10,6 @@ audience: itpro
author: jaimeo
ms.localizationpriority: medium
ms.audience: itpro
-author: jaimeo
ms.topic: article
ms.collection: M365-modern-desktop
---
diff --git a/windows/deployment/update/feature-update-conclusion.md b/windows/deployment/update/feature-update-conclusion.md
index 5c72afc8c0..a23c157317 100644
--- a/windows/deployment/update/feature-update-conclusion.md
+++ b/windows/deployment/update/feature-update-conclusion.md
@@ -1,6 +1,6 @@
---
title: Best practices for feature updates - conclusion
-description: Final thoughts about how to deploy feature updates
+description: This article includes final thoughts about how to deploy and stay up-to-date with Windows 10 feature updates.
ms.prod: w10
ms.mktglfcycl: manage
audience: itpro
diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index da74aafced..2df56fa684 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -1,10 +1,9 @@
---
title: Best practices - deploy feature updates during maintenance windows
-description: Learn how to deploy feature updates during a maintenance window
+description: Learn how to configure maintenance windows and how to deploy feature updates during a maintenance window.
ms.prod: w10
ms.mktglfcycl: manage
audience: itpro
-itproauthor: jaimeo
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
diff --git a/windows/deployment/update/feature-update-mission-critical.md b/windows/deployment/update/feature-update-mission-critical.md
index 760c0f0182..69b91b9184 100644
--- a/windows/deployment/update/feature-update-mission-critical.md
+++ b/windows/deployment/update/feature-update-mission-critical.md
@@ -1,6 +1,6 @@
---
title: Best practices and recommendations for deploying Windows 10 Feature updates to mission-critical devices
-description: Learn how to deploy feature updates to your mission-critical devices
+description: Learn how to use the Microsoft Endpoint Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
ms.prod: w10
ms.mktglfcycl: manage
audience: itpro
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index e22be01edd..254703b4dc 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -1,6 +1,6 @@
---
title: Best practices - deploy feature updates for user-initiated installations
-description: Learn how to manually deploy feature updates
+description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation.
ms.prod: w10
ms.mktglfcycl: manage
audience: itpro
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index adb1e56155..232fb2748c 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -1,6 +1,6 @@
---
title: Olympia Corp enrollment guidelines
-description: Olympia Corp enrollment guidelines
+description: Learn about the Olympia Corp enrollment and setting up an Azure Active Directory-REGISTERED Windows 10 device or an Azure Active Directory-JOINED Windows 10 device.
ms.author: jaimeo
ms.topic: article
ms.prod: w10
diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md
index a2ff53df19..4264b434b1 100644
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@@ -10,7 +10,6 @@ audience: itpro
author: jaimeo
ms.localizationpriority: medium
ms.audience: itpro
-author: jaimeo
ms.topic: article
ms.collection: M365-modern-desktop
---
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
index b7e1707a7d..645903d80f 100644
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@@ -7,12 +7,12 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature,
ms.prod: w10
ms.mktglfcycl: manage
audience: itpro
-author: jaimeo
ms.localizationpriority: medium
ms.audience: itpro
-author: jaimeo
ms.topic: article
ms.collection: M365-modern-desktop
+ms.author: jaimeo
+author: jaimeo
---
# Determine application readiness
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index c3c6abb633..1fa0437e08 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -2,7 +2,7 @@
title: Delivery Optimization in Update Compliance (Windows 10)
ms.reviewer:
manager: laurawi
-description: new Delivery Optimization data displayed in Update Compliance
+description: Learn how the Update Compliance solution provides you with information about your Delivery Optimization configuration.
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index 5953fcc349..6be6180063 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -2,7 +2,7 @@
title: Update Compliance - Feature Update Status report
ms.reviewer:
manager: laurawi
-description: Find the latest status of feature updates with an overview of the Feature Update Status report.
+description: Learn how the Feature Update Status report provides information about the status of feature updates across all devices.
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
@@ -16,7 +16,7 @@ ms.topic: article
# Feature Update Status
-
+[  ](images/UC_workspace_FU_status.png#lightbox)
The Feature Update Status section provides information about the status of [feature updates](waas-quick-start.md#definitions) across all devices. This section tile in the [Overview Blade](update-compliance-using.md#overview-blade) gives a percentage of devices that are on the latest applicable feature update; [Servicing Channel](waas-overview.md#servicing-channels) is considered in determining applicability. Within this section are two blades; one providing a holistic view of feature updates, the other containing three **Deployment Status** tiles, each charged with tracking the deployment for a different [Servicing Channel](waas-overview.md#servicing-channels).
@@ -41,7 +41,14 @@ Microsoft uses diagnostic data to determine whether devices that use Windows Upd
### Opting out of compatibility hold
-Microsoft will release a device from a compatibility hold when it has determined it can safely and smoothly install a feature update, but you are ultimately in control of your devices and can opt out if desired. To opt out, set the registry key **HKLM\Software\Microsoft\Windows NT\CurrentVersion\502505fe-762c-4e80-911e-0c3fa4c63fb0** to a name of **DataRequireGatedScanForFeatureUpdates** and a value of **0**.
+Microsoft will release a device from a compatibility hold when it has determined it can safely and smoothly install a feature update, but you are ultimately in control of your devices and can opt out if desired.
+To opt out, set the registry key as follows:
+
+- Registry Key Path :: **Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion**
+- Create New Key :: **502505fe-762c-4e80-911e-0c3fa4c63fb0**
+- Name :: **DataRequireGatedScanForFeatureUpdates**
+- Type :: **REG_DWORD**
+- Value :: **0**
Setting this registry key to **0** will force the device to opt out from *all* compatibility holds. Any other value, or deleting the key, will resume compatibility protection on the device.
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index f17250eec3..78b60d2c7a 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -2,8 +2,7 @@
title: Update Compliance - Need Attention! report
ms.reviewer:
manager: laurawi
-description: an overview of the Update Compliance Need Attention! report
-ms.prod: w10
+description: Learn how the Needs attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
index 67cc9067ac..5396a3f77c 100644
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ b/windows/deployment/update/update-compliance-security-update-status.md
@@ -2,7 +2,7 @@
title: Update Compliance - Security Update Status report
ms.reviewer:
manager: laurawi
-description: an overview of the Security Update Status report
+description: Learn how the Security Update Status section provides information about security updates across all devices.
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index b61cef1778..09cf255a00 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -2,7 +2,7 @@
title: Using Update Compliance (Windows 10)
ms.reviewer:
manager: laurawi
-description: Explains how to begin using Update Compliance.
+description: Learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status.
keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index dbf94c9677..58e2b5e496 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -10,7 +10,6 @@ audience: itpro
author: jaimeo
ms.localizationpriority: medium
ms.audience: itpro
-author: jaimeo
ms.topic: article
ms.collection: M365-modern-desktop
---
diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 76b225825d..e4e27a9a8a 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -6,7 +6,6 @@ description: Delivery Optimization is a peer-to-peer distribution method in Wind
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
ms.prod: w10
ms.mktglfcycl: deploy
-
audience: itpro
author: jaimeo
ms.localizationpriority: medium
@@ -36,7 +35,7 @@ For information about setting up Delivery Optimization, including tips for the b
## New in Windows 10, version 2004
-- Enterprise network throttling: new settings have been added in Group Policy and MDM to control foreground and background throttling as absolute values (Maximum Background Download Bandwidth in (in KB/s)). These settings are also available in the Windows user interface:
+- Enterprise network throttling: new settings have been added in Group Policy and mobile device management (MDM) to control foreground and background throttling as absolute values (Maximum Background Download Bandwidth in (in KB/s)). These settings are also available in the Windows user interface:
@@ -86,9 +85,8 @@ The following table lists the minimum Windows 10 version that supports Delivery
| Windows Store files | 1511 |
| Windows Store for Business files | 1511 |
| Windows Defender definition updates | 1511 |
-| Office Click-to-Run updates | 1709 |
+| Microsoft 365 Apps and updates | 1709 (for more information, see [Delivery Optimization and Microsoft 365 Apps](https://docs.microsoft.com/deployoffice/delivery-optimization)) |
| Win32 apps for Intune | 1709 |
-| Office installations and updates | 2004 |
| Xbox game pass games | 2004 |
| MSIX apps (HTTP downloads only) | 2004 |
| Configuration Manager Express Updates | 1709 + Configuration Manager version 1711 |
@@ -98,13 +96,9 @@ The following table lists the minimum Windows 10 version that supports Delivery
-
-
-
-
In Windows 10 Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT, but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune.
-For more details, see "Download mode" in [Delivery optimization reference](waas-delivery-optimization-reference.md).
+For more information, see "Download mode" in [Delivery optimization reference](waas-delivery-optimization-reference.md).
## Set up Delivery Optimization
@@ -116,7 +110,7 @@ You can use Group Policy or an MDM solution like Intune to configure Delivery Op
You will find the Delivery Optimization settings in Group Policy under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**.
In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**.
-Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](https://docs.microsoft.com/intune/delivery-optimization-windows))
+Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](https://docs.microsoft.com/intune/delivery-optimization-windows))
**Starting with Windows 10, version 1903,** you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
@@ -206,7 +200,7 @@ If you don’t see any bytes coming from peers the cause might be one of the fol
If you suspect this is the problem, try these steps:
1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga").
-2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3.
+2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3.
3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**.
@@ -216,8 +210,8 @@ If you suspect this is the problem, try these steps:
If you suspect this is the problem, try these steps:
1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads.
-2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and ensure that **DownloadMode** is 1 or 2 on both devices.
-3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated Powershell window on the second device. The **NumberOfPeers** field should be non-zero.
+2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **DownloadMode** is 1 or 2 on both devices.
+3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be non-zero.
4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address.
@@ -237,7 +231,7 @@ If you suspect this is the problem, try a Telnet test between two devices on the
[Windows 10, Delivery Optimization, and WSUS](https://blogs.technet.microsoft.com/mniehaus/2016/08/16/windows-10-delivery-optimization-and-wsus-take-2/)
-## Related topics
+## Related articles
- [Update Windows 10 in the enterprise](index.md)
- [Overview of Windows as a service](waas-overview.md)
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 13b02958f8..db7cd77c90 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -82,6 +82,9 @@ When using WSUS to manage updates on Windows client devices, start by configurin
9. Under **Options**, from the **Configure automatic updating** list, select **3 - Auto download and notify for install**, and then click **OK**.
+
+ >[!IMPORTANT]
+ > Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateDoNotConnectToWindowsUpdateInternetLocations
> [!NOTE]
> There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx).
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index e0d6464259..95321b1013 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -119,8 +119,13 @@ A compliance deadline policy (released in June 2019) enables you to set separate
This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This is extremely beneficial in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
+#### Update Baseline
+The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
+The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
+>[!NOTE]
+>The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when.
-
- MP3 Files
-
-
-
-
- C:\* [*]
-
-
-
-
- C:\* [*.mp3]
-
-
-
-
-
-
-```
-### Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp
-The following .xml file migrates all files and subfolders in C:\\Data, except the files and subfolders in C:\\Data\\tmp.
-
-``` xml
-
-
- Test component
-
-
-
-
- C:\Data\* [*]
-
-
-
-
- C:\Data\temp\* [*]
-
-
-
-
-
-
-```
-
-### Example 3: How to exclude the files in a folder but include all subfolders
-The following .xml file migrates any subfolders in C:\\EngineeringDrafts, but excludes all files that are in C:\\EngineeringDrafts.
-
-``` xml
-
-
- Component to migrate all Engineering Drafts Documents without subfolders
-
-
-
-
- C:\EngineeringDrafts\* [*]
-
-
-
-
- C:\EngineeringDrafts\ [*]
-
-
-
-
-
-
-```
-
-### Example 4: How to exclude a file from a specific folder
-The following .xml file migrates all files and subfolders in C:\\EngineeringDrafts, except for the Sample.doc file in C:\\EngineeringDrafts.
-
-``` xml
-
-
- Component to migrate all Engineering Drafts Documents except Sample.doc
-
-
-
-
- C:\EngineeringDrafts\* [*]
-
-
-
-
- C:\EngineeringDrafts\ [Sample.doc]
-
-
-
-
-
-
-```
-
-### Example 5: How to exclude a file from any location
-To exclude a Sample.doc file from any location on the C: drive, use the <pattern> element. If multiple files exist with the same name on the C: drive, all of these files will be excluded.
-
-``` xml
- C:\* [Sample.doc]
-```
-
-To exclude a Sample.doc file from any drive on the computer, use the <script> element. If multiple files exist with the same name, all of these files will be excluded.
-
-``` xml
-
-```
-#### Examples of how to use XML to exclude files, folders, and registry keys
-Here are some examples of how to use XML to exclude files, folders, and registry keys. For more info, see [USMT XML Reference](usmt-xml-reference.md)
-
-**Example 1: How to exclude all .mp3 files**
-The following .xml file excludes all .mp3 files from the migration:
-
-``` xml
-
-
- Test
-
-
-
-
-
-
-
-
-
-
-
-```
-**Example 2: How to exclude all of the files on a specific drive**
-The following .xml file excludes only the files located on the C: drive.
-
-``` xml
-
-
- Test
-
-
-
-
- c:\*[*]
-
-
-
-
-
-
-```
-**Example 3: How to exclude registry keys**
-The following .xml file unconditionally excludes the HKEY_CURRENT_USER registry key and all of its subkeys.
-
-``` xml
-
-
-
- Test
-
-
-
-
- HKCU\testReg[*]
-
-
-
-
- HKCU\*[*]
-
-
-
-
-
-
-```
-**Example 4: How to Exclude `C:\Windows` and `C:\Program Files`**
-The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. Note that all \*.docx, \*.xls and \*.ppt files will not be migrated because the <unconditionalExclude> element takes precedence over the <include> element.
-
-``` xml
-
-
-
- Test
-
-
-
-
-
-
-
-
-
-
-
- C:\Program Files\* [*]
-C:\Windows\* [*]
-
-
-
-
-
-
-```
-## Create a Config XML File
-You can create and modify a Config.xml file if you want to exclude components from the migration. Excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. Config.xml is an optional file that you can create using the **/genconfig** command-line option with the ScanState tool. For example, you can use the Config.xml file to exclude the settings for one of the default applications. In addition, creating and modifying this file is the only way to exclude the operating-system settings that are migrated to computers running Windows.
-
-- **To exclude the settings for a default application:** Specify `migrate="no"` for the application under the <Applications> section of the Config.xml file.
-
-- **To exclude an operating system setting:** Specify `migrate="no"` for the setting under the <WindowsComponents> section.
-
-- **To exclude My Documents:** Specify `migrate="no"` for My Documents under the <Documents> section. Note that any <include> rules in the .xml files will still apply. For example, if you have a rule that includes all the .docx files in My Documents, then only the .docx files will be migrated, but the rest of the files will not.
-
-See [Config.xml File](usmt-configxml-file.md) for more information.
-
-**Note**
-To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration.
-
-## Related topics
-- [Customize USMT XML Files](usmt-customize-xml-files.md)
-- [USMT XML Reference](usmt-xml-reference.md)
-
-
-
-
-
-
-
-
-
+---
+title: Exclude Files and Settings (Windows 10)
+description: In this article, learn how to exclude files and settings when creating a custom .xml file and a config.xml file.
+ms.assetid: df85baf1-6e29-4995-a4bb-ba3f8f7fed0b
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Exclude Files and Settings
+When you specify the migration .xml files, MigApp.xml, Migdocs, and MigUser.xml, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a Config.xml file to exclude an entire component from a migration. You cannot, however, exclude users by using the migration .xml files or the Config.xml file. The only way to specify which users to include and exclude is by using the User options on the command line in the ScanState tool. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md).
+
+In this topic:
+
+- [Create a custom .xml file](#create-a-custom-xml-file). You can use the following elements to specify what to exclude:
+
+ - include and exclude: You can use the <include> and <exclude> elements to exclude objects with conditions. For example, you can migrate all files located in the C:\\ drive, except any .mp3 files. It is important to remember that [Conflicts and Precedence](usmt-conflicts-and-precedence.md) apply to these elements.
+
+ - [unconditionalExclude](#example-1-how-to-migrate-all-files-from-c-except-mp3-files): You can use the <unconditionalExclude> element to globally exclude data. This element takes precedence over all other include and exclude rules in the .xml files. Therefore, this element excludes objects regardless of any other <include> rules that are in the .xml files. For example, you can exclude all .mp3 files on the computer, or you can exclude all files from C:\\UserData.
+
+- [Create a Config.xml File](#create-a-config-xml-file): You can create and modify a Config.xml file to exclude an entire component from the migration. For example, you can use this file to exclude the settings for one of the default applications. In addition, creating and modifying a Config.xml file is the only way to exclude the operating-system settings that are migrated to computers running Windows. Excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax.
+
+## Create a custom .xml file
+We recommend that you create a custom .xml file instead of modifying the default migration .xml files. When you use a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications.
+
+### <include> and <exclude>
+The migration .xml files, MigApp.xml, MigDocs, and MigUser.xml, contain the <component> element, which typically represents a self-contained component or an application such as Microsoft® Office Outlook® and Word. To exclude the files and registry settings that are associated with these components, use the <include> and <exclude> elements. For example, you can use these elements to migrate all files and settings with pattern X except files and settings with pattern Y, where Y is more specific than X. For the syntax of these elements, see [USMT XML Reference](usmt-xml-reference.md).
+
+**Note**
+If you specify an <exclude> rule, always specify a corresponding <include> rule. Otherwise, if you do not specify an <include> rule, the specific files or settings will not be included. They will already be excluded from the migration. Thus, an unaccompanied <exclude> rule is unnecessary.
+
+- [Example 1: How to migrate all files from C:\\ except .mp3 files](#example-1-how-to-migrate-all-files-from-c-except-mp3-files)
+
+- [Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp](#example-2-how-to-migrate-all-files-located-in-cdata-except-files-in-cdatatmp)
+
+- [Example 3: How to exclude the files in a folder but include all subfolders](#example-3-how-to-exclude-the-files-in-a-folder-but-include-all-subfolders)
+
+- [Example 4: How to exclude a file from a specific folder](#example-4-how-to-exclude-a-file-from-a-specific-folder)
+
+- [Example 5: How to exclude a file from any location](#example-5-how-to-exclude-a-file-from-any-location)
+
+### Example 1: How to migrate all files from C:\\ except .mp3 files
+The following .xml file migrates all files located on the C: drive, except any .mp3 files.
+
+``` xml
+
+
+
+ MP3 Files
+
+
+
+
+ C:\* [*]
+
+
+
+
+ C:\* [*.mp3]
+
+
+
+
+
+
+```
+### Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp
+The following .xml file migrates all files and subfolders in C:\\Data, except the files and subfolders in C:\\Data\\tmp.
+
+``` xml
+
+
+ Test component
+
+
+
+
+ C:\Data\* [*]
+
+
+
+
+ C:\Data\temp\* [*]
+
+
+
+
+
+
+```
+
+### Example 3: How to exclude the files in a folder but include all subfolders
+The following .xml file migrates any subfolders in C:\\EngineeringDrafts, but excludes all files that are in C:\\EngineeringDrafts.
+
+``` xml
+
+
+ Component to migrate all Engineering Drafts Documents without subfolders
+
+
+
+
+ C:\EngineeringDrafts\* [*]
+
+
+
+
+ C:\EngineeringDrafts\ [*]
+
+
+
+
+
+
+```
+
+### Example 4: How to exclude a file from a specific folder
+The following .xml file migrates all files and subfolders in C:\\EngineeringDrafts, except for the Sample.doc file in C:\\EngineeringDrafts.
+
+``` xml
+
+
+ Component to migrate all Engineering Drafts Documents except Sample.doc
+
+
+
+
+ C:\EngineeringDrafts\* [*]
+
+
+
+
+ C:\EngineeringDrafts\ [Sample.doc]
+
+
+
+
+
+
+```
+
+### Example 5: How to exclude a file from any location
+To exclude a Sample.doc file from any location on the C: drive, use the <pattern> element. If multiple files exist with the same name on the C: drive, all of these files will be excluded.
+
+``` xml
+ C:\* [Sample.doc]
+```
+
+To exclude a Sample.doc file from any drive on the computer, use the <script> element. If multiple files exist with the same name, all of these files will be excluded.
+
+``` xml
+
+```
+#### Examples of how to use XML to exclude files, folders, and registry keys
+Here are some examples of how to use XML to exclude files, folders, and registry keys. For more info, see [USMT XML Reference](usmt-xml-reference.md)
+
+**Example 1: How to exclude all .mp3 files**
+The following .xml file excludes all .mp3 files from the migration:
+
+``` xml
+
+
+ Test
+
+
+
+
+
+
+
+
+
+
+
+```
+**Example 2: How to exclude all of the files on a specific drive**
+The following .xml file excludes only the files located on the C: drive.
+
+``` xml
+
+
+ Test
+
+
+
+
+ c:\*[*]
+
+
+
+
+
+
+```
+**Example 3: How to exclude registry keys**
+The following .xml file unconditionally excludes the HKEY_CURRENT_USER registry key and all of its subkeys.
+
+``` xml
+
+
+
+ Test
+
+
+
+
+ HKCU\testReg[*]
+
+
+
+
+ HKCU\*[*]
+
+
+
+
+
+
+```
+**Example 4: How to Exclude `C:\Windows` and `C:\Program Files`**
+The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. Note that all \*.docx, \*.xls and \*.ppt files will not be migrated because the <unconditionalExclude> element takes precedence over the <include> element.
+
+``` xml
+
+
+
+ Test
+
+
+
+
+
+
+
+
+
+
+
+ C:\Program Files\* [*]
+C:\Windows\* [*]
+
+
+
+
+
+
+```
+## Create a Config XML File
+You can create and modify a Config.xml file if you want to exclude components from the migration. Excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. Config.xml is an optional file that you can create using the **/genconfig** command-line option with the ScanState tool. For example, you can use the Config.xml file to exclude the settings for one of the default applications. In addition, creating and modifying this file is the only way to exclude the operating-system settings that are migrated to computers running Windows.
+
+- **To exclude the settings for a default application:** Specify `migrate="no"` for the application under the <Applications> section of the Config.xml file.
+
+- **To exclude an operating system setting:** Specify `migrate="no"` for the setting under the <WindowsComponents> section.
+
+- **To exclude My Documents:** Specify `migrate="no"` for My Documents under the <Documents> section. Note that any <include> rules in the .xml files will still apply. For example, if you have a rule that includes all the .docx files in My Documents, then only the .docx files will be migrated, but the rest of the files will not.
+
+See [Config.xml File](usmt-configxml-file.md) for more information.
+
+**Note**
+To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration.
+
+## Related topics
+- [Customize USMT XML Files](usmt-customize-xml-files.md)
+- [USMT XML Reference](usmt-xml-reference.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
index 6a97acb78b..a6d6154a83 100644
--- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
@@ -1,122 +1,123 @@
----
-title: Extract Files from a Compressed USMT Migration Store (Windows 10)
-description: Extract Files from a Compressed USMT Migration Store
-ms.assetid: ad9fbd6e-f89e-4444-8538-9b11566b1f33
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Extract Files from a Compressed USMT Migration Store
-
-
-When you migrate files and settings during a typical PC-refresh migration, you usually create a compressed migration store file on the intermediate store. This migration store is a single image file that contains all files being migrated as well as a catalog file. To protect the compressed file, you can encrypt it by using different encryption algorithms. When you migrate the file back to the source computer after the operating system is installed, you can run the **Usmtutils** command with the **/extract** option to recover the files from the compressed migration store. You can also use the **Usmtutils** command with the **/extract** option any time you need to recover data from a migration store.
-
-Options used with the **/extract** option can specify:
-
-- The cryptographic algorithm that was used to create the migration store.
-
-- The encryption key or the text file that contains the encryption key.
-
-- Include and exclude patterns for selective data extraction.
-
-In addition, you can specify the file patterns that you want to extract by using the **/i** option to include file patterns or the **/e** option to exclude file patterns. When both the **/i** option and the **/e** option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the ScanState and LoadState tools.
-
-## In this topic
-
-
-- [To run the USMTutils tool with the /extract option](#bkmk-extractsyntax)
-
-- [To extract all files from a compressed migration store](#bkmk-extractallfiles)
-
-- [To extract specific file types from an encrypted compressed migration store](#bkmk-extractspecificfiles)
-
-- [To extract all but one, or more, file types from an encrypted compressed migration store](#bkmk-excludefilepattern)
-
-- [To extract file types using the include pattern and the exclude pattern](#bkmk-includeexcludefiles)
-
-### To run the USMTutils tool with the /extract option
-
-To extract files from the compressed migration store onto the destination computer, use the following USMTutils syntax:
-
-Cd /d <USMTpath> usmtutils /extract <filePath> <destinationPath> \[/i:<includePattern>\] \[/e:<excludePattern>\] \[/l:<logfile>\] \[/decrypt\[:<AlgID>\] {/key:<keystring> | /keyfile:<filename>}\] \[/o\]
-
-Where the placeholders have the following values:
-
-- *<USMTpath>* is the location where you have saved the USMT files and tools.
-
-- *<filePath>* is the location of the migration store.
-
-- *<destination path>* is the location of the file where you want the **/extract** option to put the extracted migration store contents.
-
-- *<includePattern>* specifies the pattern for the files to include in the extraction.
-
-- *<excludePattern>* specifies the pattern for the files to omit from the extraction.
-
-- *<AlgID>* is the cryptographic algorithm that was used to create the migration store on the **ScanState** command line.
-
-- *<logfile>* is the location and name of the log file.
-
-- *<keystring>* is the encryption key that was used to encrypt the migration store.
-
-- *<filename>* is the location and name of the text file that contains the encryption key.
-
-### To extract all files from a compressed migration store
-
-To extract everything from a compressed migration store to a file on the C:\\ drive, type:
-
-``` syntax
-usmtutils /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore
-```
-
-### To extract specific file types from an encrypted compressed migration store
-
-To extract specific files, such as .txt and .pdf files, from an encrypted compressed migration store, type:
-
-``` syntax
-usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt
-```
-
-In this example, the file is encrypted and the encryption key is located in a text file called encryptionKey.
-
-### To extract all but one, or more, file types from an encrypted compressed migration store
-
-To extract all files except for one file type, such as .exe files, from an encrypted compressed migration store, type:
-
-``` syntax
-usmtutils /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt
-```
-
-### To extract file types using the include pattern and the exclude pattern
-
-To extract files from a compressed migration store, and to exclude files of one type (such as .exe files) while including only specific files, use both the include pattern and the exclude pattern, as in this example:
-
-``` syntax
-usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o
-```
-
-In this example, if there is a myProject.exe file, it will also be extracted because the include pattern option takes precedence over the exclude pattern option.
-
-## Related topics
-
-
-[UsmtUtils Syntax](usmt-utilities.md)
-
-[Return Codes](usmt-return-codes.md)
-
-[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)
-
-
-
-
-
-
-
-
-
+---
+title: Extract Files from a Compressed USMT Migration Store (Windows 10)
+description: In this article, learn how to extract files from a compressed User State Migration Tool (USMT) migration store.
+ms.assetid: ad9fbd6e-f89e-4444-8538-9b11566b1f33
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Extract Files from a Compressed USMT Migration Store
+
+
+When you migrate files and settings during a typical PC-refresh migration, you usually create a compressed migration store file on the intermediate store. This migration store is a single image file that contains all files being migrated as well as a catalog file. To protect the compressed file, you can encrypt it by using different encryption algorithms. When you migrate the file back to the source computer after the operating system is installed, you can run the **Usmtutils** command with the **/extract** option to recover the files from the compressed migration store. You can also use the **Usmtutils** command with the **/extract** option any time you need to recover data from a migration store.
+
+Options used with the **/extract** option can specify:
+
+- The cryptographic algorithm that was used to create the migration store.
+
+- The encryption key or the text file that contains the encryption key.
+
+- Include and exclude patterns for selective data extraction.
+
+In addition, you can specify the file patterns that you want to extract by using the **/i** option to include file patterns or the **/e** option to exclude file patterns. When both the **/i** option and the **/e** option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the ScanState and LoadState tools.
+
+## In this topic
+
+
+- [To run the USMTutils tool with the /extract option](#bkmk-extractsyntax)
+
+- [To extract all files from a compressed migration store](#bkmk-extractallfiles)
+
+- [To extract specific file types from an encrypted compressed migration store](#bkmk-extractspecificfiles)
+
+- [To extract all but one, or more, file types from an encrypted compressed migration store](#bkmk-excludefilepattern)
+
+- [To extract file types using the include pattern and the exclude pattern](#bkmk-includeexcludefiles)
+
+### To run the USMTutils tool with the /extract option
+
+To extract files from the compressed migration store onto the destination computer, use the following USMTutils syntax:
+
+Cd /d <USMTpath> usmtutils /extract <filePath> <destinationPath> \[/i:<includePattern>\] \[/e:<excludePattern>\] \[/l:<logfile>\] \[/decrypt\[:<AlgID>\] {/key:<keystring> | /keyfile:<filename>}\] \[/o\]
+
+Where the placeholders have the following values:
+
+- *<USMTpath>* is the location where you have saved the USMT files and tools.
+
+- *<filePath>* is the location of the migration store.
+
+- *<destination path>* is the location of the file where you want the **/extract** option to put the extracted migration store contents.
+
+- *<includePattern>* specifies the pattern for the files to include in the extraction.
+
+- *<excludePattern>* specifies the pattern for the files to omit from the extraction.
+
+- *<AlgID>* is the cryptographic algorithm that was used to create the migration store on the **ScanState** command line.
+
+- *<logfile>* is the location and name of the log file.
+
+- *<keystring>* is the encryption key that was used to encrypt the migration store.
+
+- *<filename>* is the location and name of the text file that contains the encryption key.
+
+### To extract all files from a compressed migration store
+
+To extract everything from a compressed migration store to a file on the C:\\ drive, type:
+
+``` syntax
+usmtutils /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore
+```
+
+### To extract specific file types from an encrypted compressed migration store
+
+To extract specific files, such as .txt and .pdf files, from an encrypted compressed migration store, type:
+
+``` syntax
+usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt
+```
+
+In this example, the file is encrypted and the encryption key is located in a text file called encryptionKey.
+
+### To extract all but one, or more, file types from an encrypted compressed migration store
+
+To extract all files except for one file type, such as .exe files, from an encrypted compressed migration store, type:
+
+``` syntax
+usmtutils /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt
+```
+
+### To extract file types using the include pattern and the exclude pattern
+
+To extract files from a compressed migration store, and to exclude files of one type (such as .exe files) while including only specific files, use both the include pattern and the exclude pattern, as in this example:
+
+``` syntax
+usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o
+```
+
+In this example, if there is a myProject.exe file, it will also be extracted because the include pattern option takes precedence over the exclude pattern option.
+
+## Related topics
+
+
+[UsmtUtils Syntax](usmt-utilities.md)
+
+[Return Codes](usmt-return-codes.md)
+
+[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-faq.md b/windows/deployment/usmt/usmt-faq.md
index 49092e9f6f..97be09803c 100644
--- a/windows/deployment/usmt/usmt-faq.md
+++ b/windows/deployment/usmt/usmt-faq.md
@@ -1,137 +1,138 @@
----
-title: Frequently Asked Questions (Windows 10)
-description: Frequently Asked Questions
-ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Frequently Asked Questions
-
-
-The following sections provide frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.
-
-## General
-
-
-### How much space is needed on the destination computer?
-
-The destination computer needs enough available space for the following:
-
-- Operating system
-
-- Applications
-
-- Uncompressed store
-
-### Can I store the files and settings directly on the destination computer or do I need a server?
-
-You do not need to save the files to a server. If you are moving the user state to a new computer, you can create the store on a shared folder, on media that you can remove, such as a USB flash drive (UFD), or you can store it directly on the destination computer, as in the following steps:
-
-1. Create and share the directory C:\\store on the destination computer.
-
-2. Run the ScanState tool on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store
-
-3. Run the LoadState tool on the destination computer and specify C:\\store as the store location.
-
-### Can I migrate data between operating systems with different languages?
-
-No. USMT does not support migrating data between operating systems with different languages; the source computer's operating-system language must match the destination computer's operating-system language.
-
-### Can I change the location of the temporary directory on the destination computer?
-
-Yes. The environment variable USMT\_WORKING\_DIR can be changed to an alternative temporary directory. There are some offline migration scenarios where this is necessary, for example, when the USMT binaries are located on read-only Windows Preinstallation Environment (WinPE) boot media.
-
-### How do I install USMT?
-
-Because USMT is included in Windows Assessment and Deployment Kit (Windows ADK), you need to install the Windows ADK package on at least one computer in your environment. However, the USMT binaries are designed to be deployed using xcopy. This means that they are installed on a computer simply by recursively copying the USMT directory from the computer containing the Windows ADK to each client computer.
-
-### How do I uninstall USMT?
-
-If you have installed the Windows ADK on the computer, uninstalling Windows ADK will uninstall USMT. For client computers that do not have the Windows ADK installed, you can simply delete the USMT directory to uninstall USMT.
-
-## Files and Settings
-
-
-### How can I exclude a folder or a certain type of file from the migration?
-
-You can use the **<unconditionalExclude>** element to globally exclude data from the migration. For example, you can use this element to exclude all MP3 files on the computer or to exclude all files from C:\\UserData. This element excludes objects regardless of any other <include> rules that are in the .xml files. For an example, see <unconditionalExclude> in the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) topic. For the syntax of this element, see [XML Elements Library](usmt-xml-elements-library.md).
-
-### What happens to files that were located on a drive that does not exist on the destination computer?
-
-USMT migrates the files to the %SystemDrive% while maintaining the correct folder hierarchy. For example, if E:\\data\\File.pst is on the source computer, but the destination computer does not have an E:\\ drive, the file will be migrated to C:\\data\\File.pst, if C:\\ is the system drive. This holds true even when <locationModify> rules attempt to move data to a drive that does not exist on the destination computer.
-
-## USMT .xml Files
-
-
-### Where can I get examples of USMT .xml files?
-
-The following topics include examples of USMT .xml files:
-
-- [Exclude Files and Settings](usmt-exclude-files-and-settings.md)
-
-- [Reroute Files and Settings](usmt-reroute-files-and-settings.md)
-
-- [Include Files and Settings](usmt-include-files-and-settings.md)
-
-- [Custom XML Examples](usmt-custom-xml-examples.md)
-
-### Can I use custom .xml files that were written for USMT 5.0?
-
-Yes. You can use custom .xml files that were written for USMT 5.0 with USMT for Windows 10. However, in order to use new USMT functionality, you must revisit your custom USMT files and refresh them to include the new command-line options and XML elements.
-
-### How can I validate the .xml files?
-
-You can use the USMT XML Schema (MigXML.xsd) to write and validate migration .xml files.
-
-### Why must I list the .xml files with both the ScanState and LoadState commands?
-
-The .xml files are not copied to the store as in previous versions of USMT. Because the ScanState and LoadState tools need the .xml files to control the migration, you must specify the same set of .xml files for the **ScanState** and **LoadState** commands. If you used a particular set of mig\*.xml files in the ScanState tool, either called through the "/auto" option, or individually through the "/i" option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. However, you do not have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the Config.xml file and specify the updated file with the **LoadState** command. **LoadState** will migrate only the files and settings that you want to migrate.
-
-If you exclude an .xml file from the **LoadState** command, then all of the data that is in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified for the **ScanState** command will not apply. For example, if you exclude a MigApp.xml file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files. Instead, it will migrate them to C:\\data.
-
-### Which files can I modify and specify on the command line?
-
-You can specify the MigUser.xml and MigApp.xml files on the command line. You can modify each of these files. The migration of operating system settings is controlled by the manifests, which you cannot modify. If you want to exclude certain operating-system settings or any other components, create and modify the Config.xml file.
-
-### What happens if I do not specify the .xml files on the command line?
-
-- **ScanState**
-
- If you do not specify any files with the **ScanState** command, all user accounts and default operating system components are migrated.
-
-- **LoadState**
-
- If you do not specify any files with the **LoadState** command, all data that is in the store is migrated. However, any target-specific migration rules that were specified in .xml files with the **ScanState** command will not apply. For example, if you exclude a MigApp.xml file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files. Instead, it will migrate them to C:\\data.
-
-## Conflicts and Precedence
-
-
-### What happens when there are conflicting XML rules or conflicting objects on the destination computer?
-
-For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
-
-## Related topics
-
-
-[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
-
-[Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md)
-
-[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)
-
-
-
-
-
-
-
-
-
+---
+title: Frequently Asked Questions (Windows 10)
+description: Learn about frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.
+ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Frequently Asked Questions
+
+
+The following sections provide frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.
+
+## General
+
+
+### How much space is needed on the destination computer?
+
+The destination computer needs enough available space for the following:
+
+- Operating system
+
+- Applications
+
+- Uncompressed store
+
+### Can I store the files and settings directly on the destination computer or do I need a server?
+
+You do not need to save the files to a server. If you are moving the user state to a new computer, you can create the store on a shared folder, on media that you can remove, such as a USB flash drive (UFD), or you can store it directly on the destination computer, as in the following steps:
+
+1. Create and share the directory C:\\store on the destination computer.
+
+2. Run the ScanState tool on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store
+
+3. Run the LoadState tool on the destination computer and specify C:\\store as the store location.
+
+### Can I migrate data between operating systems with different languages?
+
+No. USMT does not support migrating data between operating systems with different languages; the source computer's operating-system language must match the destination computer's operating-system language.
+
+### Can I change the location of the temporary directory on the destination computer?
+
+Yes. The environment variable USMT\_WORKING\_DIR can be changed to an alternative temporary directory. There are some offline migration scenarios where this is necessary, for example, when the USMT binaries are located on read-only Windows Preinstallation Environment (WinPE) boot media.
+
+### How do I install USMT?
+
+Because USMT is included in Windows Assessment and Deployment Kit (Windows ADK), you need to install the Windows ADK package on at least one computer in your environment. However, the USMT binaries are designed to be deployed using xcopy. This means that they are installed on a computer simply by recursively copying the USMT directory from the computer containing the Windows ADK to each client computer.
+
+### How do I uninstall USMT?
+
+If you have installed the Windows ADK on the computer, uninstalling Windows ADK will uninstall USMT. For client computers that do not have the Windows ADK installed, you can simply delete the USMT directory to uninstall USMT.
+
+## Files and Settings
+
+
+### How can I exclude a folder or a certain type of file from the migration?
+
+You can use the **<unconditionalExclude>** element to globally exclude data from the migration. For example, you can use this element to exclude all MP3 files on the computer or to exclude all files from C:\\UserData. This element excludes objects regardless of any other <include> rules that are in the .xml files. For an example, see <unconditionalExclude> in the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) topic. For the syntax of this element, see [XML Elements Library](usmt-xml-elements-library.md).
+
+### What happens to files that were located on a drive that does not exist on the destination computer?
+
+USMT migrates the files to the %SystemDrive% while maintaining the correct folder hierarchy. For example, if E:\\data\\File.pst is on the source computer, but the destination computer does not have an E:\\ drive, the file will be migrated to C:\\data\\File.pst, if C:\\ is the system drive. This holds true even when <locationModify> rules attempt to move data to a drive that does not exist on the destination computer.
+
+## USMT .xml Files
+
+
+### Where can I get examples of USMT .xml files?
+
+The following topics include examples of USMT .xml files:
+
+- [Exclude Files and Settings](usmt-exclude-files-and-settings.md)
+
+- [Reroute Files and Settings](usmt-reroute-files-and-settings.md)
+
+- [Include Files and Settings](usmt-include-files-and-settings.md)
+
+- [Custom XML Examples](usmt-custom-xml-examples.md)
+
+### Can I use custom .xml files that were written for USMT 5.0?
+
+Yes. You can use custom .xml files that were written for USMT 5.0 with USMT for Windows 10. However, in order to use new USMT functionality, you must revisit your custom USMT files and refresh them to include the new command-line options and XML elements.
+
+### How can I validate the .xml files?
+
+You can use the USMT XML Schema (MigXML.xsd) to write and validate migration .xml files.
+
+### Why must I list the .xml files with both the ScanState and LoadState commands?
+
+The .xml files are not copied to the store as in previous versions of USMT. Because the ScanState and LoadState tools need the .xml files to control the migration, you must specify the same set of .xml files for the **ScanState** and **LoadState** commands. If you used a particular set of mig\*.xml files in the ScanState tool, either called through the "/auto" option, or individually through the "/i" option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. However, you do not have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the Config.xml file and specify the updated file with the **LoadState** command. **LoadState** will migrate only the files and settings that you want to migrate.
+
+If you exclude an .xml file from the **LoadState** command, then all of the data that is in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified for the **ScanState** command will not apply. For example, if you exclude a MigApp.xml file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files. Instead, it will migrate them to C:\\data.
+
+### Which files can I modify and specify on the command line?
+
+You can specify the MigUser.xml and MigApp.xml files on the command line. You can modify each of these files. The migration of operating system settings is controlled by the manifests, which you cannot modify. If you want to exclude certain operating-system settings or any other components, create and modify the Config.xml file.
+
+### What happens if I do not specify the .xml files on the command line?
+
+- **ScanState**
+
+ If you do not specify any files with the **ScanState** command, all user accounts and default operating system components are migrated.
+
+- **LoadState**
+
+ If you do not specify any files with the **LoadState** command, all data that is in the store is migrated. However, any target-specific migration rules that were specified in .xml files with the **ScanState** command will not apply. For example, if you exclude a MigApp.xml file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files. Instead, it will migrate them to C:\\data.
+
+## Conflicts and Precedence
+
+
+### What happens when there are conflicting XML rules or conflicting objects on the destination computer?
+
+For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+
+## Related topics
+
+
+[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
+
+[Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md)
+
+[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md
index 3439d25d7a..49cbfc3f28 100644
--- a/windows/deployment/usmt/usmt-general-conventions.md
+++ b/windows/deployment/usmt/usmt-general-conventions.md
@@ -1,106 +1,107 @@
----
-title: General Conventions (Windows 10)
-description: General Conventions
-ms.assetid: 5761986e-a847-41bd-bf8e-7c1bd01acbc6
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# General Conventions
-
-
-This topic describes the XML helper functions.
-
-## In This Topic
-
-
-[General XML Guidelines](#bkmk-general)
-
-[Helper Functions](#bkmk-helperfunctions)
-
-## General XML Guidelines
-
-
-Before you modify the .xml files, become familiar with the following guidelines:
-
-- **XML schema**
-
- You can use the User State Migration Tool (USMT) 10.0 XML schema, MigXML.xsd, to write and validate migration .xml files.
-
-- **Conflits**
-
- In general, when there are conflicts within the XML schema, the most specific pattern takes precedence. For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
-
-- **Required elements**
-
- The required elements for a migration .xml file are **<migration>**, **<component>**, **<role>**, and **<rules>**.
-
-- **Required child elements**
-
- - USMT does not fail with an error if you do not specify the required child elements. However, you must specify the required child elements for the parent element to affect the migration.
-
- - The required child elements apply only to the first definition of the element. If these elements are defined and then referred to using their name, the required child elements do not apply. For example, if you define `` in **<namedElements>**, and you specify `` in **<component>** to refer to this element, the definition inside **<namedElements>** must have the required child elements, but the **<component>** element does not need to have the required child elements.
-
-- **File names with brackets**
-
- If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named **file].txt**, you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
-
-- **Using quotation marks**
-
- When you surround code in quotation marks, you can use either double ("") or single (') quotation marks.
-
-## Helper Functions
-
-
-You can use the XML helper functions in the [XML Elements Library](usmt-xml-elements-library.md) to change migration behavior. Before you use these functions in an .xml file, note the following:
-
-- **All of the parameters are strings**
-
-- **You can leave NULL parameters blank**
-
- As with parameters with a default value convention, if you have a NULL parameter at the end of a list, you can leave it out. For example, the following function:
-
- ``` syntax
- SomeFunction("My String argument",NULL,NULL)
- ```
-
- is equivalent to:
-
- ``` syntax
- SomeFunction("My String argument")
- ```
-
-- **The encoded location used in all the helper functions is an unambiguous string representation for the name of an object**
-
- It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves.
-
- For example, specify the file C:\\Windows\\Notepad.exe: **c:\\Windows\[Notepad.exe\]**. Similarly, specify the directory C:\\Windows\\System32 like this: **c:\\Windows\\System32**; note the absence of the \[\] characters.
-
- The registry is represented in a similar way. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key is **HKLM\\SOFTWARE\\MyKey\[\]**.
-
-- **You specify a location pattern in a way that is similar to how you specify an actual location**
-
- The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf.
-
- For example, the pattern **c:\\Windows\\\\*** will match the \\Windows directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify **c:\\Windows\\\*\[\*\]**.
-
-## Related topics
-
-
-[USMT XML Reference](usmt-xml-reference.md)
-
-
-
-
-
-
-
-
-
+---
+title: General Conventions (Windows 10)
+description: Learn about general XML guidelines and how to use XML helper functions in the XML Elements library to change migration behavior.
+ms.assetid: 5761986e-a847-41bd-bf8e-7c1bd01acbc6
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# General Conventions
+
+
+This topic describes the XML helper functions.
+
+## In This Topic
+
+
+[General XML Guidelines](#bkmk-general)
+
+[Helper Functions](#bkmk-helperfunctions)
+
+## General XML Guidelines
+
+
+Before you modify the .xml files, become familiar with the following guidelines:
+
+- **XML schema**
+
+ You can use the User State Migration Tool (USMT) 10.0 XML schema, MigXML.xsd, to write and validate migration .xml files.
+
+- **Conflicts**
+
+ In general, when there are conflicts within the XML schema, the most specific pattern takes precedence. For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+
+- **Required elements**
+
+ The required elements for a migration .xml file are **<migration>**, **<component>**, **<role>**, and **<rules>**.
+
+- **Required child elements**
+
+ - USMT does not fail with an error if you do not specify the required child elements. However, you must specify the required child elements for the parent element to affect the migration.
+
+ - The required child elements apply only to the first definition of the element. If these elements are defined and then referred to using their name, the required child elements do not apply. For example, if you define `` in **<namedElements>**, and you specify `` in **<component>** to refer to this element, the definition inside **<namedElements>** must have the required child elements, but the **<component>** element does not need to have the required child elements.
+
+- **File names with brackets**
+
+ If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named **file].txt**, you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
+
+- **Using quotation marks**
+
+ When you surround code in quotation marks, you can use either double ("") or single (') quotation marks.
+
+## Helper Functions
+
+
+You can use the XML helper functions in the [XML Elements Library](usmt-xml-elements-library.md) to change migration behavior. Before you use these functions in an .xml file, note the following:
+
+- **All of the parameters are strings**
+
+- **You can leave NULL parameters blank**
+
+ As with parameters with a default value convention, if you have a NULL parameter at the end of a list, you can leave it out. For example, the following function:
+
+ ``` syntax
+ SomeFunction("My String argument",NULL,NULL)
+ ```
+
+ is equivalent to:
+
+ ``` syntax
+ SomeFunction("My String argument")
+ ```
+
+- **The encoded location used in all the helper functions is an unambiguous string representation for the name of an object**
+
+ It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves.
+
+ For example, specify the file C:\\Windows\\Notepad.exe: **c:\\Windows\[Notepad.exe\]**. Similarly, specify the directory C:\\Windows\\System32 like this: **c:\\Windows\\System32**; note the absence of the \[\] characters.
+
+ The registry is represented in a similar way. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key is **HKLM\\SOFTWARE\\MyKey\[\]**.
+
+- **You specify a location pattern in a way that is similar to how you specify an actual location**
+
+ The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf.
+
+ For example, the pattern **c:\\Windows\\\\*** will match the \\Windows directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify **c:\\Windows\\\*\[\*\]**.
+
+## Related topics
+
+
+[USMT XML Reference](usmt-xml-reference.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md
index 5c8bbb6d9b..441dccf3f7 100644
--- a/windows/deployment/usmt/usmt-how-it-works.md
+++ b/windows/deployment/usmt/usmt-how-it-works.md
@@ -1,150 +1,135 @@
----
-title: How USMT Works (Windows 10)
-description: How USMT Works
-ms.assetid: 5c8bd669-9e1e-473d-81e6-652f40b24171
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# How USMT Works
-
-
-USMT includes two tools that migrate settings and data: ScanState and LoadState. ScanState collects information from the source computer, and LoadState applies that information to the destination computer.
-
-- [ScanState Process](#bkmk-ssprocess)
-
-- [LoadState Process](#bkmk-lsprocess)
-
- **Note**
- For more information about how USMT processes the rules and the XML files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
-
-
-
-## The ScanState Process
-
-
-When you run the ScanState tool on the source computer, it goes through the following process:
-
-1. It parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging.
-
-2. It collects information about all of the migration components that need to be migrated. A *migration component* is a logical group of files, registry keys, and values. For example, the set of files, registry keys, and values that store the settings of Adobe Acrobat is grouped into a single migration component.
-
- There are three types of components:
-
- - Components that migrate the operating system settings
-
- - Components that migrate application settings
-
- - Components that migrate users’ files
-
- The ScanState tool collects information about the application settings and user data components from the .xml files that are specified on the command line.
-
- In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file.
-
-3. ScanState determines which user profiles should be migrated. By default, all user profiles on the source computer are migrated. However, you can include and exclude users using the User Options. The public profile in a source computer running Windows 7, Windows 8, and Windows 10 is always migrated, and you cannot exclude these profiles from the migration.
-
-4. In the "Scanning" phase, ScanState does the following for each user profile selected for migration:
-
- 1. For each component, ScanState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored.
-
- **Note**
- From this point on, ScanState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. ScanState processes all components in the same way.
-
-
-
- 2. Each component that is selected in the previous step is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents, assuming that the user profiles are stored in the C:\\Users directory.
-
- 3. For each selected component, ScanState evaluates the <detects> section. If the condition in the <detects> section evaluates to false, the component is not processed any further. Otherwise, the processing of this component continues.
-
- 4. For each selected component, ScanState evaluates the <rules> sections. For each <rules> section, if the current user profile is the system profile and the context of the <rules> section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the <rules> section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored.
-
- 5. ScanState creates a list of migration units that need to be migrated by processing the various subsections under this <rules> section. Each unit is collected if it is mentioned in an <include> subsection, as long as there is not a more specific rule for it in an <exclude> subsection in the same <rules> section. For more information about precedence in the .xml files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
-
- In addition, any migration unit (such as a file, registry key, or set of registry values) that is in an <UnconditionalExclude> section is not migrated.
-
- **Note**
- ScanState ignores some subsections such as <destinationCleanup> and <locationModify>. These sections are evaluated only on the destination computer.
-
-
-
-5. In the "Collecting" phase, ScanState creates a master list of the migration units by combining the lists that were created for each selected user profile.
-
-6. In the "Saving" phase, ScanState writes the migration units that were collected to the store location.
-
- **Note**
- ScanState does not modify the source computer in any way.
-
-
-
-## The LoadState Process
-
-
-The LoadState process is very similar to the ScanState process. The ScanState tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the LoadState tool collects migration units from the store and applies them to the destination computer.
-
-1. ScanState parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging.
-
-2. LoadState collects information about the migration components that need to be migrated.
-
- LoadState obtains information for the application-settings components and user-data components from the migration .xml files that are specified by the LoadState command.
-
- In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file.
-
-3. LoadState determines which user profiles should be migrated. By default, all user profiles present on the source computer are migrated. However, you can include and exclude users using the User Options. The system profile, the "All users" profile in a source computer running Windows XP, or the Public profile in a source computer running Windows Vista, Windows 7, and Windows 8, is always migrated and you cannot exclude these profiles from the migration.
-
- - If you are migrating local user accounts and if the accounts do not already exist on the destination computer, you must use the/lac command-line option. If you do not specify the **/lac** option, any local user accounts that are not already present on the destination computer, are not migrated.
-
- - The **/md** and **/mu** options are processed to rename the user profile on the destination computer, if they have been included when the LoadState command was specified.
-
- - For each user profile selected from the store, LoadState creates a corresponding user profile on the destination computer. The destination computer does not need to be connected to the domain for domain user profiles to be created. If USMT cannot determine a domain, it attempts to apply the settings to a local account. For more information, see [Identify Users](usmt-identify-users.md).
-
-4. In the "Scanning" phase, LoadState does the following for each user profile:
-
- 1. For each component, LoadState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored.
-
- **Note**
- From this point on, LoadState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. LoadState evaluates all components in the same way.
-
-
-
- 2. Each component that is selected is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents (assuming that the user profiles are stored in the C:\\Users directory).
-
- **Note**
- LoadState ignores the <detects> section specified in a component. At this point, all specified components are considered to be detected and are selected for migration.
-
-
-
- 3. For each selected component, LoadState evaluates the <rules> sections. For each <rules> section, if the current user profile is the system profile and the context of the <rules> section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the <rules> section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored.
-
- 4. LoadState creates a master list of migration units by processing the various subsections under the <rules> section. Each migration unit that is in an <include> subsection is migrated as long, as there is not a more specific rule for it in an <exclude> subsection in the same <rules> section. For more information about precedence, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
-
- 5. LoadState evaluates the destination computer-specific subsections; for example, the <destinationCleanup> and <locationModify> subsections.
-
- 6. If the destination computer is running Windows 7 or Windows 8 then the migunits that were collected by ScanState using downlevel manifest files are processed by LoadState using the corresponding Component Manifest for Windows 7. The downlevel manifest files are not used during LoadState.
-
- **Important**
- It is important to specify the .xml files with the LoadState command if you want LoadState to use them. Otherwise, any destination-specific rules, such as <locationModify>, in these .xml files are ignored, even if the same .xml files were provided when the ScanState command ran.
-
-
-
-5. In the "Apply" phase, LoadState writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there is not a <merge> rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, do not take effect until the next time the user logs on. For this reason, you should log off when the LoadState command actions have completed.
-
-## Related topics
-
-
-[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)
-
-
-
-
-
-
-
-
-
+---
+title: How USMT Works (Windows 10)
+description: Learn how USMT works and how it includes two tools that migrate settings and data - ScanState and LoadState.
+ms.assetid: 5c8bd669-9e1e-473d-81e6-652f40b24171
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# How USMT Works
+
+
+USMT includes two tools that migrate settings and data: ScanState and LoadState. ScanState collects information from the source computer, and LoadState applies that information to the destination computer.
+
+- [ScanState Process](#the-scanstate-process)
+- [LoadState Process](#the-loadstate-process)
+
+ **Note**
+ For more information about how USMT processes the rules and the XML files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+
+## The ScanState Process
+
+When you run the ScanState tool on the source computer, it goes through the following process:
+
+1. It parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging.
+
+2. It collects information about all of the migration components that need to be migrated. A *migration component* is a logical group of files, registry keys, and values. For example, the set of files, registry keys, and values that store the settings of Adobe Acrobat is grouped into a single migration component.
+
+ There are three types of components:
+
+ - Components that migrate the operating system settings
+ - Components that migrate application settings
+ - Components that migrate users’ files
+
+ The ScanState tool collects information about the application settings and user data components from the .xml files that are specified on the command line.
+
+ In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file.
+
+3. ScanState determines which user profiles should be migrated. By default, all user profiles on the source computer are migrated. However, you can include and exclude users using the User Options. The public profile in a source computer running Windows 7, Windows 8, and Windows 10 is always migrated, and you cannot exclude these profiles from the migration.
+
+4. In the "Scanning" phase, ScanState does the following for each user profile selected for migration:
+
+ 1. For each component, ScanState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored.
+
+ **Note**
+ From this point on, ScanState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. ScanState processes all components in the same way.
+
+ 2. Each component that is selected in the previous step is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents, assuming that the user profiles are stored in the C:\\Users directory.
+
+ 3. For each selected component, ScanState evaluates the <detects> section. If the condition in the <detects> section evaluates to false, the component is not processed any further. Otherwise, the processing of this component continues.
+
+ 4. For each selected component, ScanState evaluates the <rules> sections. For each <rules> section, if the current user profile is the system profile and the context of the <rules> section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the <rules> section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored.
+
+ 5. ScanState creates a list of migration units that need to be migrated by processing the various subsections under this <rules> section. Each unit is collected if it is mentioned in an <include> subsection, as long as there is not a more specific rule for it in an <exclude> subsection in the same <rules> section. For more information about precedence in the .xml files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+
+ In addition, any migration unit (such as a file, registry key, or set of registry values) that is in an <UnconditionalExclude> section is not migrated.
+
+ **Note**
+ ScanState ignores some subsections such as <destinationCleanup> and <locationModify>. These sections are evaluated only on the destination computer.
+
+5. In the "Collecting" phase, ScanState creates a master list of the migration units by combining the lists that were created for each selected user profile.
+
+6. In the "Saving" phase, ScanState writes the migration units that were collected to the store location.
+
+ **Note**
+ ScanState does not modify the source computer in any way.
+
+## The LoadState Process
+
+
+The LoadState process is very similar to the ScanState process. The ScanState tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the LoadState tool collects migration units from the store and applies them to the destination computer.
+
+1. ScanState parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging.
+
+2. LoadState collects information about the migration components that need to be migrated.
+
+ LoadState obtains information for the application-settings components and user-data components from the migration .xml files that are specified by the LoadState command.
+
+ In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file.
+
+3. LoadState determines which user profiles should be migrated. By default, all user profiles present on the source computer are migrated. However, you can include and exclude users using the User Options. The system profile, the "All users" profile in a source computer running Windows XP, or the Public profile in a source computer running Windows Vista, Windows 7, and Windows 8, is always migrated and you cannot exclude these profiles from the migration.
+
+ - If you are migrating local user accounts and if the accounts do not already exist on the destination computer, you must use the/lac command-line option. If you do not specify the **/lac** option, any local user accounts that are not already present on the destination computer, are not migrated.
+
+ - The **/md** and **/mu** options are processed to rename the user profile on the destination computer, if they have been included when the LoadState command was specified.
+
+ - For each user profile selected from the store, LoadState creates a corresponding user profile on the destination computer. The destination computer does not need to be connected to the domain for domain user profiles to be created. If USMT cannot determine a domain, it attempts to apply the settings to a local account. For more information, see [Identify Users](usmt-identify-users.md).
+
+4. In the "Scanning" phase, LoadState does the following for each user profile:
+
+ 1. For each component, LoadState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored.
+
+ **Note**
+ From this point on, LoadState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. LoadState evaluates all components in the same way.
+
+
+
+ 2. Each component that is selected is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents (assuming that the user profiles are stored in the C:\\Users directory).
+
+ **Note**
+ LoadState ignores the <detects> section specified in a component. At this point, all specified components are considered to be detected and are selected for migration.
+
+
+
+ 3. For each selected component, LoadState evaluates the <rules> sections. For each <rules> section, if the current user profile is the system profile and the context of the <rules> section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the <rules> section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored.
+
+ 4. LoadState creates a master list of migration units by processing the various subsections under the <rules> section. Each migration unit that is in an <include> subsection is migrated as long, as there is not a more specific rule for it in an <exclude> subsection in the same <rules> section. For more information about precedence, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+
+ 5. LoadState evaluates the destination computer-specific subsections; for example, the <destinationCleanup> and <locationModify> subsections.
+
+ 6. If the destination computer is running Windows 7 or Windows 8 then the migunits that were collected by ScanState using downlevel manifest files are processed by LoadState using the corresponding Component Manifest for Windows 7. The downlevel manifest files are not used during LoadState.
+
+ **Important**
+ It is important to specify the .xml files with the LoadState command if you want LoadState to use them. Otherwise, any destination-specific rules, such as <locationModify>, in these .xml files are ignored, even if the same .xml files were provided when the ScanState command ran.
+
+5. In the "Apply" phase, LoadState writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there is not a <merge> rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, do not take effect until the next time the user logs on. For this reason, you should log off when the LoadState command actions have completed.
+
+## Related topics
+
+[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md
index 9fdba24603..f883284978 100644
--- a/windows/deployment/usmt/usmt-how-to.md
+++ b/windows/deployment/usmt/usmt-how-to.md
@@ -1,35 +1,36 @@
----
-title: User State Migration Tool (USMT) How-to topics (Windows 10)
-description: User State Migration Tool (USMT) How-to topics
-ms.assetid: 7b9a2f2a-a43a-4984-9746-a767f9f1c7e3
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# User State Migration Tool (USMT) How-to topics
-The following table lists topics that describe how to use User State Migration Tool (USMT) 10.0 to perform specific tasks.
-
-## In This Section
-
-|Topic |Description|
-|------|-----------|
-|[Exclude Files and Settings](usmt-exclude-files-and-settings.md)|Create a custom .xml file to exclude files, file types, folders, or registry settings from your migration.|
-|[Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md)|Recover files from a compressed migration store after installing the operating system.|
-|[Include Files and Settings](usmt-include-files-and-settings.md)|Create a custom .xml file to include files, file types, folders, or registry settings in your migration.|
-|[Migrate Application Settings](migrate-application-settings.md)|Migrate the settings of an application that the MigApp.xml file does not include by default.|
-|[Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md)|Migrate Encrypting File System (EFS) certificates by using USMT.|
-|[Migrate User Accounts](usmt-migrate-user-accounts.md)|Specify the users to include and exclude in your migration.|
-|[Reroute Files and Settings](usmt-reroute-files-and-settings.md)|Create a custom .xml file to reroute files and settings during a migration.|
-|[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)|Determine whether a compressed migration store is intact, or whether it contains corrupt files or a corrupt catalog.|
-
-## Related topics
-- [User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
-- [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
-- [User State Migration Toolkit (USMT) Reference](usmt-reference.md)
+---
+title: User State Migration Tool (USMT) How-to topics (Windows 10)
+description: Reference the topics in this article to learn how to use User State Migration Tool (USMT) 10.0 to perform specific tasks.
+ms.assetid: 7b9a2f2a-a43a-4984-9746-a767f9f1c7e3
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# User State Migration Tool (USMT) How-to topics
+The following table lists topics that describe how to use User State Migration Tool (USMT) 10.0 to perform specific tasks.
+
+## In This Section
+
+|Topic |Description|
+|------|-----------|
+|[Exclude Files and Settings](usmt-exclude-files-and-settings.md)|Create a custom .xml file to exclude files, file types, folders, or registry settings from your migration.|
+|[Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md)|Recover files from a compressed migration store after installing the operating system.|
+|[Include Files and Settings](usmt-include-files-and-settings.md)|Create a custom .xml file to include files, file types, folders, or registry settings in your migration.|
+|[Migrate Application Settings](migrate-application-settings.md)|Migrate the settings of an application that the MigApp.xml file does not include by default.|
+|[Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md)|Migrate Encrypting File System (EFS) certificates by using USMT.|
+|[Migrate User Accounts](usmt-migrate-user-accounts.md)|Specify the users to include and exclude in your migration.|
+|[Reroute Files and Settings](usmt-reroute-files-and-settings.md)|Create a custom .xml file to reroute files and settings during a migration.|
+|[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)|Determine whether a compressed migration store is intact, or whether it contains corrupt files or a corrupt catalog.|
+
+## Related topics
+- [User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+- [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
+- [User State Migration Toolkit (USMT) Reference](usmt-reference.md)
diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
index 45cd2a17a7..e8c15402b9 100644
--- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
+++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
@@ -1,51 +1,52 @@
----
-title: Identify File Types, Files, and Folders (Windows 10)
-description: Identify File Types, Files, and Folders
-ms.assetid: 93bb2a33-c126-4f7a-a961-6c89686d54e0
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Identify File Types, Files, and Folders
-
-
-When planning for your migration, if not using MigDocs.xml, you should identify the file types, files, folders, and settings that you want to migrate. First, you should determine the standard file locations on each computer, such as **My Documents.** , **C:\\Data** , and company-specified locations, such as **\\EngineeringDrafts**. Next, you should determine and locate the non-standard locations. For non-standard locations, consider the following:
-
-- **File types**. Consider which file types need to be included and excluded from the migration. You can create this list based on common applications used in your organization. Applications normally use specific file name extensions. For example, Microsoft Office Word primarily uses .doc, .docx and .dotx file name extension. However, it also uses other file types, such as templates (.dot files), on a less frequent basis.
-
-- **Excluded locations**. Consider the locations on the computer that should be excluded from the migration (for example, %WINDIR% and Program Files).
-
-- **New locations**. Decide where files should be migrated to on the destination computer for example, \\My Documents, a designated folder, or a folder matching the files' name and location on the source computer. For example, you might have shared data on source machine or you might wish to clean up documents outside the user profiles on the source system. Identify any data that needs to be redirected to a new location in the apply phase. This can be accomplished with location modify rules.
-
-Once you have verified which files and file types that the end users work with regularly, you will need to locate them. Files may be saved to a single folder or scattered across a drive. A good starting point for finding files types to include is to look at the registered file types on the computer.
-
-**To find the registered file types on a computer running Windows 7 or Windows 8**
-
-1. Click **Start**. Open **Control Panel**, click **Control Panel Home**, and click **Programs**.
-
-2. Click **Default Programs**, and click **Associate a file type or protocol with a program**.
-
-3. On this screen, the registered file types are displayed.
-
-For more information about how to change the file types, files, and folders that are migrated when you specify the MigUser.xml file, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md).
-
-## Related topics
-
-
-[Determine What to Migrate](usmt-determine-what-to-migrate.md)
-
-
-
-
-
-
-
-
-
+---
+title: Identify File Types, Files, and Folders (Windows 10)
+description: Learn how to identify the file types, files, folders, and settings that you want to migrate when you're planning your migration.
+ms.assetid: 93bb2a33-c126-4f7a-a961-6c89686d54e0
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Identify File Types, Files, and Folders
+
+
+When planning for your migration, if not using MigDocs.xml, you should identify the file types, files, folders, and settings that you want to migrate. First, you should determine the standard file locations on each computer, such as **My Documents.** , **C:\\Data** , and company-specified locations, such as **\\EngineeringDrafts**. Next, you should determine and locate the non-standard locations. For non-standard locations, consider the following:
+
+- **File types**. Consider which file types need to be included and excluded from the migration. You can create this list based on common applications used in your organization. Applications normally use specific file name extensions. For example, Microsoft Office Word primarily uses .doc, .docx and .dotx file name extension. However, it also uses other file types, such as templates (.dot files), on a less frequent basis.
+
+- **Excluded locations**. Consider the locations on the computer that should be excluded from the migration (for example, %WINDIR% and Program Files).
+
+- **New locations**. Decide where files should be migrated to on the destination computer for example, \\My Documents, a designated folder, or a folder matching the files' name and location on the source computer. For example, you might have shared data on source machine or you might wish to clean up documents outside the user profiles on the source system. Identify any data that needs to be redirected to a new location in the apply phase. This can be accomplished with location modify rules.
+
+Once you have verified which files and file types that the end users work with regularly, you will need to locate them. Files may be saved to a single folder or scattered across a drive. A good starting point for finding files types to include is to look at the registered file types on the computer.
+
+**To find the registered file types on a computer running Windows 7 or Windows 8**
+
+1. Click **Start**. Open **Control Panel**, click **Control Panel Home**, and click **Programs**.
+
+2. Click **Default Programs**, and click **Associate a file type or protocol with a program**.
+
+3. On this screen, the registered file types are displayed.
+
+For more information about how to change the file types, files, and folders that are migrated when you specify the MigUser.xml file, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md).
+
+## Related topics
+
+
+[Determine What to Migrate](usmt-determine-what-to-migrate.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md
index b58c711dbf..f592773c30 100644
--- a/windows/deployment/usmt/usmt-identify-users.md
+++ b/windows/deployment/usmt/usmt-identify-users.md
@@ -1,6 +1,6 @@
---
title: Identify Users (Windows 10)
-description: Identify Users
+description: Learn how to identify users you plan to migrate, as well as how to migrate local accounts and domain accounts.
ms.assetid: 957a4fe9-79fd-44a2-8c26-33e50f71f9de
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md
index 3bbf83959b..2a52999416 100644
--- a/windows/deployment/usmt/usmt-loadstate-syntax.md
+++ b/windows/deployment/usmt/usmt-loadstate-syntax.md
@@ -1,6 +1,6 @@
---
title: LoadState Syntax (Windows 10)
-description: LoadState Syntax
+description: Learn about the syntax and usage of the command-line options available when you use the LoadState command.
ms.assetid: 53d2143b-cbe9-4cfc-8506-36e9d429f6d4
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md
index d9917d3495..7460f63692 100644
--- a/windows/deployment/usmt/usmt-log-files.md
+++ b/windows/deployment/usmt/usmt-log-files.md
@@ -1,6 +1,6 @@
---
title: Log Files (Windows 10)
-description: Log Files
+description: Learn how to use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations.
ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
index 706f2c6a6e..17fe9cfc7d 100644
--- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
+++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
@@ -1,55 +1,56 @@
----
-title: Migrate EFS Files and Certificates (Windows 10)
-description: Migrate EFS Files and Certificates
-ms.assetid: 7f19a753-ec45-4433-b297-cc30f16fdee1
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Migrate EFS Files and Certificates
-
-
-This topic describes how to migrate Encrypting File System (EFS) certificates. For more information about the **/efs** For options, see [ScanState Syntax](usmt-scanstate-syntax.md).
-
-## To Migrate EFS Files and Certificates
-
-
-Encrypting File System (EFS) certificates will be migrated automatically. However, by default, the User State Migration Tool (USMT) 10.0 fails if an encrypted file is found (unless you specify an **/efs** option). Therefore, you must specify **/efs:abort | skip | decryptcopy | copyraw | hardlink** with the ScanState command to migrate the encrypted files. Then, when you run the LoadState command on the destination computer, the encrypted file and the EFS certificate will be automatically migrated.
-
-**Note**
-The **/efs** options are not used with the LoadState command.
-
-
-
-Before using the ScanState tool for a migration that includes encrypted files and EFS certificates, you must ensure that all files in an encrypted folder are encrypted as well or remove the encryption attribute from folders that contain unencrypted files. If the encryption attribute has been removed from a file but not from the parent folder, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool.
-
-You can run the Cipher tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt type:
-
-``` syntax
-Cipher /D /S:
-```
-
-Where *<Path>* is the full path of the topmost parent directory where the encryption attribute is set.
-
-## Related topics
-
-
-[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
-
-[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)
-
-
-
-
-
-
-
-
-
+---
+title: Migrate EFS Files and Certificates (Windows 10)
+description: Learn how to migrate Encrypting File System (EFS) certificates. Also, learn where to find information about how to identify file types, files, and folders.
+ms.assetid: 7f19a753-ec45-4433-b297-cc30f16fdee1
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Migrate EFS Files and Certificates
+
+
+This topic describes how to migrate Encrypting File System (EFS) certificates. For more information about the **/efs** For options, see [ScanState Syntax](usmt-scanstate-syntax.md).
+
+## To Migrate EFS Files and Certificates
+
+
+Encrypting File System (EFS) certificates will be migrated automatically. However, by default, the User State Migration Tool (USMT) 10.0 fails if an encrypted file is found (unless you specify an **/efs** option). Therefore, you must specify **/efs:abort | skip | decryptcopy | copyraw | hardlink** with the ScanState command to migrate the encrypted files. Then, when you run the LoadState command on the destination computer, the encrypted file and the EFS certificate will be automatically migrated.
+
+**Note**
+The **/efs** options are not used with the LoadState command.
+
+
+
+Before using the ScanState tool for a migration that includes encrypted files and EFS certificates, you must ensure that all files in an encrypted folder are encrypted as well or remove the encryption attribute from folders that contain unencrypted files. If the encryption attribute has been removed from a file but not from the parent folder, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool.
+
+You can run the Cipher tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt type:
+
+``` syntax
+Cipher /D /S:
+```
+
+Where *<Path>* is the full path of the topmost parent directory where the encryption attribute is set.
+
+## Related topics
+
+
+[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
+
+[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md
index 663964c7eb..330d9984b5 100644
--- a/windows/deployment/usmt/usmt-migrate-user-accounts.md
+++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md
@@ -1,96 +1,97 @@
----
-title: Migrate User Accounts (Windows 10)
-description: Migrate User Accounts
-ms.assetid: a3668361-43c8-4fd2-b26e-9a2deaeaeb09
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Migrate User Accounts
-
-
-By default, all users are migrated. The only way to specify which users to include and exclude is on the command line by using the User options. You cannot specify users in the migration XML files or by using the Config.xml file.
-
-## In this Topic
-
-
-- [To migrate all user accounts and user settings](#bkmk-migrateall)
-
-- [To migrate two domain accounts (User1 and User2)](#bkmk-migratetwo)
-
-- [To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain](#bkmk-migratemoveuserone)
-
-## To migrate all user accounts and user settings
-Links to detailed explanations of commands are available in the Related Topics section.
-
-1. Log on to the source computer as an administrator, and specify the following in a **Command-Prompt** window:
-
- `scanstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /o`
-
-2. Log on to the destination computer as an administrator.
-
-3. Do one of the following:
-
- - If you are migrating domain accounts, specify:
-
- `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml`
-
- - If you are migrating local accounts along with domain accounts, specify:
-
- `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /lac /lae`
-
- **Note**
- You do not have to specify the **/lae** option, which enables the account that was created with the **/lac** option. Instead, you can create a disabled local account by specifying only the **/lac** option, and then a local administrator needs to enable the account on the destination computer.
-
-
-
-## To migrate two domain accounts (User1 and User2)
-Links to detailed explanations of commands are available in the Related Topics section.
-
-1. Log on to the source computer as an administrator, and specify:
-
- `scanstate \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:migdocs.xml /i:migapp.xml /o`
-
-2. Log on to the destination computer as an administrator.
-
-3. Specify the following:
-
- `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml`
-
-## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain
-Links to detailed explanations of commands are available in the Related Topics section.
-
-1. Log on to the source computer as an administrator, and type the following at the command-line prompt:
-
- `scanstate \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:migdocs.xml /i:migapp.xml /o`
-
-2. Log on to the destination computer as an administrator.
-
-3. Specify the following:
-
- `loadstate \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:migdocs.xml /i:migapp.xml`
-
-## Related topics
-
-
-[Identify Users](usmt-identify-users.md)
-
-[ScanState Syntax](usmt-scanstate-syntax.md)
-
-[LoadState Syntax](usmt-loadstate-syntax.md)
-
-
-
-
-
-
-
-
-
+---
+title: Migrate User Accounts (Windows 10)
+description: Learn how to migrate user accounts and how to specify which users to include and exclude by using the User options on the command line.
+ms.assetid: a3668361-43c8-4fd2-b26e-9a2deaeaeb09
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Migrate User Accounts
+
+
+By default, all users are migrated. The only way to specify which users to include and exclude is on the command line by using the User options. You cannot specify users in the migration XML files or by using the Config.xml file.
+
+## In this Topic
+
+
+- [To migrate all user accounts and user settings](#bkmk-migrateall)
+
+- [To migrate two domain accounts (User1 and User2)](#bkmk-migratetwo)
+
+- [To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain](#bkmk-migratemoveuserone)
+
+## To migrate all user accounts and user settings
+Links to detailed explanations of commands are available in the Related Topics section.
+
+1. Log on to the source computer as an administrator, and specify the following in a **Command-Prompt** window:
+
+ `scanstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /o`
+
+2. Log on to the destination computer as an administrator.
+
+3. Do one of the following:
+
+ - If you are migrating domain accounts, specify:
+
+ `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml`
+
+ - If you are migrating local accounts along with domain accounts, specify:
+
+ `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /lac /lae`
+
+ **Note**
+ You do not have to specify the **/lae** option, which enables the account that was created with the **/lac** option. Instead, you can create a disabled local account by specifying only the **/lac** option, and then a local administrator needs to enable the account on the destination computer.
+
+
+
+## To migrate two domain accounts (User1 and User2)
+Links to detailed explanations of commands are available in the Related Topics section.
+
+1. Log on to the source computer as an administrator, and specify:
+
+ `scanstate \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:migdocs.xml /i:migapp.xml /o`
+
+2. Log on to the destination computer as an administrator.
+
+3. Specify the following:
+
+ `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml`
+
+## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain
+Links to detailed explanations of commands are available in the Related Topics section.
+
+1. Log on to the source computer as an administrator, and type the following at the command-line prompt:
+
+ `scanstate \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:migdocs.xml /i:migapp.xml /o`
+
+2. Log on to the destination computer as an administrator.
+
+3. Specify the following:
+
+ `loadstate \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:migdocs.xml /i:migapp.xml`
+
+## Related topics
+
+
+[Identify Users](usmt-identify-users.md)
+
+[ScanState Syntax](usmt-scanstate-syntax.md)
+
+[LoadState Syntax](usmt-loadstate-syntax.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md
index 6d80871901..5ec6da19d3 100644
--- a/windows/deployment/usmt/usmt-overview.md
+++ b/windows/deployment/usmt/usmt-overview.md
@@ -1,60 +1,61 @@
----
-title: User State Migration Tool (USMT) Overview (Windows 10)
-description: User State Migration Tool (USMT) Overview
-ms.assetid: 3b649431-ad09-4b17-895a-3fec7ac0a81f
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 10/16/2017
-ms.topic: article
----
-
-# User State Migration Tool (USMT) Overview
-You can use User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. USMT captures user accounts, user files, operating system settings, and application settings, and then migrates them to a new Windows installation. You can use USMT for both PC replacement and PC refresh migrations. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
-
-USMT enables you to do the following:
-
-- Configure your migration according to your business needs by using the migration rule (.xml) files to control exactly which files and settings are migrated and how they are migrated. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
-
-- Fit your customized migration into your automated deployment process by using the ScanState and LoadState tools, which control collecting and restoring the user files and settings. For more information, see [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md).
-
-- Perform offline migrations. You can run migrations offline by using the ScanState command in Windows Preinstallation Environment (WinPE) or you can perform migrations from previous installations of Windows contained in Windows.old directories. For more information about migration types, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md) and [Offline Migration Reference](offline-migration-reference.md).
-
-## Benefits
-USMT provides the following benefits to businesses that are deploying Windows operating systems:
-
-- Safely migrates user accounts, operating system and application settings.
-
-- Lowers the cost of deploying Windows by preserving user state.
-
-- Reduces end-user downtime required to customize desktops and find missing files.
-
-- Reduces help-desk calls.
-
-- Reduces the time needed for the user to become familiar with the new operating system.
-
-- Increases employee satisfaction with the migration experience.
-
-## Limitations
-USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [PCmover Express](https://go.microsoft.com/fwlink/?linkid=620915). PCmover Express is a tool created by Microsoft's partner, Laplink.
-
-There are some scenarios in which the use of USMT is not recommended. These include:
-
-- Migrations that require end-user interaction.
-
-- Migrations that require customization on a machine-by-machine basis.
-
-## Related topics
-- [User State Migration Tool (USMT) Technical Reference](usmt-technical-reference.md)
-
-
-
-
-
-
-
-
+---
+title: User State Migration Tool (USMT) Overview (Windows 10)
+description: Learn about using User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems.
+ms.assetid: 3b649431-ad09-4b17-895a-3fec7ac0a81f
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 10/16/2017
+ms.topic: article
+---
+
+# User State Migration Tool (USMT) Overview
+You can use User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. USMT captures user accounts, user files, operating system settings, and application settings, and then migrates them to a new Windows installation. You can use USMT for both PC replacement and PC refresh migrations. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
+
+USMT enables you to do the following:
+
+- Configure your migration according to your business needs by using the migration rule (.xml) files to control exactly which files and settings are migrated and how they are migrated. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
+
+- Fit your customized migration into your automated deployment process by using the ScanState and LoadState tools, which control collecting and restoring the user files and settings. For more information, see [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md).
+
+- Perform offline migrations. You can run migrations offline by using the ScanState command in Windows Preinstallation Environment (WinPE) or you can perform migrations from previous installations of Windows contained in Windows.old directories. For more information about migration types, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md) and [Offline Migration Reference](offline-migration-reference.md).
+
+## Benefits
+USMT provides the following benefits to businesses that are deploying Windows operating systems:
+
+- Safely migrates user accounts, operating system and application settings.
+
+- Lowers the cost of deploying Windows by preserving user state.
+
+- Reduces end-user downtime required to customize desktops and find missing files.
+
+- Reduces help-desk calls.
+
+- Reduces the time needed for the user to become familiar with the new operating system.
+
+- Increases employee satisfaction with the migration experience.
+
+## Limitations
+USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [PCmover Express](https://go.microsoft.com/fwlink/?linkid=620915). PCmover Express is a tool created by Microsoft's partner, Laplink.
+
+There are some scenarios in which the use of USMT is not recommended. These include:
+
+- Migrations that require end-user interaction.
+
+- Migrations that require customization on a machine-by-machine basis.
+
+## Related topics
+- [User State Migration Tool (USMT) Technical Reference](usmt-technical-reference.md)
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md
index 1fa60664bd..7ea0c4d341 100644
--- a/windows/deployment/usmt/usmt-plan-your-migration.md
+++ b/windows/deployment/usmt/usmt-plan-your-migration.md
@@ -1,71 +1,72 @@
----
-title: Plan Your Migration (Windows 10)
-description: Plan Your Migration
-ms.assetid: c951f7df-850e-47ad-b31b-87f902955e3e
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Plan Your Migration
-
-
-Before you use the User State Migration Tool (USMT) 10.0 to perform your migration, we recommend that you plan your migration carefully. Planning can help your migration proceed smoothly and can reduce the risk of migration failure.
-
-In migration planning, both organizations and individuals must first identify what to migrate, including user settings, applications and application settings, and personal data files and folders. Identifying the applications to migrate is especially important so that you can avoid capturing data about applications that may be phased out.
-
-One of the most important requirements for migrating settings and data is restoring only the information that the destination computer requires. Although the data that you capture on the source computer may be more comprehensive than the restoration data for backup purposes, restoring data or settings for applications that you will not install on the destination system is redundant. This can also introduce instability in a newly deployed computer.
-
-## In This Section
-
-
-
Test your migration before you deploy Windows to all users.
-
-
-
-
-
-
-## Related topics
-
-
-[USMT XML Reference](usmt-xml-reference.md)
-
-
-
-
-
-
-
-
-
+---
+title: Plan Your Migration (Windows 10)
+description: Learn how to your plan your migration carefully so your migration can proceed smoothly and so that you reduce the risk of migration failure.
+ms.assetid: c951f7df-850e-47ad-b31b-87f902955e3e
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Plan Your Migration
+
+
+Before you use the User State Migration Tool (USMT) 10.0 to perform your migration, we recommend that you plan your migration carefully. Planning can help your migration proceed smoothly and can reduce the risk of migration failure.
+
+In migration planning, both organizations and individuals must first identify what to migrate, including user settings, applications and application settings, and personal data files and folders. Identifying the applications to migrate is especially important so that you can avoid capturing data about applications that may be phased out.
+
+One of the most important requirements for migrating settings and data is restoring only the information that the destination computer requires. Although the data that you capture on the source computer may be more comprehensive than the restoration data for backup purposes, restoring data or settings for applications that you will not install on the destination system is redundant. This can also introduce instability in a newly deployed computer.
+
+## In This Section
+
+
+
Test your migration before you deploy Windows to all users.
+
+
+
+
+
+
+## Related topics
+
+
+[USMT XML Reference](usmt-xml-reference.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md
index d2862feb9a..dfb923bbd4 100644
--- a/windows/deployment/usmt/usmt-recognized-environment-variables.md
+++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md
@@ -1,470 +1,471 @@
----
-title: Recognized Environment Variables (Windows 10)
-description: Recognized Environment Variables
-ms.assetid: 2b0ac412-e131-456e-8f0c-c26249b5f3df
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Recognized Environment Variables
-
-
-When using the XML files MigDocs.xml, MigApp.xml, and MigUser.xml, you can use environment variables to identify folders that may be different on different computers. Constant special item ID list (CSIDL) values provide a way to identify folders that applications use frequently but may not have the same name or location on any given computer. For example, the documents folder may be C:\\Users\\<Username>\\My Documents on one computer and C:\\Documents and Settings on another. You can use the asterisk (\*) wildcard character in MigUser.xml, MigApp.xml and MigDoc.xml files. However, you cannot use the asterisk (\*) wildcard characters in the Config.xml file.
-
-## In This Topic
-
-
-- [Variables that are processed for the operating system and in the context of each user](#bkmk-1)
-
-- [Variables that are recognized only in the user context](#bkmk-2)
-
-## Variables that are processed for the operating system and in the context of each user
-
-
-You can use these variables within sections in the .xml files with `context=UserAndSystem`, `context=User`, and `context=System`.
-
-
-
-
-
-
-
-
-
Variable
-
Explanation
-
-
-
-
-
ALLUSERSAPPDATA
-
Same as CSIDL_COMMON_APPDATA.
-
-
-
ALLUSERSPROFILE
-
Refers to %PROFILESFOLDER%\Public or %PROFILESFOLDER%\all users.
-
-
-
COMMONPROGRAMFILES
-
Same as CSIDL_PROGRAM_FILES_COMMON.
-
-
-
COMMONPROGRAMFILES(X86)
-
Refers to the C:\Program Files (x86)\Common Files folder on 64-bit systems.
-
-
-
CSIDL_COMMON_ADMINTOOLS
-
Version 10.0. The file-system directory that contains administrative tools for all users of the computer.
-
-
-
CSIDL_COMMON_ALTSTARTUP
-
The file-system directory that corresponds to the non-localized Startup program group for all users.
-
-
-
CSIDL_COMMON_APPDATA
-
The file-system directory that contains application data for all users. A typical path Windows is C:\ProgramData.
-
-
-
CSIDL_COMMON_DESKTOPDIRECTORY
-
The file-system directory that contains files and folders that appear on the desktop for all users. A typical Windows® XP path is C:\Documents and Settings\All Users\Desktop. A typical path is C:\Users\Public\Desktop.
-
-
-
CSIDL_COMMON_DOCUMENTS
-
The file-system directory that contains documents that are common to all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Documents. A typical path is C:\Users\Public\Documents.
-
-
-
CSIDL_COMMON_FAVORITES
-
The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.
-
-
-
CSIDL_COMMON_MUSIC
-
The file-system directory that serves as a repository for music files common to all users. A typical path is C:\Users\Public\Music.
-
-
-
CSIDL_COMMON_PICTURES
-
The file-system directory that serves as a repository for image files common to all users. A typical path is C:\Users\Public\Pictures.
-
-
-
CSIDL_COMMON_PROGRAMS
-
The file-system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs.
-
-
-
CSIDL_COMMON_STARTMENU
-
The file-system directory that contains the programs and folders which appear on the Start menu for all users. A typical path in Windows is C:\ProgramData\Microsoft\Windows\Start Menu.
-
-
-
CSIDL_COMMON_STARTUP
-
The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.
-
-
-
CSIDL_COMMON_TEMPLATES
-
The file-system directory that contains the templates that are available to all users. A typical path is C:\ProgramData\Microsoft\Windows\Templates.
-
-
-
CSIDL_COMMON_VIDEO
-
The file-system directory that serves as a repository for video files common to all users. A typical path is C:\Users\Public\Videos.
-
-
-
CSIDL_DEFAULT_APPDATA
-
Refers to the Appdata folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_LOCAL_APPDATA
-
Refers to the local Appdata folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_COOKIES
-
Refers to the Cookies folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_CONTACTS
-
Refers to the Contacts folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_DESKTOP
-
Refers to the Desktop folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_DOWNLOADS
-
Refers to the Downloads folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_FAVORITES
-
Refers to the Favorites folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_HISTORY
-
Refers to the History folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_INTERNET_CACHE
-
Refers to the Internet Cache folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_PERSONAL
-
Refers to the Personal folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_MYDOCUMENTS
-
Refers to the My Documents folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_MYPICTURES
-
Refers to the My Pictures folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_MYMUSIC
-
Refers to the My Music folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_MYVIDEO
-
Refers to the My Videos folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_RECENT
-
Refers to the Recent folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_SENDTO
-
Refers to the Send To folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_STARTMENU
-
Refers to the Start Menu folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_PROGRAMS
-
Refers to the Programs folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_STARTUP
-
Refers to the Startup folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_TEMPLATES
-
Refers to the Templates folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_DEFAULT_QUICKLAUNCH
-
Refers to the Quick Launch folder inside %DEFAULTUSERPROFILE%.
-
-
-
CSIDL_FONTS
-
A virtual folder containing fonts. A typical path is C:\Windows\Fonts.
-
-
-
CSIDL_PROGRAM_FILESX86
-
The Program Files folder on 64-bit systems. A typical path is C:\Program Files(86).
-
-
-
CSIDL_PROGRAM_FILES_COMMONX86
-
A folder for components that are shared across applications on 64-bit systems. A typical path is C:\Program Files(86)\Common.
-
-
-
CSIDL_PROGRAM_FILES
-
The Program Files folder. A typical path is C:\Program Files.
-
-
-
CSIDL_PROGRAM_FILES_COMMON
-
A folder for components that are shared across applications. A typical path is C:\Program Files\Common.
-
-
-
CSIDL_RESOURCES
-
The file-system directory that contains resource data. A typical path is C:\Windows\Resources.
-
-
-
CSIDL_SYSTEM
-
The Windows System folder. A typical path is C:\Windows\System32.
-
-
-
CSIDL_WINDOWS
-
The Windows directory or system root. This corresponds to the %WINDIR% or %SYSTEMROOT% environment variables. A typical path is C:\Windows.
-
-
-
DEFAULTUSERPROFILE
-
Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile].
-
-
-
PROFILESFOLDER
-
Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory].
-
-
-
PROGRAMFILES
-
Same as CSIDL_PROGRAM_FILES.
-
-
-
PROGRAMFILES(X86)
-
Refers to the C:\Program Files (x86) folder on 64-bit systems.
-
-
-
SYSTEM
-
Refers to %WINDIR%\system32.
-
-
-
SYSTEM16
-
Refers to %WINDIR%\system.
-
-
-
SYSTEM32
-
Refers to %WINDIR%\system32.
-
-
-
SYSTEMPROFILE
-
Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath].
-
-
-
SYSTEMROOT
-
Refers to the root of the system drive.
-
-
-
WINDIR
-
Refers to the Windows folder located on the system drive.
-
-
-
-
-
-
-## Variables that are recognized only in the user context
-
-
-You can use these variables in the .xml files within sections with `context=User` and `context=UserAndSystem`.
-
-
-
-
-
-
-
-
-
Variable
-
Explanation
-
-
-
-
-
APPDATA
-
Same as CSIDL_APPDATA.
-
-
-
CSIDL_ADMINTOOLS
-
The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.
-
-
-
CSIDL_ALTSTARTUP
-
The file-system directory that corresponds to the user's non-localized Startup program group.
-
-
-
CSIDL_APPDATA
-
The file-system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\username\Application Data or C:\Users\username\AppData\Roaming.
-
-
-
CSIDL_BITBUCKET
-
The virtual folder that contains the objects in the user's Recycle Bin.
-
-
-
CSIDL_CDBURN_AREA
-
The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning.
-
-
-
CSIDL_CONNECTIONS
-
The virtual folder representing Network Connections that contains network and dial-up connections.
-
-
-
CSIDL_CONTACTS
-
This refers to the Contacts folder in %CSIDL_PROFILE%.
-
-
-
CSIDL_CONTROLS
-
The virtual folder that contains icons for the Control Panel items.
-
-
-
CSIDL_COOKIES
-
The file-system directory that serves as a common repository for Internet cookies. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies.
-
-
-
CSIDL_DESKTOP
-
The virtual folder representing the Windows desktop.
-
-
-
CSIDL_DESKTOPDIRECTORY
-
The file-system directory used to physically store file objects on the desktop, which should not be confused with the desktop folder itself. A typical path is C:\Users\username\Desktop.
-
-
-
CSIDL_DRIVES
-
The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.
-
-
-
CSIDL_FAVORITES
-
The file-system directory that serves as a common repository for the user's favorites. A typical path is C:\Users\Username\Favorites.
-
-
-
CSIDL_HISTORY
-
The file-system directory that serves as a common repository for Internet history items.
-
-
-
CSIDL_INTERNET
-
A virtual folder for Internet Explorer.
-
-
-
CSIDL_INTERNET_CACHE
-
The file-system directory that serves as a common repository for temporary Internet files. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files
-
-
-
CSIDL_LOCAL_APPDATA
-
The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is C:\Users\username\AppData\Local.
-
-
-
CSIDL_MYDOCUMENTS
-
The virtual folder representing My Documents.A typical path is C:\Users\Username\Documents.
-
-
-
CSIDL_MYMUSIC
-
The file-system directory that serves as a common repository for music files. A typical path is C:\Users\Username\Music.
-
-
-
CSIDL_MYPICTURES
-
The file-system directory that serves as a common repository for image files. A typical path is C:\Users\Username\Pictures.
-
-
-
CSIDL_MYVIDEO
-
The file-system directory that serves as a common repository for video files. A typical path is C:\Users\Username\Videos.
-
-
-
CSIDL_NETHOOD
-
A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Network Shortcuts.
-
-
-
CSIDL_NETWORK
-
A virtual folder representing My Network Places, the root of the network namespace hierarchy.
-
-
-
CSIDL_PERSONAL
-
The virtual folder representing the My Documents desktop item. This is equivalent to CSIDL_MYDOCUMENTS.
-
A typical path is C:\Documents and Settings\username\My Documents.
-
-
-
CSIDL_PLAYLISTS
-
The virtual folder used to store play albums, typically C:\Users\username\My Music\Playlists.
-
-
-
CSIDL_PRINTERS
-
The virtual folder that contains installed printers.
-
-
-
CSIDL_PRINTHOOD
-
The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Printer Shortcuts.
-
-
-
CSIDL_PROFILE
-
The user's profile folder. A typical path is C:\Users\Username.
-
-
-
CSIDL_PROGRAMS
-
The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.
-
-
-
CSIDL_RECENT
-
The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Recent.
-
-
-
CSIDL_SENDTO
-
The file-system directory that contains Send To menu items. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\SendTo.
-
-
-
CSIDL_STARTMENU
-
The file-system directory that contains Start menu items. A typical path in Windows XP is C:\Documents and Settings\username\Start Menu. A typical path in Windows Vista, Windows 7, or Windows 8 is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu.
-
-
-
CSIDL_STARTUP
-
The file-system directory that corresponds to the user's Startup program group. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.
-
-
-
CSIDL_TEMPLATES
-
The file-system directory that serves as a common repository for document templates. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Templates.
-
-
-
HOMEPATH
-
Same as the standard environment variable.
-
-
-
TEMP
-
The temporary folder on the computer. A typical path is %USERPROFILE%\AppData\Local\Temp.
-
-
-
TMP
-
The temporary folder on the computer. A typical path is %USERPROFILE%\AppData\Local\Temp.
-
-
-
USERPROFILE
-
Same as CSIDL_PROFILE.
-
-
-
USERSID
-
Represents the current user-account security identifier (SID). For example,
-
S-1-5-21-1714567821-1326601894-715345443-1026.
-
-
-
-
-
-
-## Related topics
-
-
-[USMT XML Reference](usmt-xml-reference.md)
-
-
-
-
-
-
-
-
-
+---
+title: Recognized Environment Variables (Windows 10)
+description: Learn how to use environment variables to identify folders that may be different on different computers.
+ms.assetid: 2b0ac412-e131-456e-8f0c-c26249b5f3df
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Recognized Environment Variables
+
+
+When using the XML files MigDocs.xml, MigApp.xml, and MigUser.xml, you can use environment variables to identify folders that may be different on different computers. Constant special item ID list (CSIDL) values provide a way to identify folders that applications use frequently but may not have the same name or location on any given computer. For example, the documents folder may be C:\\Users\\<Username>\\My Documents on one computer and C:\\Documents and Settings on another. You can use the asterisk (\*) wildcard character in MigUser.xml, MigApp.xml and MigDoc.xml files. However, you cannot use the asterisk (\*) wildcard characters in the Config.xml file.
+
+## In This Topic
+
+
+- [Variables that are processed for the operating system and in the context of each user](#bkmk-1)
+
+- [Variables that are recognized only in the user context](#bkmk-2)
+
+## Variables that are processed for the operating system and in the context of each user
+
+
+You can use these variables within sections in the .xml files with `context=UserAndSystem`, `context=User`, and `context=System`.
+
+
+
+
+
+
+
+
+
Variable
+
Explanation
+
+
+
+
+
ALLUSERSAPPDATA
+
Same as CSIDL_COMMON_APPDATA.
+
+
+
ALLUSERSPROFILE
+
Refers to %PROFILESFOLDER%\Public or %PROFILESFOLDER%\all users.
+
+
+
COMMONPROGRAMFILES
+
Same as CSIDL_PROGRAM_FILES_COMMON.
+
+
+
COMMONPROGRAMFILES(X86)
+
Refers to the C:\Program Files (x86)\Common Files folder on 64-bit systems.
+
+
+
CSIDL_COMMON_ADMINTOOLS
+
Version 10.0. The file-system directory that contains administrative tools for all users of the computer.
+
+
+
CSIDL_COMMON_ALTSTARTUP
+
The file-system directory that corresponds to the non-localized Startup program group for all users.
+
+
+
CSIDL_COMMON_APPDATA
+
The file-system directory that contains application data for all users. A typical path Windows is C:\ProgramData.
+
+
+
CSIDL_COMMON_DESKTOPDIRECTORY
+
The file-system directory that contains files and folders that appear on the desktop for all users. A typical Windows® XP path is C:\Documents and Settings\All Users\Desktop. A typical path is C:\Users\Public\Desktop.
+
+
+
CSIDL_COMMON_DOCUMENTS
+
The file-system directory that contains documents that are common to all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Documents. A typical path is C:\Users\Public\Documents.
+
+
+
CSIDL_COMMON_FAVORITES
+
The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.
+
+
+
CSIDL_COMMON_MUSIC
+
The file-system directory that serves as a repository for music files common to all users. A typical path is C:\Users\Public\Music.
+
+
+
CSIDL_COMMON_PICTURES
+
The file-system directory that serves as a repository for image files common to all users. A typical path is C:\Users\Public\Pictures.
+
+
+
CSIDL_COMMON_PROGRAMS
+
The file-system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs.
+
+
+
CSIDL_COMMON_STARTMENU
+
The file-system directory that contains the programs and folders which appear on the Start menu for all users. A typical path in Windows is C:\ProgramData\Microsoft\Windows\Start Menu.
+
+
+
CSIDL_COMMON_STARTUP
+
The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.
+
+
+
CSIDL_COMMON_TEMPLATES
+
The file-system directory that contains the templates that are available to all users. A typical path is C:\ProgramData\Microsoft\Windows\Templates.
+
+
+
CSIDL_COMMON_VIDEO
+
The file-system directory that serves as a repository for video files common to all users. A typical path is C:\Users\Public\Videos.
+
+
+
CSIDL_DEFAULT_APPDATA
+
Refers to the Appdata folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_LOCAL_APPDATA
+
Refers to the local Appdata folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_COOKIES
+
Refers to the Cookies folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_CONTACTS
+
Refers to the Contacts folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_DESKTOP
+
Refers to the Desktop folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_DOWNLOADS
+
Refers to the Downloads folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_FAVORITES
+
Refers to the Favorites folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_HISTORY
+
Refers to the History folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_INTERNET_CACHE
+
Refers to the Internet Cache folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_PERSONAL
+
Refers to the Personal folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_MYDOCUMENTS
+
Refers to the My Documents folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_MYPICTURES
+
Refers to the My Pictures folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_MYMUSIC
+
Refers to the My Music folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_MYVIDEO
+
Refers to the My Videos folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_RECENT
+
Refers to the Recent folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_SENDTO
+
Refers to the Send To folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_STARTMENU
+
Refers to the Start Menu folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_PROGRAMS
+
Refers to the Programs folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_STARTUP
+
Refers to the Startup folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_TEMPLATES
+
Refers to the Templates folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_DEFAULT_QUICKLAUNCH
+
Refers to the Quick Launch folder inside %DEFAULTUSERPROFILE%.
+
+
+
CSIDL_FONTS
+
A virtual folder containing fonts. A typical path is C:\Windows\Fonts.
+
+
+
CSIDL_PROGRAM_FILESX86
+
The Program Files folder on 64-bit systems. A typical path is C:\Program Files(86).
+
+
+
CSIDL_PROGRAM_FILES_COMMONX86
+
A folder for components that are shared across applications on 64-bit systems. A typical path is C:\Program Files(86)\Common.
+
+
+
CSIDL_PROGRAM_FILES
+
The Program Files folder. A typical path is C:\Program Files.
+
+
+
CSIDL_PROGRAM_FILES_COMMON
+
A folder for components that are shared across applications. A typical path is C:\Program Files\Common.
+
+
+
CSIDL_RESOURCES
+
The file-system directory that contains resource data. A typical path is C:\Windows\Resources.
+
+
+
CSIDL_SYSTEM
+
The Windows System folder. A typical path is C:\Windows\System32.
+
+
+
CSIDL_WINDOWS
+
The Windows directory or system root. This corresponds to the %WINDIR% or %SYSTEMROOT% environment variables. A typical path is C:\Windows.
+
+
+
DEFAULTUSERPROFILE
+
Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile].
+
+
+
PROFILESFOLDER
+
Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory].
+
+
+
PROGRAMFILES
+
Same as CSIDL_PROGRAM_FILES.
+
+
+
PROGRAMFILES(X86)
+
Refers to the C:\Program Files (x86) folder on 64-bit systems.
+
+
+
SYSTEM
+
Refers to %WINDIR%\system32.
+
+
+
SYSTEM16
+
Refers to %WINDIR%\system.
+
+
+
SYSTEM32
+
Refers to %WINDIR%\system32.
+
+
+
SYSTEMPROFILE
+
Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath].
+
+
+
SYSTEMROOT
+
Refers to the root of the system drive.
+
+
+
WINDIR
+
Refers to the Windows folder located on the system drive.
+
+
+
+
+
+
+## Variables that are recognized only in the user context
+
+
+You can use these variables in the .xml files within sections with `context=User` and `context=UserAndSystem`.
+
+
+
+
+
+
+
+
+
Variable
+
Explanation
+
+
+
+
+
APPDATA
+
Same as CSIDL_APPDATA.
+
+
+
CSIDL_ADMINTOOLS
+
The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.
+
+
+
CSIDL_ALTSTARTUP
+
The file-system directory that corresponds to the user's non-localized Startup program group.
+
+
+
CSIDL_APPDATA
+
The file-system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\username\Application Data or C:\Users\username\AppData\Roaming.
+
+
+
CSIDL_BITBUCKET
+
The virtual folder that contains the objects in the user's Recycle Bin.
+
+
+
CSIDL_CDBURN_AREA
+
The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning.
+
+
+
CSIDL_CONNECTIONS
+
The virtual folder representing Network Connections that contains network and dial-up connections.
+
+
+
CSIDL_CONTACTS
+
This refers to the Contacts folder in %CSIDL_PROFILE%.
+
+
+
CSIDL_CONTROLS
+
The virtual folder that contains icons for the Control Panel items.
+
+
+
CSIDL_COOKIES
+
The file-system directory that serves as a common repository for Internet cookies. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies.
+
+
+
CSIDL_DESKTOP
+
The virtual folder representing the Windows desktop.
+
+
+
CSIDL_DESKTOPDIRECTORY
+
The file-system directory used to physically store file objects on the desktop, which should not be confused with the desktop folder itself. A typical path is C:\Users\username\Desktop.
+
+
+
CSIDL_DRIVES
+
The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.
+
+
+
CSIDL_FAVORITES
+
The file-system directory that serves as a common repository for the user's favorites. A typical path is C:\Users\Username\Favorites.
+
+
+
CSIDL_HISTORY
+
The file-system directory that serves as a common repository for Internet history items.
+
+
+
CSIDL_INTERNET
+
A virtual folder for Internet Explorer.
+
+
+
CSIDL_INTERNET_CACHE
+
The file-system directory that serves as a common repository for temporary Internet files. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files
+
+
+
CSIDL_LOCAL_APPDATA
+
The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is C:\Users\username\AppData\Local.
+
+
+
CSIDL_MYDOCUMENTS
+
The virtual folder representing My Documents.A typical path is C:\Users\Username\Documents.
+
+
+
CSIDL_MYMUSIC
+
The file-system directory that serves as a common repository for music files. A typical path is C:\Users\Username\Music.
+
+
+
CSIDL_MYPICTURES
+
The file-system directory that serves as a common repository for image files. A typical path is C:\Users\Username\Pictures.
+
+
+
CSIDL_MYVIDEO
+
The file-system directory that serves as a common repository for video files. A typical path is C:\Users\Username\Videos.
+
+
+
CSIDL_NETHOOD
+
A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Network Shortcuts.
+
+
+
CSIDL_NETWORK
+
A virtual folder representing My Network Places, the root of the network namespace hierarchy.
+
+
+
CSIDL_PERSONAL
+
The virtual folder representing the My Documents desktop item. This is equivalent to CSIDL_MYDOCUMENTS.
+
A typical path is C:\Documents and Settings\username\My Documents.
+
+
+
CSIDL_PLAYLISTS
+
The virtual folder used to store play albums, typically C:\Users\username\My Music\Playlists.
+
+
+
CSIDL_PRINTERS
+
The virtual folder that contains installed printers.
+
+
+
CSIDL_PRINTHOOD
+
The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Printer Shortcuts.
+
+
+
CSIDL_PROFILE
+
The user's profile folder. A typical path is C:\Users\Username.
+
+
+
CSIDL_PROGRAMS
+
The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.
+
+
+
CSIDL_RECENT
+
The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Recent.
+
+
+
CSIDL_SENDTO
+
The file-system directory that contains Send To menu items. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\SendTo.
+
+
+
CSIDL_STARTMENU
+
The file-system directory that contains Start menu items. A typical path in Windows XP is C:\Documents and Settings\username\Start Menu. A typical path in Windows Vista, Windows 7, or Windows 8 is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu.
+
+
+
CSIDL_STARTUP
+
The file-system directory that corresponds to the user's Startup program group. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.
+
+
+
CSIDL_TEMPLATES
+
The file-system directory that serves as a common repository for document templates. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Templates.
+
+
+
HOMEPATH
+
Same as the standard environment variable.
+
+
+
TEMP
+
The temporary folder on the computer. A typical path is %USERPROFILE%\AppData\Local\Temp.
+
+
+
TMP
+
The temporary folder on the computer. A typical path is %USERPROFILE%\AppData\Local\Temp.
+
+
+
USERPROFILE
+
Same as CSIDL_PROFILE.
+
+
+
USERSID
+
Represents the current user-account security identifier (SID). For example,
+
S-1-5-21-1714567821-1326601894-715345443-1026.
+
+
+
+
+
+
+## Related topics
+
+
+[USMT XML Reference](usmt-xml-reference.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md
index c5bcd4193c..7e00f19577 100644
--- a/windows/deployment/usmt/usmt-reference.md
+++ b/windows/deployment/usmt/usmt-reference.md
@@ -1,77 +1,78 @@
----
-title: User State Migration Toolkit (USMT) Reference (Windows 10)
-description: User State Migration Toolkit (USMT) Reference
-ms.assetid: 2135dbcf-de49-4cea-b2fb-97dd016e1a1a
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# User State Migration Toolkit (USMT) Reference
-
-
-## In This Section
-
-
-
Find requirements, best practices, and other considerations for performing a migration offline.
+
+
+
+
+
+
+## Related topics
+
+
+[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+
+[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
+
+[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
index 22f64e513e..facc5fef91 100644
--- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
@@ -1,6 +1,6 @@
---
title: Reroute Files and Settings (Windows 10)
-description: Reroute Files and Settings
+description: Learn how to create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines to reroute files and settings.
ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md
index eaaa49a5d4..4866b61aaf 100644
--- a/windows/deployment/usmt/usmt-resources.md
+++ b/windows/deployment/usmt/usmt-resources.md
@@ -1,50 +1,51 @@
----
-title: USMT Resources (Windows 10)
-description: USMT Resources
-ms.assetid: a0b266c7-4bcb-49f1-b63c-48c6ace86b43
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# USMT Resources
-
-
-## USMT Online Resources
-
-
-- [ADK Release Notes](https://msdn.microsoft.com/library/windows/hardware/dn927348.aspx)
-
-- Microsoft Visual Studio
-
- - You can use the User State Migration Tool (USMT) XML schema (the MigXML.xsd file) to validate the migration .xml files using an XML authoring tool such as Microsoft® Visual Studio®.
-
- For more information about how to use the schema with your XML authoring environment, see the environment’s documentation.
-
-- [Ask the Directory Services Team blog](https://go.microsoft.com/fwlink/p/?LinkId=226365)
-
-- Forums:
-
- - [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386)
-
- - [Configuration Manager Operating System Deployment](https://go.microsoft.com/fwlink/p/?LinkId=226388)
-
-## Related topics
-
-
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
-
-
-
-
-
-
-
-
-
+---
+title: USMT Resources (Windows 10)
+description: Learn about User State Migration Tool (USMT) online resources, including Microsoft Visual Studio and forums.
+ms.assetid: a0b266c7-4bcb-49f1-b63c-48c6ace86b43
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# USMT Resources
+
+
+## USMT Online Resources
+
+
+- [ADK Release Notes](https://msdn.microsoft.com/library/windows/hardware/dn927348.aspx)
+
+- Microsoft Visual Studio
+
+ - You can use the User State Migration Tool (USMT) XML schema (the MigXML.xsd file) to validate the migration .xml files using an XML authoring tool such as Microsoft® Visual Studio®.
+
+ For more information about how to use the schema with your XML authoring environment, see the environment’s documentation.
+
+- [Ask the Directory Services Team blog](https://go.microsoft.com/fwlink/p/?LinkId=226365)
+
+- Forums:
+
+ - [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386)
+
+ - [Configuration Manager Operating System Deployment](https://go.microsoft.com/fwlink/p/?LinkId=226388)
+
+## Related topics
+
+
+[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md
index c137197a5c..ba8e6da7c1 100644
--- a/windows/deployment/usmt/usmt-return-codes.md
+++ b/windows/deployment/usmt/usmt-return-codes.md
@@ -1,786 +1,787 @@
----
-title: Return Codes (Windows 10)
-description: Return Codes
-ms.assetid: e71bbc6b-d5a6-4e48-ad01-af0012b35f22
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Return Codes
-
-
-This topic describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this topic provides tips to help you use the logfiles to determine why you received an error.
-
-Understanding the requirements for running USMT can help minimize errors in your USMT migrations. For more information, see [USMT Requirements](usmt-requirements.md).
-
-## In This Topic
-
-
-[USMT Return Codes](#bkmk-returncodes)
-
-[USMT Error Messages](#bkmk-errormessages)
-
-[Troubleshooting Return Codes and Error Messages](#bkmk-tscodeserrors)
-
-## USMT Return Codes
-
-
-If you encounter an error in your USMT migration, you can use return codes and the more specific information provided in the associated USMT error messages to troubleshoot the issue and to identify mitigation steps.
-
-Return codes are grouped into the following broad categories that describe their area of error reporting:
-
-Success or User Cancel
-
-Invalid Command Lines
-
-Setup and Initialization
-
-Non-fatal Errors
-
-Fatal Errors
-
-As a best practice, we recommend that you set verbosity level to 5, **/v**:5, on the **ScanState**, **LoadState**, and **USMTUtils** command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger.
-
-## USMT Error Messages
-
-
-Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of "11” (for “USMT\_INVALID\_PARAMETERS") and a related error message that reads "/key and /keyfile both specified". The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received.
-
-You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=147060).
-
-## Troubleshooting Return Codes and Error Messages
-
-
-The following table lists each return code by numeric value, along with the associated error messages and suggested troubleshooting actions.
-
-
-
-
-
-
-
-
-
-
-
-
Return code value
-
Return code
-
Error message
-
Troubleshooting, mitigation, workarounds
-
Category
-
-
-
-
-
0
-
USMT_SUCCESS
-
Successful run
-
Not applicable
-
Success or Cancel
-
-
-
1
-
USMT_DISPLAY_HELP
-
Command line help requested
-
Not applicable
-
Success or Cancel
-
-
-
2
-
USMT_STATUS_CANCELED
-
Gather was aborted because of an EFS file
-
Not applicable
-
-
-
-
-
-
User chose to cancel (such as pressing CTRL+C)
-
Not applicable
-
Success or Cancel
-
-
-
3
-
USMT_WOULD_HAVE_FAILED
-
At least one error was skipped as a result of /c
-
Review ScanState, LoadState, or UsmtUtils log for details about command-line errors.
-
-
-
-
11
-
USMT_INVALID_PARAMETERS
-
/all conflicts with /ui, /ue or /uel
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/auto expects an optional parameter for the script folder
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/encrypt can't be used with /nocompress
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/encrypt requires /key or /keyfile
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/genconfig can't be used with most other options
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/genmigxml can't be used with most other options
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/hardlink requires /nocompress
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/key and /keyfile both specified
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/key or /keyfile used without enabling encryption
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/lae is only used with /lac
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/listfiles cannot be used with /p
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/offline requires a valid path to an XML file describing offline paths
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/offlinewindir requires a valid path to offline windows folder
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
/offlinewinold requires a valid path to offline windows folder
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
A command was already specified
-
Verify that the command-line syntax is correct and that there are no duplicate commands.
-
-
-
-
-
-
An option argument is missing
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
An option is specified more than once and is ambiguous
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
By default /auto selects all users and uses the highest log verbosity level. Switches like /all, /ui, /ue, /v are not allowed.
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Command line arguments are required. Specify /? for options.
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Command line option is not valid
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
EFS parameter specified is not valid for /efs
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
File argument is invalid for /genconfig
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
File argument is invalid for /genmigxml
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Invalid space estimate path. Check the parameters and/or file system permissions
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
List file path argument is invalid for /listfiles
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Retry argument must be an integer
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Settings store argument specified is invalid
-
Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.
-
-
-
-
-
-
Specified encryption algorithm is not supported
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
The /efs:hardlink requires /hardlink
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
The /targetWindows7 option is only available for Windows XP, Windows Vista, and Windows 7
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
The store parameter is required but not specified
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
The source-to-target domain mapping is invalid for /md
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
The source-to-target user account mapping is invalid for /mu
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Undefined or incomplete command line option
-
Review ScanState log or LoadState log for details about command-line errors.
-
Invalid Command Lines
-
-
-
-
-
Use /nocompress, or provide an XML file path with /p"pathtoafile" to get a compressed store size estimate
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
User exclusion argument is invalid
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Verbosity level must be specified as a sum of the desired log options: Verbose (0x01), Record Objects (0x04), Echo to debug port (0x08)
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Volume shadow copy feature is not supported with a hardlink store
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
-
-
Wait delay argument must be an integer
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
12
-
USMT_ERROR_OPTION_PARAM_TOO_LARGE
-
Command line arguments cannot exceed 256 characters
-
Review ScanState log or LoadState log for details about command-line errors.
-
Invalid Command Lines
-
-
-
-
-
Specified settings store path exceeds the maximum allowed length of 256 characters
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
13
-
USMT_INIT_LOGFILE_FAILED
-
Log path argument is invalid for /l
-
When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct.
-
Invalid Command Lines
-
-
-
14
-
USMT_ERROR_USE_LAC
-
Unable to create a local account because /lac was not specified
-
When creating local accounts, the command-line options /lac and /lae should be used.
-
Invalid Command Lines
-
-
-
26
-
USMT_INIT_ERROR
-
Multiple Windows installations found
-
Listfiles.txt could not be created. Verify that the location you specified for the creation of this file is valid.
-
Setup and Initialization
-
-
-
-
-
Software malfunction or unknown exception
-
Check all loaded .xml files for errors, common error when using /I to load the Config.xml file.
-
-
-
-
-
-
Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries
-
Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping.
-
-
-
-
27
-
USMT_INVALID_STORE_LOCATION
-
A store path can't be used because an existing store exists; specify /o to overwrite
-
Specify /o to overwrite an existing intermediate or migration store.
-
Setup and Initialization
-
-
-
-
-
A store path is missing or has incomplete data
-
Make sure that the store path is accessible and that the proper permission levels are set.
-
-
-
-
-
-
An error occurred during store creation
-
Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store.
-
-
-
-
-
-
An inappropriate device such as a floppy disk was specified for the store
-
Make sure that the store path is accessible and that the proper permission levels are set.
-
-
-
-
-
-
Invalid store path; check the store parameter and/or file system permissions
-
Invalid store path; check the store parameter and/or file system permissions
-
-
-
-
-
-
The file layout and/or file content is not recognized as a valid store
-
Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store.
-
-
-
-
-
-
The store path holds a store incompatible with the current USMT version
-
Make sure that the store path is accessible and that the proper permission levels are set.
-
-
-
-
-
-
The store save location is read-only or does not support a requested storage option
-
Make sure that the store path is accessible and that the proper permission levels are set.
-
-
-
-
28
-
USMT_UNABLE_GET_SCRIPTFILES
-
Script file is invalid for /i
-
Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file.
-
Setup and Initialization
-
-
-
-
-
Unable to find a script file specified by /i
-
Verify the location of your script files, and ensure that the command-line options are correct.
-
-
-
-
29
-
USMT_FAILED_MIGSTARTUP
-
A minimum of 250 MB of free space is required for temporary files
-
Verify that the system meets the minimum temporary disk space requirement of 250 MB. As a workaround, you can set the environment variable USMT_WORKING_DIR=<path> to redirect the temporary files working directory.
-
Setup and Initialization
-
-
-
-
-
Another process is preventing migration; only one migration tool can run at a time
-
Check the ScanState log file for migration .xml file errors.
-
-
-
-
-
-
Failed to start main processing, look in log for system errors or check the installation
-
Check the ScanState log file for migration .xml file errors.
-
-
-
-
-
-
Migration failed because of an XML error; look in the log for specific details
-
Check the ScanState log file for migration .xml file errors.
-
-
-
-
-
-
Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table
-
Check the ScanState log file for migration .xml file errors.
-
-
-
-
31
-
USMT_UNABLE_FINDMIGUNITS
-
An error occurred during the discover phase; the log should have more specific information
-
Check the ScanState log file for migration .xml file errors.
-
Setup and Initialization
-
-
-
32
-
USMT_FAILED_SETMIGRATIONTYPE
-
An error occurred processing the migration system
-
Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.
-
Setup and Initialization
-
-
-
33
-
USMT_UNABLE_READKEY
-
Error accessing the file specified by the /keyfile parameter
-
Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.
-
Setup and Initialization
-
-
-
-
-
The encryption key must have at least one character
-
Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.
-
-
-
-
34
-
USMT_ERROR_INSUFFICIENT_RIGHTS
-
Directory removal requires elevated privileges
-
Log on as Administrator, and run with elevated privileges.
-
Setup and Initialization
-
-
-
-
-
No rights to create user profiles; log in as Administrator; run with elevated privileges
-
Log on as Administrator, and run with elevated privileges.
-
-
-
-
-
-
No rights to read or delete user profiles; log in as Administrator, run with elevated privileges
-
Log on as Administrator, and run with elevated privileges.
-
-
-
-
35
-
USMT_UNABLE_DELETE_STORE
-
A reboot is required to remove the store
-
Reboot to delete any files that could not be deleted when the command was executed.
-
Setup and Initialization
-
-
-
-
-
A store path can't be used because it contains data that could not be overwritten
-
A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use USMTUtils /rd command to delete the store.
-
-
-
-
-
-
There was an error removing the store
-
Review ScanState log or LoadState log for details about command-line errors.
-
-
-
-
36
-
USMT_ERROR_UNSUPPORTED_PLATFORM
-
Compliance check failure; please check the logs for details
-
Investigate whether there is an active temporary profile on the system.
-
Setup and Initialization
-
-
-
-
-
Use of /offline is not supported during apply
-
The /offline command was not used while running in the Windows Preinstallation Environment (WinPE).
-
-
-
-
-
-
Use /offline to run gather on this platform
-
The /offline command was not used while running in WinPE.
-
-
-
-
37
-
USMT_ERROR_NO_INVALID_KEY
-
The store holds encrypted data but the correct encryption key was not provided
-
Verify that you have included the correct encryption /key or /keyfile.
-
Setup and Initialization
-
-
-
38
-
USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE
-
An error occurred during store access
-
Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.
-
Setup and Initialization
-
-
-
39
-
USMT_UNABLE_TO_READ_CONFIG_FILE
-
Error reading Config.xml
-
Review ScanState log or LoadState log for details about command-line errors in the Config.xml file.
-
Setup and Initialization
-
-
-
-
-
File argument is invalid for /config
-
Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line.
-
-
-
-
40
-
USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG
-
Error writing to the progress log
-
The Progress log could not be created. Verify that the location is valid and that you have write access.
-
Setup and Initialization
-
-
-
-
-
Progress log argument is invalid for /progress
-
The Progress log could not be created. Verify that the location is valid and that you have write access.
-
-
-
-
41
-
USMT_PREFLIGHT_FILE_CREATION_FAILED
-
Can't overwrite existing file
-
The Progress log could not be created. Verify that the location is valid and that you have write access.
-
Setup and Initialization
-
-
-
-
-
Invalid space estimate path. Check the parameters and/or file system permissions
-
Review ScanState log or LoadState log for details about command-line errors.
USMT exited but can continue with the /c command-line option, with the optional configurable <ErrorControl> section or by using the /vsc command-line option.
-
Non-fatal Errors
-
-
-
71
-
USMT_INIT_OPERATING_ENVIRONMENT_FAILED
-
A Windows Win32 API error occurred
-
Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.
-
Fatal Errors
-
-
-
-
-
An error occurred when attempting to initialize the diagnostic mechanisms such as the log
-
Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.
-
-
-
-
-
-
Failed to record diagnostic information
-
Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.
-
-
-
-
-
-
Unable to start. Make sure you are running USMT with elevated privileges
-
Exit USMT and log in again with elevated privileges.
-
-
-
-
72
-
USMT_UNABLE_DOMIGRATION
-
An error occurred closing the store
-
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
-
Fatal Errors
-
-
-
-
-
An error occurred in the apply process
-
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
-
-
-
-
-
-
An error occurred in the gather process
-
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
-
-
-
-
-
-
Out of disk space while writing the store
-
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
-
-
-
-
-
-
Out of temporary disk space on the local system
-
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
-
-
-
-
-
-
-
-## Related topics
-
-
-[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
-
-[Log Files](usmt-log-files.md)
-
-
-
-
-
-
-
-
-
+---
+title: Return Codes (Windows 10)
+description: Learn about User State Migration Tool (USMT) 10.0 return codes and error messages. Also view a list of USMT return codes and their associated migration steps.
+ms.assetid: e71bbc6b-d5a6-4e48-ad01-af0012b35f22
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Return Codes
+
+
+This topic describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this topic provides tips to help you use the logfiles to determine why you received an error.
+
+Understanding the requirements for running USMT can help minimize errors in your USMT migrations. For more information, see [USMT Requirements](usmt-requirements.md).
+
+## In This Topic
+
+
+[USMT Return Codes](#bkmk-returncodes)
+
+[USMT Error Messages](#bkmk-errormessages)
+
+[Troubleshooting Return Codes and Error Messages](#bkmk-tscodeserrors)
+
+## USMT Return Codes
+
+
+If you encounter an error in your USMT migration, you can use return codes and the more specific information provided in the associated USMT error messages to troubleshoot the issue and to identify mitigation steps.
+
+Return codes are grouped into the following broad categories that describe their area of error reporting:
+
+Success or User Cancel
+
+Invalid Command Lines
+
+Setup and Initialization
+
+Non-fatal Errors
+
+Fatal Errors
+
+As a best practice, we recommend that you set verbosity level to 5, **/v**:5, on the **ScanState**, **LoadState**, and **USMTUtils** command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger.
+
+## USMT Error Messages
+
+
+Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of "11” (for “USMT\_INVALID\_PARAMETERS") and a related error message that reads "/key and /keyfile both specified". The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received.
+
+You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=147060).
+
+## Troubleshooting Return Codes and Error Messages
+
+
+The following table lists each return code by numeric value, along with the associated error messages and suggested troubleshooting actions.
+
+
+
+
+
+
+
+
+
+
+
+
Return code value
+
Return code
+
Error message
+
Troubleshooting, mitigation, workarounds
+
Category
+
+
+
+
+
0
+
USMT_SUCCESS
+
Successful run
+
Not applicable
+
Success or Cancel
+
+
+
1
+
USMT_DISPLAY_HELP
+
Command line help requested
+
Not applicable
+
Success or Cancel
+
+
+
2
+
USMT_STATUS_CANCELED
+
Gather was aborted because of an EFS file
+
Not applicable
+
+
+
+
+
+
User chose to cancel (such as pressing CTRL+C)
+
Not applicable
+
Success or Cancel
+
+
+
3
+
USMT_WOULD_HAVE_FAILED
+
At least one error was skipped as a result of /c
+
Review ScanState, LoadState, or UsmtUtils log for details about command-line errors.
+
+
+
+
11
+
USMT_INVALID_PARAMETERS
+
/all conflicts with /ui, /ue or /uel
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/auto expects an optional parameter for the script folder
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/encrypt can't be used with /nocompress
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/encrypt requires /key or /keyfile
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/genconfig can't be used with most other options
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/genmigxml can't be used with most other options
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/hardlink requires /nocompress
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/key and /keyfile both specified
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/key or /keyfile used without enabling encryption
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/lae is only used with /lac
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/listfiles cannot be used with /p
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/offline requires a valid path to an XML file describing offline paths
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/offlinewindir requires a valid path to offline windows folder
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
/offlinewinold requires a valid path to offline windows folder
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
A command was already specified
+
Verify that the command-line syntax is correct and that there are no duplicate commands.
+
+
+
+
+
+
An option argument is missing
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
An option is specified more than once and is ambiguous
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
By default /auto selects all users and uses the highest log verbosity level. Switches like /all, /ui, /ue, /v are not allowed.
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Command line arguments are required. Specify /? for options.
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Command line option is not valid
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
EFS parameter specified is not valid for /efs
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
File argument is invalid for /genconfig
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
File argument is invalid for /genmigxml
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Invalid space estimate path. Check the parameters and/or file system permissions
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
List file path argument is invalid for /listfiles
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Retry argument must be an integer
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Settings store argument specified is invalid
+
Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.
+
+
+
+
+
+
Specified encryption algorithm is not supported
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
The /efs:hardlink requires /hardlink
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
The /targetWindows7 option is only available for Windows XP, Windows Vista, and Windows 7
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
The store parameter is required but not specified
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
The source-to-target domain mapping is invalid for /md
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
The source-to-target user account mapping is invalid for /mu
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Undefined or incomplete command line option
+
Review ScanState log or LoadState log for details about command-line errors.
+
Invalid Command Lines
+
+
+
+
+
Use /nocompress, or provide an XML file path with /p"pathtoafile" to get a compressed store size estimate
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
User exclusion argument is invalid
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Verbosity level must be specified as a sum of the desired log options: Verbose (0x01), Record Objects (0x04), Echo to debug port (0x08)
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Volume shadow copy feature is not supported with a hardlink store
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
+
+
Wait delay argument must be an integer
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
12
+
USMT_ERROR_OPTION_PARAM_TOO_LARGE
+
Command line arguments cannot exceed 256 characters
+
Review ScanState log or LoadState log for details about command-line errors.
+
Invalid Command Lines
+
+
+
+
+
Specified settings store path exceeds the maximum allowed length of 256 characters
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
13
+
USMT_INIT_LOGFILE_FAILED
+
Log path argument is invalid for /l
+
When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct.
+
Invalid Command Lines
+
+
+
14
+
USMT_ERROR_USE_LAC
+
Unable to create a local account because /lac was not specified
+
When creating local accounts, the command-line options /lac and /lae should be used.
+
Invalid Command Lines
+
+
+
26
+
USMT_INIT_ERROR
+
Multiple Windows installations found
+
Listfiles.txt could not be created. Verify that the location you specified for the creation of this file is valid.
+
Setup and Initialization
+
+
+
+
+
Software malfunction or unknown exception
+
Check all loaded .xml files for errors, common error when using /I to load the Config.xml file.
+
+
+
+
+
+
Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries
+
Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping.
+
+
+
+
27
+
USMT_INVALID_STORE_LOCATION
+
A store path can't be used because an existing store exists; specify /o to overwrite
+
Specify /o to overwrite an existing intermediate or migration store.
+
Setup and Initialization
+
+
+
+
+
A store path is missing or has incomplete data
+
Make sure that the store path is accessible and that the proper permission levels are set.
+
+
+
+
+
+
An error occurred during store creation
+
Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store.
+
+
+
+
+
+
An inappropriate device such as a floppy disk was specified for the store
+
Make sure that the store path is accessible and that the proper permission levels are set.
+
+
+
+
+
+
Invalid store path; check the store parameter and/or file system permissions
+
Invalid store path; check the store parameter and/or file system permissions
+
+
+
+
+
+
The file layout and/or file content is not recognized as a valid store
+
Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store.
+
+
+
+
+
+
The store path holds a store incompatible with the current USMT version
+
Make sure that the store path is accessible and that the proper permission levels are set.
+
+
+
+
+
+
The store save location is read-only or does not support a requested storage option
+
Make sure that the store path is accessible and that the proper permission levels are set.
+
+
+
+
28
+
USMT_UNABLE_GET_SCRIPTFILES
+
Script file is invalid for /i
+
Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file.
+
Setup and Initialization
+
+
+
+
+
Unable to find a script file specified by /i
+
Verify the location of your script files, and ensure that the command-line options are correct.
+
+
+
+
29
+
USMT_FAILED_MIGSTARTUP
+
A minimum of 250 MB of free space is required for temporary files
+
Verify that the system meets the minimum temporary disk space requirement of 250 MB. As a workaround, you can set the environment variable USMT_WORKING_DIR=<path> to redirect the temporary files working directory.
+
Setup and Initialization
+
+
+
+
+
Another process is preventing migration; only one migration tool can run at a time
+
Check the ScanState log file for migration .xml file errors.
+
+
+
+
+
+
Failed to start main processing, look in log for system errors or check the installation
+
Check the ScanState log file for migration .xml file errors.
+
+
+
+
+
+
Migration failed because of an XML error; look in the log for specific details
+
Check the ScanState log file for migration .xml file errors.
+
+
+
+
+
+
Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table
+
Check the ScanState log file for migration .xml file errors.
+
+
+
+
31
+
USMT_UNABLE_FINDMIGUNITS
+
An error occurred during the discover phase; the log should have more specific information
+
Check the ScanState log file for migration .xml file errors.
+
Setup and Initialization
+
+
+
32
+
USMT_FAILED_SETMIGRATIONTYPE
+
An error occurred processing the migration system
+
Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.
+
Setup and Initialization
+
+
+
33
+
USMT_UNABLE_READKEY
+
Error accessing the file specified by the /keyfile parameter
+
Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.
+
Setup and Initialization
+
+
+
+
+
The encryption key must have at least one character
+
Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.
+
+
+
+
34
+
USMT_ERROR_INSUFFICIENT_RIGHTS
+
Directory removal requires elevated privileges
+
Log on as Administrator, and run with elevated privileges.
+
Setup and Initialization
+
+
+
+
+
No rights to create user profiles; log in as Administrator; run with elevated privileges
+
Log on as Administrator, and run with elevated privileges.
+
+
+
+
+
+
No rights to read or delete user profiles; log in as Administrator, run with elevated privileges
+
Log on as Administrator, and run with elevated privileges.
+
+
+
+
35
+
USMT_UNABLE_DELETE_STORE
+
A reboot is required to remove the store
+
Reboot to delete any files that could not be deleted when the command was executed.
+
Setup and Initialization
+
+
+
+
+
A store path can't be used because it contains data that could not be overwritten
+
A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use USMTUtils /rd command to delete the store.
+
+
+
+
+
+
There was an error removing the store
+
Review ScanState log or LoadState log for details about command-line errors.
+
+
+
+
36
+
USMT_ERROR_UNSUPPORTED_PLATFORM
+
Compliance check failure; please check the logs for details
+
Investigate whether there is an active temporary profile on the system.
+
Setup and Initialization
+
+
+
+
+
Use of /offline is not supported during apply
+
The /offline command was not used while running in the Windows Preinstallation Environment (WinPE).
+
+
+
+
+
+
Use /offline to run gather on this platform
+
The /offline command was not used while running in WinPE.
+
+
+
+
37
+
USMT_ERROR_NO_INVALID_KEY
+
The store holds encrypted data but the correct encryption key was not provided
+
Verify that you have included the correct encryption /key or /keyfile.
+
Setup and Initialization
+
+
+
38
+
USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE
+
An error occurred during store access
+
Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.
+
Setup and Initialization
+
+
+
39
+
USMT_UNABLE_TO_READ_CONFIG_FILE
+
Error reading Config.xml
+
Review ScanState log or LoadState log for details about command-line errors in the Config.xml file.
+
Setup and Initialization
+
+
+
+
+
File argument is invalid for /config
+
Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line.
+
+
+
+
40
+
USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG
+
Error writing to the progress log
+
The Progress log could not be created. Verify that the location is valid and that you have write access.
+
Setup and Initialization
+
+
+
+
+
Progress log argument is invalid for /progress
+
The Progress log could not be created. Verify that the location is valid and that you have write access.
+
+
+
+
41
+
USMT_PREFLIGHT_FILE_CREATION_FAILED
+
Can't overwrite existing file
+
The Progress log could not be created. Verify that the location is valid and that you have write access.
+
Setup and Initialization
+
+
+
+
+
Invalid space estimate path. Check the parameters and/or file system permissions
+
Review ScanState log or LoadState log for details about command-line errors.
USMT exited but can continue with the /c command-line option, with the optional configurable <ErrorControl> section or by using the /vsc command-line option.
+
Non-fatal Errors
+
+
+
71
+
USMT_INIT_OPERATING_ENVIRONMENT_FAILED
+
A Windows Win32 API error occurred
+
Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.
+
Fatal Errors
+
+
+
+
+
An error occurred when attempting to initialize the diagnostic mechanisms such as the log
+
Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.
+
+
+
+
+
+
Failed to record diagnostic information
+
Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.
+
+
+
+
+
+
Unable to start. Make sure you are running USMT with elevated privileges
+
Exit USMT and log in again with elevated privileges.
+
+
+
+
72
+
USMT_UNABLE_DOMIGRATION
+
An error occurred closing the store
+
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
+
Fatal Errors
+
+
+
+
+
An error occurred in the apply process
+
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
+
+
+
+
+
+
An error occurred in the gather process
+
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
+
+
+
+
+
+
Out of disk space while writing the store
+
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
+
+
+
+
+
+
Out of temporary disk space on the local system
+
Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.
+
+
+
+
+
+
+
+## Related topics
+
+
+[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
+
+[Log Files](usmt-log-files.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md
index 83afe8628b..95c2a5e5ba 100644
--- a/windows/deployment/usmt/usmt-scanstate-syntax.md
+++ b/windows/deployment/usmt/usmt-scanstate-syntax.md
@@ -1,873 +1,862 @@
----
-title: ScanState Syntax (Windows 10)
-description: ScanState Syntax
-ms.assetid: 004c755f-33db-49e4-8a3b-37beec1480ea
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# ScanState Syntax
-
-
-The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store.
-
-## In This Topic
-
-
-[Before You Begin](#bkmk-beforeyoubegin)
-
-[Syntax](#bkmk-syntax)
-
-[Storage Options](#bkmk-storageoptions)
-
-[Migration Rule Options](#bkmk-migrationruleoptions)
-
-[Monitoring Options](#bkmk-monitoringoptions)
-
-[User Options](#bkmk-useroptions)
-
-[Encrypted File Options](#bkmk-efs)
-
-[Incompatible Command-Line Options](#bkmk-iclo)
-
-## Before You Begin
-
-
-Before you run the **ScanState** command, note the following:
-
-- To ensure that all operating system settings migrate, in most cases you must run the **ScanState** commands in administrator mode from an account with administrative credentials.
-
-- If you encrypt the migration store, you will be required to enter an encryption key or a path to a file containing the encryption key. Be sure to make note of the key or the key file location, because this information is not kept anywhere in the migration store. You will need this information when you run the LoadState command to decrypt the migration store, or if you need to run the recovery utility. An incorrect or missing key or key file results in an error message.
-
-- For information about software requirements for running the **ScanState** command, see [USMT Requirements](usmt-requirements.md).
-
-- Unless otherwise noted, you can use each option only once when running a tool on the command line.
-
-- You can gather domain accounts without the source computer having domain controller access. This functionality is available without any additional configuration.
-
-- The [Incompatible Command-Line Options](#bkmk-iclo) table lists which options you can use together and which command-line options are incompatible.
-
-- The directory location where you save the migration store will be excluded from the scan. For example, if you save the migration store to the root of the D drive, the D drive and all of its subdirectories will be excluded from the scan.
-
-## Syntax
-
-
-This section explains the syntax and usage of the **ScanState** command-line options. The options can be specified in any order. If the option contains a parameter, you can use either a colon or a space separator.
-
-The **ScanState** command's syntax is:
-
-scanstate \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
-
-For example:
-
-To create a Config.xml file in the current directory, use:
-
-`scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`
-
-To create an encrypted store using the Config.xml file and the default migration .xml files, use:
-
-`scanstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:13 /encrypt /key:"mykey"`
-
-## Storage Options
-
-
-
-
-
-
-
-
-
-
Command-Line Option
-
Description
-
-
-
-
-
StorePath
-
Indicates a folder where files and settings will be saved. Note that StorePath cannot be C:\. You must specify the StorePath option in the ScanState command, except when using the /genconfig option. You cannot specify more than one StorePath location.
-
-
-
/apps
-
Scans the image for apps and includes them and their associated registry settings.
-
-
-
/ppkg [<FileName>]
-
Exports to a specific file location.
-
-
-
/o
-
Required to overwrite any existing data in the migration store or Config.xml file. If not specified, the ScanState command will fail if the migration store already contains data. You cannot use this option more than once on a command line.
-
-
-
/vsc
-
This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the <ErrorControl> section.
-
This option can be used only with the ScanState executable file and cannot be combined with the /hardlink option.
-
-
-
/hardlink
-
Enables the creation of a hard-link migration store at the specified location. The /nocompress option must be specified with the /hardlink option.
-
-
-
/encrypt [{/key:<KeyString> | /keyfile:<file>]}
-
Encrypts the store with the specified key. Encryption is disabled by default. With this option, you will need to specify the encryption key in one of the following ways:
-
-
/key:KeyString specifies the encryption key. If there is a space in KeyString, you will need to surround KeyString with quotation marks.
-
/keyfile:FilePathAndName specifies a text (.txt) file that contains the encryption key.
-
-
We recommend that KeyString be at least eight characters long, but it cannot exceed 256 characters. The /key and /keyfile options cannot be used on the same command line. The /encrypt and /nocompress options cannot be used on the same command line.
-
-Important
You should use caution with this option, because anyone who has access to the ScanState command-line script will also have access to the encryption key.
-
-
-
-
-
The following example shows the ScanState command and the /key option:
The /encrypt option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see Migration Store Encryption.
-
-
-
/nocompress
-
Disables compression of data and saves the files to a hidden folder named "File" at StorePath\USMT. Compression is enabled by default. Combining the /nocompress option with the /hardlink option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you are combining the /nocompress option with the /hardlink option.
-
The /nocompress and /encrypt options cannot be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the LoadState command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.
-
-
-
-## Run the ScanState Command on an Offline Windows System
-
-
-You can run the **ScanState** command in Windows Preinstallation Environment (WinPE). In addition, USMT supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the **ScanState** command in WinPE or a Windows.old directory when you run the **ScanState** command in Windows.
-
-There are several benefits to running the **ScanState** command on an offline Windows image, including:
-
-- **Improved Performance.**
-
- Because WinPE is a thin operating system, there are fewer running services. In this environment, the **ScanState** command has more access to the local hardware resources, enabling **ScanState** to perform migration operations more quickly.
-
-- **Simplified end to end deployment process.**
-
- Migrating data from Windows.old simplifies the end-to-end deployment process by enabling the migration process to occur after the new operating system is installed.
-
-- **Improved success of migration.**
-
- The migration success rate is increased because files will not be locked for editing while offline, and because WinPE provides administrator access to files in the offline Windows file system, eliminating the need for administrator-level access to the online system.
-
-- **Ability to recover an unbootable computer.**
-
- It might be possible to recover and migrate data from an unbootable computer.
-
-## Offline Migration Options
-
-
-
-
-
-
-
-
-
-
Command-Line Option
-
Definition
-
-
-
-
-
/offline:"path to an offline.xml file"
-
This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.
-
-
-
/offlinewindir:"path to a Windows directory"
-
This option specifies the offline Windows directory that the ScanState command gathers user state from. The offline directory can be Windows.old when you run the ScanState command in Windows or a Windows directory when you run the ScanState command in WinPE.
-
-
-
/offlinewinold:"Windows.old directory"
-
This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.
-
-
-
-
-
-
-## Migration Rule Options
-
-
-USMT provides the following options to specify what files you want to migrate.
-
-
-
-
-
-
-
-
-
Command-Line Option
-
Description
-
-
-
-
-
/i:[Path]FileName
-
(include)
-
Specifies an .xml file that contains rules that define what user, application or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigDocs.xml, and any custom .xml files that you create). Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the Frequently Asked Questions topic.
-
-
-
/genconfig:[Path]FileName
-
(Generate Config.xml)
-
Generates the optional Config.xml file, but does not create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the /i option, when you specify this option.
-
After you create this file, you will need to make use of it with the ScanState command using the /config option.
-
The only options that you can specify with this option are the /i, /v, and /l options. You cannot specify StorePath, because the /genconfig option does not create a store. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.
-
Examples:
-
-
The following example creates a Config.xml file in the current directory:
Specifies the Config.xml file that the ScanState command should use to create the store. You cannot use this option more than once on the command line. Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory.
-
The following example creates a store using the Config.xml file, MigDocs.xml, and MigApp.xml files:
This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The /auto option has the same effect as using the following options: /i:MigDocs.xml/i:MigApp.xml /v:5.
-
-
-
/genmigxml:path to a file
-
This option specifies that the ScanState command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the ScanState command is running.
-
-
-
/targetwindows8
-
Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command line option in the following scenarios:
-
-
To create a Config.xml file by using the /genconfig option. Using the /targetwindows8 option optimizes the Config.xml file so that it only contains components that relate to Windows 8 or Windows 8.1.
-
To create a migration store. Using the /targetwindows8 option ensures that the ScanState tool gathers the correct set of operating system settings. Without the /targetwindows8 command-line option, some settings can be lost during the migration.
-
-
-
-
/targetwindows7
-
Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command line option in the following scenarios:
-
-
To create a Config.xml file by using the /genconfig option. Using the /targetwindows7 option optimizes the Config.xml file so that it only contains components that relate to Windows 7.
-
To create a migration store. Using the /targetwindows7 option ensures that the ScanState tool gathers the correct set of operating system settings. Without the /targetwindows7 command-line option, some settings can be lost during the migration.
-
-
-
-
/localonly
-
Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the /localonly option is not specified, then the ScanState command will copy files from these removable or network drives into the store.
-
Anything that is not considered a fixed drive by the OS will be excluded by /localonly. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see Exclude Files and Settings.
-
The /localonly command-line option includes or excludes data in the migration as identified in the following table:
-
-
-
-
-
-
-
-
Drive type
-
Behavior with /localonly
-
-
-
-
-
Removable drives such as a USB flash drive
-
Excluded
-
-
-
Network drives
-
Excluded
-
-
-
Fixed drives
-
Included
-
-
-
-
-
-
-
-
-
-
-## Monitoring Options
-
-
-USMT provides several options that you can use to analyze problems that occur during migration.
-
-**Note**
-The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option.
-
-
-
-
-
-
-
-
-
-
-
Command-Line Option
-
Description
-
-
-
-
-
/listfiles:<FileName>
-
You can use the /listfiles command-line option with the ScanState command to generate a text file that lists all of the files included in the migration.
-
-
-
/l:[Path]FileName
-
Specifies the location and name of the ScanState log.
-
You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then the log will be created in the current directory. You can use the /v option to adjust the amount of output.
-
If you run the ScanState or LoadState commands from a shared network resource, you must specify this option or USMT will fail with the following error: "USMT was unable to create the log file(s)". To fix this issue, use the /l:scan.log command.
-
-
-
/v:<VerbosityLevel>
-
(Verbosity)
-
Enables verbose output in the ScanState log file. The default value is 0.
-
You can set the VerbosityLevel to one of the following levels:
Creates the optional progress log. You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.
When this option is specified, the ScanState command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit in the store, the ScanState command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the /c option, the ScanState command will exit on the first error.
-
You can use the new <ErrorControl> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the /c command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /genconfig option now generates a sample <ErrorControl> section that is enabled by specifying error messages and desired behaviors in the Config.xml file.
-
-
-
/r:<TimesToRetry>
-
(Retry)
-
Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity is not reliable.
-
While storing the user state, the /r option will not be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem.
-
-
-
/w:<SecondsBeforeRetry>
-
(Wait)
-
Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second.
-
-
-
/p:<pathToFile>
-
When the ScanState command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:
To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the /p option, without specifying "pathtoafile", in USMT. If you specify only the /p option, the storage space estimations are created in the same manner as with USMT3.x releases.
-
-
-
/? or /help
-
Displays Help at the command line.
-
-
-
-
-
-
-## User Options
-
-
-By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You cannot exclude users in the migration .xml files or using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md) and [Migrate User Accounts](usmt-migrate-user-accounts.md).
-
-
-
-
-
-
-
-
-
Command-Line Option
-
Description
-
-
-
-
-
/all
-
Migrates all of the users on the computer.
-
USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /ue or /uel options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /all option, you cannot also use the /ui, /ue or /uel options.
-
-
-
/ui:<DomainName>\<UserName>
-
or
-
/ui:<ComputerName>\<LocalUserName>
-
(User include)
-
Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /ue or /uel options. You can specify multiple /ui options, but you cannot use the /ui option with the /all option. DomainName and UserName can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.
-
-Note
If a user is specified for inclusion with the /ui option, and also is specified to be excluded with either the /ue or /uel options, the user will be included in the migration.
-
-
-
-
-
For example:
-
-
To include only User2 from the Fabrikam domain, type:
-
/ue:*\* /ui:fabrikam\user2
-
To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:
-
/uel:30 /ui:fabrikam\*
-
In this example, a user account from the Contoso domain that was last modified 2 months ago will not be migrated.
-
-
For more examples, see the descriptions of the /ue and /ui options in this table.
-
-
-
/uel:<NumberOfDays>
-
or
-
/uel:<YYYY/MM/DD>
-
or
-
/uel:0
-
(User exclude based on last logon)
-
Migrates the users that logged onto the source computer within the specified time period, based on the Last Modified date of the Ntuser.dat file on the source computer. The /uel option acts as an include rule. For example, the /uel:30 option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.
-
You can specify a number of days or you can specify a date. You cannot use this option with the /all option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT.
-
-Note
The /uel option is not valid in offline migrations.
-
-
-
-
-
-
/uel:0 migrates any users who are currently logged on.
-
/uel:90 migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
-
/uel:1 migrates users whose account has been modified within the last 24 hours.
-
/uel:2002/1/15 migrates users who have logged on or been modified January 15, 2002 or afterwards.
Excludes the specified users from the migration. You can specify multiple /ue options. You cannot use this option with the /all option. <DomainName> and <UserName> can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.
-
-
-
-## How to Use /ui and /ue
-
-
-The following examples apply to both the /**ui** and /**ue** options. You can replace the /**ue** option with the /**ui** option to include, rather than exclude, the specified users.
-
-
-
-
-
-
-
-
-
Behavior
-
Command
-
-
-
-
-
Exclude the user named User One in the Fabrikam domain.
-
/ue:"fabrikam\user one"
-
-
-
Exclude the user named User1 in the Fabrikam domain.
-
/ue:fabrikam\user1
-
-
-
Exclude the local user named User1.
-
/ue:%computername%\user1
-
-
-
Exclude all domain users.
-
/ue:Domain\*
-
-
-
Exclude all local users.
-
/ue:%computername%\*
-
-
-
Exclude users in all domains named User1, User2, and so on.
-
/ue:*\user*
-
-
-
-
-
-
-## Using the Options Together
-
-
-You can use the /**uel**, /**ue** and /**ui** options together to migrate only the users that you want migrated.
-
-The /**ui** option has precedence over the /**ue** and /**uel** options. If a user is specified to be included using the /**ui** option, and also specified to be excluded using either the /**ue** or /**uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the /**ui** option takes precedence over the /**ue** option.
-
-The /**uel** option takes precedence over the /**ue** option. If a user has logged on within the specified time period set by the /**uel** option, that user’s profile will be migrated even if they are excluded by using the /**ue** option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days.
-
-
-
-
-
-
-
-
-
Behavior
-
Command
-
-
-
-
-
Include only User2 from the Fabrikam domain and exclude all other users.
-
/ue:*\* /ui:fabrikam\user2
-
-
-
Include only the local user named User1 and exclude all other users.
-
/ue:*\* /ui:user1
-
-
-
Include only the domain users from Contoso, except Contoso\User1.
-
This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:
-
-
On the ScanState command line, type: /ue:*\* /ui:contoso\*
-
On the LoadState command line, type: /ue:contoso\user1
-
-
-
-
Include only local (non-domain) users.
-
/ue:*\* /ui:%computername%\*
-
-
-
-
-
-
-## Encrypted File Options
-
-
-You can use the following options to migrate encrypted files. In all cases, by default, USMT fails if an encrypted file is found unless you specify an /**efs** option. To migrate encrypted files, you must change the default behavior.
-
-For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
-
-**Note**
-EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files
-
-
-
-**Caution**
-Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
-
-
-
-
-
-
-
-
-
-
-
Command-Line Option
-
Explanation
-
-
-
-
-
/efs:hardlink
-
Creates a hard link to the EFS file instead of copying it. Use only with the /hardlink and the /nocompress options.
-
-
-
/efs:abort
-
Causes the ScanState command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default.
-
-
-
/efs:skip
-
Causes the ScanState command to ignore EFS files.
-
-
-
/efs:decryptcopy
-
Causes the ScanState command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file cannot be decrypted. If the ScanState command succeeds, the file will be unencrypted in the migration store, and once you run the LoadState command, the file will be copied to the destination computer.
-
-
-
/efs:copyraw
-
Causes the ScanState command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an /efs option. Therefore you should specify the /efs:copyraw option with the ScanState command to migrate the encrypted file. Then, when you run the LoadState command, the encrypted file and the EFS certificate will be automatically migrated.
All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. For more information, see Migrate EFS Files and Certificates.
-
-
-
-
-
-
-
-
-
-
-## Incompatible Command-Line Options
-
-
-The following table indicates which command-line options are not compatible with the **ScanState** command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options are not compatible. For example, you cannot use the **/nocompress** option with the **/encrypt** option.
-
-
-
-
-
-
-
-
-
-
-
-
Command-Line Option
-
/keyfile
-
/nocompress
-
/genconfig
-
/all
-
-
-
-
-
/i
-
-
-
-
-
-
-
/o
-
-
-
-
-
-
-
/v
-
-
-
-
-
-
-
/nocompress
-
-
-
X
-
N/A
-
-
-
/localonly
-
-
-
X
-
-
-
-
/key
-
X
-
-
X
-
-
-
-
/encrypt
-
Required*
-
X
-
X
-
-
-
-
/keyfile
-
N/A
-
-
X
-
-
-
-
/l
-
-
-
-
-
-
-
/progress
-
-
-
X
-
-
-
-
/r
-
-
-
X
-
-
-
-
/w
-
-
-
X
-
-
-
-
/c
-
-
-
X
-
-
-
-
/p
-
-
-
X
-
N/A
-
-
-
/all
-
-
-
X
-
-
-
-
/ui
-
-
-
X
-
X
-
-
-
/ue
-
-
-
X
-
X
-
-
-
/uel
-
-
-
X
-
X
-
-
-
/efs:<option>
-
-
-
X
-
-
-
-
/genconfig
-
-
-
N/A
-
-
-
-
/config
-
-
-
X
-
-
-
-
<StorePath>
-
-
-
X
-
-
-
-
-
-
-
-**Note**
-You must specify either the /**key** or /**keyfile** option with the /**encrypt** option.
-
-
-
-## Related topics
-
-
-[XML Elements Library](usmt-xml-elements-library.md)
-
-
-
-
-
-
-
-
-
+---
+title: ScanState Syntax (Windows 10)
+description: The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store.
+ms.assetid: 004c755f-33db-49e4-8a3b-37beec1480ea
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# ScanState Syntax
+
+
+The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store.
+
+## In This Topic
+
+
+[Before You Begin](#bkmk-beforeyoubegin)
+
+[Syntax](#bkmk-syntax)
+
+[Storage Options](#bkmk-storageoptions)
+
+[Migration Rule Options](#bkmk-migrationruleoptions)
+
+[Monitoring Options](#bkmk-monitoringoptions)
+
+[User Options](#bkmk-useroptions)
+
+[Encrypted File Options](#bkmk-efs)
+
+[Incompatible Command-Line Options](#bkmk-iclo)
+
+## Before You Begin
+
+
+Before you run the **ScanState** command, note the following:
+
+- To ensure that all operating system settings migrate, in most cases you must run the **ScanState** commands in administrator mode from an account with administrative credentials.
+
+- If you encrypt the migration store, you will be required to enter an encryption key or a path to a file containing the encryption key. Be sure to make note of the key or the key file location, because this information is not kept anywhere in the migration store. You will need this information when you run the LoadState command to decrypt the migration store, or if you need to run the recovery utility. An incorrect or missing key or key file results in an error message.
+
+- For information about software requirements for running the **ScanState** command, see [USMT Requirements](usmt-requirements.md).
+
+- Unless otherwise noted, you can use each option only once when running a tool on the command line.
+
+- You can gather domain accounts without the source computer having domain controller access. This functionality is available without any additional configuration.
+
+- The [Incompatible Command-Line Options](#bkmk-iclo) table lists which options you can use together and which command-line options are incompatible.
+
+- The directory location where you save the migration store will be excluded from the scan. For example, if you save the migration store to the root of the D drive, the D drive and all of its subdirectories will be excluded from the scan.
+
+## Syntax
+
+
+This section explains the syntax and usage of the **ScanState** command-line options. The options can be specified in any order. If the option contains a parameter, you can use either a colon or a space separator.
+
+The **ScanState** command's syntax is:
+
+> scanstate \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
+
+For example, to create a Config.xml file in the current directory, use:
+
+`scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`
+
+To create an encrypted store using the Config.xml file and the default migration .xml files, use:
+
+`scanstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:13 /encrypt /key:"mykey"`
+
+## Storage Options
+
+
+
+
+
+
+
+
+
+
Command-Line Option
+
Description
+
+
+
+
+
StorePath
+
Indicates a folder where files and settings will be saved. Note that StorePath cannot be C:\. You must specify the StorePath option in the ScanState command, except when using the /genconfig option. You cannot specify more than one StorePath location.
+
+
+
/apps
+
Scans the image for apps and includes them and their associated registry settings.
+
+
+
/ppkg [<FileName>]
+
Exports to a specific file location.
+
+
+
/o
+
Required to overwrite any existing data in the migration store or Config.xml file. If not specified, the ScanState command will fail if the migration store already contains data. You cannot use this option more than once on a command line.
+
+
+
/vsc
+
This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the <ErrorControl> section.
+
This option can be used only with the ScanState executable file and cannot be combined with the /hardlink option.
+
+
+
/hardlink
+
Enables the creation of a hard-link migration store at the specified location. The /nocompress option must be specified with the /hardlink option.
+
+
+
/encrypt [{/key:<KeyString> | /keyfile:<file>]}
+
Encrypts the store with the specified key. Encryption is disabled by default. With this option, you will need to specify the encryption key in one of the following ways:
+
+
/key:KeyString specifies the encryption key. If there is a space in KeyString, you will need to surround KeyString with quotation marks.
+
/keyfile:FilePathAndName specifies a text (.txt) file that contains the encryption key.
+
+
We recommend that KeyString be at least eight characters long, but it cannot exceed 256 characters. The /key and /keyfile options cannot be used on the same command line. The /encrypt and /nocompress options cannot be used on the same command line.
+
+Important
You should use caution with this option, because anyone who has access to the ScanState command-line script will also have access to the encryption key.
+
+
+
+
+
The following example shows the ScanState command and the /key option:
The /encrypt option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see Migration Store Encryption.
+
+
+
/nocompress
+
Disables compression of data and saves the files to a hidden folder named "File" at StorePath\USMT. Compression is enabled by default. Combining the /nocompress option with the /hardlink option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you are combining the /nocompress option with the /hardlink option.
+
The /nocompress and /encrypt options cannot be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the LoadState command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.
+
+
+
+## Run the ScanState Command on an Offline Windows System
+
+
+You can run the **ScanState** command in Windows Preinstallation Environment (WinPE). In addition, USMT supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the **ScanState** command in WinPE or a Windows.old directory when you run the **ScanState** command in Windows.
+
+There are several benefits to running the **ScanState** command on an offline Windows image, including:
+
+- **Improved Performance.**
+
+ Because WinPE is a thin operating system, there are fewer running services. In this environment, the **ScanState** command has more access to the local hardware resources, enabling **ScanState** to perform migration operations more quickly.
+
+- **Simplified end to end deployment process.**
+
+ Migrating data from Windows.old simplifies the end-to-end deployment process by enabling the migration process to occur after the new operating system is installed.
+
+- **Improved success of migration.**
+
+ The migration success rate is increased because files will not be locked for editing while offline, and because WinPE provides administrator access to files in the offline Windows file system, eliminating the need for administrator-level access to the online system.
+
+- **Ability to recover an unbootable computer.**
+
+ It might be possible to recover and migrate data from an unbootable computer.
+
+## Offline Migration Options
+
+
+
+
+
+
+
+
+
+
Command-Line Option
+
Definition
+
+
+
+
+
/offline:"path to an offline.xml file"
+
This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.
+
+
+
/offlinewindir:"path to a Windows directory"
+
This option specifies the offline Windows directory that the ScanState command gathers user state from. The offline directory can be Windows.old when you run the ScanState command in Windows or a Windows directory when you run the ScanState command in WinPE.
+
+
+
/offlinewinold:"Windows.old directory"
+
This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.
+
+
+
+
+
+
+## Migration Rule Options
+
+
+USMT provides the following options to specify what files you want to migrate.
+
+
+
+
+
+
+
+
+
Command-Line Option
+
Description
+
+
+
+
+
/i:[Path]FileName
+
(include)
+
Specifies an .xml file that contains rules that define what user, application or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigDocs.xml, and any custom .xml files that you create). Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the Frequently Asked Questions topic.
+
+
+
/genconfig:[Path]FileName
+
(Generate Config.xml)
+
Generates the optional Config.xml file, but does not create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the /i option, when you specify this option.
+
After you create this file, you will need to make use of it with the ScanState command using the /config option.
+
The only options that you can specify with this option are the /i, /v, and /l options. You cannot specify StorePath, because the /genconfig option does not create a store. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.
+
Examples:
+
+
The following example creates a Config.xml file in the current directory:
Specifies the Config.xml file that the ScanState command should use to create the store. You cannot use this option more than once on the command line. Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory.
+
The following example creates a store using the Config.xml file, MigDocs.xml, and MigApp.xml files:
This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The /auto option has the same effect as using the following options: /i:MigDocs.xml/i:MigApp.xml /v:5.
+
+
+
/genmigxml:path to a file
+
This option specifies that the ScanState command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the ScanState command is running.
+
+
+
/targetwindows8
+
Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command line option in the following scenarios:
+
+
To create a Config.xml file by using the /genconfig option. Using the /targetwindows8 option optimizes the Config.xml file so that it only contains components that relate to Windows 8 or Windows 8.1.
+
To create a migration store. Using the /targetwindows8 option ensures that the ScanState tool gathers the correct set of operating system settings. Without the /targetwindows8 command-line option, some settings can be lost during the migration.
+
+
+
+
/targetwindows7
+
Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command line option in the following scenarios:
+
+
To create a Config.xml file by using the /genconfig option. Using the /targetwindows7 option optimizes the Config.xml file so that it only contains components that relate to Windows 7.
+
To create a migration store. Using the /targetwindows7 option ensures that the ScanState tool gathers the correct set of operating system settings. Without the /targetwindows7 command-line option, some settings can be lost during the migration.
+
+
+
+
/localonly
+
Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the /localonly option is not specified, then the ScanState command will copy files from these removable or network drives into the store.
+
Anything that is not considered a fixed drive by the OS will be excluded by /localonly. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see Exclude Files and Settings.
+
The /localonly command-line option includes or excludes data in the migration as identified in the following table:
+
+
+
+
+
+
+
+
Drive type
+
Behavior with /localonly
+
+
+
+
+
Removable drives such as a USB flash drive
+
Excluded
+
+
+
Network drives
+
Excluded
+
+
+
Fixed drives
+
Included
+
+
+
+
+
+
+
+
+
+
+## Monitoring Options
+
+
+USMT provides several options that you can use to analyze problems that occur during migration.
+
+> [!NOTE]
+> The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option.
+
+
+
+
+
+
+
+
+
+
+
Command-Line Option
+
Description
+
+
+
+
+
/listfiles:<FileName>
+
You can use the /listfiles command-line option with the ScanState command to generate a text file that lists all of the files included in the migration.
+
+
+
/l:[Path]FileName
+
Specifies the location and name of the ScanState log.
+
You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then the log will be created in the current directory. You can use the /v option to adjust the amount of output.
+
If you run the ScanState or LoadState commands from a shared network resource, you must specify this option or USMT will fail with the following error: "USMT was unable to create the log file(s)". To fix this issue, use the /l:scan.log command.
+
+
+
/v:<VerbosityLevel>
+
(Verbosity)
+
Enables verbose output in the ScanState log file. The default value is 0.
+
You can set the VerbosityLevel to one of the following levels:
Creates the optional progress log. You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.
When this option is specified, the ScanState command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit in the store, the ScanState command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the /c option, the ScanState command will exit on the first error.
+
You can use the new <ErrorControl> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the /c command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /genconfig option now generates a sample <ErrorControl> section that is enabled by specifying error messages and desired behaviors in the Config.xml file.
+
+
+
/r:<TimesToRetry>
+
(Retry)
+
Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity is not reliable.
+
While storing the user state, the /r option will not be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem.
+
+
+
/w:<SecondsBeforeRetry>
+
(Wait)
+
Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second.
+
+
+
/p:<pathToFile>
+
When the ScanState command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:
To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the /p option, without specifying "pathtoafile", in USMT. If you specify only the /p option, the storage space estimations are created in the same manner as with USMT3.x releases.
+
+
+
/? or /help
+
Displays Help at the command line.
+
+
+
+
+
+
+## User Options
+
+
+By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You cannot exclude users in the migration .xml files or using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md) and [Migrate User Accounts](usmt-migrate-user-accounts.md).
+
+
+
+
+
+
+
+
+
Command-Line Option
+
Description
+
+
+
+
+
/all
+
Migrates all of the users on the computer.
+
USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /ue or /uel options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /all option, you cannot also use the /ui, /ue or /uel options.
+
+
+
/ui:<DomainName>\<UserName>
+
or
+
/ui:<ComputerName>\<LocalUserName>
+
(User include)
+
Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /ue or /uel options. You can specify multiple /ui options, but you cannot use the /ui option with the /all option. DomainName and UserName can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.
+
+Note
If a user is specified for inclusion with the /ui option, and also is specified to be excluded with either the /ue or /uel options, the user will be included in the migration.
+
+
+
+
+
For example:
+
+
To include only User2 from the Fabrikam domain, type:
+
/ue:*\* /ui:fabrikam\user2
+
To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:
+
/uel:30 /ui:fabrikam\*
+
In this example, a user account from the Contoso domain that was last modified 2 months ago will not be migrated.
+
+
For more examples, see the descriptions of the /ue and /ui options in this table.
+
+
+
/uel:<NumberOfDays>
+
or
+
/uel:<YYYY/MM/DD>
+
or
+
/uel:0
+
(User exclude based on last logon)
+
Migrates the users that logged onto the source computer within the specified time period, based on the Last Modified date of the Ntuser.dat file on the source computer. The /uel option acts as an include rule. For example, the /uel:30 option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.
+
You can specify a number of days or you can specify a date. You cannot use this option with the /all option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT.
+
+Note
The /uel option is not valid in offline migrations.
+
+
+
+
+
+
/uel:0 migrates any users who are currently logged on.
+
/uel:90 migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
+
/uel:1 migrates users whose account has been modified within the last 24 hours.
+
/uel:2002/1/15 migrates users who have logged on or been modified January 15, 2002 or afterwards.
Excludes the specified users from the migration. You can specify multiple /ue options. You cannot use this option with the /all option. <DomainName> and <UserName> can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.
+
+
+
+## How to Use /ui and /ue
+
+
+The following examples apply to both the /**ui** and /**ue** options. You can replace the /**ue** option with the /**ui** option to include, rather than exclude, the specified users.
+
+
+
+
+
+
+
+
+
Behavior
+
Command
+
+
+
+
+
Exclude the user named User One in the Fabrikam domain.
+
/ue:"fabrikam\user one"
+
+
+
Exclude the user named User1 in the Fabrikam domain.
+
/ue:fabrikam\user1
+
+
+
Exclude the local user named User1.
+
/ue:%computername%\user1
+
+
+
Exclude all domain users.
+
/ue:Domain\*
+
+
+
Exclude all local users.
+
/ue:%computername%\*
+
+
+
Exclude users in all domains named User1, User2, and so on.
+
/ue:*\user*
+
+
+
+
+
+
+## Using the Options Together
+
+
+You can use the /**uel**, /**ue** and /**ui** options together to migrate only the users that you want migrated.
+
+The /**ui** option has precedence over the /**ue** and /**uel** options. If a user is specified to be included using the /**ui** option, and also specified to be excluded using either the /**ue** or /**uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the /**ui** option takes precedence over the /**ue** option.
+
+The /**uel** option takes precedence over the /**ue** option. If a user has logged on within the specified time period set by the /**uel** option, that user’s profile will be migrated even if they are excluded by using the /**ue** option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days.
+
+
+
+
+
+
+
+
+
Behavior
+
Command
+
+
+
+
+
Include only User2 from the Fabrikam domain and exclude all other users.
+
/ue:*\* /ui:fabrikam\user2
+
+
+
Include only the local user named User1 and exclude all other users.
+
/ue:*\* /ui:user1
+
+
+
Include only the domain users from Contoso, except Contoso\User1.
+
This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:
+
+
On the ScanState command line, type: /ue:*\* /ui:contoso\*
+
On the LoadState command line, type: /ue:contoso\user1
+
+
+
+
Include only local (non-domain) users.
+
/ue:*\* /ui:%computername%\*
+
+
+
+
+
+
+## Encrypted File Options
+
+
+You can use the following options to migrate encrypted files. In all cases, by default, USMT fails if an encrypted file is found unless you specify an /**efs** option. To migrate encrypted files, you must change the default behavior.
+
+For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
+
+> [!NOTE]
+> EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files
+
+
+> [!CAUTION]
+> Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
+
+
+
+
+
+
+
+
+
+
+
Command-Line Option
+
Explanation
+
+
+
+
+
/efs:hardlink
+
Creates a hard link to the EFS file instead of copying it. Use only with the /hardlink and the /nocompress options.
+
+
+
/efs:abort
+
Causes the ScanState command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default.
+
+
+
/efs:skip
+
Causes the ScanState command to ignore EFS files.
+
+
+
/efs:decryptcopy
+
Causes the ScanState command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file cannot be decrypted. If the ScanState command succeeds, the file will be unencrypted in the migration store, and once you run the LoadState command, the file will be copied to the destination computer.
+
+
+
/efs:copyraw
+
Causes the ScanState command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an /efs option. Therefore you should specify the /efs:copyraw option with the ScanState command to migrate the encrypted file. Then, when you run the LoadState command, the encrypted file and the EFS certificate will be automatically migrated.
All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. For more information, see Migrate EFS Files and Certificates.
+
+
+
+
+
+
+
+
+
+
+## Incompatible Command-Line Options
+
+
+The following table indicates which command-line options are not compatible with the **ScanState** command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options are not compatible. For example, you cannot use the **/nocompress** option with the **/encrypt** option.
+
+
+
+
+
+
+
+
+
+
+
+
Command-Line Option
+
/keyfile
+
/nocompress
+
/genconfig
+
/all
+
+
+
+
+
/i
+
+
+
+
+
+
+
/o
+
+
+
+
+
+
+
/v
+
+
+
+
+
+
+
/nocompress
+
+
+
+
N/A
+
+
+
/localonly
+
+
+
X
+
+
+
+
/key
+
X
+
+
X
+
+
+
+
/encrypt
+
Required*
+
X
+
X
+
+
+
+
/keyfile
+
N/A
+
+
X
+
+
+
+
/l
+
+
+
+
+
+
+
/progress
+
+
+
X
+
+
+
+
/r
+
+
+
X
+
+
+
+
/w
+
+
+
X
+
+
+
+
/c
+
+
+
X
+
+
+
+
/p
+
+
+
X
+
N/A
+
+
+
/all
+
+
+
X
+
+
+
+
/ui
+
+
+
X
+
X
+
+
+
/ue
+
+
+
X
+
X
+
+
+
/uel
+
+
+
X
+
X
+
+
+
/efs:<option>
+
+
+
X
+
+
+
+
/genconfig
+
+
+
N/A
+
+
+
+
/config
+
+
+
X
+
+
+
+
<StorePath>
+
+
+
X
+
+
+
+
+
+
+> [!NOTE]
+> You must specify either the /**key** or /**keyfile** option with the /**encrypt** option.
+
+
+
+## Related topics
+
+
+[XML Elements Library](usmt-xml-elements-library.md)
+
diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md
index 183f7bc16e..564ab2c53c 100644
--- a/windows/deployment/usmt/usmt-test-your-migration.md
+++ b/windows/deployment/usmt/usmt-test-your-migration.md
@@ -1,6 +1,6 @@
---
title: Test Your Migration (Windows 10)
-description: Test Your Migration
+description: Learn about testing your migration plan in a controlled laboratory setting before you deploy it to your entire organization.
ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md
index 69321a476c..2e73d33887 100644
--- a/windows/deployment/usmt/usmt-topics.md
+++ b/windows/deployment/usmt/usmt-topics.md
@@ -1,30 +1,31 @@
----
-title: User State Migration Tool (USMT) Overview Topics (Windows 10)
-description: User State Migration Tool (USMT) Overview Topics
-ms.assetid: 23170271-130b-416f-a7a7-c2f6adc32eee
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# User State Migration Tool (USMT) Overview Topics
-The User State Migration Tool (USMT) 10.0 provides a highly customizable user-profile migration experience for IT professionals. USMT includes three command-line tools: ScanState.exe, LoadState.exe, and UsmtUtils.exe. USMT also includes a set of three modifiable .xml files: MigApp.xml, MigDocs.xml, and MigUser.xml. Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration.
-
-## In This Section
-
-|Topic |Description|
-|------|-----------|
-|[User State Migration Tool (USMT) Overview](usmt-overview.md)|Describes the benefits and limitations of using USMT.|
-|[Getting Started with the User State Migration Tool (USMT)](getting-started-with-the-user-state-migration-tool.md)|Describes the general process to follow to migrate files and settings, and provides links to more information.|
-|[Windows Upgrade and Migration Considerations](../upgrade/windows-upgrade-and-migration-considerations.md)|Discusses the Microsoft® tools you can use to move files and settings between installations, as well as special considerations for performing an upgrade or migration.|
-
-## Related topics
-- [User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
-- [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
-- [User State Migration Toolkit (USMT) Reference](usmt-reference.md)
+---
+title: User State Migration Tool (USMT) Overview Topics (Windows 10)
+description: Learn about User State Migration Tool (USMT) overview topics that describe USMT as a highly customizable user-profile migration experience for IT professionals.
+ms.assetid: 23170271-130b-416f-a7a7-c2f6adc32eee
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# User State Migration Tool (USMT) Overview Topics
+The User State Migration Tool (USMT) 10.0 provides a highly customizable user-profile migration experience for IT professionals. USMT includes three command-line tools: ScanState.exe, LoadState.exe, and UsmtUtils.exe. USMT also includes a set of three modifiable .xml files: MigApp.xml, MigDocs.xml, and MigUser.xml. Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration.
+
+## In This Section
+
+|Topic |Description|
+|------|-----------|
+|[User State Migration Tool (USMT) Overview](usmt-overview.md)|Describes the benefits and limitations of using USMT.|
+|[Getting Started with the User State Migration Tool (USMT)](getting-started-with-the-user-state-migration-tool.md)|Describes the general process to follow to migrate files and settings, and provides links to more information.|
+|[Windows Upgrade and Migration Considerations](../upgrade/windows-upgrade-and-migration-considerations.md)|Discusses the Microsoft® tools you can use to move files and settings between installations, as well as special considerations for performing an upgrade or migration.|
+
+## Related topics
+- [User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
+- [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
+- [User State Migration Toolkit (USMT) Reference](usmt-reference.md)
diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md
index 085f3892d2..1c629df5ec 100644
--- a/windows/deployment/usmt/usmt-troubleshooting.md
+++ b/windows/deployment/usmt/usmt-troubleshooting.md
@@ -1,73 +1,74 @@
----
-title: User State Migration Tool (USMT) Troubleshooting (Windows 10)
-description: User State Migration Tool (USMT) Troubleshooting
-ms.assetid: 770f45bb-2284-463f-a29c-69c04f437533
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# User State Migration Tool (USMT) Troubleshooting
-
-
-The following table describes topics that address common User State Migration Tool (USMT) 10.0 issues and questions. These topics describe tools that you can use to troubleshoot issues that arise during your migration.
-
-## In This Section
-
-
-
-
-
-
-## Related topics
-
-
-[USMT Best Practices](usmt-best-practices.md)
-
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
-
-[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
-
-[User State Migration Toolkit (USMT) Reference](usmt-reference.md)
-
-
-
-
-
-
-
-
-
+---
+title: User State Migration Tool (USMT) Troubleshooting (Windows 10)
+description: Learn about topics that address common User State Migration Tool (USMT) 10.0 issues and questions to assist in troubleshooting.
+ms.assetid: 770f45bb-2284-463f-a29c-69c04f437533
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# User State Migration Tool (USMT) Troubleshooting
+
+
+The following table describes topics that address common User State Migration Tool (USMT) 10.0 issues and questions. These topics describe tools that you can use to troubleshoot issues that arise during your migration.
+
+## In This Section
+
+
+
+
+
+
+## Related topics
+
+
+[USMT Best Practices](usmt-best-practices.md)
+
+[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+
+[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
+
+[User State Migration Toolkit (USMT) Reference](usmt-reference.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md
index 4e9269a29d..d87666c8b6 100644
--- a/windows/deployment/usmt/usmt-utilities.md
+++ b/windows/deployment/usmt/usmt-utilities.md
@@ -1,351 +1,352 @@
----
-title: UsmtUtils Syntax (Windows 10)
-description: UsmtUtils Syntax
-ms.assetid: cdab7f2d-dd68-4016-b9ed-41ffa743b65c
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# UsmtUtils Syntax
-
-
-This topic describes the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. These utilities:
-
-- Improve your ability to determine cryptographic options for your migration.
-
-- Assist in removing hard-link stores that cannot otherwise be deleted due to a sharing lock.
-
-- Verify whether the catalog file or any of the other files in the compressed migration store have become corrupted.
-
-- Extract files from the compressed migration store when you migrate files and settings to the destination computer.
-
-## In This Topic
-
-
-[Usmtutils.exe](#bkmk-usmtutils-exe)
-
-[Verify Options](#bkmk-verifyoptions)
-
-[Extract Options](#bkmk-extractoptions)
-
-## Usmtutils.exe
-
-
-The following table lists command-line options for USMTutils.exe. The sections that follow provide further command-line options for the **/verify** and the **/extract** options.
-
-The syntax for UsmtUtils.exe is:
-
-usmtutils \[/ec | /rd *<storeDir>* | /verify *<filepath>* \[options\] | /extract *<filepath>* *<destinationPath>* \[options\]\]
-
-
-
-
-
-
-
-
-
Command-line Option
-
Description
-
-
-
-
-
/ec
-
Returns a list of supported cryptographic algorithms (AlgIDs) on the current system. You can use this on a destination computer to determine which algorithm to use with the /encrypt command before you run the ScanState tool on the source computer.
-
-
-
/rd<storeDir>
-
Removes the directory path specified by the <storeDir> argument on the computer. You can use this command to delete hard-link migration stores that cannot otherwise be deleted at a command prompt due to a sharing lock. If the migration store spans multiple volumes on a given drive, it will be deleted from all of these volumes.
-
For example:
-
usmtutils /rd D:\MyHardLinkStore
-
-
-
/y
-
Overrides the accept deletions prompt when used with the /rd option. When you use the /y option with the /rd option, you will not be prompted to accept the deletions before USMT deletes the directories.
-
-
-
/verify
-
Returns information on whether the compressed migration store is intact or whether it contains corrupted files or a corrupted catalog.
-
See Verify Options for syntax and options to use with /verify.
-
-
-
/extract
-
Recovers files from a compressed USMT migration store.
-
See Extract Options for syntax and options to use with /extract.
-
-
-
-
-
-
-## Verify Options
-
-
-Use the **/verify** option when you want to determine whether a compressed migration store is intact or whether it contains corrupted files or a corrupted catalog. For more information on how to use the **/verify** option, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md).
-
-The syntax for **/verify** is:
-
-usmtutils /verify\[:*<reportType>*\] *<filePath>* \[/l:*<logfile>*\] \[/v:*VerbosityLevel*\] \[/decrypt \[:*<AlgID>*\] {/key:*<keystring>* | /keyfile:*<filename>*}\]
-
-
-
-
-
-
-
-
-
Command-line Option
-
Description
-
-
-
-
-
<reportType>
-
Specifies whether to report on all files, corrupted files only, or the status of the catalog.
-
-
Summary. Returns both the number of files that are intact and the number of files that are corrupted in the migration store. If no algorithm is specified, the summary report is displayed as a default.
-
all. Returns a tab-delimited list of all of the files in the compressed migration store and the status for each file. Each line contains the file name followed by a tab spacing, and either “CORRUPTED” or “OK” depending on the status of the file. The last entry reports the corruption status of the "CATALOG" of the store. A catalog file contains metadata for all files in a migration store. The LoadState tool requires a valid catalog file in order to open the migration store. Returns "OK" if the catalog file is intact and LoadState can open the migration store and "CORRUPTED" if the migration store is corrupted.
-
failureonly. Returns a tab-delimited list of only the files that are corrupted in the compressed migration store.
-
Catalog. Returns only the status of the catalog file.
-
-
-
-
/l:
-
<logfilePath>
-
Specifies the location and name of the log file.
-
-
-
/v:<VerbosityLevel>
-
(Verbosity)
-
Enables verbose output in the UsmtUtils log file. The default value is 0.
-
You can set the VerbosityLevel to one of the following levels:
-
-
-
-
-
-
-
-
Level
-
Explanation
-
-
-
-
-
0
-
Only the default errors and warnings are enabled.
-
-
-
1
-
Enables verbose output.
-
-
-
4
-
Enables error and status output.
-
-
-
5
-
Enables verbose and status output.
-
-
-
8
-
Enables error output to a debugger.
-
-
-
9
-
Enables verbose output to a debugger.
-
-
-
12
-
Enables error and status output to a debugger.
-
-
-
13
-
Enables verbose, status, and debugger output.
-
-
-
-
-
-
-
/decrypt<AlgID>/:<KeyString>
-
or
-
/decrypt<AlgID>/:<“Key String”>
-
or
-
/decrypt:<AlgID>/keyfile:<FileName>
-
Specifies that the /encrypt option was used to create the migration store with the ScanState tool. To decrypt the migration store, specify a /key or /keyfile option as follows:
-
-
<AlgID> specifies the cryptographic algorithm that was used to create the migration store on the ScanState command line. If no algorithm is specified, ScanState and UsmtUtils use the 3DES algorithm as a default.
-
<AlgID> valid values include: AES_128, AES_192, AES_256, 3DES, or 3DES_112.
-
/key:<KeyString> specifies the encryption key. If there is a space in <KeyString>, you must surround the argument with quotation marks.
-
/keyfile: <FileName> specifies the location and name of a text (.txt) file that contains the encryption key.
-
-
-
-Some examples of **/verify** commands:
-
-- `usmtutils /verify D:\MyMigrationStore\store.mig`
-
-- `usmtutils /verify:catalog D:\MyMigrationStore\store.mig`
-
-- `usmtutils /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt`
-
-- `usmtutils /verify:failureonly D:\MyMigrationStore\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt`
-
-## Extract Options
-
-
-Use the **/extract** option to recover files from a compressed USMT migration store if it will not restore normally with loadstate. For more information on how to use the **/extract** option, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).
-
-The syntax for **/extract** is:
-
-/extract *<filePath>* *<destinationPath>* \[/i:*<includePattern>*\] \[/e: *<excludePattern>*\] \[/l: *<logfile>*\] \[/v: *VerbosityLevel>*\] \[/decrypt\[:*<AlgID>*\] {key: *<keystring>* | /keyfile: *<filename>*}\] \[/o\]
-
-
-
-
-
-
-
-
-
Command-line Option
-
Description
-
-
-
-
-
<filePath>
-
Path to the USMT migration store.
-
For example:
-
D:\MyMigrationStore\USMT\store.mig
-
-
-
<destinationPath>
-
Path to the folder where the tool puts the individual files.
-
-
-
/i:<includePattern>
-
Specifies a pattern for files to include in the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use /i: <includePattern> and /e: <excludePattern> options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns.
-
-
-
/e:<excludePattern>
-
Specifies a pattern for files to omit from the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use /i: <includePattern> and /e: <excludePattern> options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns.
-
-
-
/l:<logfilePath>
-
Specifies the location and name of the log file.
-
-
-
/v:<VerbosityLevel>
-
(Verbosity)
-
Enables verbose output in the UsmtUtils log file. The default value is 0.
-
You can set the VerbosityLevel to one of the following levels:
-
-
-
-
-
-
-
-
Level
-
Explanation
-
-
-
-
-
0
-
Only the default errors and warnings are enabled.
-
-
-
1
-
Enables verbose output.
-
-
-
4
-
Enables error and status output.
-
-
-
5
-
Enables verbose and status output.
-
-
-
8
-
Enables error output to a debugger.
-
-
-
9
-
Enables verbose output to a debugger.
-
-
-
12
-
Enables error and status output to a debugger.
-
-
-
13
-
Enables verbose, status, and debugger output.
-
-
-
-
-
-
-
/decrypt<AlgID>/key:<KeyString>
-
or
-
/decrypt<AlgID>/:<“Key String”>
-
or
-
/decrypt:<AlgID>/keyfile:<FileName>
-
Specifies that the /encrypt option was used to create the migration store with the ScanState tool. To decrypt the migration store, you must also specify a /key or /keyfile option as follows:
-
-
<AlgID> specifies the cryptographic algorithm that was used to create the migration store on the ScanState command line. If no algorithm is specified, ScanState and UsmtUtils use the 3DES algorithm as a default.
-
<AlgID> valid values include: AES_128, AES_192, AES_256, 3DES, or 3DES_112.
-
/key: <KeyString> specifies the encryption key. If there is a space in <KeyString>, you must surround the argument with quotation marks.
-
/keyfile:<FileName> specifies a text (.txt) file that contains the encryption key
-
-
-
-Some examples of **/extract** commands:
-
-- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore`
-
-- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt, *.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt`
-
-- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtlog.txt`
-
-- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o`
-
-## Related topics
-
-
-[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)
-
-[Return Codes](usmt-return-codes.md)
-
-
-
-
-
-
-
-
-
+---
+title: UsmtUtils Syntax (Windows 10)
+description: Learn about the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface.
+ms.assetid: cdab7f2d-dd68-4016-b9ed-41ffa743b65c
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# UsmtUtils Syntax
+
+
+This topic describes the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. These utilities:
+
+- Improve your ability to determine cryptographic options for your migration.
+
+- Assist in removing hard-link stores that cannot otherwise be deleted due to a sharing lock.
+
+- Verify whether the catalog file or any of the other files in the compressed migration store have become corrupted.
+
+- Extract files from the compressed migration store when you migrate files and settings to the destination computer.
+
+## In This Topic
+
+
+[Usmtutils.exe](#bkmk-usmtutils-exe)
+
+[Verify Options](#bkmk-verifyoptions)
+
+[Extract Options](#bkmk-extractoptions)
+
+## Usmtutils.exe
+
+
+The following table lists command-line options for USMTutils.exe. The sections that follow provide further command-line options for the **/verify** and the **/extract** options.
+
+The syntax for UsmtUtils.exe is:
+
+usmtutils \[/ec | /rd *<storeDir>* | /verify *<filepath>* \[options\] | /extract *<filepath>* *<destinationPath>* \[options\]\]
+
+
+
+
+
+
+
+
+
Command-line Option
+
Description
+
+
+
+
+
/ec
+
Returns a list of supported cryptographic algorithms (AlgIDs) on the current system. You can use this on a destination computer to determine which algorithm to use with the /encrypt command before you run the ScanState tool on the source computer.
+
+
+
/rd<storeDir>
+
Removes the directory path specified by the <storeDir> argument on the computer. You can use this command to delete hard-link migration stores that cannot otherwise be deleted at a command prompt due to a sharing lock. If the migration store spans multiple volumes on a given drive, it will be deleted from all of these volumes.
+
For example:
+
usmtutils /rd D:\MyHardLinkStore
+
+
+
/y
+
Overrides the accept deletions prompt when used with the /rd option. When you use the /y option with the /rd option, you will not be prompted to accept the deletions before USMT deletes the directories.
+
+
+
/verify
+
Returns information on whether the compressed migration store is intact or whether it contains corrupted files or a corrupted catalog.
+
See Verify Options for syntax and options to use with /verify.
+
+
+
/extract
+
Recovers files from a compressed USMT migration store.
+
See Extract Options for syntax and options to use with /extract.
+
+
+
+
+
+
+## Verify Options
+
+
+Use the **/verify** option when you want to determine whether a compressed migration store is intact or whether it contains corrupted files or a corrupted catalog. For more information on how to use the **/verify** option, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md).
+
+The syntax for **/verify** is:
+
+usmtutils /verify\[:*<reportType>*\] *<filePath>* \[/l:*<logfile>*\] \[/v:*VerbosityLevel*\] \[/decrypt \[:*<AlgID>*\] {/key:*<keystring>* | /keyfile:*<filename>*}\]
+
+
+
+
+
+
+
+
+
Command-line Option
+
Description
+
+
+
+
+
<reportType>
+
Specifies whether to report on all files, corrupted files only, or the status of the catalog.
+
+
Summary. Returns both the number of files that are intact and the number of files that are corrupted in the migration store. If no algorithm is specified, the summary report is displayed as a default.
+
all. Returns a tab-delimited list of all of the files in the compressed migration store and the status for each file. Each line contains the file name followed by a tab spacing, and either “CORRUPTED” or “OK” depending on the status of the file. The last entry reports the corruption status of the "CATALOG" of the store. A catalog file contains metadata for all files in a migration store. The LoadState tool requires a valid catalog file in order to open the migration store. Returns "OK" if the catalog file is intact and LoadState can open the migration store and "CORRUPTED" if the migration store is corrupted.
+
failureonly. Returns a tab-delimited list of only the files that are corrupted in the compressed migration store.
+
Catalog. Returns only the status of the catalog file.
+
+
+
+
/l:
+
<logfilePath>
+
Specifies the location and name of the log file.
+
+
+
/v:<VerbosityLevel>
+
(Verbosity)
+
Enables verbose output in the UsmtUtils log file. The default value is 0.
+
You can set the VerbosityLevel to one of the following levels:
+
+
+
+
+
+
+
+
Level
+
Explanation
+
+
+
+
+
0
+
Only the default errors and warnings are enabled.
+
+
+
1
+
Enables verbose output.
+
+
+
4
+
Enables error and status output.
+
+
+
5
+
Enables verbose and status output.
+
+
+
8
+
Enables error output to a debugger.
+
+
+
9
+
Enables verbose output to a debugger.
+
+
+
12
+
Enables error and status output to a debugger.
+
+
+
13
+
Enables verbose, status, and debugger output.
+
+
+
+
+
+
+
/decrypt<AlgID>/:<KeyString>
+
or
+
/decrypt<AlgID>/:<“Key String”>
+
or
+
/decrypt:<AlgID>/keyfile:<FileName>
+
Specifies that the /encrypt option was used to create the migration store with the ScanState tool. To decrypt the migration store, specify a /key or /keyfile option as follows:
+
+
<AlgID> specifies the cryptographic algorithm that was used to create the migration store on the ScanState command line. If no algorithm is specified, ScanState and UsmtUtils use the 3DES algorithm as a default.
+
<AlgID> valid values include: AES_128, AES_192, AES_256, 3DES, or 3DES_112.
+
/key:<KeyString> specifies the encryption key. If there is a space in <KeyString>, you must surround the argument with quotation marks.
+
/keyfile: <FileName> specifies the location and name of a text (.txt) file that contains the encryption key.
+
+
+
+Some examples of **/verify** commands:
+
+- `usmtutils /verify D:\MyMigrationStore\store.mig`
+
+- `usmtutils /verify:catalog D:\MyMigrationStore\store.mig`
+
+- `usmtutils /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt`
+
+- `usmtutils /verify:failureonly D:\MyMigrationStore\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt`
+
+## Extract Options
+
+
+Use the **/extract** option to recover files from a compressed USMT migration store if it will not restore normally with loadstate. For more information on how to use the **/extract** option, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).
+
+The syntax for **/extract** is:
+
+/extract *<filePath>* *<destinationPath>* \[/i:*<includePattern>*\] \[/e: *<excludePattern>*\] \[/l: *<logfile>*\] \[/v: *VerbosityLevel>*\] \[/decrypt\[:*<AlgID>*\] {key: *<keystring>* | /keyfile: *<filename>*}\] \[/o\]
+
+
+
+
+
+
+
+
+
Command-line Option
+
Description
+
+
+
+
+
<filePath>
+
Path to the USMT migration store.
+
For example:
+
D:\MyMigrationStore\USMT\store.mig
+
+
+
<destinationPath>
+
Path to the folder where the tool puts the individual files.
+
+
+
/i:<includePattern>
+
Specifies a pattern for files to include in the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use /i: <includePattern> and /e: <excludePattern> options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns.
+
+
+
/e:<excludePattern>
+
Specifies a pattern for files to omit from the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use /i: <includePattern> and /e: <excludePattern> options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns.
+
+
+
/l:<logfilePath>
+
Specifies the location and name of the log file.
+
+
+
/v:<VerbosityLevel>
+
(Verbosity)
+
Enables verbose output in the UsmtUtils log file. The default value is 0.
+
You can set the VerbosityLevel to one of the following levels:
+
+
+
+
+
+
+
+
Level
+
Explanation
+
+
+
+
+
0
+
Only the default errors and warnings are enabled.
+
+
+
1
+
Enables verbose output.
+
+
+
4
+
Enables error and status output.
+
+
+
5
+
Enables verbose and status output.
+
+
+
8
+
Enables error output to a debugger.
+
+
+
9
+
Enables verbose output to a debugger.
+
+
+
12
+
Enables error and status output to a debugger.
+
+
+
13
+
Enables verbose, status, and debugger output.
+
+
+
+
+
+
+
/decrypt<AlgID>/key:<KeyString>
+
or
+
/decrypt<AlgID>/:<“Key String”>
+
or
+
/decrypt:<AlgID>/keyfile:<FileName>
+
Specifies that the /encrypt option was used to create the migration store with the ScanState tool. To decrypt the migration store, you must also specify a /key or /keyfile option as follows:
+
+
<AlgID> specifies the cryptographic algorithm that was used to create the migration store on the ScanState command line. If no algorithm is specified, ScanState and UsmtUtils use the 3DES algorithm as a default.
+
<AlgID> valid values include: AES_128, AES_192, AES_256, 3DES, or 3DES_112.
+
/key: <KeyString> specifies the encryption key. If there is a space in <KeyString>, you must surround the argument with quotation marks.
+
/keyfile:<FileName> specifies a text (.txt) file that contains the encryption key
+
+
+
+Some examples of **/extract** commands:
+
+- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore`
+
+- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt, *.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt`
+
+- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtlog.txt`
+
+- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o`
+
+## Related topics
+
+
+[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)
+
+[Return Codes](usmt-return-codes.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
index 4fc36c33bc..2152530861 100644
--- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
+++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
@@ -1,429 +1,430 @@
----
-title: What does USMT migrate (Windows 10)
-description: What does USMT migrate
-ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 09/12/2017
-ms.topic: article
----
-
-# What does USMT migrate?
-
-
-## In this topic
-
-
-- [Default migration scripts](#bkmk-defaultmigscripts)
-
-- [User Data](#bkmk-3)
-
-- [Operating-system components](#bkmk-4)
-
-- [Supported applications](#bkmk-2)
-
-- [What USMT does not migrate](#no)
-
-## Default migration scripts
-
-
-The User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. USMT provides the following sample scripts:
-
-- **MigApp.XML.** Rules to migrate application settings.
-
-- **MigDocs.XML.** Rules that use the **MigXmlHelper.GenerateDocPatterns** helper function, which can be used to automatically find user documents on a computer without the need to author extensive custom migration .xml files.
-
-- **MigUser.XML.** Rules to migrate user profiles and user data.
-
- MigUser.xml gathers everything in a user’s profile and then does a file extension- based search of most of the system for other user data. If data doesn’t match either of these criteria, the data won’t be migrated. For the most part, this file describes a "core" migration.
-
- The following data does not migrate with MigUser.xml:
-
- - Files outside the user profile that don’t match one of the file extensions in MigUser.xml.
-
- - Access control lists (ACLs) for folders outside the user profile.
-
-## User data
-
-
-This section describes the user data that USMT migrates by default, using the MigUser.xml file. It also defines how to migrate ACLs.
-
-- **Folders from each user profile.** When you specify the MigUser.xml file, USMT migrates everything in a user’s profiles including the following:
-
- My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites.
-
- >[!IMPORTANT]
- >Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](https://docs.microsoft.com/windows/deployment/usmt/usmt-common-issues#usmt-does-not-migrate-the-start-layout).
-
-- **Folders from the All Users and Public profiles.** When you specify the MigUser.xml file, USMT also migrates the following from the **All Users** profile in Windows® XP, or the **Public** profile in Windows Vista, Windows 7, or Windows 8:
-
- - Shared Documents
-
- - Shared Video
-
- - Shared Music
-
- - Shared desktop files
-
- - Shared Pictures
-
- - Shared Start menu
-
- - Shared Favorites
-
-- **File types.** When you specify the MigUser.xml file, the ScanState tool searches the fixed drives, collects and then migrates files with any of the following file extensions:
-
- **.accdb, .ch3, .csv, .dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*.**
-
- **Note**
- The asterisk (\*) stands for zero or more characters.
-
-
-
-- **Access control lists.** USMT migrates ACLs for specified files and folders from computers running both Windows® XP and Windows Vista. For example, if you migrate a file named File1.txt that is read-only for User1 and read/write for User2, these settings will still apply on the destination computer after the migration.
-
-**Important**
-To migrate ACLs, you must specify the directory to migrate in the MigUser.xml file. Using file patterns like \*.doc will not migrate a directory. The source ACL information is migrated only when you explicitly specify the directory. For example, `c:\test docs`.
-
-
-
-## Operating-system components
-
-
-USMT migrates operating-system components to a destination computer from computers running Windows 7 and Windows 8
-
-The following components are migrated by default using the manifest files:
-
-- Accessibility settings
-
-- Address book
-
-- Command-prompt settings
-
-- \*Desktop wallpaper
-
-- EFS files
-
-- Favorites
-
-- Folder options
-
-- Fonts
-
-- Group membership. USMT migrates users’ group settings. The groups to which a user belongs can be found by right-clicking **My Computer** on the Start menu and then clicking **Manage**. When running an offline migration, the use of a **<ProfileControl>** section in the Config.xml file is required.
-
-- \*Windows Internet Explorer® settings
-
-- Microsoft® Open Database Connectivity (ODBC) settings
-
-- Mouse and keyboard settings
-
-- Network drive mapping
-
-- \*Network printer mapping
-
-- \*Offline files
-
-- \*Phone and modem options
-
-- RAS connection and phone book (.pbk) files
-
-- \*Regional settings
-
-- Remote Access
-
-- \*Taskbar settings
-
-- User personal certificates (all)
-
-- Windows Mail.
-
-- \*Windows Media Player
-
-- Windows Rights Management
-
-\* These settings are not available for an offline migration. For more information, see [Offline Migration Reference](offline-migration-reference.md).
-
-**Important**
-This list may not be complete. There may be additional components that are migrated.
-
-
-
-**Note**
-Some settings, such as fonts, are not applied by the LoadState tool until after the destination computer has been restarted. For this reason, restart the destination computer after you run the LoadState tool.
-
-
-
-## Supported applications
-
-
-Although it is not required for all applications, it is good practice to install all applications on the destination computer before restoring the user state. Installing applications before migrating settings helps to ensure that the migrated settings are not overwritten by the application installers.
-
-**Note**
-The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office.
-
-
-
-**Note**
-USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate.
-
-
-
-When you specify the MigApp.xml file, USMT migrates the settings for the following applications:
-
-
-
-
-
-
-
-
-
Product
-
Version
-
-
-
-
-
Adobe Acrobat Reader
-
9
-
-
-
AOL Instant Messenger
-
6.8
-
-
-
Adobe Creative Suite
-
2
-
-
-
Adobe Photoshop CS
-
8, 9
-
-
-
Adobe ImageReady CS
-
-
-
-
Apple iTunes
-
6, 7, 8
-
-
-
Apple QuickTime Player
-
5, 6, 7
-
-
-
Apple Safari
-
3.1.2
-
-
-
Google Chrome
-
beta
-
-
-
Google Picasa
-
3
-
-
-
Google Talk
-
beta
-
-
-
IBM Lotus 1-2-3
-
9
-
-
-
IBM Lotus Notes
-
6,7, 8
-
-
-
IBM Lotus Organizer
-
5
-
-
-
IBM Lotus WordPro
-
9.9
-
-
-
Intuit Quicken Deluxe
-
2009
-
-
-
Money Plus Business
-
2008
-
-
-
Money Plus Home
-
2008
-
-
-
Mozilla Firefox
-
3
-
-
-
Microsoft Office
-
2003, 2007, 2010
-
-
-
Microsoft Office Access®
-
2003, 2007, 2010
-
-
-
Microsoft Office Excel®
-
2003, 2007, 2010
-
-
-
Microsoft Office FrontPage®
-
2003, 2007, 2010
-
-
-
Microsoft Office OneNote®
-
2003, 2007, 2010
-
-
-
Microsoft Office Outlook®
-
2003, 2007, 2010
-
-
-
Microsoft Office PowerPoint®
-
2003, 2007, 2010
-
-
-
Microsoft Office Publisher
-
2003, 2007, 2010
-
-
-
Microsoft Office Word
-
2003, 2007, 2010
-
-
-
Opera Software Opera
-
9.5
-
-
-
Microsoft Outlook Express
-
(only mailbox file)
-
-
-
Microsoft Project
-
2003, 2007
-
-
-
Microsoft Office Visio®
-
2003, 2007
-
-
-
RealPlayer Basic
-
11
-
-
-
Sage Peachtree
-
2009
-
-
-
Skype
-
3.8
-
-
-
Windows Live Mail
-
12, 14
-
-
-
Windows Live Messenger
-
8.5, 14
-
-
-
Windows Live MovieMaker
-
14
-
-
-
Windows Live Photo Gallery
-
12, 14
-
-
-
Windows Live Writer
-
12, 14
-
-
-
Windows Mail
-
(Windows 7 and 8)
-
-
-
Microsoft Works
-
9
-
-
-
Yahoo Messenger
-
9
-
-
-
Microsoft Zune™ Software
-
3
-
-
-
-
-
-
-## What USMT does not migrate
-
-
-The following is a list of the settings that USMT does not migrate. If you are having a problem that is not listed here, see [Common Issues](usmt-common-issues.md).
-
-### Application settings
-
-USMT does not migrate the following application settings:
-
-- Settings from earlier versions of an application. The versions of each application must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. USMT can migrate from an earlier version of Microsoft Office to a later version.
-
-- Application settings and some operating-system settings when a local account is created. For example, if you run /lac to create a local account on the destination computer, USMT will migrate the user data, but only some of the operating-system settings, such as wallpaper and screensaver settings, and no application settings will migrate.
-
-- Microsoft Project settings, when migrating from Office 2003 to Office 2007 system.
-
-- ICQ Pro settings, if ICQ Pro is installed in a different location on the destination computer. To successfully migrate the settings of ICQ Pro, you must install ICQ Pro in the same location on the destination computer as it was on the source computer. Otherwise, after you run the LoadState tool, the application will not start. You may encounter problems when:
-
- - You change the default installation location on 32-bit destination computers.
-
- - You attempt to migrate from a 32-bit computer to a 64-bit computer. This is because the ICQ Pro default installation directory is different on the two types of computers. When you install ICQ Pro on a 32-bit computer, the default location is "C:\\Program Files\\...". The ICQ Pro default installation directory on an x64-based computer, however, is “C:\\Program Files (x86)\\...”.
-
-### Operating-System settings
-
-USMT does not migrate the following operating-system settings.
-
-- Local printers, hardware-related settings, drivers, passwords, application binary files, synchronization files, DLL files, or other executable files.
-
-- Permissions for shared folders. After migration, you must manually re-share any folders that were shared on the source computer.
-
-- Files and settings migrating between operating systems with different languages. The operating system of the source computer must match the language of the operating system on the destination computer.
-
-- Customized icons for shortcuts may not migrate.
-
-- Taskbar settings, when the source computer is running Windows XP.
-
-You should also note the following:
-
-- You should run USMT from an account with administrative credentials. Otherwise, some data will not migrate. When running the ScanState and LoadState tools you must run the tools in Administrator mode from an account with administrative credentials. If you do not run USMT in Administrator mode, only the user profile that is logged on will be included in the migration. In addition, you must run the ScanState tool on Windows XP from an account with administrative credentials. Otherwise, some operating-system settings will not migrate. To run in Administrator mode, click **Start**, click **All Programs**, click **Accessories**, right-click **Command Prompt**, and then click **Run as administrator**.
-
-- You can use the /**localonly** option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify /**localonly**, see [ScanState Syntax](usmt-scanstate-syntax.md).
-
-### Start menu layout
-
-Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](https://docs.microsoft.com/windows/deployment/usmt/usmt-common-issues#usmt-does-not-migrate-the-start-layout).
-
-## Related topics
-
-
-[Plan your migration](usmt-plan-your-migration.md)
-
-
-
-
-
-
-
-
-
+---
+title: What does USMT migrate (Windows 10)
+description: Learn how User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language.
+ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 09/12/2017
+ms.topic: article
+---
+
+# What does USMT migrate?
+
+
+## In this topic
+
+
+- [Default migration scripts](#bkmk-defaultmigscripts)
+
+- [User Data](#bkmk-3)
+
+- [Operating-system components](#bkmk-4)
+
+- [Supported applications](#bkmk-2)
+
+- [What USMT does not migrate](#no)
+
+## Default migration scripts
+
+
+The User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. USMT provides the following sample scripts:
+
+- **MigApp.XML.** Rules to migrate application settings.
+
+- **MigDocs.XML.** Rules that use the **MigXmlHelper.GenerateDocPatterns** helper function, which can be used to automatically find user documents on a computer without the need to author extensive custom migration .xml files.
+
+- **MigUser.XML.** Rules to migrate user profiles and user data.
+
+ MigUser.xml gathers everything in a user’s profile and then does a file extension- based search of most of the system for other user data. If data doesn’t match either of these criteria, the data won’t be migrated. For the most part, this file describes a "core" migration.
+
+ The following data does not migrate with MigUser.xml:
+
+ - Files outside the user profile that don’t match one of the file extensions in MigUser.xml.
+
+ - Access control lists (ACLs) for folders outside the user profile.
+
+## User data
+
+
+This section describes the user data that USMT migrates by default, using the MigUser.xml file. It also defines how to migrate ACLs.
+
+- **Folders from each user profile.** When you specify the MigUser.xml file, USMT migrates everything in a user’s profiles including the following:
+
+ My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites.
+
+ >[!IMPORTANT]
+ >Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](https://docs.microsoft.com/windows/deployment/usmt/usmt-common-issues#usmt-does-not-migrate-the-start-layout).
+
+- **Folders from the All Users and Public profiles.** When you specify the MigUser.xml file, USMT also migrates the following from the **All Users** profile in Windows® XP, or the **Public** profile in Windows Vista, Windows 7, or Windows 8:
+
+ - Shared Documents
+
+ - Shared Video
+
+ - Shared Music
+
+ - Shared desktop files
+
+ - Shared Pictures
+
+ - Shared Start menu
+
+ - Shared Favorites
+
+- **File types.** When you specify the MigUser.xml file, the ScanState tool searches the fixed drives, collects and then migrates files with any of the following file extensions:
+
+ **.accdb, .ch3, .csv, .dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*.**
+
+ **Note**
+ The asterisk (\*) stands for zero or more characters.
+
+
+
+- **Access control lists.** USMT migrates ACLs for specified files and folders from computers running both Windows® XP and Windows Vista. For example, if you migrate a file named File1.txt that is read-only for User1 and read/write for User2, these settings will still apply on the destination computer after the migration.
+
+**Important**
+To migrate ACLs, you must specify the directory to migrate in the MigUser.xml file. Using file patterns like \*.doc will not migrate a directory. The source ACL information is migrated only when you explicitly specify the directory. For example, `c:\test docs`.
+
+
+
+## Operating-system components
+
+
+USMT migrates operating-system components to a destination computer from computers running Windows 7 and Windows 8
+
+The following components are migrated by default using the manifest files:
+
+- Accessibility settings
+
+- Address book
+
+- Command-prompt settings
+
+- \*Desktop wallpaper
+
+- EFS files
+
+- Favorites
+
+- Folder options
+
+- Fonts
+
+- Group membership. USMT migrates users’ group settings. The groups to which a user belongs can be found by right-clicking **My Computer** on the Start menu and then clicking **Manage**. When running an offline migration, the use of a **<ProfileControl>** section in the Config.xml file is required.
+
+- \*Windows Internet Explorer® settings
+
+- Microsoft® Open Database Connectivity (ODBC) settings
+
+- Mouse and keyboard settings
+
+- Network drive mapping
+
+- \*Network printer mapping
+
+- \*Offline files
+
+- \*Phone and modem options
+
+- RAS connection and phone book (.pbk) files
+
+- \*Regional settings
+
+- Remote Access
+
+- \*Taskbar settings
+
+- User personal certificates (all)
+
+- Windows Mail.
+
+- \*Windows Media Player
+
+- Windows Rights Management
+
+\* These settings are not available for an offline migration. For more information, see [Offline Migration Reference](offline-migration-reference.md).
+
+**Important**
+This list may not be complete. There may be additional components that are migrated.
+
+
+
+**Note**
+Some settings, such as fonts, are not applied by the LoadState tool until after the destination computer has been restarted. For this reason, restart the destination computer after you run the LoadState tool.
+
+
+
+## Supported applications
+
+
+Although it is not required for all applications, it is good practice to install all applications on the destination computer before restoring the user state. Installing applications before migrating settings helps to ensure that the migrated settings are not overwritten by the application installers.
+
+**Note**
+The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office.
+
+
+
+**Note**
+USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate.
+
+
+
+When you specify the MigApp.xml file, USMT migrates the settings for the following applications:
+
+
+
+
+
+
+
+
+
Product
+
Version
+
+
+
+
+
Adobe Acrobat Reader
+
9
+
+
+
AOL Instant Messenger
+
6.8
+
+
+
Adobe Creative Suite
+
2
+
+
+
Adobe Photoshop CS
+
8, 9
+
+
+
Adobe ImageReady CS
+
+
+
+
Apple iTunes
+
6, 7, 8
+
+
+
Apple QuickTime Player
+
5, 6, 7
+
+
+
Apple Safari
+
3.1.2
+
+
+
Google Chrome
+
beta
+
+
+
Google Picasa
+
3
+
+
+
Google Talk
+
beta
+
+
+
IBM Lotus 1-2-3
+
9
+
+
+
IBM Lotus Notes
+
6,7, 8
+
+
+
IBM Lotus Organizer
+
5
+
+
+
IBM Lotus WordPro
+
9.9
+
+
+
Intuit Quicken Deluxe
+
2009
+
+
+
Money Plus Business
+
2008
+
+
+
Money Plus Home
+
2008
+
+
+
Mozilla Firefox
+
3
+
+
+
Microsoft Office
+
2003, 2007, 2010
+
+
+
Microsoft Office Access®
+
2003, 2007, 2010
+
+
+
Microsoft Office Excel®
+
2003, 2007, 2010
+
+
+
Microsoft Office FrontPage®
+
2003, 2007, 2010
+
+
+
Microsoft Office OneNote®
+
2003, 2007, 2010
+
+
+
Microsoft Office Outlook®
+
2003, 2007, 2010
+
+
+
Microsoft Office PowerPoint®
+
2003, 2007, 2010
+
+
+
Microsoft Office Publisher
+
2003, 2007, 2010
+
+
+
Microsoft Office Word
+
2003, 2007, 2010
+
+
+
Opera Software Opera
+
9.5
+
+
+
Microsoft Outlook Express
+
(only mailbox file)
+
+
+
Microsoft Project
+
2003, 2007
+
+
+
Microsoft Office Visio®
+
2003, 2007
+
+
+
RealPlayer Basic
+
11
+
+
+
Sage Peachtree
+
2009
+
+
+
Skype
+
3.8
+
+
+
Windows Live Mail
+
12, 14
+
+
+
Windows Live Messenger
+
8.5, 14
+
+
+
Windows Live MovieMaker
+
14
+
+
+
Windows Live Photo Gallery
+
12, 14
+
+
+
Windows Live Writer
+
12, 14
+
+
+
Windows Mail
+
(Windows 7 and 8)
+
+
+
Microsoft Works
+
9
+
+
+
Yahoo Messenger
+
9
+
+
+
Microsoft Zune™ Software
+
3
+
+
+
+
+
+
+## What USMT does not migrate
+
+
+The following is a list of the settings that USMT does not migrate. If you are having a problem that is not listed here, see [Common Issues](usmt-common-issues.md).
+
+### Application settings
+
+USMT does not migrate the following application settings:
+
+- Settings from earlier versions of an application. The versions of each application must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. USMT can migrate from an earlier version of Microsoft Office to a later version.
+
+- Application settings and some operating-system settings when a local account is created. For example, if you run /lac to create a local account on the destination computer, USMT will migrate the user data, but only some of the operating-system settings, such as wallpaper and screensaver settings, and no application settings will migrate.
+
+- Microsoft Project settings, when migrating from Office 2003 to Office 2007 system.
+
+- ICQ Pro settings, if ICQ Pro is installed in a different location on the destination computer. To successfully migrate the settings of ICQ Pro, you must install ICQ Pro in the same location on the destination computer as it was on the source computer. Otherwise, after you run the LoadState tool, the application will not start. You may encounter problems when:
+
+ - You change the default installation location on 32-bit destination computers.
+
+ - You attempt to migrate from a 32-bit computer to a 64-bit computer. This is because the ICQ Pro default installation directory is different on the two types of computers. When you install ICQ Pro on a 32-bit computer, the default location is "C:\\Program Files\\...". The ICQ Pro default installation directory on an x64-based computer, however, is “C:\\Program Files (x86)\\...”.
+
+### Operating-System settings
+
+USMT does not migrate the following operating-system settings.
+
+- Local printers, hardware-related settings, drivers, passwords, application binary files, synchronization files, DLL files, or other executable files.
+
+- Permissions for shared folders. After migration, you must manually re-share any folders that were shared on the source computer.
+
+- Files and settings migrating between operating systems with different languages. The operating system of the source computer must match the language of the operating system on the destination computer.
+
+- Customized icons for shortcuts may not migrate.
+
+- Taskbar settings, when the source computer is running Windows XP.
+
+You should also note the following:
+
+- You should run USMT from an account with administrative credentials. Otherwise, some data will not migrate. When running the ScanState and LoadState tools you must run the tools in Administrator mode from an account with administrative credentials. If you do not run USMT in Administrator mode, only the user profile that is logged on will be included in the migration. In addition, you must run the ScanState tool on Windows XP from an account with administrative credentials. Otherwise, some operating-system settings will not migrate. To run in Administrator mode, click **Start**, click **All Programs**, click **Accessories**, right-click **Command Prompt**, and then click **Run as administrator**.
+
+- You can use the /**localonly** option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify /**localonly**, see [ScanState Syntax](usmt-scanstate-syntax.md).
+
+### Start menu layout
+
+Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](https://docs.microsoft.com/windows/deployment/usmt/usmt-common-issues#usmt-does-not-migrate-the-start-layout).
+
+## Related topics
+
+
+[Plan your migration](usmt-plan-your-migration.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md
index bfbd4e2c61..c05b8c1535 100644
--- a/windows/deployment/usmt/usmt-xml-elements-library.md
+++ b/windows/deployment/usmt/usmt-xml-elements-library.md
@@ -1,6 +1,6 @@
---
title: XML Elements Library (Windows 10)
-description: XML Elements Library
+description: Learn about the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT).
ms.assetid: f5af0f6d-c3bf-4a4c-a0ca-9db7985f954f
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index ba0467192f..ec943180e6 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -1,6 +1,6 @@
---
title: USMT XML Reference (Windows 10)
-description: Work with and customize the migration XML files using USMT XML Reference for Windows 10.
+description: Learn about working with and customizing the migration XML files using User State Migration Tool (USMT) XML Reference for Windows 10.
ms.assetid: fb946975-0fee-4ec0-b3ef-7c34945ee96f
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md
index aeae8b54ae..f5afeaa069 100644
--- a/windows/deployment/usmt/xml-file-requirements.md
+++ b/windows/deployment/usmt/xml-file-requirements.md
@@ -1,6 +1,6 @@
---
title: XML File Requirements (Windows 10)
-description: XML File Requirements
+description: Learn about the XML file requirements for creating custom .xml files, like the file must be in UTF-8 and have a unique migration urlid.
ms.assetid: 4b567b50-c50a-4a4f-8684-151fe3f8275f
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index 62a9dc2999..5b4f53e98a 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -3,8 +3,9 @@ title: Configure VDA for Windows 10 Subscription Activation
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
-description: How to enable Windows 10 Enterprise E3 and E5 subscriptions for VDA
+description: Learn how to configure virtual machines (VMs) to enable Windows 10 Subscription Activation in a Windows Virtual Desktop Access (VDA) scenario.
keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.mktglfcycl: deploy
@@ -12,7 +13,6 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
audience: itpro
-author: greg-lindsay
ms.topic: article
ms.collection: M365-modern-desktop
---
diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
index cd12f07346..5e20b62132 100644
--- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
@@ -1,6 +1,6 @@
---
title: Activate by Proxy an Active Directory Forest (Windows 10)
-description: Activate by Proxy an Active Directory Forest
+description: Learn how to use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest.
ms.assetid: 6475fc87-a6f7-4fa8-b0aa-de19f2dea7e5
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md
index 06362064ff..007c3a0ae3 100644
--- a/windows/deployment/volume-activation/activate-forest-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-vamt.md
@@ -1,50 +1,51 @@
----
-title: Activate an Active Directory Forest Online (Windows 10)
-description: Activate an Active Directory Forest Online
-ms.assetid: 9b5bc193-799b-4aa5-9d3e-0e495f7195d3
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Activate an Active Directory Forest Online
-
-You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest over the Internet. ADBA enables certain products to inherit activation from the domain.
-
-**Important**
-ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products.
-
-## Requirements
-
-Before performing online activation, ensure that the network and the VAMT installation meet the following requirements:
-- VAMT is installed on a host computer that has Internet access.
-- VAMT has administrative permissions to the Active Directory domain.
-- The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node.
-
-**To perform an online Active Directory forest activation**
-
-1. Open VAMT.
-2. In the left-side pane, click the **Active Directory-Based Activation** node.
-3. In the right-side **Actions** pane, click **Online activate forest** to open the **Install Product Key** dialog box.
-4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest.
-5. If required, enter a new Active Directory-Based Activation Object name
-
- **Important**
- If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed.
-
-6. Click **Install Key**.
-7. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action.
-
-The activated object and the date that is was created appear in the **Active Directory-Based Activation** node in the center pane.
-
-## Related topics
-
-- [Scenario 1: Online Activation](scenario-online-activation-vamt.md)
-- [Add and Remove Computers](add-remove-computers-vamt.md)
+---
+title: Activate an Active Directory Forest Online (Windows 10)
+description: Use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest online.
+ms.assetid: 9b5bc193-799b-4aa5-9d3e-0e495f7195d3
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Activate an Active Directory Forest Online
+
+You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest over the Internet. ADBA enables certain products to inherit activation from the domain.
+
+**Important**
+ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products.
+
+## Requirements
+
+Before performing online activation, ensure that the network and the VAMT installation meet the following requirements:
+- VAMT is installed on a host computer that has Internet access.
+- VAMT has administrative permissions to the Active Directory domain.
+- The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node.
+
+**To perform an online Active Directory forest activation**
+
+1. Open VAMT.
+2. In the left-side pane, click the **Active Directory-Based Activation** node.
+3. In the right-side **Actions** pane, click **Online activate forest** to open the **Install Product Key** dialog box.
+4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest.
+5. If required, enter a new Active Directory-Based Activation Object name
+
+ **Important**
+ If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed.
+
+6. Click **Install Key**.
+7. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action.
+
+The activated object and the date that is was created appear in the **Active Directory-Based Activation** node in the center pane.
+
+## Related topics
+
+- [Scenario 1: Online Activation](scenario-online-activation-vamt.md)
+- [Add and Remove Computers](add-remove-computers-vamt.md)
diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
index 01010689aa..68924c83f3 100644
--- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
+++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
@@ -1,144 +1,147 @@
----
-title: Activate using Key Management Service (Windows 10)
-ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-description:
-keywords: vamt, volume activation, activation, windows activation
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.date: 10/16/2017
-ms.topic: article
----
-
-# Activate using Key Management Service
-
-**Applies to**
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
-
-**Looking for retail activation?**
-
-- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
-
-There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
-- Host KMS on a computer running Windows 10
-- Host KMS on a computer running Windows Server 2012 R2
-- Host KMS on a computer running an earlier version of Windows
-
-Check out [Windows 10 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2015/09/15/windows-10-volume-activation-tips/).
-
-## Key Management Service in Windows 10
-
-Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7.
-Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers.
-To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft’s activation services.
-
-**Configure KMS in Windows 10**
-
-1. Open an elevated command prompt.
-2. Enter one of the following commands.
- - To install a KMS key, type **slmgr.vbs /ipk <KmsKey>**.
- - To activate online, type **slmgr.vbs /ato**.
- - To activate by using the telephone, type **slui.exe 4**.
-3. After activating the KMS key, restart the Software Protection Service.
-
-For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032).
-
-## Key Management Service in Windows Server 2012 R2
-Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
-
-**Note**
-You cannot install a client KMS key into the KMS in Windows Server.
-
-This scenario is commonly used in larger organizations that do not find the overhead of using a server a burden.
-
-**Note**
-
-If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](https://go.microsoft.com/fwlink/p/?LinkId=620687).
-
-**Configure KMS in Windows Server 2012 R2**
-
-1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials.
-2. Launch Server Manager.
-3. Add the Volume Activation Services role, as shown in Figure 4.
-
- 
-
- **Figure 4**. Adding the Volume Activation Services role in Server Manager\
-
-4. When the role installation is complete, click the link to launch the Volume Activation Tools (Figure 5).
-
- 
-
- **Figure 5**. Launching the Volume Activation Tools
-
- 5. Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6).
- This can be the same computer on which you installed the role or another computer. For example, it can be a client computer running Windows 10.
-
- 
-
- **Figure 6**. Configuring the computer as a KMS host
-
-5. Install your KMS host key by typing it in the text box, and then click **Commit** (Figure 7).
-
- 
-
- **Figure 7**. Installing your KMS host key
-
-6. If asked to confirm replacement of an existing key, click **Yes**.
-7. After the product key is installed, you must activate it. Click **Next** (Figure 8).
-
- 
-
- **Figure 8**. Activating the software
-
- The KMS key can be activated online or by phone. See Figure 9.
-
- 
-
- **Figure 9**. Choosing to activate online
-
-Now that the KMS host is configured, it will begin to listen for activation requests. However, it will not activate clients successfully until the activation threshold is met.
-
-## Verifying the configuration of Key Management Service
-
-You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message.
-**Note**
-
-If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2.
-
-To verify that KMS volume activation works, complete the following steps:
-
-1. On the KMS host, open the event log and confirm that DNS publishing is successful.
-2. On a client computer, open a Command Prompt window, type **Slmgr.vbs /ato**, and then press ENTER.
-The **/ato** command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information.
-3. On a client computer or the KMS host, open an elevated Command Prompt window, type **Slmgr /dlv**, and then press ENTER.
-
-The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated.
-
-For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](https://go.microsoft.com/fwlink/p/?LinkId=733639).
-
-## Key Management Service in earlier versions of Windows
-
-If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps:
-
-1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed.
-2. Request a new KMS host key from the Volume Licensing Service Center.
-3. Install the new KMS host key on your KMS host.
-4. Activate the new KMS host key by running the slmgr.vbs script.
-
-For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590).
-
-## See also
-- [Volume Activation for Windows 10](volume-activation-windows-10.md)
+---
+title: Activate using Key Management Service (Windows 10)
+ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+description: How to activate using Key Management Service in Windows 10.
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.date: 10/16/2017
+ms.topic: article
+---
+
+# Activate using Key Management Service
+
+**Applies to**
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2012
+- Windows Server 2008 R2
+
+**Looking for retail activation?**
+
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+
+There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
+- Host KMS on a computer running Windows 10
+- Host KMS on a computer running Windows Server 2012 R2
+- Host KMS on a computer running an earlier version of Windows
+
+Check out [Windows 10 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2015/09/15/windows-10-volume-activation-tips/).
+
+## Key Management Service in Windows 10
+
+Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7.
+Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers.
+To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft’s activation services.
+
+**Configure KMS in Windows 10**
+
+To activate , use the slmgr.vbs command. Open an elevated command prompt and run one of the following commands:
+- To install the KMS key, type `slmgr.vbs /ipk `.
+- To activate online, type `slmgr.vbs /ato`.
+- To activate by telephone , follow these steps:
+ 1. Run `slmgr.vbs /dti` and confirm the installation ID.
+ 2. Call [Microsoft Licensing Activation Centers worldwide telephone numbers](https://www.microsoft.com/licensing/existing-customer/activation-centers) and follow the voice prompts to enter the installation ID that you obtained in step 1 on your telephone.
+ 3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation.
+ 4. Run `slmgr.vbs /atp \`.
+
+For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032).
+
+## Key Management Service in Windows Server 2012 R2
+Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
+
+**Note**
+You cannot install a client KMS key into the KMS in Windows Server.
+
+This scenario is commonly used in larger organizations that do not find the overhead of using a server a burden.
+
+**Note**
+
+If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](https://go.microsoft.com/fwlink/p/?LinkId=620687).
+
+**Configure KMS in Windows Server 2012 R2**
+
+1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials.
+2. Launch Server Manager.
+3. Add the Volume Activation Services role, as shown in Figure 4.
+
+ 
+
+ **Figure 4**. Adding the Volume Activation Services role in Server Manager\
+
+4. When the role installation is complete, click the link to launch the Volume Activation Tools (Figure 5).
+
+ 
+
+ **Figure 5**. Launching the Volume Activation Tools
+
+ 5. Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6).
+ This can be the same computer on which you installed the role or another computer. For example, it can be a client computer running Windows 10.
+
+ 
+
+ **Figure 6**. Configuring the computer as a KMS host
+
+5. Install your KMS host key by typing it in the text box, and then click **Commit** (Figure 7).
+
+ 
+
+ **Figure 7**. Installing your KMS host key
+
+6. If asked to confirm replacement of an existing key, click **Yes**.
+7. After the product key is installed, you must activate it. Click **Next** (Figure 8).
+
+ 
+
+ **Figure 8**. Activating the software
+
+ The KMS key can be activated online or by phone. See Figure 9.
+
+ 
+
+ **Figure 9**. Choosing to activate online
+
+Now that the KMS host is configured, it will begin to listen for activation requests. However, it will not activate clients successfully until the activation threshold is met.
+
+## Verifying the configuration of Key Management Service
+
+You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message.
+
+> [!NOTE]
+> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2.
+
+To verify that KMS volume activation works, complete the following steps:
+
+1. On the KMS host, open the event log and confirm that DNS publishing is successful.
+2. On a client computer, open a Command Prompt window, type **Slmgr.vbs /ato**, and then press ENTER.
+The **/ato** command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information.
+3. On a client computer or the KMS host, open an elevated Command Prompt window, type **Slmgr /dlv**, and then press ENTER.
+
+The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated.
+
+For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](https://go.microsoft.com/fwlink/p/?LinkId=733639).
+
+## Key Management Service in earlier versions of Windows
+
+If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps:
+
+1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed.
+2. Request a new KMS host key from the Volume Licensing Service Center.
+3. Install the new KMS host key on your KMS host.
+4. Activate the new KMS host key by running the slmgr.vbs script.
+
+For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590).
+
+## See also
+- [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
index 0664a272c5..b88d65def4 100644
--- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
+++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
@@ -1,127 +1,128 @@
----
-title: Activate clients running Windows 10 (Windows 10)
-description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy.
-ms.assetid: 39446e49-ad7c-48dc-9f18-f85a11ded643
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-keywords: vamt, volume activation, activation, windows activation
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.topic: article
----
-
-# Activate clients running Windows 10
-
-**Applies to**
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
-
-**Looking for retail activation?**
-
-- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
-
-After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works.
-Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer.
-If activation or reactivation is required, the following sequence occurs:
-1. If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals.
-2. If the computer is not a member of a domain or if the volume activation object is not available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer’s GVLK.
-3. The computer tries to activate against Microsoft servers if it is configured with a MAK.
-
-If the client is not able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart.
-
-## How Key Management Service works
-
-KMS uses a client–server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP.
-
-### Key Management Service activation thresholds
-
-You can activate physical computers and virtual machines by contacting a KMS host. To qualify for KMS activation, there must be a minimum number of qualifying computers (called the activation threshold). KMS clients will be activated only after this threshold has been met. Each KMS host counts the number of computers that have requested activation until the threshold is met.
-
-A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold are not activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more.
-When KMS clients are waiting for the KMS to reach the activation threshold, they will connect to the KMS host every two hours to get the current activation count. They will be activated when the threshold is met.
-
-In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it is activated. If a computer running Windows 10 receives an activation count of 25 or more, it is activated.
-
-### Activation count cache
-
-To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30day period begins again. If a KMS client computer does not renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one.
-However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days.
-The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size.
-
-### Key Management Service connectivity
-
-KMS activation requires TCP/IP connectivity. By default, KMS hosts and clients use DNS to publish and find the KMS. The default settings can be used, which require little or no administrative action, or KMS hosts and client computers can be manually configured based on network configuration and security requirements.
-
-### Key Management Service activation renewal
-
-KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every 7 days. If KMS activation fails, the client computer retries every two hours. After a client computer’s activation is renewed, the activation validity interval begins again.
-
-### Publication of the Key Management Service
-
-The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update is not available or the KMS host does not have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts.
-
-### Client discovery of the Key Management Service
-
-By default, KMS client computers query DNS for KMS information. The first time a KMS client computer queries DNS for KMS information, it randomly chooses a KMS host from the list of service (SRV) resource records that DNS returns. The address of a DNS server that contains the service (SRV) resource records can be listed as a suffixed entry on KMS client computers, which allows one DNS server to advertise the service (SRV) resource records for KMS, and KMS client computers with other primary DNS servers to find it.
-Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters.
-If the KMS host that a client computer selects does not respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host does not respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records.
-By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way.
-
-### Domain Name System server configuration
-
-The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update.
-The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records.
-
-### Activating the first Key Management Service host
-
-KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host does not communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers.
-
-### Activating subsequent Key Management Service hosts
-
-Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
-
-## How Multiple Activation Key works
-
-A MAK is used for one-time activation with Microsoft’s hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization’s exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit.
-
-You can activate computers by using a MAK in two ways:
-- **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that do not maintain a connection to the corporate network. MAK independent activation is shown in Figure 16.
-
- 
-
- **Figure 16**. MAK independent activation
-- **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It is also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17.
-
- 
-
- **Figure 17**. MAK proxy activation with the VAMT
-
-A MAK is recommended for computers that rarely or never connect to the corporate network and for environments in which the number of computers that require activation does not meet the KMS activation threshold.
-
-You can use a MAK for individual computers or with an image that can be duplicated or installed by using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. This is useful for moving a computer off the core network to a disconnected environment.
-
-### Multiple Activation Key architecture and activation
-
-MAK independent activation installs a MAK product key on a client computer. The key instructs that computer to activate itself with Microsoft servers over the Internet.
-In MAK proxy activation, the VAMT installs a MAK product key on a client computer, obtains the installation ID from the target computer, sends the installation ID to Microsoft on behalf of the client, and obtains a confirmation ID. The tool then activates the client computer by installing the confirmation ID.
-
-## Activating as a standard user
-
-Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 do not require administrator privileges for activation, but this change does not allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as “rearm.”
-
-## See also
-
-- [Volume Activation for Windows 10](volume-activation-windows-10.md)
-
-
+---
+title: Activate clients running Windows 10 (Windows 10)
+description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy.
+ms.assetid: 39446e49-ad7c-48dc-9f18-f85a11ded643
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.date: 07/27/2017
+ms.topic: article
+---
+
+# Activate clients running Windows 10
+
+**Applies to**
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2012
+- Windows Server 2008 R2
+
+**Looking for retail activation?**
+
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+
+After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works.
+Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer.
+If activation or reactivation is required, the following sequence occurs:
+1. If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals.
+2. If the computer is not a member of a domain or if the volume activation object is not available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer’s GVLK.
+3. The computer tries to activate against Microsoft servers if it is configured with a MAK.
+
+If the client is not able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart.
+
+## How Key Management Service works
+
+KMS uses a client–server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP.
+
+### Key Management Service activation thresholds
+
+You can activate physical computers and virtual machines by contacting a KMS host. To qualify for KMS activation, there must be a minimum number of qualifying computers (called the activation threshold). KMS clients will be activated only after this threshold has been met. Each KMS host counts the number of computers that have requested activation until the threshold is met.
+
+A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold are not activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more.
+When KMS clients are waiting for the KMS to reach the activation threshold, they will connect to the KMS host every two hours to get the current activation count. They will be activated when the threshold is met.
+
+In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it is activated. If a computer running Windows 10 receives an activation count of 25 or more, it is activated.
+
+### Activation count cache
+
+To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30day period begins again. If a KMS client computer does not renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one.
+However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days.
+The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size.
+
+### Key Management Service connectivity
+
+KMS activation requires TCP/IP connectivity. By default, KMS hosts and clients use DNS to publish and find the KMS. The default settings can be used, which require little or no administrative action, or KMS hosts and client computers can be manually configured based on network configuration and security requirements.
+
+### Key Management Service activation renewal
+
+KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every 7 days. If KMS activation fails, the client computer retries every two hours. After a client computer’s activation is renewed, the activation validity interval begins again.
+
+### Publication of the Key Management Service
+
+The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update is not available or the KMS host does not have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts.
+
+### Client discovery of the Key Management Service
+
+By default, KMS client computers query DNS for KMS information. The first time a KMS client computer queries DNS for KMS information, it randomly chooses a KMS host from the list of service (SRV) resource records that DNS returns. The address of a DNS server that contains the service (SRV) resource records can be listed as a suffixed entry on KMS client computers, which allows one DNS server to advertise the service (SRV) resource records for KMS, and KMS client computers with other primary DNS servers to find it.
+Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters.
+If the KMS host that a client computer selects does not respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host does not respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records.
+By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way.
+
+### Domain Name System server configuration
+
+The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update.
+The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records.
+
+### Activating the first Key Management Service host
+
+KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host does not communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers.
+
+### Activating subsequent Key Management Service hosts
+
+Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
+
+## How Multiple Activation Key works
+
+A MAK is used for one-time activation with Microsoft’s hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization’s exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit.
+
+You can activate computers by using a MAK in two ways:
+- **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that do not maintain a connection to the corporate network. MAK independent activation is shown in Figure 16.
+
+ 
+
+ **Figure 16**. MAK independent activation
+- **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It is also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17.
+
+ 
+
+ **Figure 17**. MAK proxy activation with the VAMT
+
+A MAK is recommended for computers that rarely or never connect to the corporate network and for environments in which the number of computers that require activation does not meet the KMS activation threshold.
+
+You can use a MAK for individual computers or with an image that can be duplicated or installed by using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. This is useful for moving a computer off the core network to a disconnected environment.
+
+### Multiple Activation Key architecture and activation
+
+MAK independent activation installs a MAK product key on a client computer. The key instructs that computer to activate itself with Microsoft servers over the Internet.
+In MAK proxy activation, the VAMT installs a MAK product key on a client computer, obtains the installation ID from the target computer, sends the installation ID to Microsoft on behalf of the client, and obtains a confirmation ID. The tool then activates the client computer by installing the confirmation ID.
+
+## Activating as a standard user
+
+Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 do not require administrator privileges for activation, but this change does not allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as “rearm.”
+
+## See also
+
+- [Volume Activation for Windows 10](volume-activation-windows-10.md)
+
+
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index bc02aaba30..fe607d6482 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -1,6 +1,6 @@
---
title: Add and Manage Products (Windows 10)
-description: Add and manage computers with the Volume Activation Management Tool (VAMT).
+description: Add client computers into the Volume Activation Management Tool (VAMT). After you add the computers, you can manage the products that are installed on your network.
ms.assetid: a48fbc23-917d-40f7-985c-e49702c05e51
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
index fc7b9b051d..dc8aedf5f2 100644
--- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
@@ -1,39 +1,40 @@
----
-title: Add and Remove a Product Key (Windows 10)
-description: Add and Remove a Product Key
-ms.assetid: feac32bb-fb96-4802-81b8-c69220dcfcce
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Add and Remove a Product Key
-
-Before you can use a Multiple Activation Key (MAK), retail, or KMS Host key (CSVLK) product key, you must first add it to the Volume Activation Management Tool (VAMT) database.
-
-## To Add a Product Key
-
-1. Open VAMT.
-2. In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu.
-3. Click **Add product keys** to open the **Add Product Keys** dialog box.
-4. In the **Add Product Keys** dialog box, select from one of the following methods to add product keys:
- - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and click **Add Key(s)**.
- - To import a Comma Separated Values (CSV) file containing a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**.
-
- **Note**
- If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.
-
-## Remove a Product Key
-
-- To remove a product key from the list, simply select the key in the list and click **Delete** on the **Selected Items** menu in the right-side pane. Click **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database will not affect the activation state of any products or computers on the network.
-
-## Related topics
-
-- [Manage Product Keys](manage-product-keys-vamt.md)
+---
+title: Add and Remove a Product Key (Windows 10)
+description: Add a product key to the Volume Activation Management Tool (VAMT) database. Also, learn how to remove the key from the database.
+ms.assetid: feac32bb-fb96-4802-81b8-c69220dcfcce
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Add and Remove a Product Key
+
+Before you can use a Multiple Activation Key (MAK), retail, or KMS Host key (CSVLK) product key, you must first add it to the Volume Activation Management Tool (VAMT) database.
+
+## To Add a Product Key
+
+1. Open VAMT.
+2. In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu.
+3. Click **Add product keys** to open the **Add Product Keys** dialog box.
+4. In the **Add Product Keys** dialog box, select from one of the following methods to add product keys:
+ - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and click **Add Key(s)**.
+ - To import a Comma Separated Values (CSV) file containing a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**.
+
+ **Note**
+ If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.
+
+## Remove a Product Key
+
+- To remove a product key from the list, simply select the key in the list and click **Delete** on the **Selected Items** menu in the right-side pane. Click **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database will not affect the activation state of any products or computers on the network.
+
+## Related topics
+
+- [Manage Product Keys](manage-product-keys-vamt.md)
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index d56ff58a30..19d405b786 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -1,71 +1,72 @@
----
-title: Appendix Information sent to Microsoft during activation (Windows 10)
-ms.assetid: 4bfff495-07d0-4385-86e3-7a077cbd64b8
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-description:
-keywords: vamt, volume activation, activation, windows activation
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.topic: article
----
-
-# Appendix: Information sent to Microsoft during activation
-**Applies to**
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
-
-**Looking for retail activation?**
-
-- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
-
-When you activate a computer running Windows 10, the following information is sent to Microsoft:
-
-- The Microsoft product code (a five-digit code that identifies the Windows product you are activating)
-- A channel ID or site code that identifies how the Windows product was originally obtained
-
- For example, a channel ID or site code identifies whether the product was originally purchased from a retail store, obtained as an evaluation copy, obtained through a volume licensing program, or preinstalled by a computer manufacturer.
-
-- The date of installation and whether the installation was successful
-- Information that helps confirm that your Windows product key has not been altered
-- Computer make and model
-- Version information for the operating system and software
-- Region and language settings
-- A unique number called a *globally unique identifier*, which is assigned to your computer
-- Product key (hashed) and product ID
-- BIOS name, revision number, and revision date
-- Volume serial number (hashed) of the hard disk drive
-- The result of the activation check
-
- This includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled:
-
- - The activation exploit’s identifier
- - The activation exploit’s current state, such as cleaned or quarantined
- - Computer manufacturer’s identification
- - The activation exploit’s file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit
-- The name and a hash of the contents of your computer’s startup instructions file
-- If your Windows license is on a subscription basis, information about how your subscription works
-
-Standard computer information is also sent, but your computer’s IP address is only retained temporarily.
-
-## Use of information
-
-Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
-For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
-
-## See also
-
-- [Volume Activation for Windows 10](volume-activation-windows-10.md)
-
-
+---
+title: Appendix Information sent to Microsoft during activation (Windows 10)
+ms.assetid: 4bfff495-07d0-4385-86e3-7a077cbd64b8
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+description:
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.date: 07/27/2017
+ms.topic: article
+---
+
+# Appendix: Information sent to Microsoft during activation
+**Applies to**
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2012
+- Windows Server 2008 R2
+
+**Looking for retail activation?**
+
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+
+When you activate a computer running Windows 10, the following information is sent to Microsoft:
+
+- The Microsoft product code (a five-digit code that identifies the Windows product you are activating)
+- A channel ID or site code that identifies how the Windows product was originally obtained
+
+ For example, a channel ID or site code identifies whether the product was originally purchased from a retail store, obtained as an evaluation copy, obtained through a volume licensing program, or preinstalled by a computer manufacturer.
+
+- The date of installation and whether the installation was successful
+- Information that helps confirm that your Windows product key has not been altered
+- Computer make and model
+- Version information for the operating system and software
+- Region and language settings
+- A unique number called a *globally unique identifier*, which is assigned to your computer
+- Product key (hashed) and product ID
+- BIOS name, revision number, and revision date
+- Volume serial number (hashed) of the hard disk drive
+- The result of the activation check
+
+ This includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled:
+
+ - The activation exploit’s identifier
+ - The activation exploit’s current state, such as cleaned or quarantined
+ - Computer manufacturer’s identification
+ - The activation exploit’s file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit
+- The name and a hash of the contents of your computer’s startup instructions file
+- If your Windows license is on a subscription basis, information about how your subscription works
+
+Standard computer information is also sent, but your computer’s IP address is only retained temporarily.
+
+## Use of information
+
+Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
+For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
+
+## See also
+
+- [Volume Activation for Windows 10](volume-activation-windows-10.md)
+
+
diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md
index 08cca37792..f4e102124a 100644
--- a/windows/deployment/volume-activation/configure-client-computers-vamt.md
+++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md
@@ -1,6 +1,6 @@
---
title: Configure Client Computers (Windows 10)
-description: Configure Client Computers
+description: Learn how to configure client computers to enable the Volume Activation Management Tool (VAMT) to function correctly.
ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md
index 5b77d96564..502813e80e 100644
--- a/windows/deployment/volume-activation/import-export-vamt-data.md
+++ b/windows/deployment/volume-activation/import-export-vamt-data.md
@@ -1,51 +1,52 @@
----
-title: Import and Export VAMT Data (Windows 10)
-description: Import and Export VAMT Data
-ms.assetid: 09a2c595-1a61-4da6-bd46-4ba8763cfd4f
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Import and Export VAMT Data
-
-You can use the Volume Activation Management Tool (VAMT) to import product-activation data from a Computer Information List (.cilx or .cil) file into SQL Server, and to export product-activation data into a .cilx file. A .cilx file is an XML file that stores computer and product-activation data.
-You can import data or export data during the following scenarios:
-- Import and merge data from previous versions of VAMT.
-- Export data to use to perform proxy activations.
-
-**Warning**
-Editing a .cilx file using an application other than VAMT can corrupt the .cilx file and is not supported.
-
-## Import VAMT Data
-
-**To import data into VAMT**
-1. Open VAMT.
-2. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box.
-3. In the **Import List** dialog box, navigate to the .cilx file location, select the file, and click **Open**.
-4. In the **Volume Activation Management Tool** dialog box, click **OK** to begin the import. VAMT displays a progress message while the file is being imported. Click **OK** when a message appears and confirms that the import has completed successfully.
-
-## Export VAMT Data
-
-Exporting VAMT data from a non-Internet-connected VAMT host computer is the first step of proxy activation using multiple VAMT hosts. To export product-activation data to a .cilx file:
-1. In the left-side pane, you can click a product you want to export data for, or click **Products** if the list contains data for all products.
-2. If you want to export only part of the data in a product list, in the product list view in the center pane select the products you want to export.
-3. In the right-side **Actions** pane on, click **Export list** to open the **Export List** dialog box.
-4. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file.
-5. Under **Export options**, select one of the following data-type options:
- - Export products and product keys
- - Export products only
- - Export proxy activation data only. Selecting this option ensures that the export contains only the licensing information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is checked.
-6. If you have selected products to export, select the **Export selected product rows only** check box.
-7. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully.
-
-## Related topics
-
-- [Perform Proxy Activation](proxy-activation-vamt.md)
+---
+title: Import and Export VAMT Data (Windows 10)
+description: Learn how to use the Volume Activation Management Tool (VAMT) to import product-activation data from a .cilx or .cil file into SQL Server.
+ms.assetid: 09a2c595-1a61-4da6-bd46-4ba8763cfd4f
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Import and Export VAMT Data
+
+You can use the Volume Activation Management Tool (VAMT) to import product-activation data from a Computer Information List (.cilx or .cil) file into SQL Server, and to export product-activation data into a .cilx file. A .cilx file is an XML file that stores computer and product-activation data.
+You can import data or export data during the following scenarios:
+- Import and merge data from previous versions of VAMT.
+- Export data to use to perform proxy activations.
+
+**Warning**
+Editing a .cilx file using an application other than VAMT can corrupt the .cilx file and is not supported.
+
+## Import VAMT Data
+
+**To import data into VAMT**
+1. Open VAMT.
+2. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box.
+3. In the **Import List** dialog box, navigate to the .cilx file location, select the file, and click **Open**.
+4. In the **Volume Activation Management Tool** dialog box, click **OK** to begin the import. VAMT displays a progress message while the file is being imported. Click **OK** when a message appears and confirms that the import has completed successfully.
+
+## Export VAMT Data
+
+Exporting VAMT data from a non-Internet-connected VAMT host computer is the first step of proxy activation using multiple VAMT hosts. To export product-activation data to a .cilx file:
+1. In the left-side pane, you can click a product you want to export data for, or click **Products** if the list contains data for all products.
+2. If you want to export only part of the data in a product list, in the product list view in the center pane select the products you want to export.
+3. In the right-side **Actions** pane on, click **Export list** to open the **Export List** dialog box.
+4. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file.
+5. Under **Export options**, select one of the following data-type options:
+ - Export products and product keys
+ - Export products only
+ - Export proxy activation data only. Selecting this option ensures that the export contains only the licensing information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is checked.
+6. If you have selected products to export, select the **Export selected product rows only** check box.
+7. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully.
+
+## Related topics
+
+- [Perform Proxy Activation](proxy-activation-vamt.md)
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index dc1c9eaa35..f4cff8a4da 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -1,34 +1,35 @@
----
-title: Install and Configure VAMT (Windows 10)
-description: Install and Configure VAMT
-ms.assetid: 5c7ae9b9-0dbc-4277-bc4f-8b3e4ab0bf50
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.topic: article
----
-
-# Install and Configure VAMT
-
-This section describes how to install and configure the Volume Activation Management Tool (VAMT).
-
-## In this Section
-
-|Topic |Description |
-|------|------------|
-|[VAMT Requirements](vamt-requirements.md) |Provides system requirements for installing VAMT on a host computer. |
-|[Install VAMT](install-vamt.md) |Describes how to get and install VAMT. |
-|[Configure Client Computers](configure-client-computers-vamt.md) |Describes how to configure client computers on your network to work with VAMT. |
-
-## Related topics
-
-- [Introduction to VAMT](introduction-vamt.md)
-
-
+---
+title: Install and Configure VAMT (Windows 10)
+description: Learn how to install and configure the Volume Activation Management Tool (VAMT), and learn where to find information about the process.
+ms.assetid: 5c7ae9b9-0dbc-4277-bc4f-8b3e4ab0bf50
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.date: 07/27/2017
+ms.topic: article
+---
+
+# Install and Configure VAMT
+
+This section describes how to install and configure the Volume Activation Management Tool (VAMT).
+
+## In this Section
+
+|Topic |Description |
+|------|------------|
+|[VAMT Requirements](vamt-requirements.md) |Provides system requirements for installing VAMT on a host computer. |
+|[Install VAMT](install-vamt.md) |Describes how to get and install VAMT. |
+|[Configure Client Computers](configure-client-computers-vamt.md) |Describes how to configure client computers on your network to work with VAMT. |
+
+## Related topics
+
+- [Introduction to VAMT](introduction-vamt.md)
+
+
diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
index 3fe43074c1..c0458d4963 100644
--- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md
+++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
@@ -1,43 +1,44 @@
----
-title: Install a KMS Client Key (Windows 10)
-description: Install a KMS Client Key
-ms.assetid: d234468e-7917-4cf5-b0a8-4968454f7759
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.topic: article
----
-
-# Install a KMS Client Key
-
-You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you are converting a MAK-activated product to KMS activation.
-
-**Note**
-By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products.
-
-**To install a KMS Client key**
-1. Open VAMT.
-2. In the left-side pane click **Products** to open the product list view in the center pane.
-3. In the products list view in the center pane, select the products that need to have GVLKs installed. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- - To filter the list by computer name, enter a name in the **Computer Name** box.
- - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-5. Click **Filter**. VAMT displays the filtered list in the center pane.
-6. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
-7. The **Install Product Key** dialog box displays the keys that are available to be installed.
-8. Select the **Automatically select an AD or KMS client key** option and then click **Install Key**.
-
- VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
-
- The same status is shown under the **Status of Last Action** column in the product list view in the center pane.
-
-## Related topics
-
-- [Perform KMS Activation](kms-activation-vamt.md)
+---
+title: Install a KMS Client Key (Windows 10)
+description: Learn to use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys.
+ms.assetid: d234468e-7917-4cf5-b0a8-4968454f7759
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.date: 07/27/2017
+ms.topic: article
+---
+
+# Install a KMS Client Key
+
+You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you are converting a MAK-activated product to KMS activation.
+
+**Note**
+By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products.
+
+**To install a KMS Client key**
+1. Open VAMT.
+2. In the left-side pane click **Products** to open the product list view in the center pane.
+3. In the products list view in the center pane, select the products that need to have GVLKs installed. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+ - To filter the list by computer name, enter a name in the **Computer Name** box.
+ - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
+5. Click **Filter**. VAMT displays the filtered list in the center pane.
+6. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
+7. The **Install Product Key** dialog box displays the keys that are available to be installed.
+8. Select the **Automatically select an AD or KMS client key** option and then click **Install Key**.
+
+ VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+
+ The same status is shown under the **Status of Last Action** column in the product list view in the center pane.
+
+## Related topics
+
+- [Perform KMS Activation](kms-activation-vamt.md)
diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md
index 96908f97d1..d83feb6226 100644
--- a/windows/deployment/volume-activation/install-product-key-vamt.md
+++ b/windows/deployment/volume-activation/install-product-key-vamt.md
@@ -1,45 +1,46 @@
----
-title: Install a Product Key (Windows 10)
-description: Install a Product Key
-ms.assetid: 78812c87-2208-4f8b-9c2c-5a8a18b2d648
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.topic: article
----
-
-# Install a Product Key
-
-You can use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK).
-
-**To install a Product key**
-1. Open VAMT.
-2. In the left-side pane, click the product that you want to install keys onto.
-3. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- - To filter the list by computer name, enter a name in the **Computer Name** box.
- - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-5. Click **Filter**.
-6. In the products list view in the center pane, sort the list if needed and then select the products that need to have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
-7. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
-8. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAK based on the selected products. You can select a recommended product key or a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key you want to install, click **Install Key**. Note that only one key can be installed at a time.
-9. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
-
- The same status is shown under the **Status of Last Action** column in the product list view in the center pane.
-
- **Note**
- Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right
- Volume License Key for Windows](https://go.microsoft.com/fwlink/p/?linkid=238382).
-
-## Related topics
-
-- [Manage Product Keys](manage-product-keys-vamt.md)
-
-
+---
+title: Install a Product Key (Windows 10)
+description: Learn to use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK).
+ms.assetid: 78812c87-2208-4f8b-9c2c-5a8a18b2d648
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.date: 07/27/2017
+ms.topic: article
+---
+
+# Install a Product Key
+
+You can use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK).
+
+**To install a Product key**
+1. Open VAMT.
+2. In the left-side pane, click the product that you want to install keys onto.
+3. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+ - To filter the list by computer name, enter a name in the **Computer Name** box.
+ - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
+5. Click **Filter**.
+6. In the products list view in the center pane, sort the list if needed and then select the products that need to have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
+7. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
+8. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAK based on the selected products. You can select a recommended product key or a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key you want to install, click **Install Key**. Note that only one key can be installed at a time.
+9. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+
+ The same status is shown under the **Status of Last Action** column in the product list view in the center pane.
+
+ **Note**
+ Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right
+ Volume License Key for Windows](https://go.microsoft.com/fwlink/p/?linkid=238382).
+
+## Related topics
+
+- [Manage Product Keys](manage-product-keys-vamt.md)
+
+
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 27951497ec..6b18acd8ae 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -1,6 +1,6 @@
---
title: Install VAMT (Windows 10)
-description: Install VAMT
+description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
ms.assetid: 2eabd3e2-0a68-43a5-8189-2947e46482fc
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index 791d49e497..5152af65fe 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -1,66 +1,67 @@
----
-title: Introduction to VAMT (Windows 10)
-description: Introduction to VAMT
-ms.assetid: 0439685e-0bae-4967-b0d4-dd84ca6d7fa7
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Introduction to VAMT
-
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
-
-**Note**
-VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated.
-
-## In this Topic
-- [Managing Multiple Activation Key (MAK) and Retail Activation](#bkmk-managingmak)
-- [Managing Key Management Service (KMS) Activation](#bkmk-managingkms)
-- [Enterprise Environment](#bkmk-enterpriseenvironment)
-- [VAMT User Interface](#bkmk-userinterface)
-
-## Managing Multiple Activation Key (MAK) and Retail Activation
-
-You can use a MAK or a retail product key to activate Windows, Windows Server, or Office on an individual computer or a group of computers. VAMT enables two different activation scenarios:
-- **Online activation.** Many enterprises maintain a single Windows system image or Office installation package for deployment across the enterprise. Occasionally there is also a need to use retail product keys in special situations. Online activation enables you to activate over the Internet any products installed with MAK, KMS host, or retail product keys on one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft.
-- **Proxy activation.** This activation method enables you to perform volume activation for products installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS Host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs Internet access. You can also activate products installed on computers in a workgroup that is completely isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the Internet-connected VAMT host.
-
-## Managing Key Management Service (KMS) Activation
-
-In addition to MAK or retail activation, you can use VAMT to perform volume activation using the Key Management Service (KMS). VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by Volume License editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 as well as Microsoft Office 2010.
-VAMT treats a KMS Host key (CSVLK) product key identically to a retail-type product key; therefore, the experience for product key entry and activation management are identical for both these product key types.
-
-## Enterprise Environment
-
-VAMT is commonly implemented in enterprise environments. The following illustrates three common environments—Core Network, Secure Zone, and Isolated Lab.
-
-
-
-In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
-The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab.
-
-## VAMT User Interface
-
-The following screenshot shows the VAMT graphical user interface.
-
-
-
-VAMT provides a single, graphical user interface for managing activations, and for performing other activation-related tasks such as:
-- **Adding and removing computers.** You can use VAMT to discover computers in the local environment. VAMT can discover computers by querying AD DS, workgroups, by individual computer name or IP address, or via a general LDAP query.
-- **Discovering products.** You can use VAMT to discover Windows, Windows Server, Office, and select other products installed on the client computers.
-- **Monitoring activation status.** You can collect activation information about each product, including the last 5 characters of the product key being used, the current license state (such as Licensed, Grace, Unlicensed), and the product edition information.
-- **Managing product keys.** You can store multiple product keys and use VAMT to install these keys to remote client products. You can also determine the number of activations remaining for MAKs.
-- **Managing activation data.** VAMT stores activation data in a SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format.
-
-## Related topics
-- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
-
-
+---
+title: Introduction to VAMT (Windows 10)
+description: VAMT enables administrators to automate and centrally manage the Windows, Microsoft Office, and select other Microsoft products volume and retail activation process.
+ms.assetid: 0439685e-0bae-4967-b0d4-dd84ca6d7fa7
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Introduction to VAMT
+
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
+
+**Note**
+VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated.
+
+## In this Topic
+- [Managing Multiple Activation Key (MAK) and Retail Activation](#bkmk-managingmak)
+- [Managing Key Management Service (KMS) Activation](#bkmk-managingkms)
+- [Enterprise Environment](#bkmk-enterpriseenvironment)
+- [VAMT User Interface](#bkmk-userinterface)
+
+## Managing Multiple Activation Key (MAK) and Retail Activation
+
+You can use a MAK or a retail product key to activate Windows, Windows Server, or Office on an individual computer or a group of computers. VAMT enables two different activation scenarios:
+- **Online activation.** Many enterprises maintain a single Windows system image or Office installation package for deployment across the enterprise. Occasionally there is also a need to use retail product keys in special situations. Online activation enables you to activate over the Internet any products installed with MAK, KMS host, or retail product keys on one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft.
+- **Proxy activation.** This activation method enables you to perform volume activation for products installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS Host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs Internet access. You can also activate products installed on computers in a workgroup that is completely isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the Internet-connected VAMT host.
+
+## Managing Key Management Service (KMS) Activation
+
+In addition to MAK or retail activation, you can use VAMT to perform volume activation using the Key Management Service (KMS). VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by Volume License editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 as well as Microsoft Office 2010.
+VAMT treats a KMS Host key (CSVLK) product key identically to a retail-type product key; therefore, the experience for product key entry and activation management are identical for both these product key types.
+
+## Enterprise Environment
+
+VAMT is commonly implemented in enterprise environments. The following illustrates three common environments—Core Network, Secure Zone, and Isolated Lab.
+
+
+
+In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
+The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab.
+
+## VAMT User Interface
+
+The following screenshot shows the VAMT graphical user interface.
+
+
+
+VAMT provides a single, graphical user interface for managing activations, and for performing other activation-related tasks such as:
+- **Adding and removing computers.** You can use VAMT to discover computers in the local environment. VAMT can discover computers by querying AD DS, workgroups, by individual computer name or IP address, or via a general LDAP query.
+- **Discovering products.** You can use VAMT to discover Windows, Windows Server, Office, and select other products installed on the client computers.
+- **Monitoring activation status.** You can collect activation information about each product, including the last 5 characters of the product key being used, the current license state (such as Licensed, Grace, Unlicensed), and the product edition information.
+- **Managing product keys.** You can store multiple product keys and use VAMT to install these keys to remote client products. You can also determine the number of activations remaining for MAKs.
+- **Managing activation data.** VAMT stores activation data in a SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format.
+
+## Related topics
+- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
+
+
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index 318cd0cb65..e1e2f2151e 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -1,33 +1,34 @@
----
-title: Manage Activations (Windows 10)
-description: Manage Activations
-ms.assetid: 53bad9ed-9430-4f64-a8de-80613870862c
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Manage Activations
-
-This section describes how to activate a client computer, by using a variety of activation methods.
-
-## In this Section
-
-|Topic |Description |
-|------|------------|
-|[Perform Online Activation](online-activation-vamt.md) |Describes how to activate a client computer over the Internet. |
-|[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that do not have Internet access. |
-|[Perform KMS Activation](kms-activation-vamt.md) |Describes how perform volume activation using the Key Management Service (KMS). |
-|[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. |
-|[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to online activate an Active Directory forest. |
-|[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that is not connected to the Internet. |
-
-
-
+---
+title: Manage Activations (Windows 10)
+description: Learn how to manage activations and how to activate a client computer by using a variety of activation methods.
+ms.assetid: 53bad9ed-9430-4f64-a8de-80613870862c
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Manage Activations
+
+This section describes how to activate a client computer, by using a variety of activation methods.
+
+## In this Section
+
+|Topic |Description |
+|------|------------|
+|[Perform Online Activation](online-activation-vamt.md) |Describes how to activate a client computer over the Internet. |
+|[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that do not have Internet access. |
+|[Perform KMS Activation](kms-activation-vamt.md) |Describes how perform volume activation using the Key Management Service (KMS). |
+|[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. |
+|[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to online activate an Active Directory forest. |
+|[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that is not connected to the Internet. |
+
+
+
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index bedd50af8f..1eb0380671 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -1,29 +1,30 @@
----
-title: Manage Product Keys (Windows 10)
-description: Manage Product Keys
-ms.assetid: 4c6c4216-b4b7-437c-904e-4cb257f913cd
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Manage Product Keys
-
-This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database.
-## In this Section
-
-|Topic |Description |
-|------|------------|
-|[Add and Remove a Product Key](add-remove-product-key-vamt.md) |Describes how to add a product key to the VAMT database. |
-|[Install a Product Key](install-product-key-vamt.md) |Describes how to install a product key for specific product. |
-|[Install a KMS Client Key](install-kms-client-key-vamt.md) |Describes how to install a GVLK (KMS client) key. |
-
-
-
+---
+title: Manage Product Keys (Windows 10)
+description: In this article, learn how to add and remove a product key from the Volume Activation Management Tool (VAMT).
+ms.assetid: 4c6c4216-b4b7-437c-904e-4cb257f913cd
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Manage Product Keys
+
+This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database.
+## In this Section
+
+|Topic |Description |
+|------|------------|
+|[Add and Remove a Product Key](add-remove-product-key-vamt.md) |Describes how to add a product key to the VAMT database. |
+|[Install a Product Key](install-product-key-vamt.md) |Describes how to install a product key for specific product. |
+|[Install a KMS Client Key](install-kms-client-key-vamt.md) |Describes how to install a GVLK (KMS client) key. |
+
+
+
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 7d068975cd..6f2f8b2dd0 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -1,25 +1,26 @@
----
-title: Manage VAMT Data (Windows 10)
-description: Manage VAMT Data
-ms.assetid: 233eefa4-3125-4965-a12d-297a67079dc4
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Manage VAMT Data
-
-This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
-
-## In this Section
-|Topic |Description |
-|------|------------|
-|[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
-|[Use VAMT in Windows PowerShell](use-vamt-in-windows-powershell.md) |Describes how to access Windows PowerShell and how to import the VAMT PowerShell module. |
+---
+title: Manage VAMT Data (Windows 10)
+description: Learn how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
+ms.assetid: 233eefa4-3125-4965-a12d-297a67079dc4
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Manage VAMT Data
+
+This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
+
+## In this Section
+|Topic |Description |
+|------|------------|
+|[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
+|[Use VAMT in Windows PowerShell](use-vamt-in-windows-powershell.md) |Describes how to access Windows PowerShell and how to import the VAMT PowerShell module. |
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index ea131b996d..143855e843 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -1,44 +1,45 @@
----
-title: Monitor activation (Windows 10)
-ms.assetid: 264a3e86-c880-4be4-8828-bf4c839dfa26
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-description:
-keywords: vamt, volume activation, activation, windows activation
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.topic: article
----
-
-# Monitor activation
-
-**Applies to**
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
-
-**Looking for retail activation?**
-
-- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
-
-You can monitor the success of the activation process for a computer running Windows in several ways. The most popular methods include:
-- Using the Volume Licensing Service Center website to track use of MAK keys.
-- Using the **Slmgr /dlv** command on a client computer or on the KMS host. (For a full list of options, see [Slmgr.vbs Options](https://technet.microsoft.com/library/ff793433.aspx).)
-- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it is available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.)
-- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290).
-- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager.
-- See [Troubleshooting activation error codes](https://docs.microsoft.com/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
-- The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
-
-## See also
-
-[Volume Activation for Windows 10](volume-activation-windows-10.md)
+---
+title: Monitor activation (Windows 10)
+ms.assetid: 264a3e86-c880-4be4-8828-bf4c839dfa26
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+description:
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.topic: article
+---
+
+# Monitor activation
+
+**Applies to**
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2012
+- Windows Server 2008 R2
+
+**Looking for retail activation?**
+
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+
+You can monitor the success of the activation process for a computer running Windows in several ways. The most popular methods include:
+- Using the Volume Licensing Service Center website to track use of MAK keys.
+- Using the **Slmgr /dlv** command on a client computer or on the KMS host. (For a full list of options, see [Slmgr.vbs Options](https://technet.microsoft.com/library/ff793433.aspx).)
+- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it is available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.)
+- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290).
+- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager.
+- See [Troubleshooting activation error codes](https://docs.microsoft.com/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
+- The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
+
+## See also
+
+[Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md
index 45f237024f..96d0e8abdd 100644
--- a/windows/deployment/volume-activation/online-activation-vamt.md
+++ b/windows/deployment/volume-activation/online-activation-vamt.md
@@ -1,55 +1,56 @@
----
-title: Perform Online Activation (Windows 10)
-description: Perform Online Activation
-ms.assetid: 8381792b-a454-4e66-9b4c-e6e4c9303823
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Perform Online Activation
-
-You can use the Volume Activation Management Tool (VAMT) to enable client products to be activated over the Internet. You can install the client products with any kind of product key that is eligible for online activation—Multiple Activation Key (MAK), retail, and Windows Key Management Services (KMS) host key.
-
-## Requirements
-
-Before performing online activation, ensure that the network and the VAMT installation meet the following requirements:
-- VAMT is installed on a central computer that has network access to all client computers.
-- Both the VAMT host and client computers have Internet access.
-- The products that you want to activate are added to VAMT.
-- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
-
-The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking
-**Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
-
-## To Perform an Online Activation
-
-**To perform an online activation**
-1. Open VAMT.
-2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- - To filter the list by computer name, enter a name in the **Computer Name** box.
- - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-4. Click **Filter**. VAMT displays the filtered list in the center pane.
-5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
-6. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button.
-7. Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password.
-8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
-
- The same status is shown under the **Status of Last Action** column in the products list view in the center pane.
-
- **Note**
- Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation.
-
- **Note**
- You can use online activation to select products that have different key types and activate the products at the same time.
-
-## Related topics
-- [Manage Activations](manage-activations-vamt.md)
+---
+title: Perform Online Activation (Windows 10)
+description: Learn how to use the Volume Activation Management Tool (VAMT) to enable client products to be activated online.
+ms.assetid: 8381792b-a454-4e66-9b4c-e6e4c9303823
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Perform Online Activation
+
+You can use the Volume Activation Management Tool (VAMT) to enable client products to be activated over the Internet. You can install the client products with any kind of product key that is eligible for online activation—Multiple Activation Key (MAK), retail, and Windows Key Management Services (KMS) host key.
+
+## Requirements
+
+Before performing online activation, ensure that the network and the VAMT installation meet the following requirements:
+- VAMT is installed on a central computer that has network access to all client computers.
+- Both the VAMT host and client computers have Internet access.
+- The products that you want to activate are added to VAMT.
+- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+
+The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking
+**Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
+
+## To Perform an Online Activation
+
+**To perform an online activation**
+1. Open VAMT.
+2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+ - To filter the list by computer name, enter a name in the **Computer Name** box.
+ - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
+4. Click **Filter**. VAMT displays the filtered list in the center pane.
+5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
+6. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button.
+7. Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password.
+8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+
+ The same status is shown under the **Status of Last Action** column in the products list view in the center pane.
+
+ **Note**
+ Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation.
+
+ **Note**
+ You can use online activation to select products that have different key types and activate the products at the same time.
+
+## Related topics
+- [Manage Activations](manage-activations-vamt.md)
diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md
index 65dd923d7e..ce8b8c1e39 100644
--- a/windows/deployment/volume-activation/remove-products-vamt.md
+++ b/windows/deployment/volume-activation/remove-products-vamt.md
@@ -1,35 +1,36 @@
----
-title: Remove Products (Windows 10)
-description: Remove Products
-ms.assetid: 4d44379e-dda1-4a8f-8ebf-395b6c0dad8e
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Remove Products
-
-To remove one or more products from the Volume Activation Management Tool (VAMT), you can delete them from the product list view in the center pane.
-
-**To delete one or more products**
-1. Click a product node in the left-side pane.
-2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- - To filter the list by computer name, enter a name in the **Computer Name** box.
- - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-4. Click **Filter**. VAMT displays the filtered list in the center pane.
-5. Select the products you want to delete.
-6. Click **Delete** in the **Selected Items** menu in the right-side pane.
-7. On the **Confirm Delete Selected Products** dialog box, click **OK**.
-
-## Related topics
-- [Add and Manage Products](add-manage-products-vamt.md)
-
-
+---
+title: Remove Products (Windows 10)
+description: Learn how you must delete products from the product list view so you can remove products from the Volume Activation Management Tool (VAMT).
+ms.assetid: 4d44379e-dda1-4a8f-8ebf-395b6c0dad8e
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Remove Products
+
+To remove one or more products from the Volume Activation Management Tool (VAMT), you can delete them from the product list view in the center pane.
+
+**To delete one or more products**
+1. Click a product node in the left-side pane.
+2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+ - To filter the list by computer name, enter a name in the **Computer Name** box.
+ - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
+4. Click **Filter**. VAMT displays the filtered list in the center pane.
+5. Select the products you want to delete.
+6. Click **Delete** in the **Selected Items** menu in the right-side pane.
+7. On the **Confirm Delete Selected Products** dialog box, click **OK**.
+
+## Related topics
+- [Add and Manage Products](add-manage-products-vamt.md)
+
+
diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
index 34263037b3..400b2ad2e1 100644
--- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
@@ -1,48 +1,49 @@
----
-title: Scenario 3 KMS Client Activation (Windows 10)
-description: Scenario 3 KMS Client Activation
-ms.assetid: 72b04e8f-cd35-490c-91ab-27ea799b05d0
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Scenario 3: KMS Client Activation
-
-In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
-
-The procedure that is described below assumes the following:
-- The KMS Service is enabled and available to all KMS clients.
-- VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information.
-
-## Activate KMS Clients
-
-1. Open VAMT.
-2. To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box.
-3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options:
- - **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead.
- - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain.
- - **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host.
-4. In the left-side pane, in the **Products** node, click the product that you want to activate.
-5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- - To filter the list by computer name, enter a name in the **Computer Name** box.
- - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-7. Click **Filter**. VAMT displays the filtered list in the center pane.
-8. Select the products that you want to activate.
-9. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password.
-10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
-
-The same status is shown under the **Status of Last Action** column in the products list view in the center pane.
-
-## Related topics
-- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
-
-
+---
+title: Scenario 3 KMS Client Activation (Windows 10)
+description: Learn how to use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs).
+ms.assetid: 72b04e8f-cd35-490c-91ab-27ea799b05d0
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Scenario 3: KMS Client Activation
+
+In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
+
+The procedure that is described below assumes the following:
+- The KMS Service is enabled and available to all KMS clients.
+- VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information.
+
+## Activate KMS Clients
+
+1. Open VAMT.
+2. To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box.
+3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options:
+ - **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead.
+ - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain.
+ - **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host.
+4. In the left-side pane, in the **Products** node, click the product that you want to activate.
+5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+ - To filter the list by computer name, enter a name in the **Computer Name** box.
+ - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
+7. Click **Filter**. VAMT displays the filtered list in the center pane.
+8. Select the products that you want to activate.
+9. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password.
+10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+
+The same status is shown under the **Status of Last Action** column in the products list view in the center pane.
+
+## Related topics
+- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
+
+
diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
index 3c52c27790..f46556cdae 100644
--- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
@@ -1,6 +1,6 @@
---
title: Scenario 2 Proxy Activation (Windows 10)
-description: Scenario 2 Proxy Activation
+description: Use the Volume Activation Management Tool (VAMT) to activate products that are installed on workgroup computers in an isolated lab environment.
ms.assetid: ed5a8a56-d9aa-4895-918f-dd1898cb2c1a
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md
index 038839adb4..1e3cd0e815 100644
--- a/windows/deployment/volume-activation/update-product-status-vamt.md
+++ b/windows/deployment/volume-activation/update-product-status-vamt.md
@@ -1,38 +1,39 @@
----
-title: Update Product Status (Windows 10)
-description: Update Product Status
-ms.assetid: 39d4abd4-801a-4e8f-9b8c-425a24a96764
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Update Product Status
-
-After you add computers to the VAMT database, you need to use the **Update license status** function to add the products that are installed on the computers. You can also use the **Update license status** at any time to retrieve the most current license status for any products in the VAMT database.
-To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
-
-**Note**
-The license-status query requires a valid computer name for each system queried. If the VAMT database contains computers that were added without Personally Identifiable Information, computer names will not be available for those computers, and the status for these computers will not be updated.
-
-## Update the license status of a product
-
-1. Open VAMT.
-2. In the **Products** list, select one or more products that need to have their status updated.
-3. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer.
-4. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
-
- VAMT displays the **Collecting product information** dialog box while it collects the status of all selected products. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane.
-
- **Note**
- If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view.
-
-## Related topics
-- [Add and Manage Products](add-manage-products-vamt.md)
+---
+title: Update Product Status (Windows 10)
+description: Learn how to use the Update license status function to add the products that are installed on the computers.
+ms.assetid: 39d4abd4-801a-4e8f-9b8c-425a24a96764
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Update Product Status
+
+After you add computers to the VAMT database, you need to use the **Update license status** function to add the products that are installed on the computers. You can also use the **Update license status** at any time to retrieve the most current license status for any products in the VAMT database.
+To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+
+**Note**
+The license-status query requires a valid computer name for each system queried. If the VAMT database contains computers that were added without Personally Identifiable Information, computer names will not be available for those computers, and the status for these computers will not be updated.
+
+## Update the license status of a product
+
+1. Open VAMT.
+2. In the **Products** list, select one or more products that need to have their status updated.
+3. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer.
+4. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
+
+ VAMT displays the **Collecting product information** dialog box while it collects the status of all selected products. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane.
+
+ **Note**
+ If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view.
+
+## Related topics
+- [Add and Manage Products](add-manage-products-vamt.md)
diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
index 092f297bb9..7389bcd273 100644
--- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
+++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
@@ -1,6 +1,6 @@
---
title: Use VAMT in Windows PowerShell (Windows 10)
-description: Use VAMT in Windows PowerShell
+description: Learn how to use Volume Activation Management Tool (VAMT) PowerShell cmdlets to perform the same functions as the Vamt.exe command-line tool.
ms.assetid: 13e0ceec-d827-4681-a5c3-8704349e3ba9
ms.reviewer:
manager: laurawi
diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md
index e9c0da934f..2ee3dbbb3d 100644
--- a/windows/deployment/volume-activation/vamt-requirements.md
+++ b/windows/deployment/volume-activation/vamt-requirements.md
@@ -1,46 +1,47 @@
----
-title: VAMT Requirements (Windows 10)
-description: VAMT Requirements
-ms.assetid: d14d152b-ab8a-43cb-a8fd-2279364007b9
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# VAMT Requirements
-
-This topic includes info about the product key and system requirements for VAMT.
-
-## Product Key Requirements
-
-The Volume Activation Management Tool (VAMT) can be used to perform activations using any of the following types of product keys.
-
-|Product key type |Where to obtain |
-|-----------------|----------------|
-|
Multiple Activation Key (MAK)
Key Management Service (KMS) host key (CSVLK)
KMS client setup keys (GVLK)
|Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). |
-|Retail product keys |Obtained at time of product purchase. |
-
-## System Requirements
-
-The following table lists the system requirements for the VAMT host computer.
-
-| Item | Minimum system requirement |
-| ---- | ---------------------------|
-| Computer and Processor | 1 GHz x86 or x64 processor |
-| Memory | 1 GB RAM for x86 or 2 GB RAM for x64 |
-| Hard Disk | 16 GB available hard disk space for x86 or 20 GB for x64 |
-| External Drive | Removable media (Optional) |
-| Display | 1024x768 or higher resolution monitor |
-| Network | Connectivity to remote computers via Windows Management Instrumentation (TCP/IP) and Microsoft Activation Web Service on the Internet via HTTPS |
-| Operating System | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, or later. |
-| Additional Requirements |
Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).
PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](https://go.microsoft.com/fwlink/p/?LinkId=218356).
If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.
|
-
-## Related topics
-- [Install and Configure VAMT](install-configure-vamt.md)
+---
+title: VAMT Requirements (Windows 10)
+description: In this article, learn about the product key and system requierements for Volume Activation Management Tool (VAMT).
+ms.assetid: d14d152b-ab8a-43cb-a8fd-2279364007b9
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# VAMT Requirements
+
+This topic includes info about the product key and system requirements for VAMT.
+
+## Product Key Requirements
+
+The Volume Activation Management Tool (VAMT) can be used to perform activations using any of the following types of product keys.
+
+|Product key type |Where to obtain |
+|-----------------|----------------|
+|
Multiple Activation Key (MAK)
Key Management Service (KMS) host key (CSVLK)
KMS client setup keys (GVLK)
|Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). |
+|Retail product keys |Obtained at time of product purchase. |
+
+## System Requirements
+
+The following table lists the system requirements for the VAMT host computer.
+
+| Item | Minimum system requirement |
+| ---- | ---------------------------|
+| Computer and Processor | 1 GHz x86 or x64 processor |
+| Memory | 1 GB RAM for x86 or 2 GB RAM for x64 |
+| Hard Disk | 16 GB available hard disk space for x86 or 20 GB for x64 |
+| External Drive | Removable media (Optional) |
+| Display | 1024x768 or higher resolution monitor |
+| Network | Connectivity to remote computers via Windows Management Instrumentation (TCP/IP) and Microsoft Activation Web Service on the Internet via HTTPS |
+| Operating System | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, or later. |
+| Additional Requirements |
Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).
PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](https://go.microsoft.com/fwlink/p/?LinkId=218356).
If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.
|
+
+## Related topics
+- [Install and Configure VAMT](install-configure-vamt.md)
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index ae1576bb5f..ef45dc1c96 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -1,32 +1,33 @@
----
-title: VAMT Step-by-Step Scenarios (Windows 10)
-description: VAMT Step-by-Step Scenarios
-ms.assetid: 455c542c-4860-4b57-a1f0-7e2d28e11a10
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# VAMT Step-by-Step Scenarios
-
-This section provides step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; the scenarios in this section describe some of the most common to get you started.
-
-## In this Section
-
-|Topic |Description |
-|------|------------|
-|[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. |
-|[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. |
-|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
-
-## Related topics
-- [Introduction to VAMT](introduction-vamt.md)
-
-
+---
+title: VAMT Step-by-Step Scenarios (Windows 10)
+description: Learn step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments.
+ms.assetid: 455c542c-4860-4b57-a1f0-7e2d28e11a10
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# VAMT Step-by-Step Scenarios
+
+This section provides step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; the scenarios in this section describe some of the most common to get you started.
+
+## In this Section
+
+|Topic |Description |
+|------|------------|
+|[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. |
+|[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. |
+|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
+
+## Related topics
+- [Introduction to VAMT](introduction-vamt.md)
+
+
diff --git a/windows/deployment/windows-10-deployment-posters.md b/windows/deployment/windows-10-deployment-posters.md
index 3ae808a4af..99b5479318 100644
--- a/windows/deployment/windows-10-deployment-posters.md
+++ b/windows/deployment/windows-10-deployment-posters.md
@@ -12,7 +12,6 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md
index 80dc7ea0eb..61d5af710d 100644
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@@ -5,6 +5,7 @@ ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
keywords: upgrade, in-place, configuration, deploy
ms.prod: w10
@@ -12,7 +13,6 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md
index 31c2c53103..2321163bd1 100644
--- a/windows/deployment/windows-10-deployment-tools-reference.md
+++ b/windows/deployment/windows-10-deployment-tools-reference.md
@@ -1,21 +1,21 @@
---
title: Windows 10 deployment tools reference
-description: Learn about the tools available to deploy Windows 10.
+description: Learn about the tools available to deploy Windows 10, like Volume Activation Management Tool (VAMT) and User State Migration Tool (USMT).
ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
-author: greg-lindsay
ms.date: 07/12/2017
ms.topic: article
---
-# Windows 10 deployment tools
+# Windows 10 deployment tools reference
Learn about the tools available to deploy Windows 10.
diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md
index a71caf0006..33f7b49f5e 100644
--- a/windows/deployment/windows-10-deployment-tools.md
+++ b/windows/deployment/windows-10-deployment-tools.md
@@ -5,12 +5,12 @@ ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
-author: greg-lindsay
ms.date: 10/16/2017
ms.topic: article
---
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index c36f0c2cdc..d362478ccc 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -13,7 +13,6 @@ manager: laurawi
ms.audience: itpro
author: greg-lindsay
audience: itpro
-author: greg-lindsay
ms.collection: M365-modern-desktop
ms.topic: article
---
diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md
index 24743735e8..38a56db227 100644
--- a/windows/deployment/windows-10-media.md
+++ b/windows/deployment/windows-10-media.md
@@ -9,10 +9,10 @@ ms.date: 10/20/2017
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
ms.sitesec: library
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md
index dfa95cf6e1..7f9f5e72ad 100644
--- a/windows/deployment/windows-10-missing-fonts.md
+++ b/windows/deployment/windows-10-missing-fonts.md
@@ -1,103 +1,104 @@
----
-title: How to install fonts missing after upgrading to Windows 10
-description: Some of the fonts are missing from the system after you upgrade to Windows 10.
-keywords: deploy, upgrade, FoD, optional feature
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.localizationpriority: medium
-audience: itpro
author: greg-lindsay
-ms.audience: itpro
author: greg-lindsay
-ms.date: 10/31/2017
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-# How to install fonts that are missing after upgrading to Windows 10
-
-> Applies to: Windows 10
-
-When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows 10. If you install a fresh instance of Windows 10, or upgrade an older version of Windows to Windows 10, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system.
-
-If you have documents created using the missing fonts, these documents might display differently on Windows 10.
-
-For example, if you have an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing:
-
-- Gautami
-- Meiryo
-- Narkism/Batang
-- BatangChe
-- Dotum
-- DotumChe
-- Gulim
-- GulimChe
-- Gungsuh
-- GungsuhChe
-
-If you want to use these fonts, you can enable the optional feature to add these back to your system. Be aware that this is a permanent change in behavior for Windows 10, and it will remain this way in future releases.
-
-## Installing language-associated features via language settings:
-
-If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. You do this the Settings app.
-
-For example, here are the steps to install the fonts associated with the Hebrew language:
-
-1. Click **Start > Settings**.
-2. In Settings, click **Time & language**, and then click **Region & language**.
-3. If Hebrew is not included in the list of languages, click the plus sign (**+**) to add a language.
-4. Find Hebrew, and then click it to add it to your language list.
-
-Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This should only take a few minutes.
-
-> Note: The optional features are installed by Windows Update. This means you need to be online for the Windows Update service to work.
-
-## Install optional fonts manually without changing language settings:
-
-If you want to use fonts in an optional feature but don't need to search web pages, edit documents, or use apps in the associated language, you can install the optional font features manually without changing your language settings.
-
-For example, here are the steps to install the fonts associated with the Hebrew language without adding the Hebrew language itself to your language preferences:
-
-1. Click **Start > Settings**.
-2. In Settings, click **Apps**, click **Apps & features**, and then click **Manage optional features**.
-
-3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, click the plus sign (**+**) to add a feature.
-4. Select **Hebrew Supplemental Fonts** in the list, and then click **Install**.
-
-> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
-
-## Fonts included in optional font features
-
-Here is a comprehensive list of the font families in each of the optional features. Some font families might include multiple fonts for different weights and styles.
-
-- Arabic Script Supplemental Fonts: Aldhabi, Andalus, Arabic Typesetting, Microsoft Uighur, Sakkal Majalla, Simplified Arabic, Traditional Arabic, Urdu Typesetting
-- Bangla Script Supplemental Fonts: Shonar Bangla, Vrinda
-- Canadian Aboriginal Syllabics Supplemental Fonts: Euphemia
-- Cherokee Supplemental Fonts: Plantagenet Cherokee
-- Chinese (Simplified) Supplemental Fonts: DengXian, FangSong, KaiTi, SimHei
-- Chinese (Traditional) Supplemental Fonts: DFKai-SB, MingLiU, MingLiU_HKSCS, PMingLiU
-- Devanagari Supplemental Fonts: Aparajita, Kokila, Mangal, Sanskrit Text, Utsaah
-- Ethiopic Supplemental Fonts: Nyala
-- Gujarati Supplemental Fonts: Shruti
-- Gurmukhi Supplemental Fonts: Raavi
-- Hebrew Supplemental Fonts: Aharoni Bold, David, FrankRuehl, Gisha, Levanim MT, Miriam, Miriam Fixed, Narkism, Rod
-- Japanese Supplemental Fonts: Meiryo, Meiryo UI, MS Gothic, MS PGothic, MS UI Gothic, MS Mincho, MS PMincho, Yu Mincho
-- Kannada Supplemental Fonts: Tunga
-- Khmer Supplemental Fonts: DaunPenh, Khmer UI, MoolBoran
-- Korean Supplemental Fonts: Batang, BatangChe, Dotum, DotumChe, Gulim, GulimChe, Gungsuh, GungsuhChe
-- Lao Supplemental Fonts: DokChampa, Lao UI
-- Malayalam Supplemental Fonts: Karthika
-- Odia Supplemental Fonts: Kalinga
-- Pan-European Supplemental Fonts: Arial Nova, Georgia Pro, Gill Sans Nova, Neue Haas Grotesk, Rockwell Nova, Verdana Pro
-- Sinhala Supplemental Fonts: Iskoola Pota
-- Syriac Supplemental Fonts: Estrangelo Edessa
-- Tamil Supplemental Fonts: Latha, Vijaya
-- Telugu Supplemental Fonts: Gautami, Vani
-- Thai Supplemental Fonts: Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC
-
-## Related Topics
-
-[Download the list of all available language FODs](https://download.microsoft.com/download/0/A/A/0AA4342D-3933-4216-A90D-3BA8392FB1D1/Windows%2010%201703%20FOD%20to%20LP%20Mapping%20Table.xlsx)
-
-[Features On Demand V2 (Capabilities)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities#span-idrelatedtopicsspanrelated-topics)
-
-[Add Language Packs to Windows](/windows-hardware/manufacture/desktop/add-language-packs-to-windows)
+---
+title: How to install fonts missing after upgrading to Windows 10
+description: Some of the fonts are missing from the system after you upgrade to Windows 10.
+keywords: deploy, upgrade, FoD, optional feature
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.sitesec: library
+ms.localizationpriority: medium
+audience: itpro
+author: greg-lindsay
+ms.audience: itpro
+ms.date: 10/31/2017
+ms.reviewer:
+manager: laurawi
+ms.topic: article
+---
+# How to install fonts that are missing after upgrading to Windows 10
+
+> Applies to: Windows 10
+
+When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows 10. If you install a fresh instance of Windows 10, or upgrade an older version of Windows to Windows 10, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system.
+
+If you have documents created using the missing fonts, these documents might display differently on Windows 10.
+
+For example, if you have an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing:
+
+- Gautami
+- Meiryo
+- Narkism/Batang
+- BatangChe
+- Dotum
+- DotumChe
+- Gulim
+- GulimChe
+- Gungsuh
+- GungsuhChe
+
+If you want to use these fonts, you can enable the optional feature to add these back to your system. Be aware that this is a permanent change in behavior for Windows 10, and it will remain this way in future releases.
+
+## Installing language-associated features via language settings:
+
+If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. You do this the Settings app.
+
+For example, here are the steps to install the fonts associated with the Hebrew language:
+
+1. Click **Start > Settings**.
+2. In Settings, click **Time & language**, and then click **Region & language**.
+3. If Hebrew is not included in the list of languages, click the plus sign (**+**) to add a language.
+4. Find Hebrew, and then click it to add it to your language list.
+
+Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This should only take a few minutes.
+
+> Note: The optional features are installed by Windows Update. This means you need to be online for the Windows Update service to work.
+
+## Install optional fonts manually without changing language settings:
+
+If you want to use fonts in an optional feature but don't need to search web pages, edit documents, or use apps in the associated language, you can install the optional font features manually without changing your language settings.
+
+For example, here are the steps to install the fonts associated with the Hebrew language without adding the Hebrew language itself to your language preferences:
+
+1. Click **Start > Settings**.
+2. In Settings, click **Apps**, click **Apps & features**, and then click **Manage optional features**.
+
+3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, click the plus sign (**+**) to add a feature.
+4. Select **Hebrew Supplemental Fonts** in the list, and then click **Install**.
+
+> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
+
+## Fonts included in optional font features
+
+Here is a comprehensive list of the font families in each of the optional features. Some font families might include multiple fonts for different weights and styles.
+
+- Arabic Script Supplemental Fonts: Aldhabi, Andalus, Arabic Typesetting, Microsoft Uighur, Sakkal Majalla, Simplified Arabic, Traditional Arabic, Urdu Typesetting
+- Bangla Script Supplemental Fonts: Shonar Bangla, Vrinda
+- Canadian Aboriginal Syllabics Supplemental Fonts: Euphemia
+- Cherokee Supplemental Fonts: Plantagenet Cherokee
+- Chinese (Simplified) Supplemental Fonts: DengXian, FangSong, KaiTi, SimHei
+- Chinese (Traditional) Supplemental Fonts: DFKai-SB, MingLiU, MingLiU_HKSCS, PMingLiU
+- Devanagari Supplemental Fonts: Aparajita, Kokila, Mangal, Sanskrit Text, Utsaah
+- Ethiopic Supplemental Fonts: Nyala
+- Gujarati Supplemental Fonts: Shruti
+- Gurmukhi Supplemental Fonts: Raavi
+- Hebrew Supplemental Fonts: Aharoni Bold, David, FrankRuehl, Gisha, Levanim MT, Miriam, Miriam Fixed, Narkism, Rod
+- Japanese Supplemental Fonts: Meiryo, Meiryo UI, MS Gothic, MS PGothic, MS UI Gothic, MS Mincho, MS PMincho, Yu Mincho
+- Kannada Supplemental Fonts: Tunga
+- Khmer Supplemental Fonts: DaunPenh, Khmer UI, MoolBoran
+- Korean Supplemental Fonts: Batang, BatangChe, Dotum, DotumChe, Gulim, GulimChe, Gungsuh, GungsuhChe
+- Lao Supplemental Fonts: DokChampa, Lao UI
+- Malayalam Supplemental Fonts: Karthika
+- Odia Supplemental Fonts: Kalinga
+- Pan-European Supplemental Fonts: Arial Nova, Georgia Pro, Gill Sans Nova, Neue Haas Grotesk, Rockwell Nova, Verdana Pro
+- Sinhala Supplemental Fonts: Iskoola Pota
+- Syriac Supplemental Fonts: Estrangelo Edessa
+- Tamil Supplemental Fonts: Latha, Vijaya
+- Telugu Supplemental Fonts: Gautami, Vani
+- Thai Supplemental Fonts: Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC
+
+## Related Topics
+
+[Download the list of all available language FODs](https://download.microsoft.com/download/0/A/A/0AA4342D-3933-4216-A90D-3BA8392FB1D1/Windows%2010%201703%20FOD%20to%20LP%20Mapping%20Table.xlsx)
+
+[Features On Demand V2 (Capabilities)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities#span-idrelatedtopicsspanrelated-topics)
+
+[Add Language Packs to Windows](/windows-hardware/manufacture/desktop/add-language-packs-to-windows)
diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md
index a9ffbb1c73..c10e477cff 100644
--- a/windows/deployment/windows-10-poc-mdt.md
+++ b/windows/deployment/windows-10-poc-mdt.md
@@ -11,9 +11,9 @@ ms.date: 10/11/2017
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index ba8078e40c..67a95f1168 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -10,9 +10,9 @@ ms.localizationpriority: medium
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
index e86a065bf5..6b3110a329 100644
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@@ -3,6 +3,7 @@ title: Configure a test lab to deploy Windows 10
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
description: Concepts and procedures for deploying Windows 10 in a proof of concept lab environment.
ms.prod: w10
@@ -12,7 +13,6 @@ ms.pagetype: deploy
keywords: deployment, automate, tools, configure, mdt, sccm
ms.localizationpriority: medium
audience: itpro
-author: greg-lindsay
ms.topic: article
---
@@ -22,7 +22,12 @@ ms.topic: article
- Windows 10
-This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides:
+This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources.
+
+> [!NOTE]
+> Microsoft also offers a pre-configured lab using an evaluation version of Configuration Manager. For more information, see [Windows and Office deployment and management lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab).
+
+This lab guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides:
- [Step by step: Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md)
- [Step by step: Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
@@ -144,7 +149,7 @@ Hardware requirements are displayed below:
The lab architecture is summarized in the following diagram:
-
+
- Computer 1 is configured to host four VMs on a private, PoC network.
- Two VMs are running Windows Server 2012 R2 with required network services and tools installed.
@@ -218,7 +223,7 @@ Starting with Windows 8, the host computer’s microprocessor must support secon
>Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below:
- 
+ 
@@ -443,7 +448,7 @@ Notes:
3. Select the checkboxes next to the **C:\\** and the **system reserved** (BIOS/MBR) volumes. The system volume is not assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to **\\?\Volume{**. See the following example. **Important**: You must include the system volume in order to create a bootable VHD. If this volume is not displayed in the disk2vhd tool, then the computer is likely to be using the GPT partition style. For more information, see [Determine VM generation](#determine-vm-generation).
4. Specify a location to save the resulting VHD or VHDX file (F:\VHD\w7.vhdx in the following example) and click **Create**. See the following example:
- 
+ 
>Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive.
@@ -476,7 +481,7 @@ Notes:
5. Specify a location to save the resulting VHD or VHDX file (F:\VHD\PC1.vhdx in the following example) and click **Create**. See the following example:
- 
+ 
>Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive.
@@ -500,7 +505,7 @@ Notes:
3. Select the checkbox next to the **C:\\** volume and clear the checkbox next to **Use Vhdx**. Note: the system volume is not copied in this scenario, it will be added later.
4. Specify a location to save the resulting VHD file (F:\VHD\w7.vhd in the following example) and click **Create**. See the following example:
- 
+ 
>Disk2vhd can save VHDs to local hard drives, even if they are the same as the volumes being converted. Performance is better however when the VHD is saved on a disk different than those being converted, such as a flash drive.
@@ -815,7 +820,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
15. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. You can monitor device driver installation by clicking **Show hidden icons** in the notification area.
- 
+ 
>If the client was configured with a static address, you must change this to a dynamic one so that it can obtain a DHCP lease.
@@ -873,7 +878,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
See the following example:
- 
+ 
19. Click **File**, click **Save As**, and save the commands as **c:\VHD\pc1.ps1** on the Hyper-V host.
20. In the (lower) terminal input window, type the following commands to enable Guest Service Interface on PC1 and then use this service to copy the script to PC1:
diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md
index 412dceea4f..bd8b4b1db5 100644
--- a/windows/deployment/windows-10-pro-in-s-mode.md
+++ b/windows/deployment/windows-10-pro-in-s-mode.md
@@ -1,90 +1,91 @@
----
-title: Switch to Windows 10 Pro/Enterprise from S mode
-ms.reviewer:
-manager: laurawi
-ms.audience: itpro
author: greg-lindsay
-description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional.
-keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.prod: w10
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Switch to Windows 10 Pro or Enterprise from S mode
-
-We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro, Home, or Enterprise (not in S mode). You can switch devices running Windows 10, version 1709 or later.
-
-
-A number of other transformations are possible depending on which version and edition of Windows 10 you are starting with. Depending on the details, you might *switch* between S mode and the ordinary version or *convert* between different editions while staying in or out of S mode. The following quick reference table summarizes all of the switches or conversions that are supported by various means:
-
-
-
-
-| If a device is running this version of Windows 10 | and this edition of Windows 10 | then you can switch or convert it to this edition of Windows 10 by these methods: | | |
-|-------------|---------------------|-----------------------------------|-------------------------------|--------------------------------------------|
-| | | **Store for Education** (switch/convert all devices in your tenant) | **Microsoft Store** (switch/convert one device at a time) | **Intune** (switch/convert any number of devices selected by admin) |
-| **Windows 10, version 1709** | Pro in S mode | Pro EDU | Pro | Not by this method |
-| | Pro | Pro EDU | Not by any method | Not by any method |
-| | Home | Not by any method | Not by any method | Not by any method |
-| | | | | |
-| **Windows 10, version 1803** | Pro in S mode | Pro EDU in S mode | Pro | Not by this method |
-| | Pro | Pro EDU | Not by any method | Not by any method |
-| | Home in S mode | Not by any method | Home | Not by this method |
-| | Home | Not by any method | Not by any method | Not by any method |
-| | | | | |
-| **Windows 10, version 1809** | Pro in S mode | Pro EDU in S mode | Pro | Pro |
-| | Pro | Pro EDU | Not by any method | Not by any method |
-| | Home in S mode | Not by any method | Home | Home |
-| | Home | Not by any method | Not by any method | Not by any method |
-
-
-Use the following information to switch to Windows 10 Pro through the Microsoft Store.
-> [!IMPORTANT]
-> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a [bare-metal recovery (BMR)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
-
-## Switch one device through the Microsoft Store
-Use the following information to switch to Windows 10 Pro through the Microsoft Store or by navigating to **Settings** and then **Activation** on the device.
-
-Note these differences affecting switching modes in various releases of Windows 10:
-
-- In Windows 10, version 1709, you can switch devices one at a time from Windows 10 Pro in S mode to Windows 10 Pro by using the Microsoft Store or **Settings**. No other switches are possible.
-- In Windows 10, version 1803, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store or **Settings**.
-- Windows 10, version 1809, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store, **Settings**, or you can switch multiple devices in bulk by using Intune. You can also block users from switching devices themselves.
-
-
-1. Sign into the Microsoft Store using your Microsoft account.
-2. Search for "S mode".
-3. In the offer, select **Buy**, **Get**, or **Learn more.**
-
-You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro.
-
-## Switch one or more devices by using Microsoft Intune
-
-Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE - this gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle.
-
-1. Start Microsoft Intune.
-2. Navigate to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch**.
-3. Follow the instructions to complete the switch.
-
-
-## Block users from switching
-
-You can control which devices or users can use the Microsoft Store to switch out of S mode in Windows 10.
-To set this, go to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch in Microsoft Intune**, and then choose **Keep in S mode**.
-
-## S mode management with CSPs
-
-In addition to using Microsoft Intune or another modern device management tool to manage S mode, you can also use the [WindowsLicensing](https://docs.microsoft.com/windows/client-management/mdm/windowslicensing-csp) configuration service provider (CSP). In Windows 10, version 1809, we added S mode functionality that lets you switch devices, block devices from switching, and check the status (whether a device is in S mode).
-
-
-## Related topics
-
-[FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)
-[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
-[Windows 10 Pro Education](https://docs.microsoft.com/education/windows/test-windows10s-for-edu)
-[Introduction to Microsoft Intune in the Azure portal](https://docs.microsoft.com/intune/what-is-intune)
+---
+title: Switch to Windows 10 Pro/Enterprise from S mode
+ms.reviewer:
+manager: laurawi
+ms.audience: itpro
+author: greg-lindsay
+description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional.
+keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.prod: w10
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Switch to Windows 10 Pro or Enterprise from S mode
+
+We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro, Home, or Enterprise (not in S mode). You can switch devices running Windows 10, version 1709 or later.
+
+
+A number of other transformations are possible depending on which version and edition of Windows 10 you are starting with. Depending on the details, you might *switch* between S mode and the ordinary version or *convert* between different editions while staying in or out of S mode. The following quick reference table summarizes all of the switches or conversions that are supported by various means:
+
+
+
+
+| If a device is running this version of Windows 10 | and this edition of Windows 10 | then you can switch or convert it to this edition of Windows 10 by these methods: | | |
+|-------------|---------------------|-----------------------------------|-------------------------------|--------------------------------------------|
+| | | **Store for Education** (switch/convert all devices in your tenant) | **Microsoft Store** (switch/convert one device at a time) | **Intune** (switch/convert any number of devices selected by admin) |
+| **Windows 10, version 1709** | Pro in S mode | Pro EDU | Pro | Not by this method |
+| | Pro | Pro EDU | Not by any method | Not by any method |
+| | Home | Not by any method | Not by any method | Not by any method |
+| | | | | |
+| **Windows 10, version 1803** | Pro in S mode | Pro EDU in S mode | Pro | Not by this method |
+| | Pro | Pro EDU | Not by any method | Not by any method |
+| | Home in S mode | Not by any method | Home | Not by this method |
+| | Home | Not by any method | Not by any method | Not by any method |
+| | | | | |
+| **Windows 10, version 1809** | Pro in S mode | Pro EDU in S mode | Pro | Pro |
+| | Pro | Pro EDU | Not by any method | Not by any method |
+| | Home in S mode | Not by any method | Home | Home |
+| | Home | Not by any method | Not by any method | Not by any method |
+
+
+Use the following information to switch to Windows 10 Pro through the Microsoft Store.
+> [!IMPORTANT]
+> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a [bare-metal recovery (BMR)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
+
+## Switch one device through the Microsoft Store
+Use the following information to switch to Windows 10 Pro through the Microsoft Store or by navigating to **Settings** and then **Activation** on the device.
+
+Note these differences affecting switching modes in various releases of Windows 10:
+
+- In Windows 10, version 1709, you can switch devices one at a time from Windows 10 Pro in S mode to Windows 10 Pro by using the Microsoft Store or **Settings**. No other switches are possible.
+- In Windows 10, version 1803, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store or **Settings**.
+- Windows 10, version 1809, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store, **Settings**, or you can switch multiple devices in bulk by using Intune. You can also block users from switching devices themselves.
+
+
+1. Sign into the Microsoft Store using your Microsoft account.
+2. Search for "S mode".
+3. In the offer, select **Buy**, **Get**, or **Learn more.**
+
+You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro.
+
+## Switch one or more devices by using Microsoft Intune
+
+Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE - this gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle.
+
+1. Start Microsoft Intune.
+2. Navigate to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch**.
+3. Follow the instructions to complete the switch.
+
+
+## Block users from switching
+
+You can control which devices or users can use the Microsoft Store to switch out of S mode in Windows 10.
+To set this, go to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch in Microsoft Intune**, and then choose **Keep in S mode**.
+
+## S mode management with CSPs
+
+In addition to using Microsoft Intune or another modern device management tool to manage S mode, you can also use the [WindowsLicensing](https://docs.microsoft.com/windows/client-management/mdm/windowslicensing-csp) configuration service provider (CSP). In Windows 10, version 1809, we added S mode functionality that lets you switch devices, block devices from switching, and check the status (whether a device is in S mode).
+
+
+## Related topics
+
+[FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)
+[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
+[Windows 10 Pro Education](https://docs.microsoft.com/education/windows/test-windows10s-for-edu)
+[Introduction to Microsoft Intune in the Azure portal](https://docs.microsoft.com/intune/what-is-intune)
diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md
index 861ef1b1ad..d8d6f47273 100644
--- a/windows/deployment/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md
@@ -1,97 +1,98 @@
----
-title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10)
-description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
-ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B
-ms.reviewer:
-manager: laurawi
-ms.audience: itpro
author: greg-lindsay
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 07/27/2017
-ms.topic: article
----
-
-# Windows ADK for Windows 10 scenarios for IT Pros
-
-
-The [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](https://msdn.microsoft.com/library/windows/hardware/dn927348.aspx).
-
-In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](https://msdn.microsoft.com/library/windows/hardware/dn938361.aspx).
-
-Here are some key scenarios that will help you find the content on the MSDN Hardware Dev Center.
-
-### Create a Windows image using command-line tools
-
-[DISM](https://msdn.microsoft.com/library/windows/hardware/dn898558.aspx) is used to mount and service Windows images.
-
-Here are some things you can do with DISM:
-
-- [Mount an offline image](https://msdn.microsoft.com/library/windows/hardware/dn938321.aspx)
-- [Add drivers to an offline image](https://msdn.microsoft.com/library/windows/hardware/dn898469.aspx)
-- [Enable or disable Windows features](https://msdn.microsoft.com/library/windows/hardware/dn898567.aspx)
-- [Add or remove packages](https://msdn.microsoft.com/library/windows/hardware/dn898481.aspx)
-- [Add language packs](https://msdn.microsoft.com/library/windows/hardware/dn898470.aspx)
-- [Add Universal Windows apps](https://msdn.microsoft.com/library/windows/hardware/dn898600.aspx)
-- [Upgrade the Windows edition](https://msdn.microsoft.com/library/windows/hardware/dn898500.aspx)
-
-[Sysprep](https://msdn.microsoft.com/library/windows/hardware/dn938335.aspx) prepares a Windows installation for imaging and allows you to capture a customized installation.
-
-Here are some things you can do with Sysprep:
-
-- [Generalize a Windows installation](https://msdn.microsoft.com/library/windows/hardware/dn938334.aspx)
-- [Customize the default user profile](https://msdn.microsoft.com/library/windows/hardware/dn898521.aspx)
-- [Use answer files](https://msdn.microsoft.com/library/windows/hardware/dn938346.aspx)
-
-[Windows PE (WinPE)](https://msdn.microsoft.com/library/windows/hardware/dn938389.aspx) is a small operating system used to boot a computer that does not have an operating system. You can boot to Windows PE and then install a new operating system, recover data, or repair an existing operating system.
-
-Here are ways you can create a WinPE image:
-
-- [Create a bootable USB drive](https://msdn.microsoft.com/library/windows/hardware/dn938386.aspx)
-- [Create a Boot CD, DVD, ISO, or VHD](https://msdn.microsoft.com/library/windows/hardware/dn938385.aspx)
-
-[Windows Recovery Environment (Windows RE)](https://msdn.microsoft.com/library/windows/hardware/dn938364.aspx) is a recovery environment that can repair common operating system problems.
-
-Here are some things you can do with Windows RE:
-
-- [Customize Windows RE](https://msdn.microsoft.com/library/windows/hardware/dn898523.aspx)
-- [Push-button reset](https://msdn.microsoft.com/library/windows/hardware/dn938307.aspx)
-
-[Windows System Image Manager (Windows SIM)](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx) helps you create answer files that change Windows settings and run scripts during installation.
-
-Here are some things you can do with Windows SIM:
-
-- [Create answer file](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx)
-- [Add a driver path to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915062.aspx)
-- [Add a package to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915066.aspx)
-- [Add a custom command to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915058.aspx)
-
-For a list of settings you can change, see [Unattended Windows Setup Reference](https://msdn.microsoft.com/library/windows/hardware/dn923277.aspx) on the MSDN Hardware Dev Center.
-
-### Create a Windows image using Windows ICD
-
-Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](https://msdn.microsoft.com/library/windows/hardware/dn916113.aspx) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), Windows 10 Mobile, or Windows 10 IoT Core (IoT Core) image.
-
-Here are some things you can do with Windows ICD:
-
-- [Build and apply a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916107.aspx)
-- [Export a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916110.aspx)
-- [Build and deploy an image for Windows 10 for desktop editions](https://msdn.microsoft.com/library/windows/hardware/dn916105.aspx)
-
-### IT Pro Windows deployment tools
-
-There are also a few tools included in the Windows ADK that are specific to IT Pros and this documentation is available on TechNet:
-
-- [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md)
-- [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md)
-
-
-
-
-
-
-
-
-
+---
+title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10)
+description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
+ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B
+ms.reviewer:
+manager: laurawi
+ms.audience: itpro
+author: greg-lindsay
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+ms.date: 07/27/2017
+ms.topic: article
+---
+
+# Windows ADK for Windows 10 scenarios for IT Pros
+
+
+The [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](https://msdn.microsoft.com/library/windows/hardware/dn927348.aspx).
+
+In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](https://msdn.microsoft.com/library/windows/hardware/dn938361.aspx).
+
+Here are some key scenarios that will help you find the content on the MSDN Hardware Dev Center.
+
+### Create a Windows image using command-line tools
+
+[DISM](https://msdn.microsoft.com/library/windows/hardware/dn898558.aspx) is used to mount and service Windows images.
+
+Here are some things you can do with DISM:
+
+- [Mount an offline image](https://msdn.microsoft.com/library/windows/hardware/dn938321.aspx)
+- [Add drivers to an offline image](https://msdn.microsoft.com/library/windows/hardware/dn898469.aspx)
+- [Enable or disable Windows features](https://msdn.microsoft.com/library/windows/hardware/dn898567.aspx)
+- [Add or remove packages](https://msdn.microsoft.com/library/windows/hardware/dn898481.aspx)
+- [Add language packs](https://msdn.microsoft.com/library/windows/hardware/dn898470.aspx)
+- [Add Universal Windows apps](https://msdn.microsoft.com/library/windows/hardware/dn898600.aspx)
+- [Upgrade the Windows edition](https://msdn.microsoft.com/library/windows/hardware/dn898500.aspx)
+
+[Sysprep](https://msdn.microsoft.com/library/windows/hardware/dn938335.aspx) prepares a Windows installation for imaging and allows you to capture a customized installation.
+
+Here are some things you can do with Sysprep:
+
+- [Generalize a Windows installation](https://msdn.microsoft.com/library/windows/hardware/dn938334.aspx)
+- [Customize the default user profile](https://msdn.microsoft.com/library/windows/hardware/dn898521.aspx)
+- [Use answer files](https://msdn.microsoft.com/library/windows/hardware/dn938346.aspx)
+
+[Windows PE (WinPE)](https://msdn.microsoft.com/library/windows/hardware/dn938389.aspx) is a small operating system used to boot a computer that does not have an operating system. You can boot to Windows PE and then install a new operating system, recover data, or repair an existing operating system.
+
+Here are ways you can create a WinPE image:
+
+- [Create a bootable USB drive](https://msdn.microsoft.com/library/windows/hardware/dn938386.aspx)
+- [Create a Boot CD, DVD, ISO, or VHD](https://msdn.microsoft.com/library/windows/hardware/dn938385.aspx)
+
+[Windows Recovery Environment (Windows RE)](https://msdn.microsoft.com/library/windows/hardware/dn938364.aspx) is a recovery environment that can repair common operating system problems.
+
+Here are some things you can do with Windows RE:
+
+- [Customize Windows RE](https://msdn.microsoft.com/library/windows/hardware/dn898523.aspx)
+- [Push-button reset](https://msdn.microsoft.com/library/windows/hardware/dn938307.aspx)
+
+[Windows System Image Manager (Windows SIM)](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx) helps you create answer files that change Windows settings and run scripts during installation.
+
+Here are some things you can do with Windows SIM:
+
+- [Create answer file](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx)
+- [Add a driver path to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915062.aspx)
+- [Add a package to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915066.aspx)
+- [Add a custom command to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915058.aspx)
+
+For a list of settings you can change, see [Unattended Windows Setup Reference](https://msdn.microsoft.com/library/windows/hardware/dn923277.aspx) on the MSDN Hardware Dev Center.
+
+### Create a Windows image using Windows ICD
+
+Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](https://msdn.microsoft.com/library/windows/hardware/dn916113.aspx) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), Windows 10 Mobile, or Windows 10 IoT Core (IoT Core) image.
+
+Here are some things you can do with Windows ICD:
+
+- [Build and apply a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916107.aspx)
+- [Export a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916110.aspx)
+- [Build and deploy an image for Windows 10 for desktop editions](https://msdn.microsoft.com/library/windows/hardware/dn916105.aspx)
+
+### IT Pro Windows deployment tools
+
+There are also a few tools included in the Windows ADK that are specific to IT Pros and this documentation is available on TechNet:
+
+- [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md)
+- [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md
index 9b7c22ee03..b2e8164e4c 100644
--- a/windows/deployment/windows-autopilot/TOC.md
+++ b/windows/deployment/windows-autopilot/TOC.md
@@ -1,33 +1,2 @@
-# [Windows Autopilot deployment](index.md)
-# [What's new](windows-autopilot-whats-new.md)
-# Understanding Windows Autopilot
-## [Overview](windows-autopilot.md)
-## [Requirements](windows-autopilot-requirements.md)
-## [Scenarios and capabilities](windows-autopilot-scenarios.md)
-## [Get started](demonstrate-deployment-on-vm.md)
-
-# Deployment scenarios
-## [Deployment processes](deployment-process.md)
-## [User-driven mode](user-driven.md)
-## [Self-deploying mode](self-deploying.md)
-## [Windows Autopilot Reset](windows-autopilot-reset.md)
-## [White glove](white-glove.md)
-## [Support for existing devices](existing-devices.md)
-
-# Administering Windows Autopilot
-## [Registering devices](add-devices.md)
-## [Configuring device profiles](profiles.md)
-## [Enrollment Status Page](enrollment-status.md)
-## [BitLocker encryption](bitlocker.md)
-## [DFCI management](dfci-management.md)
-## [Windows Autopilot update](autopilot-update.md)
-## [Troubleshooting](troubleshooting.md)
-## [Policy conflicts](policy-conflicts.md)
-## [Known issues](known-issues.md)
-
-# Support
-## [FAQ](autopilot-faq.md)
-## [Contacts](autopilot-support.md)
-## [Registration authorization](registration-auth.md)
-## [Device guidelines](autopilot-device-guidelines.md)
-## [Motherboard replacement](autopilot-mbr.md)
+# [Windows Autopilot deployment](index.yml)
+## [Get started](demonstrate-deployment-on-vm.md)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md
deleted file mode 100644
index cb55dd325b..0000000000
--- a/windows/deployment/windows-autopilot/add-devices.md
+++ /dev/null
@@ -1,175 +0,0 @@
----
-title: Adding devices
-ms.reviewer:
-manager: laurawi
-description: How to add devices to Windows Autopilot
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Adding devices to Windows Autopilot
-
-**Applies to**
-
-- Windows 10
-
-Before deploying a device using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Ideally, this would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
-
-## OEM registration
-
-When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers and resellers" section of the [Windows Autopilot information page](https://aka.ms/windowsautopilot).
-
-Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so. This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization. See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#oem-authorization).
-
-## Reseller, distributor, or partner registration
-
-Customers may purchase devices from resellers, distributors, or other partners. As long as these resellers, distributors, and partners are part of the [Cloud Solution Partners (CSP) program](https://partner.microsoft.com/en-us/cloud-solution-provider), they too can register devices on behalf of the customer.
-
-As with OEMs, CSP partners must be granted permission to register devices on behalf of an organization. This follows the process described on the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#csp-authorization). The CSP partner initiates a request to establish a relationship with the organization, with approval granted by a global administrator from the organization. Once approved, CSP partners add devices using [Partner Center](https://partner.microsoft.com/en-us/pcv/dashboard/overview), either directly through the web site or via available APIs that can automate the same tasks.
-
-Windows Autopilot does not require delegated administrator permissions when establishing the relationship between the CSP partner and the organization. As part of the approval process performed by the global administrator, the global administrator can choose to uncheck the "Include delegated administration permissions" checkbox.
-
-## Automatic registration of existing devices
-
-If an existing device is already running a supported version of Windows 10 semi-annual channel and enrolled in an MDM service such an Intune, that MDM service can ask the device for the hardware ID (also known as a hardware hash). Once it has that, it can automatically register the device with Windows Autopilot.
-
-For instructions on how to do this with Microsoft Intune, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile) documentation describing the "Convert all targeted devices to Autopilot" setting.
-
-Also note that when using the [Windows Autopilot for existing devices](https://docs.microsoft.com/windows/deployment/windows-autopilot/existing-devices) scenario, it is not necessary to pre-register the devices with Windows Autopilot. Instead, a configuration file (AutopilotConfigurationFile.json) containing all the Windows Autopilot profile settings is used; the device can be registered with Windows Autopilot after the fact using the same "Convert all targeted devices to Autopilot" setting.
-
-## Manual registration
-
-To perform manual registration of a device, you must first capture its hardware ID (also known as a hardware hash). Once this process has completed, the resulting hardware ID can be uploaded to the Windows Autopilot service. Because this process requires booting the device into Windows 10 in order to obtain the hardware ID, this is intended primarily for testing and evaluation scenarios.
-
-## Device identification
-
-To define a device to the Windows Autopilot deployment service, a unique hardware ID for the device needs to be captured and uploaded to the service. While this step is ideally done by the hardware vendor (OEM, reseller, or distributor), automatically associating the device with an organization, it is also possible to do this through a harvesting process that collects the device from within a running Windows 10 installation.
-
-The hardware ID, also commonly referred to as a hardware hash, contains several details about the device, including its manufacturer, model, device serial number, hard drive serial number, and many other attributes that can be used to uniquely identify that device.
-
-Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot deployment service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as a motherboard replacement, would not match, so a new hash would need to be generated and uploaded.
-
-### Collecting the hardware ID from existing devices using Microsoft Endpoint Configuration Manager
-
-Microsoft Endpoint Configuration Manager automatically collects the hardware hashes for existing Windows 10 devices. For more information, see [Gather information from Configuration Manager for Windows Autopilot](https://docs.microsoft.com/configmgr/comanage/how-to-prepare-win10#windows-autopilot). You can extract the hash information from Configuration Manager into a CSV file.
-
-> [!Note]
-> Before uploading the CSV file on Intune, please make sure that the first row contains the device serial number, Windows product ID, hardware hash, group tag, and assigned user. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
-
-### Collecting the hardware ID from existing devices using PowerShell
-
-The hardware ID, or hardware hash, for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running a supported version of Windows 10 semi-annual channel. To help gather this information, as well as the serial number of the device (useful to see at a glance the machine to which it belongs), a PowerShell script called [Get-WindowsAutoPilotInfo.ps1 has been published to the PowerShell Gallery website](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo).
-
-To use this script, you can download it from the PowerShell Gallery and run it on each computer, or you can install it directly from the PowerShell Gallery. To install it directly and capture the hardware hash from the local computer, use the following commands from an elevated Windows PowerShell prompt:
-
-```powershell
-md c:\\HWID
-Set-Location c:\\HWID
-Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
-Install-Script -Name Get-WindowsAutoPilotInfo
-Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
-```
-
-The commands can also be run remotely, as long as WMI permissions are in place and WMI is accessible through the Windows Firewall on that remote computer. See the [Get-WindowsAutoPilotInfo](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) script’s help (using “Get-Help Get-WindowsAutoPilotInfo.ps1”) for more information about running the script.
-
->[!IMPORTANT]
->Do not connect devices to the Internet prior to capturing the hardware ID and creating an Autopilot device profile. This includes collecting the hardware ID, uploading the .CSV into MSfB or Intune, assigning the profile, and confirming the profile assignment. Connecting the device to the Internet before this process is complete will result in the device downloading a blank profile that is stored on the device until it is explicity removed. In Windows 10 version 1809, you can clear the cached profile by restarting OOBE. In previous versions, the only way to clear the stored profile is to re-install the OS, reimage the PC, or run **sysprep /generalize /oobe**.
->After Intune reports the profile ready to go, only then should the device be connected to the Internet.
-
->[!NOTE]
->If OOBE is restarted too many times it can enter a recovery mode and fail to run the Autopilot configuration. You can identify this scenario if OOBE displays multiple configuration options on the same page, including language, region, and keyboard layout. The normal OOBE displays each of these on a separate page. The following value key tracks the count of OOBE retries:
->**HKCU\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UserOOBE**
->To ensure OOBE has not been restarted too many times, you can change this value to 1.
-
-## Registering devices
-
-
-
-
-Once the hardware IDs have been captured from existing devices, they can be uploaded through a variety of means. See the detailed documentation for each available mechanism.
-
-- [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot). This is the preferred mechanism for all customers.
-- [Partner Center](https://msdn.microsoft.com/partner-center/autopilot). This is used by CSP partners to register devices on behalf of customers.
-- [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa). This is typically used by small and medium businesses (SMBs) who manage their devices using Microsoft 365 Business.
-- [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles). You might already be using MSfB to manage your apps and settings.
-
-A summary of each platform's capabilities is provided below.
-
-
-
->1Microsoft recommended platform to use
->2Intune license required
->3Feature capabilities are limited
->4Device profile assignment will be retired from MSfB and Partner Center in the coming months
-
-
-Also see the following topics for more information about device IDs:
-- [Device identification](#device-identification)
-- [Windows Autopilot device guidelines](https://docs.microsoft.com/windows/deployment/windows-autopilot/autopilot-device-guidelines)
-- [Add devices to a customer account](https://docs.microsoft.com/partner-center/autopilot)
-
-
-## Summary
-
-When deploying new devices using Windows Autopilot, the following steps are required:
-
-1. [Register devices](#registering-devices). Ideally, this step is performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
-2. [Configure device profiles](profiles.md), specifying how the device should be deployed and what user experience should be presented.
-3. Boot the device. When the device is connected to a network with internet access, it will contact the Windows Autopilot deployment service to see if the device is registered, and if it is, it will download profile settings such as the [Enrollment Status page](enrollment-status.md), which are used to customize the end user experience.
-
-## Other configuration settings
-
-- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md
deleted file mode 100644
index 7784e955ea..0000000000
--- a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Windows Autopilot device guidelines
-ms.reviewer:
-manager: laurawi
-description: Learn all about hardware, firmware, and software best practices for Windows Autopilot deployment.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot device guidelines
-
-**Applies to**
-
-- Windows 10
-
-## Hardware and firmware best practice guidelines for Windows Autopilot
-
-All devices used with Windows Autopilot should meet the [minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) for Windows 10.
-
-The following additional best practices ensure that devices can easily be provisioned by organizations as part of the Windows Autopilot deployment process:
-- Ensure that the TPM 2.0 is enabled and in a good state (not in Reduced Functionality Mode) by default on devices intended for Windows Autopilot self-deploying mode.
-- The OEM provisions unique tuple info (SmbiosSystemManufacturer, SmbiosSystemProductName, SmbiosSystemSerialNumber) or PKID + SmbiosSystemSerialNumber into the [SMBIOS fields](https://docs.microsoft.com/windows-hardware/drivers/bringup/smbios) per Microsoft specification (Manufacturer, Product Name and Serial Number stored in SMBIOS Type 1 04h, Type 1 05h and Type 1 07h).
-- The OEM uploads 4K Hardware Hashes obtained using OA3 Tool RS3+ run in Audit mode on full OS to Microsoft via CBR report prior to shipping devices to an Autopilot customer or channel partner.
-- As a best practice, Microsoft requires that OEM shipping drivers are published to Windows Update within 30 days of the CBR being submitted, and system firmware and driver updates are published to Windows Update within 14 days
-- The OEM ensures that the PKID provisioned in the SMBIOS is passed on to the channel.
-
-## Software best practice guidelines for Windows Autopilot
-
-- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers.
-- You can preinstall your licensed version of Office, such as [Microsoft 365 Apps for enterprise](https://docs.microsoft.com/deployoffice/about-office-365-proplus-in-the-enterprise).
-- Unless explicitly requested by the customer, no other preinstalled software should be included.
- - Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed.
-
-## Related topics
-
-[Windows Autopilot customer consent](registration-auth.md)
-[Motherboard replacement scenario guidance](autopilot-mbr.md)
diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md
deleted file mode 100644
index 1cbfeeb11b..0000000000
--- a/windows/deployment/windows-autopilot/autopilot-faq.md
+++ /dev/null
@@ -1,165 +0,0 @@
----
-title: Windows Autopilot FAQ
-ms.reviewer: This topic provides OEMs, partners, administrators, and end users with answers to some frequently asked questions about deploying Windows 10 with Windows Autopilot.
-manager: laurawi
-description: Support information for Windows Autopilot
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: low
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot FAQ
-
-**Applies to: Windows 10**
-
-This article provides OEMs, partners, administrators, and end users with answers to some frequently asked questions about deploying Windows 10 with Windows Autopilot.
-
-A [glossary](#glossary) of abbreviations used in this article is provided at the end.
-
-
-## Microsoft Partner Center
-
-| Question | Answer |
-| --- | --- |
-| In the Partner Center, does the Tenant ID need to be provided with every device file upload? Is it needed to allow the business customer to access their devices in Microsoft Store for Business (MSfB)? | No. Providing the Tenant ID is a one-time entry in the Partner Center that can be reused with future device uploads. |
-| How does the customer or tenant know that their devices are ready to be claimed in MSfB? | After the device file upload is completed in the Partner Center, the tenant can see the devices available for Windows Autopilot setup in MSfB. The OEM needs to advise the tenant to access MSfB. Autonotification from MSfB to the tenant is being developed. |
-| How does a customer authorize an OEM or Channel Partner to register Autopilot devices on the customer’s behalf? | Before an OEM or Channel Partner can register a device for Autopilot on behalf of a customer, the customer must first give them consent. The consent process begins with the OEM or Channel Partner sending a link to the customer that directs the customer to a consent page in MSfB. For more information, see [Registration](registration-auth.md). |
-| Are there any restrictions if a business customer has registered devices in MSfB and later wants those devices to be managed by a Cloud Solution Provider (CSP) using the Partner Center? | The devices will need to be deleted in MSfB by the business customer before the CSP can upload and manage them in the Partner Center. |
-| Does Windows Autopilot support removing the option to enable a local administrator account? | Windows Autopilot doesn’t support removing the local admin account. However, it does support restricting the user performing Azure Active Directory (Azure AD) domain join in OOBE to a standard account (versus an administrator account by default).|
-| How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account that has access to devices for testing the file. This can be done today in the Partner Center.
For more information, see [Create user accounts and set permissions](https://msdn.microsoft.com/partner-center/create-user-accounts-and-set-permissions). |
-| Must I become a CSP to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. |
-| Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority and access:
1. Direct CSP: Gets direct authorization from the customer to register devices.
2. Indirect CSP Provider: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.
3. Indirect CSP Reseller: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which means that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. |
-
-
-## Manufacturing
-
-| Question | Answer |
-| --- | --- |
-| What changes need to be made in the factory OS image for customer configuration settings? |No changes are required on the factory floor to enable Windows Autopilot deployment. |
-| What version of the OA3 tool meets Windows Autopilot deployment requirements? | Windows Autopilot can work with any version of the OA3 tool. We recommend using a supported version of Windows 10 semi-annual channel to generate the 4K hardware hash. |
-| At the time of placing an order, do customers need to be state whether they want it with or without Windows Autopilot options? | Yes, if they want Windows Autopilot, they will want a supported version of Windows 10 semi-annual channel. Also, they will want to receive the CSV file or have the file upload (that is, registration) completed on their behalf. |
-| Does the OEM need to manage or collect any custom imaging files from customers and perform any image uploads to Microsoft? | No change, OEMs just send the CBRs as usual to Microsoft. No images are sent to Microsoft to enable Windows Autopilot. Windows Autopilot only customizes OOBE and allows policy configurations (disables admin account, for example). |
-| Are there any customer impacts to upgrading from Windows 8 to Windows 10? | The devices must be running a supported version of Windows 10 semi-annual channel to enroll in Windows Autopilot deployment. Otherwise, there are no impacts. |
-| Will there be any change to the existing CBR with 4K hardware hash? | No. |
-| What new information needs to be sent from the OEM to Microsoft? | Nothing, unless the OEM opts to register the device on the customer’s behalf, in which case they would upload the device ID using a CSV file into Microsoft Partner Center, or use the OEM Direct API. |
-| Is there a contract or amendment for an OEM to participate in Windows Autopilot Deployment? | No. |
-
-## CSV schema
-
-| Question | Answer |
-| --- | --- |
-| Can a comma be used in the CSV file? | No. |
-| What error messages can a user expect to see in the Partner Center or MSfB when uploading a file? | See the In Microsoft Store for Business section of this guide. |
-| Is there a limit to the number of devices that can be listed in the CSV file? | Yes, the CSV file can only contain 1,000 devices to apply to a single profile. If more than 1,000 devices need to be applied to a profile, the devices need to be uploaded through multiple CSV files. |
-| Does Microsoft have any recommendations on how an OEM should provide the CSV file to their customers? | We recommend encrypting the CSV file when sending to the business customer to self-register their Windows Autopilot devices (either through MPC, MSfB, or Intune). |
-
-
-## Hardware hash
-
-| Question | Answer |
-| --- | --- |
-| Must every hardware hash submitted by the OEM contain the SMBIOS UUID (universally unique identifier), MAC (media access control) address, and unique disk serial number (if using Windows 10 OEM Activation 3.0 tool)? | Yes. Since Windows Autopilot is based on the ability to uniquely identify devices applying for cloud configuration, it is critical to submit hardware hashes that meet the outlined requirement. |
-| What is the reason for needing the SMBIOS UUID, MAC Address, and Disk Serial Number in the hardware hash details? | For creating the hardware hash, these are the fields that are needed to identify a device, as parts of the device are added or removed. Since we don’t have a unique identifier for Windows devices, this is the best logic to identify a device. |
-| What is difference between OA3 hardware hash, 4K hardware hash, and Windows Autopilot hardware hash? | None. They’re different names for the same thing. The OA3 tool output is called the OA3 Hash, which is 4K in size, which is usable for the Windows Autopilot deployment scenario. Note: When using an older, unsupported Windows version OA3Tool, you get a different sized Hash, which may not be used for Windows Autopilot deployment. |
-| What is the thought around parts replacement and repair for the NIC (network interface controller) and Disk? Will the hardware hash become invalid? | Yes. If you replace parts, you need to gather the new hardware hash, though it depends on what is replaced, and the characteristics of the parts. For example, if you replace the TPM or motherboard, it’s a new device and you must have new hardware hash. If you replace one network card, it’s probably not a new device, and the device will function with the old hardware hash. However, as a best practice, you should assume the old hardware hash is invalid and get a new hardware hash after any hardware changes. This is recommended anytime you replace parts. |
-
-## Motherboard replacement
-
-| Question | Answer |
-| --- | --- |
-| How does Autopilot handle motherboard replacement scenarios? | Motherboard replacement is out for scope for Autopilot. Any device that is repaired or serviced in a way that alters the ability to identify the device for Windows Autopilot must go through the normal OOBE process, and manually select the right settings or apply a custom image, as is the case today.
To reuse the same device for Windows Autopilot after a motherboard replacement, the device would need to be de-registered from Autopilot, the motherboard replaced, a new 4K HH harvested, and then re-registered using the new 4K hardware hash (or device ID).
**Note**: An OEM will not be able to use the OEM Direct API to re-register the device, since the OEM Direct API only accepts a tuple or PKID. In this case, the OEM would either have to send the new 4K hardware hash information using a CSV file to customer, and let customer reregister the device using MSfB or Intune.|
-
-## SMBIOS
-
-| Question | Answer |
-| --- | --- |
-| Any specific requirement to SMBIOS UUID? | It must be unique as specified in the Windows 10 hardware requirements. |
-| What is the requirement on the SMBIOS table to meet the Windows Autopilot hardware hash need? | It must meet all the Windows 10 hardware requirements. Additional details may be found [here](https://msdn.microsoft.com/library/jj128256(v=vs.85).aspx). |
-| If the SMBIOS supports UUID and Serial Number, is it enough for the OA3 tool to generate the hardware hash? | No. At a minimum, the following SMBIOS fields need to be populated with unique values: ProductKeyID SmbiosSystemManufacturer SmbiosSystemProductName SmbiosSystemSerialNumber SmbiosSkuNumber SmbiosSystemFamily MacAddress SmbiosUuid DiskSerialNumber TPM EkPub |
-
-## Technical interface
-
-| Question | Answer |
-| --- | --- |
-| What is the interface to get the MAC Address and Disk Serial Number? How does the OA tool get MAC and Disk Serial #? | Disk serial number is found from IOCTL_STORAGE_QUERY_PROPERTY with StorageDeviceProperty/PropertyStandardQuery. Network MAC address is IOCTL_NDIS_QUERY_GLOBAL_STATS from OID_802_3_PERMANENT_ADDRESS. However the method for performing this operation varies depending on the scenario. |
-| Follow up clarification: If we have 2-3 MACs on the system, how does OA Tool choose which MAC Address and Disk Serial Number are on the system since there are multiple instances of each? If a platform has LAN And WLAN, which MAC is chosen? | In short, all available values are used. In detail, there may be specific usage rules. The system disk serial number is more important than the other disks available. Network interfaces that are removable should not be used if detected as they are removable. LAN vs WLAN should not matter, as both will be used. |
-
-## The end-user experience
-
-|Question|Answer|
-|----|-----|
-|How do I know that I received Autopilot?|You can tell that you received Windows Autopilot (as in the device received a configuration but has not yet applied it) when you skip the selection page (as seen below), and are immediately taken to a generic or customized sign-in page.|
-|Windows Autopilot didn’t work, what do I do now?| Questions and actions to assist in troubleshooting: Did a screen not get skipped? Did a user end up as an admin when configured not to? Remember that Azure AD Admins will be local admins regardless of whether Windows Autopilot is configured to disable local admin Collection information: run licensingdiag.exe and send the .cab (Cabinet) file that is generated to AutopilotHelp@microsoft.com. If possible, collect an ETL from Windows Performance Recorder (WPR). Often in these cases, users are not signing into the right Azure AD tenant, or are creating local user accounts. For a complete list of support options, refer to [Windows Autopilot support](autopilot-support.md). |
-| If an Administrator makes changes to an existing profile, will the changes take effect on devices that have that profile assigned to them that have already been deployed? |No. Windows Autopilot profiles are not resident on the device. They are downloaded during OOBE, the settings defined at the time are applied. Then, the profile is discarded on the device. If the device is reimaged or reset, the new profile settings will take effect the next time the device goes through OOBE.|
-|What is the experience if a device isn’t registered or if an IT Admin doesn’t configure Windows Autopilot prior to an end user attempting to self-deploy? |If the device isn’t registered, it will not receive the Windows Autopilot experience and the end user will go through normal OOBE. The Windows Autopilot configurations will not be applied until the user runs through OOBE again, after registration. If a device is started before an MDM profile is created, the device will go through standard OOBE experience. The IT Admin would then have to manually enroll that device into the MDM, after which the next time that device is reset, it will go through the Windows Autopilot OOBE experience.|
-|Why didn't I receive a customized sign-in screen during Autopilot? |Tenant branding must be configured in portal.azure.com to receive a customized sign-in experience.|
-|What happens if a device is registered with Azure AD but does not have a Windows Autopilot profile assigned? |The regular Azure AD OOBE will occur since no Windows Autopilot profile was assigned to the device.|
-|How can I collect logs on Autopilot?|The best way to collect logs on Windows Autopilot performance is to collect a WPR trace during OOBE. The XML file (WPRP extension) for this trace may be provided upon request.|
-
-## MDM
-
-| Question | Answer |
-| --- | --- |
-| Must we use Intune for our MDM? | No, any MDM will work with Autopilot, but others probably won’t have the same full suite of Windows Autopilot features as Intune. You’ll get the best experience from Intune. |
-| Can Intune support Win32 app preinstalls? | Yes. Starting with the Windows 10 October Update (version 1809), Intune supports Win32 apps using .msi (and .msix) wrappers. |
-| What is co-management? | Co-management is when you use a combination of a cloud MDM tool (Intune) and an on-premises configuration tool like Microsoft Endpoint Configuration Manager. You only need to use the Configuration Manager if Intune can’t support what you want to do with your profile. If you choose to co-manage using Intune + Configuration Manager, you do it by including a Configuration Manager agent in your Intune profile. When that profile is pushed to the device, the device will see the Configuration Manager agent and go out to the Configuration Manager to pull down any additional profile settings. |
-| Must we use Microsoft Endpoint Configuration Manager for Windows Autopilot | No. Co-management (described above) is optional. |
-
-
-## Features
-
-| Question | Answer |
-| --- | --- |
-| Self-deploying mode | A new version of Windows Autopilot where the user only turns on the device, and nothing else. It’s useful for scenarios where a standard user account isn’t needed (for example, shared devices, or KIOSK devices). |
-| Hybrid Azure Active Directory join | Allows Windows Autopilot devices to connect to an on-premises Active Directory domain controller (in addition to being Azure AD joined). |
-| Windows Autopilot reset | Removes user apps and settings from a device, but maintains Azure AD domain join and MDM enrollment. Useful for when transferring a device from one user to another. |
-| Personalization | Adds the following to the OOBE experience: A personalized welcome message can be created. A username hint can be added Sign-in page text can be personalized. The company’s logo can be included |
-| [Autopilot for existing devices](existing-devices.md) | Offers an upgrade path to Windows Autopilot for all existing Windows 7- and Windows 8-based devices. |
-
-
-
-## General
-
-|Question|Answer
-|------------------|-----------------|
-|If I wipe the machine and restart, will I still receive Windows Autopilot?|Yes, if the device is still registered for Windows Autopilot and is running a supported version of Windows 10 semi-annual channel, it will receive the Windows Autopilot experience.|
-|Can I harvest the device fingerprint on existing machines?|Yes, if the device is running a supported version of Windows 10 semi-annual channel, you can harvest device fingerprints for registration. There are no plans to backport the functionality to legacy releases and no way to harvest them on devices running unsupported versions of Windows.|
-|Is Windows Autopilot supported on other SKUs, for example, Surface Hub, HoloLens, Windows Mobile.|No, Windows Autopilot isn’t supported on other SKUs.|
-|Does Windows Autopilot work after MBR or image reinstallation?|Yes.|
-| Can machines that have reimaged a few times go through Autopilot? What does the error message "This user is not authorized to enroll" mean? Error code 801c0003. |There are limits to the number of devices a particular Azure AD user can enroll in Azure AD, as well as the number of devices that are supported per user in Intune. (These are configurable but not infinite.) You’ll run into this frequently if you reuse the devices, or even if you roll back to previous virtual machine snapshots.|
-|What happens if a device is registered to a malicious agent? |By design, Windows Autopilot does not apply a profile until the user signs in with the matching tenant for the configured profile using the Azure AD sign-in process. What occurs is illustrated below. If badguys.com registers a device owned by contoso.com, at worst, the user would be directed to sign into badguys.com. When the user enters their email/password, the sign-in information is redirected through Azure AD to the proper Azure AD authentication and the user is prompted to then sign into contoso.com. Since contoso.com does not match badguys.com as the tenant, the Windows Autopilot profile will not be applied and the regular Azure AD OOBE will occur.|
-|Where is the Windows Autopilot data stored? |Windows Autopilot data is stored in the United States (US), not in a sovereign cloud, even when the Azure AD tenant is registered in a sovereign cloud. This is applicable to all Windows Autopilot data, regardless of the portal leveraged to deploy Autopilot.|
-|Why is Windows Autopilot data stored in the US and not in a sovereign cloud?|It is not customer data that we store, but business data that enables Microsoft to provide a service, therefore it is okay for the data to reside in the US. Customers can stop subscribing to the service at any time, and, in that event, the business data is removed by Microsoft.|
-|How many ways are there to register a device for Windows Autopilot|There are six ways to register a device, depending on who is doing the registering:
1. OEM Direct API (only available to TVOs) 2. MPC using the MPC API (must be a CSP) 3. MPC using manual upload of CSV file in the UI (must be a CSP) 4. MSfB using CSV file upload 5. Intune using CSV file upload 6. Microsoft 365 Business portal using CSV file upload|
-|How many ways are there to create a Windows Autopilot profile?|There are four ways to create and assign a Windows Autopilot profile:
1. Through MPC (must be a CSP) 2. Through MSfB 3. Through Intune (or another MDM) 4. Microsoft 365 Business portal
Microsoft recommends creation and assignment of profiles through Intune. |
-| What are some common causes of registration failures? |1. Bad or missing hardware hash entries can lead to faulty registration attempts 2. Hidden special characters in CSV files.
To avoid this issue, after creating your CSV file, open it in Notepad to look for hidden characters or trailing spaces or other corruptions.|
-| Is Autopilot supported on IoT devices? | Autopilot is not supported on IoT Core devices, and there are currently no plans to add this support. Autopilot is supported on Windows 10 IoT Enterprise SAC devices. Autopilot is supported on Windows 10 Enterprise LTSC 2019 and above; it is not supported on earlier versions of LTSC.|
-| Is Autopilot supported in all regions/countries? | Autopilot only supports customers using global Azure. Global Azure does not include the three entities listed below: - Azure Germany - Azure China 21Vianet - Azure Government So, if a customer is set up in global Azure, there are no region restrictions. For example, if Contoso uses global Azure but has employees working in China, the Contoso employees working in China would be able to use Autopilot to deploy devices. If Contoso uses Azure China 21Vianet, the Contoso employees would not be able to use Autopilot.|
-| I need to register a device that's been previously registered to another organisation. | Partners registering devices through partner center can also deregister the device if it's moving between different customer tenants. If this isn't possible, as a last resort you can raise a ticket through the Intune "Help and Support" node and our support teams will assist you. |
-
-## Glossary
-
-| Term | Meaning |
-| --- | --- |
-| CSV | Comma Separated Values (File type similar to Excel spreadsheet) |
-| MPC | Microsoft Partner Center |
-| MDM | Mobile Device Management |
-| OEM | Original Equipment Manufacturer |
-| CSP | Cloud Solution Provider |
-| MSfB | Microsoft Store for Business |
-| Azure AD | Azure Active Directory |
-| 4K HH | 4K hardware hash |
-| CBR | Computer Build Report |
-| EC | Enterprise Commerce |
-| DDS | Device Directory Service |
-| OOBE | Out of the Box Experience |
-| UUID | Universally Unique Identifier |
diff --git a/windows/deployment/windows-autopilot/autopilot-mbr.md b/windows/deployment/windows-autopilot/autopilot-mbr.md
deleted file mode 100644
index 28c376ab92..0000000000
--- a/windows/deployment/windows-autopilot/autopilot-mbr.md
+++ /dev/null
@@ -1,421 +0,0 @@
----
-title: Windows Autopilot motherboard replacement
-ms.reviewer:
-manager: laurawi
-description: Windows Autopilot deployment MBR scenarios
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot motherboard replacement scenario guidance
-
-**Applies to**
-
-- Windows 10
-
-This document offers guidance for Windows Autopilot device repair scenarios that Microsoft partners can use in Motherboard Replacement (MBR) situations, and other servicing scenarios.
-
-Repairing Autopilot enrolled devices is complex, as it tries to balance OEM requirements with Windows Autopilot requirements. Specifically, OEM’s require strict uniqueness across motherboards, MAC addresses, etc., while Windows Autopilot requires strict uniqueness at the Hardware ID level for each device to enable successful registration. The Hardware ID does not always accommodate all the OEM hardware component requirements, thus these requirements are sometimes at odds, causing issues with some repair scenarios.
-
-**Motherboard Replacement (MBR)**
-
-If a motherboard replacement is needed on a Windows Autopilot device, the following process is recommended:
-
-1. [Deregister the device](#deregister-the-autopilot-device-from-the-autopilot-program) from Windows Autopilot
-2. [Replace the motherboard](#replace-the-motherboard)
-3. [Capture a new device ID (4K HH)](#capture-a-new-autopilot-device-id-4k-hh-from-the-device)
-4. [Reregister the device](#reregister-the-repaired-device-using-the-new-device-id) with Windows Autopilot
-5. [Reset the device](#reset-the-device)
-6. [Return the device](#return-the-repaired-device-to-the-customer)
-
-Each of these steps is described below.
-
-## Deregister the Autopilot device from the Autopilot program
-
-Before the device arrives at the repair facility, it must be deregistered by the entity that registered it. Only the entity that registered the device can deregister it. This might be the customer IT Admin, the OEM, or the CSP partner. If the IT Admin registered the device, they likely did so via Intune (or possibly the Microsoft Store for Business). In that case, they should deregister the device from Intune (or MSfB). This is necessary because devices registered in Intune will not show up in MPC. However, if the OEM or CSP partner registered the device, they likely did so via the Microsoft Partner Center (MPC). In that case, they should deregister the device from MPC, which will also remove it from the customer IT Admin’s Intune account. Below, we describe the steps an IT Admin would go through to deregister a device from Intune, and the steps an OEM or CSP would go through to deregister a device from MPC.
-
-**NOTE**: When possible, an OEM or CSP should register Autopilot devices, rather than having the customer do it. This will avoid problems where OEMs or CSPs may not be able to deregister a device if, for example, a customer leasing a device goes out of business before deregistering it themselves.
-
-**EXCEPTION**: If a customer grants an OEM permission to register devices on their behalf via the automated consent process, then an OEM can use the API to deregister devices they didn’t register themselves (instead, the customer registered the devices). But keep in mind that this would only remove those devices from the Autopilot program, it would not disenroll them from Intune or disjoin them from AAD. The customer must do those steps, if desired, through Intune.
-
-### Deregister from Intune
-
-To deregister an Autopilot device from Intune, an IT Admin would:
-
-1. Sign in to their Intune account
-2. Navigate to Intune > Groups > All groups
-3. Remove the desired device from its group
-4. Navigate to Intune > Devices > All devices
-5. Select the checkbox next to the device you want to delete, then click the Delete button on the top menu
-6. Navigate to Intune > Devices > Azure AD devices
-7. Select the checkbox next to the device you want to delete, then click the Delete button along the top menu
-8. Navigate to Intune > Device enrollment > Windows enrollment > Devices
-9. Select the checkbox next to the device you want to deregister
-10. Click the extended menu icon (“…”) on the far right end of the line containing the device you want to deregister in order to expose an additional menu with the option to “unassign user”
-11. Click “Unassign user” if the device was previously assigned to a user; if not, this option will be grayed-out and can be ignored
-12. With the unassigned device still selected, click the Delete button along the top menu to remove this device
-
-**NOTE**: These steps deregister the device from Autopilot, but also unenroll the device from Intune, and disjoin the device from AAD. While it may appear that only deregistering the device from Autopilot is needed, there are certain barriers in place within Intune that necessitate all the steps above be done, which is best practice anyway in case the device gets lost or becomes unrecoverable, to eliminate the possibility of orphaned devices existing in the Autopilot database, or Intune, or AAD. If a device gets into an unrecoverable state, you can contact the appropriate [Microsoft support alias](autopilot-support.md) for assistance.
-
-The deregistration process will take about 15 minutes. You can accelerate the process by clicking the “Sync” button, then “Refresh” the display until the device is no longer present.
-
-More details on deregistering devices from Intune can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
-
-### Deregister from MPC
-
-To deregister an Autopilot device from the Microsoft Partner Center (MPC), a CSP would:
-
-1. Log into MPC
-2. Navigate to Customer > Devices
-3. Select the device to be deregistered and click the “Delete device” button
-
-
-
-**NOTE**: Deregistering a device from Autopilot in MPC does only that; it does not also unenroll the device from the MDM (Intune), nor does it disjoin the device from AAD. Therefore, if possible, the OEM/CSP ideally should work with the customer IT Admin to have the device fully removed per the Intune steps in the previous section.
-
-Alternatively, an OEM partner that has integrated the OEM Direct APIs can deregister a device by calling the AutopilotDeviceRegistration API with the TenantID and TenantDomain fields left blank in the request call.
-
-Because the repair facility will not have access to the user’s login credentials, the repair facility will have to reimage the device as part of the repair process. This means that the customer should do three things before sending the device off for repair:
-1. Copy all important data off the device.
-2. Let the repair facility know which version of Windows they should reinstall after the repair.
-3. If applicable, let the repair facility know which version of Office they should reinstall after the repair.
-
-## Replace the motherboard
-
-Technicians replace the motherboard (or other hardware) on the broken device. A replacement DPK is injected.
-
-Repair and key replacement processes vary between facilities. Sometimes repair facilities receive motherboard spare parts from OEMs that have replacement DPKs already injected, but sometimes not. Sometimes repair facilities receive fully-functional BIOS tools from OEMs, but sometimes not. This means that the quality of the data in the BIOS after an MBR varies. To ensure the repaired device will still be Autopilot-capable following its repair, the new (post-repair) BIOS should be able to successfully gather and populate the following information at a minimum:
-
-- DiskSerialNumber
-- SmbiosSystemSerialNumber
-- SmbiosSystemManufacturer
-- SmbiosSystemProductName
-- SmbiosUuid
-- TPM EKPub
-- MacAddress
-- ProductKeyID
-- OSType
-
-**NOTE**: For simplicity, and because processes vary between repair facilities, we have excluded many of the additional steps often used in an MBR, such as:
-- Verify that the device is still functional
-- Disable BitLocker*
-- Repair the Boot Configuration Data (BCD)
-- Repair and verify the network driver operation
-
-*BitLocker can be suspended rather than disabled if the technician has the ability to resume it after the repair.
-
-## Capture a new Autopilot device ID (4K HH) from the device
-
-Repair technicians must sign in to the repaired device to capture the new device ID. Assuming the repair technician does NOT have access to the customer’s login credentials, they will have to reimage the device in order to gain access, per the following steps:
-
-1. The repair technician creates a [WinPE bootable USB drive](https://docs.microsoft.com/windows-hardware/manufacture/desktop/oem-deployment-of-windows-10-for-desktop-editions#create-a-bootable-windows-pe-winpe-partition).
-2. The repair technician boots the device to WinPE.
-3. The repair technician [applies a new Windows image to the device](https://docs.microsoft.com/windows-hardware/manufacture/desktop/work-with-windows-images).
-
- **NOTE**: Ideally, the same version of Windows should be reimaged onto the device that was originally on the device, so some coordination will be required between the repair facility and customer to capture this information at the time the device arrives for repair. This might include the customer sending the repair facility a customized image (.ppk file) via a USB stick, for example.
-
-4. The repair technician boots the device into the new Windows image.
-5. Once on the desktop, the repair technician captures the new device ID (4K HH) off the device using either the OA3 Tool or the PowerShell script, as described below.
-
-Those repair facilities with access to the OA3 Tool (which is part of the ADK) can use the tool to capture the 4K Hardware Hash (4K HH).
-
-Alternatively, the [WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) can be used to capture the 4K HH by following these steps:
-
-1. Install the script from the [PowerShell Gallery](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) or from the command line (command line installation is shown below).
-2. Navigate to the script directory and run it on the device when the device is either in Full OS or Audit Mode. See the following example.
-
- ```powershell
- md c:\HWID
- Set-Location c:\HWID
- Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
- Install-Script -Name Get-WindowsAutopilotInfo -Force
- Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
- ```
-
->If you are prompted to install the NuGet package, choose **Yes**.
->If, after installing the script you get an error that Get-WindowsAutopilotInfo.ps1 is not found, verify that C:\Program Files\WindowsPowerShell\Scripts is present in your PATH variable.
->If the Install-Script cmdlet fails, verify that you have the default PowerShell repository registered (**Get-PSRepository**) or register the default repository with **Register-PSRepository -Default -Verbose**.
-
-The script creates a .csv file that contains the device information, including the complete 4K HH. Save this file so that you can access it later. The service facility will use this 4K HH to reregister device as described below. Be sure to use the -OutputFile parameter when saving the file, which ensures that file formatting is correct. Do not attempt to pipe the command output to a file manually.
-
-**NOTE**: If the repair facility does not have the ability to run the OA3 tool or PowerShell script to capture the new 4K HH, then the CSP (or OEM) partners must do this for them. Without some entity capturing the new 4K HH, there is no way to reregister this device as an Autopilot device.
-
-
-## Reregister the repaired device using the new device ID
-
-If an OEM is not able to reregister the device, then the repair facility or CSP should reregister the device using MPC, or the customer IT Admin should be advised to reregister the device via Intune (or MSfB). Both ways of reregistering a device are shown below.
-
-### Reregister from Intune
-
-To reregister an Autopilot device from Intune, an IT Admin would:
-1. Sign in to Intune.
-2. Navigate to Device enrollment > Windows enrollment > Devices > Import.
-3. Click the **Import** button to upload a csv file containing the device ID of the device to be reregistered (the device ID was the 4K HH captured by the PowerShell script or OA3 tool described previously in this document).
-
-The following video provides a good overview of how to (re)register devices via MSfB.
-
-> [!VIDEO https://www.youtube.com/embed/IpLIZU_j7Z0]
-
-### Reregister from MPC
-
-To reregister an Autopilot device from MPC, an OEM or CSP would:
-
-1. Sign in to MPC.
-2. Navigate to the Customer > Devices page and click the **Add devices** button to upload the csv file.
-
-
-
-
-In the case of reregistering a repaired device through MPC, the uploaded csv file must contain the 4K HH for the device, and not just the PKID or Tuple (SerialNumber + OEMName + ModelName). If only the PKID or Tuple was used, the Autopilot service would be unable to find a match in the Autopilot database, since no 4K HH info was ever previously submitted for this essentially “new” device, and the upload will fail, likely returning a ZtdDeviceNotFound error. So, again, only upload the 4K HH, not the Tuple or PKID.
-
-**NOTE**: When including the 4K HH in the csv file, you do NOT also need to include the PKID or Tuple. Those columns may be left blank, as shown below:
-
-
-
-## Reset the device
-
-Since the device was required to be in Full OS or Audit Mode to capture the 4K HH, the repair facility must reset the image back to a pre-OOBE state before returning it to the customer. One way this can be accomplished is by using the built-in reset feature in Windows, as follows:
-
-On the device, go to Settings > Update & Security > Recovery and click on Get started. Under Reset this PC, select Remove everything and Just remove my files. Finally, click on Reset.
-
-
-
-However, it’s likely the repair facility won’t have access to Windows because they lack the user credentials to sign in, in which case they need to use other means to reimage the device, such as the [Deployment Image Servicing and Management tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/oem-deployment-of-windows-10-for-desktop-editions#use-a-deployment-script-to-apply-your-image).
-
-## Return the repaired device to the customer
-
-After completing the previous steps, the repaired device can now be returned to the customer, and will be auto-enrolled into the Autopilot program on first boot-up during OOBE.
-
-**NOTE**: If the repair facility did NOT reimage the device, they could be sending it back in a potentially broken state (e.g., there’s no way to log into the device because it’s been dissociated from the only known user account), in which case they should tell the organization that they need to fix the registration and OS themselves.
-
-**IMPORTANT**: A device can be “registered” for Autopilot prior to being powered-on, but the device isn’t actually “deployed” to Autopilot (i.e., enabled as an Autopilot device) until it goes through OOBE, which is why resetting the device back to a pre-OOBE state is a required step.
-
-## Specific repair scenarios
-
-This section covers the most common repair scenarios, and their impact on Autopilot enablement.
-
-NOTES ON TEST RESULTS:
-
-- Scenarios below were tested using Intune only (no other MDMs were tested).
-- In most test scenarios below, the repaired and reregistered device needed to go through OOBE again for Autopilot to be enabled.
-- Motherboard replacement scenarios often result in lost data, so repair centers or customers should be reminded to back up data (if possible) prior to repair.
-- In the cases where a repair facility does not have the ability to write device info into the BIOS of the repaired device, new processes need to be created to successfully enable Autopilot.
-- Repaired device should have the Product Key (DPK) preinjected in the BIOS before capturing the new 4K HH (device ID)
-
-In the following table:
-- Supported = **Yes**: the device can be reenabled for Autopilot
-- Supported = **No**: the device cannot be reenabled for Autopilot
-
-
-
Scenario
Supported
Microsoft Recommendation
-
Motherboard Replacement (MBR) in general
Yes
The recommended course of action for MBR scenarios is:
-
-1. Autopilot device is deregistered from the Autopilot program
-2. The motherboard is replace
-3. The device is reimaged (with BIOS info and DPK reinjected)*
-4. A new Autopilot device ID (4K HH) is captured off the device
-5. The repaired device is reregistered for the Autopilot program using the new device ID
-6. The repaired device is reset to boot to OOBE
-7. The repaired device is shipped back to the customer
-
-*It’s not necessary to reimage the device if the repair technician has access to the customer’s login credentials. It’s technically possible to do a successful MBR and Autopilot re-enablement without keys or certain BIOS info (e.g., serial #, model name, etc.), but doing so is only recommended for testing/educational purposes.
-
-
MBR when motherboard has a TPM chip (enabled) and only one onboard network card (that also gets replaced)
Yes
-
-1. Deregister damaged device
-2. Replace motherboard
-3. Reimage device (to gain access), unless you have access to customers’ login credentials
-4. Write device info into BIOS
-5. Capture new 4K HH
-6. Reregister repaired device
-7. Reset device back to OOBE
-8. Go through Autopilot OOBE (customer)
-9. Autopilot successfully enabled
-
-
MBR when motherboard has a TPM chip (enabled) and a second network card (or network interface) that is not replaced along with the motherboard
No
This scenario is not recommended, as it breaks the Autopilot experience, because the resulting Device ID will not be stable until after TPM attestation has completed, and even then registration may give incorrect results because of ambiguity with MAC Address resolution.
-
MBR where the NIC card, HDD, and WLAN all remain the same after the repair
Yes
-
-1. Deregister damaged device
-2. Replace motherboard (with new RDPK preinjected in BIOS)
-3. Reimage device (to gain access), unless you have access to customers’ login credentials
-4. Write old device info into BIOS (same s/n, model, etc.)*
-5. Capture new 4K HH
-6. Reregister repaired device
-7. Reset device back to OOBE
-8. Go through Autopilot OOBE (customer)
-9. Autopilot successfully enabled
-
-*Note that for this and subsequent scenarios, rewriting old device info would not include the TPM 2.0 endorsement key, as the associated private key is locked to the TPM device
-
-
MBR where the NIC card remains the same, but the HDD and WLAN are replaced
Yes
-
-1. Deregister damaged device
-2. Replace motherboard (with new RDPK preinjected in BIOS)
-3. Insert new HDD and WLAN
-4. Write old device info into BIOS (same s/n, model, etc.)
-5. Capture new 4K HH
-6. Reregister repaired device
-7. Reset device back to OOBE
-8. Go through Autopilot OOBE (customer)
-9. Autopilot successfully enabled
-
-
MBR where the NIC card and WLAN remains the same, but the HDD is replaced
Yes
-
-1. Deregister damaged device
-2. Replace motherboard (with new RDPK preinjected in BIOS)
-3. Insert new HDD
-4. Write old device info into BIOS (same s/n, model, etc.)
-5. Capture new 4K HH
-6. Reregister repaired device
-7. Reset device back to OOBE
-8. Go through Autopilot OOBE (customer)
-9. Autopilot successfully enabled
-
-
MBR where only the MB is replaced (all other parts remain same) but new MB was taken from a previously used device that had NOT been Autopilot-enabled before.
Yes
-
-1. Deregister damaged device
-2. Replace motherboard (with new RDPK preinjected in BIOS)
-3. Reimage device (to gain access), unless you have access to customers’ login credentials
-4. Write old device info into BIOS (same s/n, model, etc.)
-5. Capture new 4K HH
-6. Reregister repaired device
-7. Reset device back to OOBE
-8. Go through Autopilot OOBE (customer)
-9. Autopilot successfully enabled
-
-
MBR where only the MB is replaced (all other parts remain same) but new MB was taken from a previously used device that HAD been Autopilot-enabled before.
Yes
-
-1. Deregister old device from which MB will be taken
-2. Deregister damaged device (that you want to repair)
-3. Replace motherboard in repair device with MB from other Autopilot device (with new RDPK preinjected in BIOS)
-4. Reimage device (to gain access), unless you have access to customers’ login credentials
-5. Write old device info into BIOS (same s/n, model, etc.)
-6. Capture new 4K HH
-7. Reregister repaired device
-8. Reset device back to OOBE
-9. Go through Autopilot OOBE (customer)
-10. Autopilot successfully enabled
-
-NOTE: The repaired device can also be used successfully as a normal, non-Autopilot device.
-
-
BIOS info excluded from MBR device
No
Repair facility does not have BIOS tool to write device info into BIOS after MBR.
-
-1. Deregister damaged device
-2. Replace motherboard (BIOS does NOT contain device info)
-3. Reimage and write DPK into image
-4. Capture new 4K HH
-5. Reregister repaired device
-6. Create Autopilot profile for device
-7. Go through Autopilot OOBE (customer)
-8. Autopilot FAILS to recognize repaired device
-
-
MBR when there is no TPM chip
Yes
Though we do not recommend enabling Autopilot devices without a TPM chip (which is recommended for BitLocker encryption), it is possible to enable an Autopilot device in “standard user” mode (but NOT Self-deploying mode) that does not have a TPM chip. In this case, you would:
-
-1. Deregister damaged device
-2. Replace motherboard
-3. Reimage device (to gain access), unless you have access to customers’ login credentials
-4. Write old device info into BIOS (same s/n, model, etc.)
-5. Capture new 4K HH
-6. Reregister repaired device
-7. Reset device back to OOBE
-8. Go through Autopilot OOBE (customer)
-9. Autopilot successfully enabled
-
-
New DPK written into image on repaired Autopilot device with a new MB
Yes
Repair facility replaces normal MB on damaged device. MB does not contain any DPK in the BIOS. Repair facility writes DPK into image after MBR.
-
-1. Deregister damaged device
-2. Replace motherboard – BIOS does NOT contain DPK info
-3. Reimage device (to gain access), unless you have access to customers’ login credentials
-4. Write device info into BIOS (same s/n, model, etc.)
-5. Capture new 4K HH
-6. Reset or reimage device to pre-OOBE and write DPK into image
-7. Reregister repaired device
-8. Go through Autopilot OOBE
-9. Autopilot successfully enabled
-
-
New Repair Product Key (RDPK)
Yes
Using a motherboard with a new RDPK preinjected results in a successful Autopilot refurbishment scenario.
-
-1. Deregister damaged device
-2. Replace motherboard (with new RDPK preinjected in BIOS)
-3. Reimage or rest image to pre-OOBE
-4. Write device info into BIOS
-5. Capture new 4K HH
-6. Reregister repaired device
-7. Reimage or reset image to pre-OOBE
-8. Go through Autopilot OOBE
-9. Autopilot successfully enabled
-
-
No Repair Product Key (RDPK) injected
No
This scenario violates Microsoft policy and breaks the Windows Autopilot experience.
-
Reimage damaged Autopilot device that was not deregistered prior to repair
Yes, but the device will still be associated with previous tenant ID, so should only be returned to same customer
-
-1. Reimage damaged device
-2. Write DPK into image
-3. Go through Autopilot OOBE
-4. Autopilot successfully enabled (to previous tenant ID)
-
-
Disk replacement from a non-Autopilot device to an Autopilot device
Yes
-
-1. Do not deregister damaged device prior to repair
-2. Replace HDD on damaged device
-3. Reimage or reset image back to OOBE
-4. Go through Autopilot OOBE (customer)
-5. Autopilot successfully enabled (repaired device recognized as its previous self)
-
-
Disk replacement from one Autopilot device to another Autopilot device
Maybe
If the device from which the HDD is taken was itself previously deregistered from Autopilot, then that HDD can be used in a repair device. But if the HDD was never previously deregistered from Autopilot before being used in a repaired device, the newly repaired device will not have the proper Autopilot experience.
-
-Assuming the used HDD was previously deregistered (before being used in this repair):
-
-1. Deregister damaged device
-2. Replace HDD on damaged device using a HDD from another deregistered Autopilot device
-3. Reimage or rest the repaired device back to a pre-OOBE state
-4. Go through Autopilot OOBE (customer)
-5. Autopilot successfully enabled
-
-
Non-Microsoft network card replacement
No
Whether from a non-Autopilot device to an Autopilot device, from one Autopilot device to another Autopilot device, or from an Autopilot device to a non-Autopilot device, any scenario where a 3rd party (not onboard) Network card is replaced will break the Autopilot experience, and is not recommended.
-
A device repaired more than 3 times
No
Autopilot is not supported when a device is repeatedly repaired, so that whatever parts NOT replaced become associated with too many parts that have been replaced, which would make it difficult to uniquely identify that device in the future.
-
Memory replacement
Yes
Replacing the memory on a damaged device does not negatively affect the Autopilot experience on that device. No de/reregistration is needed. The repair technician simply needs to replace the memory.
-
GPU replacement
Yes
Replacing the GPU(s) on a damaged device does not negatively affect the Autopilot experience on that device. No de/reregistration is needed. The repair technician simply needs to replace the GPU.
-
-
->When scavenging parts from another Autopilot device, we recommend unregistering the scavenged device from Autopilot, scavenging it, and then NEVER REGISTERING THE SCAVENGED DEVICE (AGAIN) FOR AUTOPILOT, because reusing parts this way may cause two active devices to end up with the same ID, with no possibility of distinguishing between the two.
-
-**NOTE**: The following parts may be replaced without compromising Autopilot enablement or requiring special additional repair steps:
-- Memory (RAM or ROM)
-- Power Supply
-- Video Card
-- Card Reader
-- Sound card
-- Expansion card
-- Microphone
-- Webcam
-- Fan
-- Heat sink
-- CMOS battery
-
-Other repair scenarios not yet tested and verified include:
-- Daughterboard replacement
-- CPU replacement
-- Wifi replacement
-- Ethernet replacement
-
-## FAQ
-
-| Question | Answer |
-| --- | --- |
-| If we have a tool that programs product information into the BIOS after the MBR, do we still need to submit a CBR report for the device to be Autopilot-capable? | No. Not if the in-house tool writes the minimum necessary information into the BIOS that the Autopilot program looks for to identify the device, as described earlier in this document. |
-| What if only some components are replaced rather than the full motherboard? | While it’s true that some limited repairs do not prevent the Autopilot algorithm from successfully matching the post-repair device with the pre-repair device, it is best to ensure 100% success by going through the MBR steps above even for devices that only needed limited repairs. |
-| How does a repair technician gain access to a broken device if they don’t have the customer’s login credentials? | The technician will have to reimage the device and use their own credentials during the repair process. |
-
-## Related topics
-
-[Device guidelines](autopilot-device-guidelines.md)
diff --git a/windows/deployment/windows-autopilot/autopilot-support.md b/windows/deployment/windows-autopilot/autopilot-support.md
deleted file mode 100644
index 762aab67e5..0000000000
--- a/windows/deployment/windows-autopilot/autopilot-support.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Windows Autopilot support
-description: Find out who to contact for help with your Windows Autopilot installation.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: low
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Windows Autopilot support information
-
-**Applies to: Windows 10**
-
-The following table displays support information for the Windows Autopilot program.
-
-Before contacting the resources listed below for Windows Autopilot-related issues, check the [Windows Autopilot FAQ](autopilot-faq.md).
-
-| Audience | Support contact |
-|------------|---------------------------------------|
-| OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if you’re a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. |
-| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority: Low – 120 hours Normal – 72 hours High – 24 hours Immediate – 4 hours |
-| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. |
-| End-user | Contact your IT administrator. |
-| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. |
-| Microsoft Store for Business (MSfB) users | Use the help resources available in MSfB. |
-| Intune users | From the Microsoft Azure portal, click [Help + support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview). |
-| Microsoft 365 Business | Support is accessible directly through the Microsoft 365 Business portal when logged in: https://support.microsoft.com/en-us. |
-| Queries relating to MDA testing | Contact MDAHelp@microsoft.com. |
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/autopilot-update.md b/windows/deployment/windows-autopilot/autopilot-update.md
deleted file mode 100644
index db4094b8a8..0000000000
--- a/windows/deployment/windows-autopilot/autopilot-update.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: Windows Autopilot update
-ms.reviewer:
-manager: laurawi
-description: Windows Autopilot update
-keywords: Autopilot, update, Windows 10
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-ms.localizationpriority: medium
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot update
-
-**Applies to**
-
-- Windows 10, version 1903
-
-Windows Autopilot update enables you to get the latest Autopilot features and critical issue fixes without the need to move to latest Windows OS version. With Autopilot update, organizations can keep their current OS version and still benefit from new Autopilot features and bug fixes.
-
-During the Autopilot deployment process, Windows Autopilot update has been added as a new node after the critical [Windows Zero Day Patch (ZDP) update](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) check. During the update process, Windows Autopilot devices reach out to Windows Update to check for a new Autopilot update. If there is an Autopilot update available, the device will download and install the update, then restart automatically. See the following example.
-
- 
- 
- 
-
-The following diagram illustrates a typical Windows Autopilot deployment orchestration during the Out of Box Experience (OOBE) with the new Windows Autopilot update node.
-
- 
-
-## Release cadence
-
-- When an Autopilot update is available, it is typically released on the 4th Tuesday of the month. The update could be released on a different week if there is an exception.
-- A knowledge base (KB) article will also be published to document the changes that are included in the update.
-
-For a list of released updates, see [Autopilot update history](windows-autopilot-whats-new.md#windows-autopilot-update-history).
-
-## See also
-
-[Windows Update during OOBE](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe)
-[What's new in Windows Autopilot](windows-autopilot-whats-new.md)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/bitlocker.md b/windows/deployment/windows-autopilot/bitlocker.md
deleted file mode 100644
index 542243d569..0000000000
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: Setting the BitLocker encryption algorithm for Autopilot devices
-ms.reviewer:
-manager: laurawi
-description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices.
-keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-ms.localizationpriority: medium
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Setting the BitLocker encryption algorithm for Autopilot devices
-
-**Applies to**
-
-- Windows 10
-
-With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encryption algorithm isn't applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins.
-
-The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit, or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
-
-To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
-
-1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm.
-2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group.
- - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
-3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices.
- - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
-
-An example of Microsoft Intune Windows Encryption settings is shown below.
-
- 
-
-**Note**: A device that is encrypted automatically will need to be decrypted prior to changing the encryption algorithm.
-
-The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
-
-**Note**: It is also recommended to set Windows Encryption -> Windows Settings -> Encrypt = **Require**.
-
-## Requirements
-
-Windows 10, version 1809 or later.
-
-## See also
-
-[BitLocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)
diff --git a/windows/deployment/windows-autopilot/deployment-process.md b/windows/deployment/windows-autopilot/deployment-process.md
deleted file mode 100644
index 6723d50e35..0000000000
--- a/windows/deployment/windows-autopilot/deployment-process.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Windows 10 deployment process posters
-description: View and download Windows 10 deployment process flows for Microsoft Endpoint Configuration Manager and Windows Autopilot.
-ms.reviewer:
-manager: laurawi
-ms.audience: itpro
-author: greg-lindsay
-keywords: upgrade, in-place, configuration, deploy
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
-author: greg-lindsay
-ms.topic: article
----
-
-# Windows Autopilot deployment process
-
-**Applies to**
-- Windows 10
-
-Windows Autopilot deployment processes are summarized in the poster below. The poster is two pages in portrait mode (11x17). Click the image below to view a PDF in your browser.
-
-[](../media/Windows10AutopilotFlowchart.pdf)
-
-**Note**: The Windows Autopilot for existing devices process is included in the [Microsoft Endpoint Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-microsoft-endpoint-configuration-manager).
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/dfci-management.md b/windows/deployment/windows-autopilot/dfci-management.md
deleted file mode 100644
index 550420a264..0000000000
--- a/windows/deployment/windows-autopilot/dfci-management.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-title: DFCI Management
-ms.reviewer:
-manager: laurawi
-description: With Windows Autopilot Deployment and Intune, you can manage UEFI (BIOS) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI)
-keywords: Autopilot, DFCI, UEFI, Windows 10
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-ms.localizationpriority: medium
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# DFCI Management
-
-**Applies to**
-
-- Windows 10
-
-With Windows Autopilot Deployment and Intune, you can manage Unified Extensible Firmware Interface (UEFI) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI). DFCI [enables Windows to pass management commands](https://docs.microsoft.com/windows/client-management/mdm/uefi-csp) from Intune to UEFI to Autopilot deployed devices. This allows you to limit end user's control over BIOS settings. For example, you can lock down the boot options to prevent users from booting up another OS, such as one that doesn't have the same security features.
-
-If a user reinstalls a previous Windows version, install a separate OS, or format the hard drive, they can't override DFCI management. This feature can also prevent malware from communicating with OS processes, including elevated OS processes. DFCI’s trust chain uses public key cryptography, and doesn't depend on local UEFI password security. This layer of security blocks local users from accessing managed settings from the device’s UEFI menus.
-
-For an overview of DFCI benefits, scenarios, and prerequisites, see [Device Firmware Configuration Interface (DFCI) Introduction](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/).
-
-## DFCI management lifecycle
-
-The DFCI management lifecycle can be viewed as UEFI integration, device registration, profile creation, enrollment, management, retirement, and recovery. See the following figure.
-
- 
-
-## Requirements
-
-- Windows 10, version 1809 or later and a supported UEFI is required.
-- The device manufacturer must have DFCI added to their UEFI firmware in the manufacturing process, or as a firmware update that you install. Work with your device vendors to determine the [manufacturers that support DFCI](#oems-that-support-dfci), or the firmware version needed to use DFCI.
-- The device must be managed with Microsoft Intune. For more information, see [Enroll Windows devices in Intune using Windows Autopilot](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
-- The device must be registered for Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider), or registered directly by the OEM.
-
->[!IMPORTANT]
->Devices manually registered for Autopilot (such as by [importing from a csv file](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot#add-devices)) are not allowed to use DFCI. By design, DFCI management requires external attestation of the device’s commercial acquisition through an OEM or a Microsoft CSP partner registration to Windows Autopilot. When your device is registered, its serial number is displayed in the list of Windows Autopilot devices.
-
-## Managing DFCI profile with Windows Autopilot
-
-There are four basic steps in managing DFCI profile with Windows Autopilot:
-
-1. Create an Autopilot Profile
-2. Create an Enrollment status page profile
-3. Create a DFCI profile
-4. Assign the profiles
-
-See [Create the profiles](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#create-the-profiles) and [Assign the profiles, and reboot](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#assign-the-profiles-and-reboot) for details.
-
-You can also [change existing DFCI settings](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#update-existing-dfci-settings) on devices that are in use. In your existing DFCI profile, change the settings and save your changes. Since the profile is already assigned, the new DFCI settings take effect when next time the device syncs or the device reboots.
-
-## OEMs that support DFCI
-
-- [Microsoft Surface](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
-
-Additional OEMs are pending.
-
-## See also
-
-[Microsoft DFCI Scenarios](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Scenarios/DfciScenarios/)
-[Windows Autopilot and Surface devices](https://docs.microsoft.com/surface/windows-autopilot-and-surface-devices)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md
deleted file mode 100644
index 11a393eada..0000000000
--- a/windows/deployment/windows-autopilot/enrollment-status.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-title: Windows Autopilot Enrollment Status Page
-ms.reviewer:
-manager: laurawi
-description: Gives an overview of the Enrollment Status Page capabilities, configuration
-keywords: Autopilot Plug and Forget, Windows 10
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-ms.localizationpriority: medium
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot Enrollment Status Page
-
-**Applies to**
-
-- Windows 10, version 1803 and later
-
-The Enrollment Status Page (ESP) displays the status of the complete device configuration process when an MDM managed user signs into a device for the very first time. The ESP will help users understand the progress of device provisioning and ensures the device has met the organizations desired state before the user can access the desktop for the first time.
-
-The ESP will track the installation of applications, security policies, certificates and network connections. Within Intune, an administrator can deploy ESP profiles to a licensed Intune user and configure specific settings within the ESP profile; a few of these settings are: force the installation of specified applications, allow users to collect troubleshooting logs, specify what a user can do if device setup fails. For more information, see how to set up the [Enrollment Status Page in Intune](https://docs.microsoft.com/intune/windows-enrollment-status).
-
- 
-
-
-## More information
-
-For more information on configuring the Enrollment Status Page, see the [Microsoft Intune documentation](https://docs.microsoft.com/intune/windows-enrollment-status).
-For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP documentation](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).
-For more information about blocking for app installation:
-- [Blocking for app installation using Enrollment Status Page](https://blogs.technet.microsoft.com/mniehaus/2018/12/06/blocking-for-app-installation-using-enrollment-status-page/).
-- [Support Tip: Office C2R installation is now tracked during ESP](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Office-C2R-installation-is-now-tracked-during-ESP/ba-p/295514).
diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md
deleted file mode 100644
index 2ea6052a20..0000000000
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ /dev/null
@@ -1,324 +0,0 @@
----
-title: Windows Autopilot for existing devices
-description: Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Windows Autopilot for existing devices
-
-**Applies to: Windows 10**
-
-Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away.
-
-This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Windows 10 devices joined to either Azure Active Directory or Active Directory (Hybrid Azure AD Join) by using Windows Autopilot.
-
->[!NOTE]
->Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. Self-deploying profiles are not supported.
-
-## Prerequisites
-
-- A currently supported version of Microsoft Endpoint Configuration Manager current branch or technical preview branch.
-- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later
- - For more information on Configuration Manager support, see [Support for Windows 10 ADK](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10#windows-10-adk).
-- Assigned Microsoft Intune Licenses
-- Azure Active Directory Premium
-- Windows 10 version 1809 or later imported into Configuration Manager as an Operating System Image
- - **Important**: See [Known issues](known-issues.md) if you are using Windows 10 1903 with Configuration Manager’s built-in **Windows Autopilot existing device** task sequence template. Currently, one of the steps in this task sequence must be edited to work properly with Windows 10, version 1903.
-
-## Procedures
-
-### Configure the Enrollment Status Page (optional)
-
-If desired, you can set up an [enrollment status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) for Autopilot using Intune.
-
-To enable and configure the enrollment and status page:
-
-1. Open [Intune in the Azure portal](https://aka.ms/intuneportal).
-2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status).
-3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/configmgr/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users.
-
-See the following examples.
-
-
-
-
-### Create the JSON file
-
->[!TIP]
->To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616).
-
-1. On an Internet connected Windows PC or server, open an elevated Windows PowerShell command window
-2. Enter the following lines to install the necessary modules
-
- #### Install required modules
-
- ```powershell
- Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
- Install-Module AzureAD -Force
- Install-Module WindowsAutopilotIntune -Force
- Install-Module Microsoft.Graph.Intune -Force
- ```
-
-3. Enter the following lines and provide Intune administrative credentials
- - Be sure that the user account you specify has sufficient administrative rights.
-
- ```powershell
- Connect-MSGraph
- ```
- The user and password for your account will be requested using a standard Azure AD form. Type your username and password and then click **Sign in**.
- See the following example:
-
- 
-
- If this is the first time you’ve used the Intune Graph APIs, you’ll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions:
- - Select **Consent on behalf or your organization**
- - Click **Accept**
-
-4. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format:
-
- #### Retrieve profiles in Autopilot for existing devices JSON format
-
- ```powershell
- Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
- ```
-
- See the following sample output: (use the horizontal scroll bar at the bottom to view long lines)
-
-
- Each profile is encapsulated within braces **{ }**. In the previous example, a single profile is displayed.
-
- See the following table for a description of properties used in the JSON file.
-
-
- | Property | Description |
- |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
- | Version (number, optional) | The version number that identifies the format of the JSON file. For Windows 10 1809, the version specified must be 2049. |
- | CloudAssignedTenantId (guid, required) | The Azure Active Directory tenant ID that should be used. This is the GUID for the tenant, and can be found in properties of the tenant. The value should not include braces. |
- | CloudAssignedTenantDomain (string, required) | The Azure Active Directory tenant name that should be used, for example: tenant.onmicrosoft.com. |
- | CloudAssignedOobeConfig (number, required) | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
- | CloudAssignedDomainJoinMethod (number, required) | This property specifies whether the device should join Azure Active Directory or Active Directory (Hybrid Azure AD Join). Values include: Active AD Join = 0, Hybrid Azure AD Join = 1 |
- | CloudAssignedForcedEnrollment (number, required) | Specifies that the device should require AAD Join and MDM enrollment. 0 = not required, 1 = required. |
- | ZtdCorrelationId (guid, required) | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration. |
- | CloudAssignedAadServerData (encoded JSON string, required) | An embedded JSON string used for branding. It requires AAD corp branding enabled. Example value: "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}" |
- | CloudAssignedDeviceName (string, optional) | The name automatically assigned to the computer. This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use. |
-
-
-5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below: (use the horizontal scroll bar at the bottom if needed to view the entire command string)
-
- ```powershell
- Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII
- ```
- **IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII/ANSI.
-
- If preferred, you can save the profile to a text file and edit in Notepad. In Notepad, when you choose **Save as** you must select Save as type: **All Files** and choose ANSI from the drop-down list next to **Encoding**. See the following example.
-
- 
-
- After saving the file, move the file to a location suitable as a Microsoft Endpoint Configuration Manager package source.
-
- >[!IMPORTANT]
- >Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI.
**Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.
-
-
-### Create a package containing the JSON file
-
-1. In Configuration Manager, navigate to **\Software Library\Overview\Application Management\Packages**
-2. On the ribbon, click **Create Package**
-3. In the **Create Package and Program Wizard** enter the following **Package** and **Program Type** details:
- - Name: **Autopilot for existing devices config**
- - Select the **This package contains source files** checkbox
- - Source folder: Click **Browse** and specify a UNC path containing the AutopilotConfigurationFile.json file.
- - Click **OK** and then click **Next**.
- - Program Type: **Do not create a program**
-4. Click **Next** twice and then click **Close**.
-
-**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Configuration Manager package.
-
-### Create a target collection
-
->[!NOTE]
->You can also choose to reuse an existing collection
-
-1. Navigate to **\Assets and Compliance\Overview\Device Collections**
-2. On the ribbon, click **Create** and then click **Create Device Collection**
-3. In the **Create Device Collection Wizard** enter the following **General** details:
- - Name: **Autopilot for existing devices collection**
- - Comment: (optional)
- - Limiting collection: Click **Browse** and select **All Systems**
-
- >[!NOTE]
- >You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select.
-
-4. Click **Next**, then enter the following **Membership Rules** details:
- - Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection.
- - For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next**, and then choose **PC-01** under **Resources**. See the following examples.
-
- 
- 
-
-5. Continue creating the device collection with the default settings:
- - Use incremental updates for this collection: not selected
- - Schedule a full update on this collection: default
- - Click **Next** twice and then click **Close**
-
-### Create an Autopilot for existing devices Task Sequence
-
->[!TIP]
->The next procedure requires a boot image for Windows 10 1803 or later. Review your available boot images in the Configuration Manager conole under **Software Library\Overview\Operating Systems\Boot images** and verify that the **OS Version** is 10.0.17134.1 (Windows 10 version 1803) or later.
-
-1. In the Configuration Manager console, navigate to **\Software Library\Overview\Operating Systems\Task Sequences**
-2. On the Home ribbon, click **Create Task Sequence**
-3. Select **Install an existing image package** and then click **Next**
-4. In the Create Task Sequence Wizard enter the following details:
- - Task sequence name: **Autopilot for existing devices**
- - Boot Image: Click **Browse** and select a Windows 10 boot image (1803 or later)
- - Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later.
- - Select the **Partition and format the target computer before installing the operating system** checkbox.
- - Select or clear **Configure task sequence for use with BitLocker** checkbox. This is optional.
- - Product Key and Server licensing mode: Optionally enter a product key and server licensing mode.
- - Randomly generate the local administrator password and disable the account on all support platforms (recommended): Optional.
- - Enable the account and specify the local administrator password: Optional.
- - Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**.
-
- > [!IMPORTANT]
- > The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which uses the System Preparation Tool (sysprep). This action will fail if the target machine is joined to a domain.
-
- >[!IMPORTANT]
- > The System Preparation Tool (sysprep) will run with the /Generalize parameter which, on Windows 10 versions 1903 and 1909, will delete the Autopilot profile file and the machine will boot into OOBE phase instead of Autopilot phase. To fix this issue, please see [Windows Autopilot - known issues](https://docs.microsoft.com/windows/deployment/windows-autopilot/known-issues).
-
-5. Click **Next**, and then click **Next** again to accept the default settings on the Install Configuration Manager page.
-6. On the State Migration page, enter the following details:
- - Clear the **Capture user settings and files** checkbox.
- - Clear the **Capture network settings** checkbox.
- - Clear the **Capture Microsoft Windows settings** checkbox.
- - Click **Next**.
-
- >[!NOTE]
- >Because the Autopilot for existing devices task sequence completes while in Windows PE, User State Migration Toolkit (USMT) data migration is not supported as there is no way to restore the user state into the new OS. Also, the User State Migration Toolkit (USMT) does not support Azure AD-joined devices.
-
-7. On the Include Updates page, choose one of the three available options. This selection is optional.
-8. On the Install applications page, add applications if desired. This is optional.
-9. Click **Next**, confirm settings, click **Next**, and then click **Close**.
-10. Right click on the Autopilot for existing devices task sequence and click **Edit**.
-11. In the Task Sequence Editor under the **Install Operating System** group, click the **Apply Windows Settings** action.
-12. Click **Add** then click **New Group**.
-13. Change the group **Name** from **New Group** to **Autopilot for existing devices config**.
-14. Click **Add**, point to **General**, then click **Run Command Line**.
-15. Verify that the **Run Command Line** step is nested under the **Autopilot for existing devices config** group.
-16. Change the **Name** to **Apply Autopilot for existing devices config file** and paste the following into the **Command line** text box, and then click **Apply**:
- ```
- cmd.exe /c xcopy AutopilotConfigurationFile.json %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c
- ```
- - **AutopilotConfigurationFile.json** must be the name of the JSON file present in the Autopilot for existing devices package created earlier.
-
-17. In the **Apply Autopilot for existing devices config file** step, select the **Package** checkbox and then click **Browse**.
-18. Select the **Autopilot for existing devices config** package created earlier and click **OK**. An example is displayed at the end of this section.
-19. Under the **Setup Operating System** group, click the **Setup Windows and Configuration Manager** task.
-20. Click **Add** and then click **New Group**.
-21. Change **Name** from **New Group** to **Prepare Device for Autopilot**
-22. Verify that the **Prepare Device for Autopilot** group is the very last step in the task sequence. Use the **Move Down** button if necessary.
-23. With the **Prepare device for Autopilot** group selected, click **Add**, point to **Images** and then click **Prepare ConfigMgr Client for Capture**.
-24. Add a second step by clicking **Add**, pointing to **Images**, and clicking **Prepare Windows for Capture**. Use the following settings in this step:
- - Automatically build mass storage driver list: **Not selected**
- - Do not reset activation flag: **Not selected**
- - Shut down the computer after running this action: **Optional**
-
- 
-
-25. Click **OK** to close the Task Sequence Editor.
-
-> [!NOTE]
-> On Windows 10 1903 and 1909, the **AutopilotConfigurationFile.json** is deleted by the **Prepare Windows for Capture** step. See [Windows Autopilot - known issues](https://docs.microsoft.com/windows/deployment/windows-autopilot/known-issues) for more information and a workaround.
-
-### Deploy Content to Distribution Points
-
-Next, ensure that all content required for the task sequence is deployed to distribution points.
-
-1. Right click on the **Autopilot for existing devices** task sequence and click **Distribute Content**.
-2. Click **Next**, **Review the content to distribute**, and then click **Next**.
-3. On the Specify the content distribution page click **Add** to specify either a **Distribution Point** or **Distribution Point Group**.
-4. On the Add Distribution Points or Add Distribution Point Groups wizard specify content destinations that will allow the JSON file to be retrieved when the task sequence is run.
-5. When you are finished specifying content distribution, click **Next** twice then click **Close**.
-
-### Deploy the OS with Autopilot Task Sequence
-
-1. Right click on the **Autopilot for existing devices** task sequence and then click **Deploy**.
-2. In the Deploy Software Wizard enter the following **General** and **Deployment Settings** details:
- - Task Sequence: **Autopilot for existing devices**.
- - Collection: Click **Browse** and then select **Autopilot for existing devices collection** (or another collection you prefer).
- - Click **Next** to specify **Deployment Settings**.
- - Action: **Install**.
- - Purpose: **Available**. You can optionally select **Required** instead of **Available**. This is not recommended during the test owing to the potential impact of inadvertent configurations.
- - Make available to the following: **Only Configuration Manager Clients**. Note: Choose the option here that is relevant for the context of your test. If the target client does not have the Configuration Manager agent or Windows installed, you will need to select an option that includes PXE or Boot Media.
- - Click **Next** to specify **Scheduling** details.
- - Schedule when this deployment will become available: Optional
- - Schedule when this deployment will expire: Optional
- - Click **Next** to specify **User Experience** details.
- - Show Task Sequence progress: Selected.
- - Software Installation: Not selected.
- - System restart (if required to complete the installation): Not selected.
- - Commit changed at deadline or during a maintenance windows (requires restart): Optional.
- - Allow task sequence to be run for client on the Internet: Optional
- - Click **Next** to specify **Alerts** details.
- - Create a deployment alert when the threshold is higher than the following: Optional.
- - Click **Next** to specify **Distribution Points** details.
- - Deployment options: **Download content locally when needed by the running task sequence**.
- - When no local distribution point is available use a remote distribution point: Optional.
- - Allow clients to use distribution points from the default site boundary group: Optional.
- - Click **Next**, confirm settings, click **Next**, and then click **Close**.
-
-### Complete the client installation process
-
-1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:
-
- ```
- C:\Windows\CCM\SCClient.exe
- ```
-
-2. In the software library, select **Autopilot for existing devices** and click **Install**. See the following example:
-
- 
- 
-
-The Task Sequence will download content, reboot, format the drives and install Windows 10. The device will then proceed to be prepared for Autopilot. Once the task sequence has completed the device will boot into OOBE and provide an Autopilot experience.
-
-
-
-
-
->[!NOTE]
->If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information.
-
-### Register the device for Windows Autopilot
-
-Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. Once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset. You can enable automatic registration for an assigned group using the **Convert all targeted devices to Autopilot** setting. For more information, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile).
-
-Also see [Adding devices to Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/add-devices).
-
-## Speeding up the deployment process
-
-To remove around 20 minutes from the deployment process, see Michael Niehaus's blog with instructions for [Speeding up Windows Autopilot for existing devices](https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-devices/).
diff --git a/windows/deployment/windows-autopilot/index.md b/windows/deployment/windows-autopilot/index.md
deleted file mode 100644
index 93abebfa65..0000000000
--- a/windows/deployment/windows-autopilot/index.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-title: Windows Autopilot deployment
-description: Discover resources for Windows Autopilot deployment with this guide.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot deployment
-
-**Applies to**
-
-- Windows 10
-
-Windows Autopilot is a zero-touch, self-service Windows deployment platform introduced with Windows 10, version 1703. The Windows Autopilot process runs immediately after powering on a new computer for the first time, enabling employees to configure new devices to be business-ready with just a few clicks.
-
-This guide is intended for use by an IT-specialist, system architect, or business decision maker. The guide provides information about how Windows Autopilot deployment works, including detailed requirements, deployment scenarios, and platform capabilities. The document highlights options that are available to you when planning a modern, cloud-joined Windows 10 deployment strategy. Links are provided to detailed step by step configuration procedures.
-
-## In this guide
-
-
Interested in trying out Autopilot? See this step-by-step walkthrough to test Windows Autopilot on a virtual machine or physical device with a free 30-day trial premium Intune account.
-
Using Windows Autopilot Reset, a device can be restored to its original settings, taking it back to a business-ready state. Both local and remote reset scenarios are discussed.
-
This topic describes how Windows Autopilot can be used to convert Windows 7 or Windows 8.1 domain-joined computers to AAD-joined computers running Windows 10.
-
Information about how to deal with Autopilot registration and device repair issues is provided.
-
-
-## Related topics
-
-[Windows Autopilot](https://www.microsoft.com/windowsforbusiness/windows-autopilot)
diff --git a/windows/deployment/windows-autopilot/index.yml b/windows/deployment/windows-autopilot/index.yml
new file mode 100644
index 0000000000..19763ed2b7
--- /dev/null
+++ b/windows/deployment/windows-autopilot/index.yml
@@ -0,0 +1,38 @@
+### YamlMime:Landing
+
+title: Windows Autopilot deployment resources and documentation # < 60 chars
+summary: 'Note: Windows Autopilot documentation has moved! A few additional resources will also be available here. See the links on this page for more information.' # < 160 chars
+
+metadata:
+ title: Windows Autopilot deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
+ description: Learn about deploying Windows 10 and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars.
+ services: windows-10
+ ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
+ ms.subservice: subservice
+ ms.topic: landing-page # Required
+ ms.collection: windows-10
+ author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
+ ms.author: greglin #Required; microsoft alias of author; optional team alias.
+ ms.date: 08/05/2020 #Required; mm/dd/yyyy format.
+ localization_priority: medium
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+ # Card
+ - title: Overview
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: Overview of Windows Autopilot
+ url: https://docs.microsoft.com/mem/autopilot/windows-autopilot
+
+ # Card
+ - title: Tutorials
+ linkLists:
+ - linkListType: get-started
+ links:
+ - text: Demonstrate Windows Autopilot deployment
+ url: demonstrate-deployment-on-vm.md
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md
deleted file mode 100644
index 8dbec94be5..0000000000
--- a/windows/deployment/windows-autopilot/known-issues.md
+++ /dev/null
@@ -1,89 +0,0 @@
----
-title: Windows Autopilot known issues
-ms.reviewer:
-manager: laurawi
-description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot - known issues
-
-**Applies to**
-
-- Windows 10
-
-
-
Issue
More information
-
-
Blocking apps specified in a user-targeted Enrollment Status Profile are ignored during device ESP.
-
The services responsible for determining the list of apps that should be blocking during device ESP are not able to determine the correct ESP profile containing the list of apps because they do not know the user identity. As a workaround, enable the default ESP profile (which targets all users and devices) and place the blocking app list there. In the future, it will be possible to instead target the ESP profile to device groups to avoid this issue.
-
-
That username looks like it belongs to another organization. Try signing in again or start over with a different account.
-
Confirm that all of your information is correct at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot. See Troubleshooting Windows Auto Pilot for more details.
-
-
Windows Autopilot user-driven Hybrid Azure AD deployments do not grant users Administrator rights even when specified in the Windows Autopilot profile.
-
This will occur when there is another user on the device that already has Administrator rights. For example, a PowerShell script or policy could create an additional local account that is a member of the Administrators group. To ensure this works properly, do not create an additional account until after the Windows Autopilot process has completed.
-
-
Windows Autopilot device provisioning can fail with TPM attestation errors or ESP timeouts on devices where the real-time clock is off by a significant amount of time (e.g. several minutes or more).
-
To fix this issue:
Boot the device to the start of the out-of-box experience (OOBE).
-
Establish a network connection (wired or wireless).
-
Run the command w32tm /resync /force to sync the time with the default time server (time.windows.com).
-
-
-
Windows Autopilot for existing devices does not work for Windows 10, version 1903 or 1909; you see screens that you've disabled in your Windows Autopilot profile, such as the Windows 10 License Agreement screen.
-
-This happens because Windows 10, version 1903 and 1909 deletes the AutopilotConfigurationFile.json file.
-
To fix this issue:
Edit the Configuration Manager task sequence and disable the Prepare Windows for Capture step.
-
Add a new Run command line step that runs c:\windows\system32\sysprep\sysprep.exe /oobe /reboot.
TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate. (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them don’t, so that validation will be removed).
-
The following known issues are resolved by installing the August 30, 2019 KB4512941 update (OS Build 18362.329):
-
-- Windows Autopilot for existing devices feature does not properly suppress “Activities” page during OOBE. (Because of this, you’ll see that extra page during OOBE).
-- TPM attestation state is not cleared by sysprep /generalize, causing TPM attestation failure during later OOBE flow. (This isn’t a particularly common issue, but you could run into it while testing if you are running sysprep /generalize and then rebooting or reimaging the device to go back through an Autopilot white glove or self-deploying scenario).
-- TPM attestation may fail if the device has a valid AIK cert but no EK cert. (This is related to the previous item).
-- If TPM attestation fails during the Windows Autopilot white glove process, the landing page appears to be hung. (Basically, the white glove landing page, where you click “Provision” to start the white glove process, isn’t reporting errors properly).
-- TPM attestation fails on newer Infineon TPMs (firmware version > 7.69). (Prior to this fix, only a specific list of firmware versions was accepted).
-- Device naming templates may truncate the computer name at 14 characters instead of 15.
-- Assigned Access policies cause a reboot which can interfere with the configuration of single-app kiosk devices.
-
See the section: How to get this update for information on specific release channels you can use to obtain the update.
-
The following known issues are resolved by installing the July 26, 2019 KB4505903 update (OS Build 18362.267):
-
-- Windows Autopilot white glove does not work for a non-English OS and you see a red screen that says "Success."
-- Windows Autopilot reports an AUTOPILOTUPDATE error during OOBE after sysprep, reset or other variations. This typically happens if you reset the OS or used a custom sysprepped image.
-- BitLocker encryption is not correctly configured. Ex: BitLocker didn’t get an expected notification after policies were applied to begin encryption.
-- You are unable to install UWP apps from the Microsoft Store, causing failures during Windows Autopilot. If you are deploying Company Portal as a blocking app during Windows Autopilot ESP, you’ve probably seen this error.
-- A user is not granted administrator rights in the Windows Autopilot user-driven Hybrid Azure AD join scenario. This is another non-English OS issue.
-
This is a general error indicating a timeout. A common cause of this error in self-deploying mode is that the device is not TPM 2.0 capable (ex: a virtual machine). Devices that are not TPM 2.0 capable cannot be used with self-deploying mode.
-
0x801c03ea
This error indicates that TPM attestation failed, causing a failure to join Azure Active Directory with a device token.
-
White glove gives a red screen and the Microsoft-Windows-User Device Registration/Admin event log displays HResult error code 0x801C03F3
This can happen if Azure AD can’t find an AAD device object for the device that you are trying to deploy. This will occur if you manually delete the object. To fix it, remove the device from AAD, Intune, and Autopilot, then re-register it with Autopilot, which will recreate the AAD device object.
- To obtain troubleshooting logs use: Mdmdiagnosticstool.exe -area Autopilot;TPM -cab c:\autopilot.cab
-
White glove gives a red screen
White glove is not supported on a VM.
-
Error importing Windows Autopilot devices from a .csv file
Ensure that you have not edited the .csv file in Microsoft Excel or an editor other than Notepad. Some of these editors can introduce extra characters causing the file format to be invalid.
-
Windows Autopilot for existing devices does not follow the Autopilot OOBE experience.
Ensure that the JSON profile file is saved in ANSI/ASCII format, not Unicode or UTF-8.
-
Something went wrong is displayed page during OOBE.
The client is likely unable to access all the required AAD/MSA-related URLs. For more information, see Networking requirements.
-
Using a provisioning package in combination with Windows Autopilot can cause issues, especially if the PPKG contains join, enrollment, or device name information.
Using PPKGs in combination with Windows Autopilot is not recommended.
-
-
-## Related topics
-
-[Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10)
-[Troubleshooting Windows Autopilot](troubleshooting.md)
diff --git a/windows/deployment/windows-autopilot/policy-conflicts.md b/windows/deployment/windows-autopilot/policy-conflicts.md
deleted file mode 100644
index 3c4126ff73..0000000000
--- a/windows/deployment/windows-autopilot/policy-conflicts.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Windows Autopilot policy conflicts
-ms.reviewer:
-manager: laurawi
-description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: mtniehaus
-ms.author: mniehaus
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot - Policy Conflicts
-
-**Applies to**
-
-- Windows 10
-
-There are a significant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
-
-
When certain DeviceLock policies, such as minimum password length and password complexity, or any similar group policy settings (including any that disable autologon) are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience (OOBE) or user desktop autologon can fail unexpectantly. This is especially true for kiosk scenarios where passwords are automatically generated.
When modifying user account control (UAC) settings during the OOBE using the device Enrollment Status Page (ESP), additional UAC prompts may result, especially if the device reboots after these policies are applied, enabling them to take effect. To work around this issue, the policies can be targeted to users instead of devices so that they apply later in the process.
Setting this policy to "disabled" will disable the Microsoft Sign-in Assistant service (wlidsvc). This service is required by Windows Autopilot to obtain the Windows Autopilot profile.
-
-
-
-## Related topics
-
-[Troubleshooting Windows Autopilot](troubleshooting.md)
diff --git a/windows/deployment/windows-autopilot/profiles.md b/windows/deployment/windows-autopilot/profiles.md
deleted file mode 100644
index 5cb74ed199..0000000000
--- a/windows/deployment/windows-autopilot/profiles.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Configure Autopilot profiles
-description: Learn how to configure device profiles while performing a Windows Autopilot deployment.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Configure Autopilot profiles
-
-**Applies to**
-
-- Windows 10
-
-For each device that has been defined to the Windows Autopilot deployment service, a profile of settings needs to be applied that specifies the exact behavior of that device when it is deployed. For detailed procedures on how to configure profile settings and register devices, see [Registering devices](add-devices.md#registering-devices).
-
-## Profile settings
-
-The following profile settings are available:
-
-- **Skip Cortana, OneDrive and OEM registration setup pages**. All devices registered with Autopilot will automatically skip these pages during the out-of-box experience (OOBE) process.
-
-- **Automatically setup for work or school**. All devices registered with Autopilot will automatically be considered work or school devices, so this question will not be asked during the OOBE process.
-
-- **Sign in experience with company branding**. Instead of presenting a generic Azure Active Directory sign-in page, all devices registered with Autopilot will automatically present a customized sign-in page with the organization’s name, logon, and additional help text, as configured in Azure Active Directory. See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory) to customize these settings.
-
-- **Skip privacy settings**. This optional Autopilot profile setting enables organizations to not ask about privacy settings during the OOBE process. This is typically desirable so that the organization can configure these settings via Intune or other management tool.
-
-- **Disable local admin account creation on the device**. Organizations can decide whether the user setting up the device should have administrator access once the process is complete.
-
-- **Skip End User License Agreement (EULA)**. Starting in Windows 10 version 1709, organizations can decide to skip the EULA page presented during the OOBE process. This means that organizations accept the EULA terms on behalf of their users.
-
-- **Disable Windows consumer features**. Starting in Windows 10 version 1803, organizations can disable Windows consumer features so that the device does not automatically install any additional Microsoft Store apps when the user first signs into the device. See the [MDM documentation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) for more details.
-
-## Related topics
-
-[Profile download](troubleshooting.md#profile-download)
-[Registering devices](add-devices.md)
diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md
deleted file mode 100644
index 547b2f07ea..0000000000
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ /dev/null
@@ -1,94 +0,0 @@
----
-title: Windows Autopilot customer consent
-description: Learn how a cloud service provider (CSP) partner or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot customer consent
-
-**Applies to: Windows 10**
-
-This article describes how a cloud service provider (CSP) partner (direct bill, indirect provider, or indirect reseller) or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf.
-
-## CSP authorization
-
-CSP partners can get customer authorization to register Windows Autopilot devices on the customer’s behalf per the following restrictions:
-
-
-
Direct CSP
Gets direct authorization from the customer to register devices.
-
Indirect CSP Provider
Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.
-
Indirect CSP Reseller
Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs.
-
-
-### Steps
-
-For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process:
-
-1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so:
- - CSP logs into Microsoft Partner Center
- - Click **Dashboard** on the top menu
- - Click **Customer** on the side menu
- - Click the **Request a reseller relationship** link:
- 
- - Select the checkbox indicating whether or not you want delegated admin rights:
- 
- - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Admin Center or the Office 365 admin portal: https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
- - Send the template above to the customer via email.
-2. Customer with global administrator privileges in Microsoft Admin Center clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following Microsoft 365 admin center page:
-
- 
-
- The image above is what the customer will see if they requested delegated admin rights (DAP). Note that the page says what Admin roles are being requested. If the customer did not request delegated admin rights they would see the following page:
-
- 
-
- > [!NOTE]
- > A user without global admin privileges who clicks the link will see a message similar to the following:
-
- 
-
-3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously.
-4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSP’s MPC account under their **customers** list, for example:
-
-
-
-## OEM authorization
-
-Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com.
-
-1. OEM emails link to their customer.
-2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page:
-
- 
-
- > [!NOTE]
- > A user without global admin privileges who clicks the link will see a message similar to the following:
-
- 
-3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done. Authorization happens instantaneously.
-
- > [!NOTE]
- > Once this process has completed, it is not currently possible for an administrator to remove an OEM. To remove an OEM or revoke
- their permissions, send a request to msoemops@microsoft.com
-
-4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
-
- > [!NOTE]
- > During the OEM authorization registration process, no delegated admin permissions are granted to the OEM.
-
-## Summary
-
-At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked.
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
deleted file mode 100644
index 4bdb15131d..0000000000
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-title: Windows Autopilot Self-Deploying mode
-description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Windows Autopilot Self-Deploying mode
-
-**Applies to: Windows 10, version 1903 or later**
-
-Windows Autopilot self-deploying mode enables a device to be deployed with little to no user interaction. For devices with an Ethernet connection, no user interaction is required; for devices connected via Wi-fi, no interaction is required after making the Wi-fi connection (choosing the language, locale, and keyboard, then making a network connection).
-
-Self-deploying mode joins the device into Azure Active Directory, enrolls the device in Intune (or another MDM service) leveraging Azure AD for automatic MDM enrollment, and ensures that all policies, applications, certificates, and networking profiles are provisioned on the device, leveraging the enrollment status page to prevent access to the desktop until the device is fully provisioned.
-
->[!NOTE]
->Self-deploying mode does not support Active Directory Join or Hybrid Azure AD Join. All devices will be joined to Azure Active Directory.
-
-Self-deploying mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. When setting up a kiosk, you can leverage the new Kiosk Browser, an app built on Microsoft Edge that can be used to create a tailored, MDM-managed browsing experience. When combined with MDM policies to create a local account and configure it to automatically log on, the complete configuration of the device can be automated. Find out more about these options by reading simplifying kiosk management for IT with Windows 10. See [Set up a kiosk or digital sign in Intune or other MDM service](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-in-intune-or-other-mdm-service) for additional details.
-
->[!NOTE]
->Self-deploying mode does not presently associate a user with the device (since no user ID or password is specified as part of the process). As a result, some Azure AD and Intune capabilities (such as BitLocker recovery, installation of apps from the Company Portal, or Conditional Access) may not be available to a user that signs into the device. For more information see [Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md) and [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md).
-
-
-
-## Requirements
-
-Because self-deploying mode uses a device’s TPM 2.0 hardware to authenticate the device into an organization’s Azure AD tenant, devices without TPM 2.0 cannot be used with this mode. The devices must also support TPM device attestation. (All newly-manufactured Windows devices should meet these requirements.)
-
->[!IMPORTANT]
->If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported). Also note that Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. Since Windows 10 Enterprise 2019 LTSC is based on Windows 10 version 1809, self-deploying mode is also not supported on Windows 10 Enterprise 2019 LTSC. See [Windows Autopilot known issues](known-issues.md) to review other known errors and solutions.
-
-In order to display an organization-specific logo and organization name during the Autopilot process, Azure Active Directory Company Branding needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details.
-
-## Step by step
-
-In order to perform a self-deploying mode deployment using Windows Autopilot, the following preparation steps need to be completed:
-
-- Create an Autopilot profile for self-deploying mode with the desired settings. In Microsoft Intune, this mode is explicitly chosen when creating the profile. (Note that it is not possible to create a profile in the Microsoft Store for Business or Partner Center for self-deploying mode.)
-- If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group. Ensure that the profile has been assigned to the device before attempting to deploy that device.
-- Boot the device, connecting it to Wi-fi if required, then wait for the provisioning process to complete.
-
-## Validation
-
-When performing a self-deploying mode deployment using Windows Autopilot, the following end-user experience should be observed:
-
-- Once connected to a network, the Autopilot profile will be downloaded.
-- If the Autopilot profile has been configured to automatically configure the language, locale, and keyboard layout, these OOBE screens should be skipped as long as Ethernet connectivity is available. Otherwise, manual steps are required:
- - If multiple languages are preinstalled in Windows 10, the user must pick a language.
- - The user must pick a locale and a keyboard layout, and optionally a second keyboard layout.
-- If connected via Ethernet, no network prompt is expected. If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network.
-- Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required).
-- The device will join Azure Active Directory.
-- After joining Azure Active Directory, the device will enroll in Intune (or other configured MDM services).
-- The [enrollment status page](enrollment-status.md) will be displayed.
-- Depending on the device settings deployed, the device will either:
- - Remain at the logon screen, where any member of the organization can log on by specifying their Azure AD credentials.
- - Automatically sign in as a local account, for devices configured as a kiosk or digital signage.
-
->[!NOTE]
->Deploying EAS policies using self-deploying mode for kiosk deployments will cause auto-logon functionality to fail.
-
-In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md
deleted file mode 100644
index ff194c99ab..0000000000
--- a/windows/deployment/windows-autopilot/troubleshooting.md
+++ /dev/null
@@ -1,164 +0,0 @@
----
-title: Troubleshooting Windows Autopilot
-description: Learn how to handle issues as they arise during the Windows Autopilot deployment process.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Troubleshooting Windows Autopilot
-
-**Applies to: Windows 10**
-
-Windows Autopilot is designed to simplify all parts of the Windows device lifecycle, but there are always situations where issues may arise, either due to configuration or other issues. To assist with troubleshooting efforts, review the following information.
-
-## Troubleshooting process
-
-Whether you are performing user-driven or self-deploying device deployments, the troubleshooting process is about the same. It is always useful to understand the flow for a specific device:
-
-- A network connection is established. This can be a wireless (Wi-fi) or wired (Ethernet) connection.
-- The Windows Autopilot profile is downloaded. Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place.
-- User authentication occurs. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated.
-- Azure Active Directory join occurs. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials.
-- Automatic MDM enrollment occurs. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (for example, Microsoft Intune).
-- Settings are applied. If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in.
-
-For troubleshooting, key activities to perform are:
-
-- Configuration: Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)?
-- Network connectivity: Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)?
-- Autopilot OOBE behavior: Were only the expected out-of-box experience screens displayed? Was the Azure AD credentials page customized with organization-specific details as expected?
-- Azure AD join issues: Was the device able to join Azure Active Directory?
-- MDM enrollment issues: Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
-
-## Troubleshooting Autopilot Device Import
-
-### Clicking Import after selecting CSV does nothing, '400' error appears in network trace with error body **"Cannot convert the literal '[DEVICEHASH]' to the expected type 'Edm.Binary'"**
-
-This error points to the device hash being incorrectly formatted. This could be caused by anything that corrupts the collected hash, but one possibility is that the hash itself (even if it is completely valid) fails to be decoded.
-
-The device hash is Base64. At the device level, it's encoded as unpadded Base64, but Autopilot expects padded Base64. In most cases, it seems the payload lines up to not require padding, so the process works, but sometimes it doesn't line up cleanly and padding is necessary. This is when you get the error above. PowerShell's Base64 decoder also expects padded Base64, so we can use that to validate that the hash is properly padded.
-
-The "A" characters at the end of the hash are effectively empty data - Each character in Base64 is 6 bits, A in Base64 is 6 bits equal to 0. Deleting or adding **A**'s at the end doesn't change the actual payload data.
-
-To fix this, we'll need to modify the hash, then test the new value, until PowerShell succeeds in decoding the hash. The result is mostly illegible, this is fine - we're just looking for it to not throw the error "Invalid length for a Base-64 char array or string".
-
-To test the base64, you can use the following:
-```powershell
-[System.Text.Encoding]::ascii.getstring( [System.Convert]::FromBase64String("DEVICE HASH"))
-```
-
-So, as an example (this is not a device hash, but it's misaligned unpadded Base64 so it's good for testing):
-```powershell
-[System.Text.Encoding]::ascii.getstring( [System.Convert]::FromBase64String("Q29udG9zbwAAA"))
-```
-
-Now for the padding rules. The padding character is "=". The padding character can only be at the end of the hash, and there can only be a maximum of 2 padding characters. Here's the basic logic.
-
-- Does decoding the hash fail?
- - Yes: Are the last two characters "="?
- - Yes: Replace both "=" with a single "A" character, then try again
- - No: Add another "=" character at the end, then try again
- - No: That hash is valid
-
-Looping the logic above on the previous example hash, we get the following permutations:
-- Q29udG9zbwAAA
-- Q29udG9zbwAAA=
-- Q29udG9zbwAAA==
-- Q29udG9zbwAAAA
-- Q29udG9zbwAAAA=
-- **Q29udG9zbwAAAA==** (This one has valid padding)
-
-Replace the collected hash with this new padded hash then try to import again.
-
-## Troubleshooting Autopilot OOBE issues
-
-If the expected Autopilot behavior does not occur during the out-of-box experience (OOBE), it is useful to see whether the device received an Autopilot profile and what settings that profile contained. Depending on the Windows 10 release, there are different mechanisms available to do that.
-
-### Windows 10 version 1803 and above
-
-To see details related to the Autopilot profile settings and OOBE flow, Windows 10 version 1803 and above adds event log entries. These can be viewed using Event Viewer, navigating to the log at **Application and Services Logs –> Microsoft –> Windows –> Provisioning-Diagnostics-Provider –> Autopilot** for versions before 1903, or **Application and Services Logs –> Microsoft –> Windows –> ModernDeployment-Diagnostics-Provider –> Autopilot** for 1903 and above. The following events may be recorded, depending on the scenario and profile configuration.
-
-| Event ID | Type | Description |
-|----------|------|-------------|
-| 100 | Warning | “Autopilot policy [name] not found.” This is typically a temporary problem, while the device is waiting for an Autopilot profile to be downloaded. |
-| 101 | Info | “AutopilotGetPolicyDwordByName succeeded: policy name = [setting name]; policy value [value].” This shows Autopilot retrieving and processing numeric OOBE settings. |
-| 103 | Info | “AutopilotGetPolicyStringByName succeeded: policy name = [name]; value = [value].” This shows Autopilot retrieving and processing OOBE setting strings such as the Azure AD tenant name. |
-| 109 | Info | “AutopilotGetOobeSettingsOverride succeeded: OOBE setting [setting name]; state = [state].” This shows Autopilot retrieving and processing state-related OOBE settings. |
-| 111 | Info | “AutopilotRetrieveSettings succeeded.” This means that the settings stored in the Autopilot profile that control the OOBE behavior have been retrieved successfully. |
-| 153 | Info | “AutopilotManager reported the state changed from [original state] to [new state].” Typically this should say “ProfileState_Unknown” to “ProfileState_Available” to show that a profile was available for the device and downloaded, so the device is ready to be deployed using Autopilot. |
-| 160 | Info | “AutopilotRetrieveSettings beginning acquisition.” This shows that Autopilot is getting ready to download the needed Autopilot profile settings. |
-| 161 | Info | “AutopilotManager retrieve settings succeeded.” The Autopilot profile was successfully downloaded. |
-| 163 | Info | “AutopilotManager determined download is not required and the device is already provisioned. Clean or reset the device to change this.” This message indicates that an Autopilot profile is resident on the device; it typically would only be removed by the **Sysprep /Generalize** process. |
-| 164 | Info | “AutopilotManager determined Internet is available to attempt policy download.” |
-| 171 | Error | “AutopilotManager failed to set TPM identity confirmed. HRESULT=[error code].” This indicates an issue performing TPM attestation, needed to complete the self-deploying mode process. |
-| 172 | Error | “AutopilotManager failed to set Autopilot profile as available. HRESULT=[error code].” This is typically related to event ID 171. |
-
-In addition to the event log entries, the registry and ETW trace options described below also work with Windows 10 version 1803 and above.
-
-### Windows 10 version 1709 and above
-
-On Windows 10 version 1709 and above, information about the Autopilot profile settings are stored in the registry on the device after they are received from the Autopilot deployment service. These can be found at **HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\Autopilot**. Available registry entries include:
-
-| Value | Description |
-|-------|-------------|
-| AadTenantId | The GUID of the Azure AD tenant the user signed into. This should match the tenant that the device was registered with; if it does not match the user will receive an error. |
-| CloudAssignedTenantDomain | The Azure AD tenant the device has been registered with, for example, “contosomn.onmicrosoft.com.” If the device is not registered with Autopilot, this value will be blank. |
-| CloudAssignedTenantId | The GUID of the Azure AD tenant the device has been registered with (the GUID corresponds to the tenant domain from the CloudAssignedTenantDomain registry value). If the device isn’t registered with Autopilot, this value will be blank.|
-| IsAutopilotDisabled | If set to 1, this indicates that the device is not registered with Autopilot. This could also indicate that the Autopilot profile could not be downloaded due to network connectivity or firewall issues, or network timeouts. |
-| TenantMatched | This will be set to 1 if the tenant ID of the user matches the tenant ID that the device was registered with. If this is 0, the user would be shown an error and forced to start over. |
-| CloudAssignedOobeConfig | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
-
-### Windows 10 semi-annual channel supported versions
-
-On devices running a [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 semi-annual channel, ETW tracing can be used to capture detailed information from Autopilot and related components. The resulting ETW trace files can then be viewed using the Windows Performance Analyzer or similar tools. See [the advanced troubleshooting blog](https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-300400/) for more information.
-
-## Troubleshooting Azure AD Join issues
-
-The most common issue joining a device to Azure AD is related to Azure AD permissions. Ensure [the correct configuration is in place](windows-autopilot-requirements.md) to allow users to join devices to Azure AD. Errors can also happen if the user has exceeded the number of devices that they are allowed to join, as configured in Azure AD.
-
-An Azure AD device is created upon import - it's important that this object is not deleted. It acts as Autopilot's anchor in AAD for group membership and targeting (including the profile) and can lead to join errors if it's deleted. Once this object has been deleted, to fix the issue, deleting and reimporting this autopilot hash will be necessary so it can recreate the associated object.
-
-Error code 801C0003 will typically be reported on an error page titled "Something went wrong". This error means that the Azure AD join failed.
-
-## Troubleshooting Intune enrollment issues
-
-See [this knowledge base article](https://support.microsoft.com/help/4089533/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for assistance with Intune enrollment issues. Common issues include incorrect or missing licenses assigned to the user or too many devices enrolled for the user.
-
-Error code 80180018 will typically be reported on an error page titled "Something went wrong". This error means that the MDM enrollment failed.
-
-If Autopilot Reset fails immediately with an error **Ran into trouble. Please sign in with an administrator account to see why and reset manually**, see [Troubleshoot Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset#troubleshoot-autopilot-reset) for more help.
-
-## Profile download
-
-When an Internet-connected Windows 10 device boots up, it will attempt to connect to the Autopilot service and download an Autopilot profile. Note: It is important that a profile exists at this stage so that a blank profile is not cached locally on the PC. To remove the currently cached local profile in Windows 10 version 1803 and earlier, it is necessary to re-generalize the OS using **sysprep /generalize /oobe**, reinstall the OS, or re-image the PC. In Windows 10 version 1809 and later, you can retrieve a new profile by rebooting the PC.
-
-When a profile is downloaded depends upon the version of Windows 10 that is running on the PC. See the following table.
-
-| Windows 10 version | Profile download behavior |
-| --- | --- |
-| 1709 | The profile is downloaded after the OOBE network connection page. This page is not displayed when using a wired connection. In this case, the profile is downloaded just prior to the EULA screen. |
-| 1803 | The profile is downloaded as soon as possible. If wired, it is downloaded at the start of OOBE. If wireless, it is downloaded after the network connection page. |
-| 1809 | The profile is downloaded as soon as possible (same as 1803), and again after each reboot. |
-
-If you need to reboot a computer during OOBE:
-- Press Shift-F10 to open a command prompt.
-- Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately.
-
-For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options).
-
-## Related topics
-
-[Windows Autopilot - known issues](known-issues.md)
-[Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10)
diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md
deleted file mode 100644
index 2f93c58513..0000000000
--- a/windows/deployment/windows-autopilot/user-driven.md
+++ /dev/null
@@ -1,148 +0,0 @@
----
-title: Windows Autopilot User-Driven Mode
-description: Windows Autopilot user-driven mode allows devices to be deployed to a ready-to-use state without requiring help from IT personnel.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot user-driven mode
-
-Windows Autopilot user-driven mode is designed to enable new Windows 10 devices to be transformed from their initial state, directly from the factory, into a ready-to-use state without requiring that IT personnel ever touch the device. The process is designed to be simple so that anyone can complete it, enabling devices to be shipped or distributed to the end user directly with simple instructions:
-
-- Unbox the device, plug it in, and turn it on.
-- Choose a language (only required when multiple languages are installed), locale and keyboard.
-- Connect it to a wireless or wired network with internet access. If using wireless, the user must establish the Wi-Fi link.
-- Specify your e-mail address and password for your organization account.
-
-After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization. Any additional prompts during the Out-of-Box Experience (OOBE) can be suppressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available.
-
-Windows Autopilot user-driven mode supports Azure Active Directory and Hybrid Azure Active Directory joined devices. See [What is a device identity](https://docs.microsoft.com/azure/active-directory/devices/overview) for more information about these two join options.
-
-From a process flow perspective, the tasks performed during the user-driven process are as follows:
-
-- Once connected to a network, the device will download a Windows Autopilot profile specifying the settings that should be used (e.g. the prompts during OOBE that should be suppressed).
-- Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required).
-- The user will be prompted for Azure Active Directory credentials, with a customized user experience showing the Azure AD tenant name, logo, and sign-in text.
-- The device will join Azure Active Directory or Active Directory, based on the Windows Autopilot profile settings.
-- The device will enroll in Intune (or other configured MDM services). (This occurs as part of the Azure Active Directory join process via MDM auto-enrollment, or before the Active Directory join process, as needed.)
-- If configured, the [enrollment status page](enrollment-status.md) (ESP) will be displayed.
-- Once the device configuration tasks have completed, the user will be signed into Windows 10 using the credentials they previously provided. (Note that if the device reboots during the device ESP process, the user will need to re-enter their credentials as these are not persisted across reboots.)
-- Once signed in, the enrollment status page will again be displayed for user-targeted configuration tasks.
-
-If any issues are encountered during this process, see the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
-
-For more information on the available join options, see the following sections:
-
-- [Azure Active Directory join](#user-driven-mode-for-azure-active-directory-join) is available if devices do not need to be joined to an on-prem Active Directory domain.
-- [Hybrid Azure Active Directory join](#user-driven-mode-for-hybrid-azure-active-directory-join) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain.
-- [Hybrid Azure Active Directory join with VPN support](#user-driven-mode-for-hybrid-azure-active-directory-join-with-vpn-support) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain, but are not connected to the corporate network and must use VPN connectivity.
-
-## User-driven mode for Azure Active Directory join
-
-In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
-
-- Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory. See [Configure device settings](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
-- Create an Autopilot profile for user-driven mode with the desired settings. In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
-- If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
-
-For each device that will be deployed using user-driven deployment, these additional steps are needed:
-
-- Ensure that the device has been added to Windows Autopilot. This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later. See [Adding devices to Windows Autopilot](add-devices.md) for more information.
-- Ensure an Autopilot profile has been assigned to the device:
- - If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
- - If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
- - If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
-
-
-## User-driven mode for hybrid Azure Active Directory join
-
-Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid-joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).
-
-### Requirements
-
-To perform a user-driven hybrid Azure AD joined deployment using Windows Autopilot:
-
-- A Windows Autopilot profile for user-driven mode must be created and
- - **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile.
-- If using Intune, a device group in Azure Active Directory must exist with the Windows Autopilot profile assigned to that group.
-- The device must be running Windows 10, version 1809 or later.
-- The device must be able to access an Active Directory domain controller, so it must be connected to the organization's network (where it can resolve the DNS records for the AD domain and the AD domain controller, and communicate with the domain controller to authenticate the user).
-- The device must be able to access the Internet, following the [documented Windows Autopilot network requirements](windows-autopilot-requirements.md).
-- The Intune Connector for Active Directory must be installed.
- - Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf.
-- If using Proxy, WPAD Proxy settings option must be enabled and configured.
-
-The hybrid Azure AD join process uses the system context to register the device to Azure AD, therefore it is not affected by user based Azure AD join permission settings.
-
-## User-driven mode for hybrid Azure Active Directory join with VPN support
-
-Devices that are joined to Active Directory require connectivity to an Active Directory domain controller for a variety of activities, such as user sign-in (validating the user's credentials) and Group Policy application. As a result, the Windows Autopilot user-driven Hybrid Azure AD Join process would validate that the device is able to contact an Active Directory domain controller by pinging that domain controller.
-
-With the additional of VPN support for this scenario, it is now possible for you to specify to skip that connectivity check during the Hybrid Azure AD Join. This does not eliminate the need for communicating with an Active Directory domain controller, but rather enables the device to be first prepared with a needed VPN configuration delivered via Intune prior to the user attempting to sign into Windows, allowing connectivity to the organization's network.
-
-### Requirements
-
-The following additional requirements apply for Hybrid Azure AD Join with VPN support:
-
-- A supported version of Windows 10:
- - Windows 10 1903 + December 10th Cumulative update (KB4530684, OS build 18362.535) or higher
- - Windows 10 1909 + December 10th Cumulative update (KB4530684, OS build 18363.535) or higher
- - Windows 10 2004 or later
-- Enable the new “Skip domain connectivity check” toggle in the Hybrid Azure AD Join Autopilot profile.
-- A VPN configuration that can be deployed via Intune that enables the user to manually establish a VPN connection from the Windows logon screen, or one that automatically establishes a VPN connection as needed.
-
-The specific VPN configuration required depends on the VPN software and authentication being used. For third-party (non-Microsoft) VPN solutions, this typically would involve deploying a Win32 app (containing the VPN client software itself as well as any specific connection information, e.g. VPN endpoint host names) via Intune Management Extensions. Consult your VPN provider's documentation for configuration details specific to that provider.
-
-> [!NOTE]
-> The VPN requirements are not specific to Windows Autopilot. For example, if you have already implemented a VPN configuration to enable remote password resets, where a user needs to log on to Windows with a new password when not on the organization's network, that same configuration can be used with Windows Autopilot. Once the user has signed in to cache their credentials, subsequent log-on attempts do not need connectivity since the cached credentials can be used.
-
-In cases where certificate authentication is required by the VPN software, the needed machine certificate should also be deployed via Intune. This can be done using the Intune certificate enrollment capabilities, targeting the certificate profiles to the device.
-
-Note that user certificates are not supported because these certificates cannot be deployed until the user logs in. Also, third-party UWP VPN plug-ins delivered from the Windows Store are also not supported because these are not installed until after the user signs in.
-
-### Validation
-
-Before attempting a hybrid Azure AD Join using VPN, it is important to first confirm that a user-driven Hybrid Azure AD Join process can be performed on the organization's network, before adding in the additional requirements described below. This simplifies troubleshooting by making sure the core process works fine before adding the additional VPN configuration required.
-
-Next, validate that the VPN configuration (Win32 app, certs, and any other requirements) can be deployed via Intune to an existing device that has already been hybrid Azure AD joined. For example, some VPN clients create a per-machine VPN connection as part of the installation process, so you can validate the configuration using steps such as these:
-
-- From PowerShell, verify that at least one per-machine VPN connection has been created using the "Get-VpnConnection -AllUserConnection" command.
-- Attempt to manually start the VPN connection using the command: RASDIAL.EXE "ConnectionName"
-- Log out and verify that the "VPN connection" icon can be seen on the Windows logon page.
-- Move the device off the corporate network and attempt to establish the connection using the icon on the Windows logon page, signing into an account that does not have cached credentials.
-
-For VPN configurations that automatically connect, the validation steps may be different.
-
-> [!NOTE]
-> Always On VPN can be used for this scenario. See the [Deploy Always On VPN](https://docs.microsoft.com/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-deployment) documentation for more information. Note that Intune cannot yet deploy the needed per-machine VPN profile.
-
-To validate the end-to-end process, ensure the needed Windows 10 cumulative update has been installed on Windows 10 1903 or Windows 10 1909. This can be done manually during OOBE by first downloading the latest cumulative from https://catalog.update.microsoft.com and then manually installing it:
-
-- Press Shift-F10 to open a command prompt.
-- Insert a USB key containing the downloaded update.
-- Install the update using the command (substituting the real file name): WUSA.EXE .msu /quiet
-- Reboot the computer using the command: shutdown.exe /r /t 0
-
-Alternatively, you can invoke Windows Update to install the latest updates through this process:
-
-- Press Shift-F10 to open a command prompt.
-- Run the command "start ms-settings:"
-- Navigate to the "Update & Security" node and check for updates.
-- Reboot after the updates are installed.
-
-## Step by step instructions
-
-See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).
-
diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md
deleted file mode 100644
index 95c0f4f5d7..0000000000
--- a/windows/deployment/windows-autopilot/white-glove.md
+++ /dev/null
@@ -1,119 +0,0 @@
----
-title: Windows Autopilot for white glove deployment
-description: Windows Autopilot for white glove deployment
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, pre-provisioning
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: low
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itproF
-author: greg-lindsay
-manager: laurawi
-ms.audience: itpro
-author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Windows Autopilot for white glove deployment
-
-**Applies to: Windows 10, version 1903**
-
-Windows Autopilot enables organizations to easily provision new devices - leveraging the preinstalled OEM image and drivers with a simple process that can be performed by the end user to help get their device business-ready.
-
- 
-
-Windows Autopilot can also provide a white glove service that enables partners or IT staff to pre-provision a Windows 10 PC so that it is fully configured and business-ready. From the end user’s perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster.
-
-With **Windows Autopilot for white glove deployment**, the provisioning process is split. The time-consuming portions are performed by IT, partners, or OEMs. The end user simply completes a few necessary settings and polices and then they can begin using their device.
-
- 
-
-Enabled with Microsoft Intune in Windows 10, version 1903 and later, white glove deployment capabilities build on top of existing Windows Autopilot [user-driven scenarios](user-driven.md), supporting both the user-driven mode for Azure Active Directory Join, and user-driven mode for Hybrid Azure Active Directory join scenarios.
-
-## Prerequisites
-
-In addition to [Windows Autopilot requirements](windows-autopilot-requirements.md), Windows Autopilot for white glove deployment adds the following:
-
-- Windows 10, version 1903 or later is required.
-- An Intune subscription.
-- Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported. The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements.
-- Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device.
-
->[!IMPORTANT]
->Because the OEM or vendor performs the white glove process, this doesn’t require access to an end-user's on-prem domain infrastructure. This is unlike a typical hybrid Azure AD-joined scenario because rebooting the device is postponed. The device is resealed prior to the time when connectivity to a domain controller is expected, and the domain network is contacted when the device is unboxed on-prem by the end-user.
-
-## Preparation
-
-Devices slated for white glove provisioning are registered for Autopilot via the normal registration process.
-
-To be ready to try out Windows Autopilot for white glove deployment, ensure that you can first successfully use existing Windows Autopilot user-driven scenarios:
-
-- User-driven Azure AD join. Devices can be deployed using Windows Autopilot and joined to an Azure Active Directory tenant.
-- User-driven with Hybrid Azure AD join. Devices can be deployed using Windows Autopilot and joined to an on-premises Active Directory domain, then registered with Azure Active Directory to enable the Hybrid Azure AD join features.
-
-If these scenarios cannot be completed, Windows Autopilot for white glove deployment will also not succeed since it builds on top of these scenarios.
-
-To enable white glove deployment, an additional Autopilot profile setting must be configured by the customer or IT Admin via their Intune account, prior to beginning the white glove process in the provisioning service facility:
-
-
-
-The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more – anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. Please make sure not to target both win32 and LOB apps to the same device, as this can make troubleshooting difficult if there are app installation failures. For more information, see [Add a Windows line-of-business app to Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/lob-apps-windows).
-
-> [!NOTE]
-> The white glove technician phase will install all device-targeted apps as well as any user-targeted, device-context apps that are targeted to the assigned user. If there is no assigned user, then it will only install the device-targeted apps. Other user-targeted policies will not apply until the user signs into the device. To verify these behaviors, be sure to create appropriate apps and policies targeted to devices and users.
-
-## Scenarios
-
-Windows Autopilot for white glove deployment supports two distinct scenarios:
-- User-driven deployments with Azure AD Join. The device will be joined to an Azure AD tenant.
-- User-driven deployments with Hybrid Azure AD Join. The device will be joined to an on-premises Active Directory domain, and separately registered with Azure AD.
-Each of these scenarios consists of two parts, a technician flow and a user flow. At a high level, these parts are the same for Azure AD Join and Hybrid Azure AD join; differences are primarily seen by the end user in the authentication steps.
-
-### Technician flow
-
-After the customer or IT Admin has targeted all the apps and settings they want for their devices through Intune, the white glove technician can begin the white glove process. The technician could be a member of the IT staff, a services partner, or an OEM – each organization can decide who should perform these activities. Regardless of the scenario, the process to be performed by the technician is the same:
-- Boot the device (running Windows 10 Pro, Enterprise, or Education SKUs, version 1903 or later).
-- From the first OOBE screen (which could be a language selection or locale selection screen), do not click **Next**. Instead, press the Windows key five times to view an additional options dialog. From that screen, choose the **Windows Autopilot provisioning** option and then click **Continue**.
-
- 
-
-- On the **Windows Autopilot Configuration** screen, information will be displayed about the device:
- - The Autopilot profile assigned to the device.
- - The organization name for the device.
- - The user assigned to the device (if there is one).
- - A QR code containing a unique identifier for the device, useful to look up the device in Intune to make any configuration changes needed (e.g. assigning a user, adding the device to any additional groups needed for app or policy targeting).
- - **Note**: The QR codes can be scanned using a companion app, which will also configure the device to specify who it belongs to. An [open-source sample of the companion app](https://github.com/Microsoft/WindowsAutopilotCompanion) that integrates with Intune via the Graph API has been published to GitHub by the Autopilot team.
-- Validate the information displayed. If any changes are needed, make these and then click **Refresh** to re-download the updated Autopilot profile details.
-
- 
-
-- Click **Provision** to begin the provisioning process.
-
-If the pre-provisioning process completes successfully:
-- A green status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
- 
-- Click **Reseal** to shut the device down. At that point, the device can be shipped to the end user.
-
->[!NOTE]
->Technician Flow inherits behavior from [Self-Deploying Mode](self-deploying.md). Per the Self-Deploying Mode documentation, it leverages the Enrollment Status Page to hold the device in a provisioning state and prevent the user from proceeding to the desktop after enrollment but before software and configuration is done applying. As such, if Enrollment Status Page is disabled, the reseal button may appear before software and configuration is done applying letting you proceed to the user flow before technician flow provisioning is complete. The green screen validates that enrollment was successful, not that the technician flow is necessarily complete.
-
-If the pre-provisioning process fails:
-- A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
-- Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again.
-
-### User flow
-
-If the pre-provisioning process completed successfully and the device was resealed, it can be delivered to the end user to complete the normal Windows Autopilot user-driven process. They will perform a standard set of steps:
-
-- Power on the device.
-- Select the appropriate language, locale, and keyboard layout.
-- Connect to a network (if using Wi-Fi). Internet access is always required. If using Hybrid Azure AD Join, there must also be connectivity to a domain controller.
-- On the branded sign-on screen, enter the user’s Azure Active Directory credentials.
-- If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the user’s Active Directory credentials.
-- Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP). Once complete, the user will be able to access the desktop.
-
-## Related topics
-
-[White glove video](https://youtu.be/nE5XSOBV0rI)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
deleted file mode 100644
index c1ce8c7759..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ /dev/null
@@ -1,145 +0,0 @@
----
-title: Windows Autopilot requirements
-ms.reviewer:
-manager: laurawi
-description: See the requirements you need to run Windows Autopilot in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, Autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
-ms.custom:
-- CI 116757
-- CSSTroubleshooting
----
-
-
-# Windows Autopilot requirements
-
-**Applies to: Windows 10**
-
-Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. In order to use Windows Autopilot and leverage these capabilities, some requirements must be met.
-
-> [!NOTE]
-> For a list of OEMs that currently support Windows Autopilot, see the Participant device manufacturers section at [Windows Autopilot](https://aka.ms/windowsAutopilot).
-
-## Software requirements
-
-- A [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 Semi-Annual Channel is required. Windows 10 Enterprise 2019 long-term servicing channel (LTSC) is also supported.
-- The following editions are supported:
- - Windows 10 Pro
- - Windows 10 Pro Education
- - Windows 10 Pro for Workstations
- - Windows 10 Enterprise
- - Windows 10 Education
- - Windows 10 Enterprise 2019 LTSC
-
->[!NOTE]
->Procedures for deploying Windows Autopilot might refer to specific products and versions. The inclusion of these products in this content doesn't imply an extension of support for a version that is beyond its support lifecycle. Windows Autopilot does not support products that are beyond their support lifecycle. For more information, see [Microsoft Lifecycle Policy](https://go.microsoft.com/fwlink/p/?LinkId=208270).
-
-## Networking requirements
-
-Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
-
-- Ensure DNS name resolution for internet DNS names.
-- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP).
-
-In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to allow access to the required services.
-
-> [!NOTE]
-> Smart card and certificate based authentication is not supported during OOBE. For more information, see [Smartcards and certificate-based authentication](https://docs.microsoft.com/azure/active-directory/devices/azureadjoin-plan#smartcards-and-certificate-based-authentication).
-
-For additional details about each of these services and their specific requirements, review the following details:
-
-
Service
Information
-
Windows Autopilot Deployment Service
After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 version 1903 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com.
-
-
User credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See Office 365 IP Address and URL Web service for more information.
-
Intune
Once authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: Intune network configuration requirements and bandwidth.
-
Windows Update
During the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see How to solve connection problems concerning Windows Update or Microsoft Update.
-
-If Windows Update is inaccessible, the Autopilot process will still continue but critical updates will not be available.
-
-
Delivery Optimization
When downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
-
-If the Delivery Optimization Service is inaccessible, the Autopilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer).
-
-
Network Time Protocol (NTP) Sync
When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible.
-
Domain Name Services (DNS)
To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP. This DNS server must be able to resolve internet names.
-
Diagnostics data
Starting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see Manage enterprise diagnostic data level.
-
-If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work.
-
This service is used to enable Windows to receive notifications from apps and services. See Microsoft Store for more information.
-
-If the WNS services are not available, the Autopilot process will still continue without notifications.
-
Microsoft Store, Microsoft Store for Business
Apps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM). App updates and additional apps may also be needed when the user first logs in. For more information, see Prerequisites for Microsoft Store for Business and Education (also includes Azure AD and Windows Notification Services).
-
-If the Microsoft Store is not accessible, the Autopilot process will still continue without Microsoft Store apps.
-
-
Office 365
As part of the Intune device configuration, installation of Microsoft 365 Apps for enterprise may be required. For more information, see Office 365 URLs and IP address ranges (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above).
-
The device can be hybrid AAD joined. The computer should be on corporate network for hybrid AAD join to work. See details at Windows Autopilot user-driven mode
-
Autopilot Self-Deploying mode and Autopilot White Glove
Firmware TPM devices, which are only provided by Intel, AMD, or Qualcomm, do not include all needed certificates at boot time and must be able to retrieve them from the manufacturer on first use. Devices with discrete TPM chips (including devices from any other manufacturer) come with these certificates preinstalled. See TPM recommendations for more details. Make sure that these URLs are accessible for each firmware TPM provider so that certificates can be successfully requested:
-
- Intel- https://ekop.intel.com/ekcertservice
- Qualcomm- https://ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1
- AMD- https://ftpm.amd.com/pki/aia
-
-
-## Licensing requirements
-
-Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs.
-
-To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
-- [Microsoft 365 Business Premium subscription](https://www.microsoft.com/microsoft-365/business).
-- [Microsoft 365 F1 or F3 subscription](https://www.microsoft.com/microsoft-365/enterprise/firstline).
-- [Microsoft 365 Academic A1, A3, or A5 subscription](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx).
-- [Microsoft 365 Enterprise E3 or E5 subscription](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).
-- [Enterprise Mobility + Security E3 or E5 subscription](https://www.microsoft.com/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features.
-- [Intune for Education subscription](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features.
-- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/cloud-platform/microsoft-intune) (or an alternative MDM service).
-
-> [!NOTE]
-> Even when using Microsoft 365 subscriptions, you still need to [assign Intune licenses to the users](https://docs.microsoft.com/intune/fundamentals/licenses-assign).
-
-Additionally, the following are also recommended (but not required):
-- [Microsoft 365 Apps for enterprise](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
-- [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise.
-
-## Configuration requirements
-
-Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios.
-
-- Configure Azure Active Directory automatic enrollment. For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details. If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services.
-- Configure Azure Active Directory custom branding. In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details. Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties).
-- Enable [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise.
-
-Specific scenarios will then have additional requirements. Generally, there are two specific tasks:
-
-- Device registration. Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios. See [Adding devices to Windows Autopilot](add-devices.md) for more details.
-- Profile configuration. Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device. See [Configure Autopilot profiles](profiles.md) for details. Note that Microsoft Intune can automate this profile assignment; see [Create an Autopilot device group](https://docs.microsoft.com/intune/enrollment-Autopilot#create-an-Autopilot-device-group) and [Assign an Autopilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-Autopilot#assign-an-Autopilot-deployment-profile-to-a-device-group) for more information.
-
-See [Windows Autopilot Scenarios](windows-Autopilot-scenarios.md) for additional details.
-
-For a walkthrough for some of these and related steps, see this video:
-
-
-
-
-
-There are no additional hardware requirements to use Windows 10 Autopilot, beyond the [requirements to run Windows 10](https://www.microsoft.com/windows/windows-10-specifications).
-
-## Related topics
-
-[Configure Autopilot deployment](https://docs.microsoft.com/windows/deployment/windows-Autopilot/)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
deleted file mode 100644
index 8510d7574e..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md
+++ /dev/null
@@ -1,138 +0,0 @@
----
-title: Windows Autopilot Reset
-description: Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and easily.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot Reset
-
-- Applies to: Windows 10, version 1709 and later (local reset)
-- Applies to: Windows 10, version 1809 and later (remote reset)
-
-Windows Autopilot Reset removes personal files, apps, and settings and reapplies a device’s original settings, maintaining its identity connection to Azure AD and its management connection to Intune so that the device is once again ready for use. Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and simply.
-
-The Windows Autopilot Reset process automatically retains information from the existing device:
-
-- Set the region, language, and keyboard to the originally-configured values.
-- Wi-Fi connection details.
-- Provisioning packages previously applied to the device, as well as a provisioning package present on a USB drive when the reset process is initiated.
-- Azure Active Directory device membership and MDM enrollment information.
-
-Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages. For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.
-When Autopilot reset is used on a device, the device's primary user will be removed. The next user who signs in after the reset will be set as the primary user.
-
-
->[!NOTE]
->The Autopilot Reset does not support Hybrid Azure AD joined devices.
-
-## Scenarios
-
-Windows Autopilot Reset supports two scenarios:
-
-- [Local reset](#reset-devices-with-local-windows-autopilot-reset) initiated by IT personnel or other administrators from the organization.
-- [Remote reset](#reset-devices-with-remote-windows-autopilot-reset) initiated remotely by IT personnel via an MDM service such as Microsoft Intune.
-
-Additional requirements and configuration details apply with each scenario; see the detailed links above for more information.
-
-## Reset devices with local Windows Autopilot Reset
-
-**Applies to: Windows 10, version 1709 and above**
-
-The Intune Service Administrator role is required to perform this task. For more information, see [Add users and grant administrative permission to Intune](https://docs.microsoft.com/intune/users-add).
-
-IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
-
-To enable local Autopilot Reset in Windows 10:
-
-1. [Enable the policy for the feature](#enable-local-windows-autopilot-reset)
-2. [Trigger a reset for each device](#trigger-local-windows-autopilot-reset)
-
-### Enable local Windows Autopilot Reset
-
-To enable a local Windows Autopilot Reset, the **DisableAutomaticReDeploymentCredentials** policy must be configured. This policy is documented in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, local Windows Autopilot is disabled. This ensures that a local Autopilot Reset is not triggered by accident.
-
-You can set the policy using one of these methods:
-
-- MDM provider
-
- - When using Intune, you can create a new device configuration profile, specifying "Windows 10 or later" for the platform, "Device restrictions" for the profile type, and "General" for the settings category. The **Automatic Redeployment** setting should be set to **Allow**. Deploy this setting to all devices where a local reset should be permitted.
- - If you're using an MDM provider other than Intune, check your MDM provider documentation on how to set this policy.
-
-- Windows Configuration Designer
-
- You can [use Windows Configuration Designer](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting to 0 and then create a provisioning package.
-
-- Set up School PCs app
-
- The latest release of the Set up School PCs app supports enabling local Windows Autopilot Reset.
-
-### Trigger local Windows Autopilot Reset
-
-Performing a local Windows Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it is done, the device is again ready for use.
-
-**To trigger a local Autopilot Reset**
-
-1. From the Windows device lock screen, enter the keystroke: **CTRL +  + R**.
-
- 
-
- This will open up a custom login screen for the local Autopilot Reset. The screen serves two purposes:
- 1. Confirm/verify that the end user has the right to trigger Local Autopilot Reset
- 2. Notify the user in case a provisioning package, created using Windows Configuration Designer, will be used as part of the process.
-
- 
-
-2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger the local Autopilot Reset.
-
- Once the local Autopilot Reset is triggered, the reset process starts. Once provisioning is complete, the device is again ready for use.
-
-## Reset devices with remote Windows Autopilot Reset
-
-**Applies to: Windows 10, version 1809 or later**
-
-When performing a remote Windows Autopilot Reset, an MDM service such an Microsoft Intune can be used to initiate the reset process, avoiding the need for IT staff or other administrators to visit each machine to initiate the process.
-
-To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed and joined to Azure AD. This feature is not supported on devices that were enrolled using [Autopilot self deploying mode](self-deploying.md).
-
-### Triggering a remote Windows Autopilot Reset
-
-To trigger a remote Windows Autopilot Reset via Intune, follow these steps:
-
-- Navigate to **Devices** tab in the Intune console.
-- In the **All devices** view, select the targeted reset devices and then click **More** to view device actions.
-- Select **Autopilot Reset** to kick-off the reset task.
-
->[!NOTE]
->The Autopilot Reset option will only be enabled in Microsoft Intune for devices running Windows 10 build 17672 or higher.
-
->[!IMPORTANT]
->The feature for Autopilot Reset will stay grayed out, **unless** you reset the device using Autopilot (either using Fresh Reset or manually sysprep the device).
-
-Once the reset is complete, the device is again ready for use.
-
-
-
-## Troubleshooting
-
-Windows Autopilot Reset requires that the [Windows Recovery Environment (WinRE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is correctly configured and enabled on the device. If it is not configured and enabled, an error such as `Error code: ERROR_NOT_SUPPORTED (0x80070032)` will be reported.
-
-To make sure WinRE is enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
-
-```
-reagentc /enable
-```
-
-If Windows Autopilot Reset fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
deleted file mode 100644
index 16abf999ea..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ /dev/null
@@ -1,76 +0,0 @@
----
-title: Windows Autopilot scenarios and capabilities
-description: Follow along with several typical Windows Autopilot deployment scenarios, such as re-deploying a device in a business-ready state.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot scenarios and capabilities
-
-**Applies to: Windows 10**
-
-## Scenarios
-
-Windows Autopilot includes support for a growing list of scenarios, designed to support common organization needs which can vary based on the type of organization and their progress moving to Windows 10 and [transitioning to modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management).
-
-The following Windows Autopilot scenarios are described in this guide:
-
-| Scenario | More information |
-| --- | --- |
-| Deploy devices that will be set up by a member of the organization and configured for that person | [Windows Autopilot user-driven mode](user-driven.md) |
-| Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.| [Windows Autopilot self-deploying mode](self-deploying.md) |
-| Re-deploy a device in a business-ready state.| [Windows Autopilot Reset](windows-autopilot-reset.md) |
-| Pre-provision a device with up-to-date applications, policies and settings.| [White glove](white-glove.md) |
-| Deploy Windows 10 on an existing Windows 7 or 8.1 device | [Windows Autopilot for existing devices](existing-devices.md) |
-
-These scenarios are summarized in the following video.
-
-
-
-> [!video https://www.microsoft.com/videoplayer/embed/RE4Ci1b?autoplay=false]
-
-## Windows Autopilot capabilities
-
-### Windows Autopilot is self-updating during OOBE
-
-Starting with the Windows 10, version 1903, Autopilot functional and critical updates will begin downloading automatically during OOBE after a device gets connected to a network and the [critical driver and Windows zero-day patch (ZDP) updates](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) have completed. The user or IT admin cannot opt-out of these Autopilot updates; they are required for Windows Autopilot deployment to operate properly. Windows will alert the user that the device is checking for, downloading and installing the updates.
-
-See [Windows Autopilot update](autopilot-update.md) for more information.
-
-### Cortana voiceover and speech recognition during OOBE
-
-In Windows 10, version 1903 and later Cortana voiceover and speech recognition during OOBE is DISABLED by default for all Windows 10 Pro, Education and Enterprise SKUs.
-
-If desired, you can enable Cortana voiceover and speech recognition during OOBE by creating the following registry key. This key does not exist by default.
-
-HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE\EnableVoiceForAllEditions
-
-The key value is a DWORD with **0** = disabled and **1** = enabled.
-
-| Value | Description |
-| --- | --- |
-| 0 | Cortana voiceover is disabled |
-| 1 | Cortana voiceover is enabled |
-| No value | Device will fall back to default behavior of the edition |
-
-To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
-
-### Bitlocker encryption
-
-With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. For more information, see [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md)
-
-## Related topics
-
-[Windows Autopilot: What's new](windows-autopilot-whats-new.md)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
deleted file mode 100644
index 8d69cc5d75..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Windows Autopilot what's new
-ms.reviewer:
-manager: laurawi
-description: Read news and resources about the latest updates and past versions of Windows Autopilot.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Windows Autopilot: What's new
-
-**Applies to**
-
-- Windows 10
-
-## Windows Autopilot update history
-
-The following [Windows Autopilot updates](autopilot-update.md) are available. **Note**: Updates are automatically downloaded and applied during the Windows Autopilot deployment process.
-
-No updates are available yet. Check back here later for more information.
-
-## New in Windows 10, version 2004
-
-With this release, you can configure Windows Autopilot [user-driven](user-driven.md) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903.
-
-If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, this was only supported with self-deploying profiles.
-
-## New in Windows 10, version 1903
-
-[Windows Autopilot for white glove deployment](white-glove.md) is new in Windows 10, version 1903. See the following video:
-
-
-
-> [!VIDEO https://www.youtube.com/embed/nE5XSOBV0rI]
-
-Also new in this version of Windows:
-- The Intune enrollment status page (ESP) now tracks Intune Management Extensions.
-- [Cortana voiceover and speech recognition during OOBE](windows-autopilot-scenarios.md#cortana-voiceover-and-speech-recognition-during-oobe) is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
-- [Windows Autopilot is self-updating during OOBE](windows-autopilot-scenarios.md#windows-autopilot-is-self-updating-during-oobe). Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
-- Windows Autopilot will set the diagnostics data level to Full on Windows 10 version 1903 and later during OOBE.
-
-## New in Windows 10, version 1809
-
-Windows Autopilot [self-deploying mode](self-deploying.md) enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured by Windows Autopilot. This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process.
-
-You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required.
-
->[!NOTE]
->Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809.
-
-## Related topics
-
-[What's new in Microsoft Intune](https://docs.microsoft.com/intune/whats-new)
-[What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
deleted file mode 100644
index 16e1781d6e..0000000000
--- a/windows/deployment/windows-autopilot/windows-autopilot.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: Overview of Windows Autopilot
-description: Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use.
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Overview of Windows Autopilot
-
-**Applies to**
-
-- Windows 10
-
-Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
-
-Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users. See the following video and diagram:
-
-
-
-> [!video https://www.microsoft.com/videoplayer/embed/RE4C7G9?autoplay=false]
-
-
-
-When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
-
-Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, Microsoft Endpoint Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
-
-Windows Autopilot enables you to:
-* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
-* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription for configuration*](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Windows-10-Azure-AD-and-Microsoft-Intune-Automatic-MDM/ba-p/244067)).
-* Restrict the Administrator account creation.
-* Create and auto-assign devices to configuration groups based on a device's profile.
-* Customize OOBE content specific to the organization.
-
-## Benefits of Windows Autopilot
-
-Traditionally, IT pros spend a lot of time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new approach.
-
-From the user's perspective, it only takes a few simple operations to make their device ready to use.
-
-From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
-
-## Requirements
-
-A [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 semi-annual channel is required to use Windows Autopilot. Windows 10 Enterprise LTSC 2019 is also supported. See [Windows Autopilot requirements](windows-autopilot-requirements.md) for detailed information on software, configuration, network, and licensing requirements.
-
-## Related topics
-
-[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot)
-[Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md)
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index a9089d86bc..91aaa460e8 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -5,13 +5,13 @@ ms.assetid: 0d6cee1f-14c4-4b69-b29a-43b0b327b877
ms.reviewer:
manager: laurawi
ms.audience: itpro
+ms.author: greglin
author: greg-lindsay
keywords: deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
-author: greg-lindsay
ms.topic: article
---
diff --git a/windows/hub/windows-10.yml b/windows/hub/windows-10.yml
index c4bba2a64d..822259efbd 100644
--- a/windows/hub/windows-10.yml
+++ b/windows/hub/windows-10.yml
@@ -3,7 +3,6 @@
documentType: LandingData
title: Windows 10
metadata:
- document_id:
title: Windows 10
description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization.
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index a8de10ac7f..f378372d1d 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -107,7 +107,7 @@ The following table lists management options for each setting, beginning with Wi
| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |
| [26. Microsoft Store](#bkmk-windowsstore) | |  |  |
| [27. Apps for websites](#bkmk-apps-for-websites) | |  |  |
-| [28. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |
+| [28. Delivery Optimization](#bkmk-updates) |  |  |  |
| [29. Windows Update](#bkmk-wu) | |  |  |
@@ -217,7 +217,7 @@ See the following table for a summary of the management settings for Windows Ser
| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |
| [26. Microsoft Store](#bkmk-windowsstore) | |  |  |
| [27. Apps for websites](#bkmk-apps-for-websites) | |  | |
-| [28. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |
+| [28. Delivery Optimization](#bkmk-updates) |  |  |  |
| [29. Windows Update](#bkmk-wu) | |  |  |
## How to configure each setting
@@ -415,7 +415,7 @@ To turn off Insider Preview builds for Windows 10:
### 8. Internet Explorer
> [!NOTE]
->When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/en-us/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
+>When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
| Policy | Description |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -933,19 +933,6 @@ To turn off **Location for this device**:
- Click the **Change** button in the UI.
-or-
-
-- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access location** and set the **Select a setting** box to **Force Deny**.
-
- -or-
-
-- Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
-
-
-To turn off **Location**:
-
-- Turn off the feature in the UI.
-
- -or-
- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Location and Sensors** > **Turn off location**.
@@ -953,7 +940,19 @@ To turn off **Location**:
- Create a REG_DWORD registry setting named **DisableLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one).
+To turn off **Allow apps to access your location**:
+- Turn off the feature in the UI.
+
+ -or-
+
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access location** and set the **Select a setting** box to **Force Deny**.
+
+ -or-
+
+- Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
+
+
To turn off **Location history**:
- Erase the history using the **Clear** button in the UI.
@@ -1561,7 +1560,7 @@ To turn off Messaging cloud sync:
You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](https://technet.microsoft.com/library/cc722030.aspx).
>[!NOTE]
->If you disable Teredo, some XBOX gaming features and Windows Update Delivery Optimization will not work.
+>If you disable Teredo, some XBOX gaming features and Delivery Optimization (with Group or Internet peering) will not work.
- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** > **TCPIP Settings** > **IPv6 Transition Technologies** > **Set Teredo State** and set it to **Disabled State**.
@@ -1623,6 +1622,10 @@ You can stop sending file samples back to Microsoft.
You can stop downloading **Definition Updates**:
+> [!NOTE]
+> The Group Policy path for 1809 and earlier builds is **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Signature Updates**
+
+
- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates** > **Define the order of sources for downloading definition updates** and set it to **FileShares**.
-and-
@@ -1661,7 +1664,7 @@ You can turn off **Enhanced Notifications** as follows:
### 24.1 Windows Defender SmartScreen
-To disable Windows Defender Smartscreen:
+To disable Windows Defender SmartScreen:
In Group Policy, configure:
@@ -1806,19 +1809,19 @@ You can turn off apps for websites, preventing customers who visit websites that
- Create a new REG_DWORD registry setting named **EnableAppUriHandlers** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**.
-### 28. Windows Update Delivery Optimization
+### 28. Delivery Optimization
-Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
+Delivery Optimization is the downloader of Windows updates, Microsoft Store apps, Office and other content from Microsoft. Delivery Optimization can also download from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization Peer-to-Peer option turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
-By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
+By default, PCs running Windows 10 will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
Use the UI, Group Policy, or Registry Keys to set up Delivery Optimization.
-In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Bypass** (99), as described below.
+In Windows 10 version 1607 and above you can stop network traffic related to Delivery Optimization Cloud Service by setting **Download Mode** to **Simple Mode** (99), as described below.
### 28.1 Settings > Update & security
-You can set up Delivery Optimization from the **Settings** UI.
+You can set up Delivery Optimization Peer-to-Peer from the **Settings** UI.
- Go to **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Choose how updates are delivered**.
@@ -1834,9 +1837,12 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
| Max Cache Size | Lets you specify the maximum cache size as a percentage of disk size. The default value is 20, which represents 20% of the disk.|
| Max Upload Bandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. The default value is 0, which means unlimited possible bandwidth.|
+
+For a comprehensive list of Delivery Optimization Policies, see [Delivery Optimization Reference](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference).
+
### 28.3 Delivery Optimization
-- **Enable** the **Download Mode** Group Policy under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization** and set the **Download Mode** to **"Bypass"** to prevent traffic.
+- **Enable** the **Download Mode** Group Policy under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization** and set the **Download Mode** to **"Simple Mode (99)"** to prevent traffic between peers as well as traffic back to the Delivery Optimization Cloud Service.
-or-
@@ -1845,6 +1851,9 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
+For IT Professionals, information about Delivery Optimization is available here: [Delivery Optimization for Windows 10 updates]
+(https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization).
+
### 29. Windows Update
You can turn off Windows Update by setting the following registry entries:
diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md
index 92f03d2111..ba34b2d47b 100644
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ b/windows/privacy/manage-windows-1909-endpoints.md
@@ -96,6 +96,7 @@ The following methodology was used to derive these network endpoints:
|||TLS v1.2|*g.live.com|
|||HTTPS|oneclient.sfx.ms|
|||HTTPS| logincdn.msauth.net|
+|||HTTP| windows.policies.live.net|
|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
|||TLS v1.2|settings-win.data.microsoft.com|
|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
@@ -117,6 +118,7 @@ The following methodology was used to derive these network endpoints:
|||HTTP|*.windowsupdate.com|
||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTP|*.delivery.mp.microsoft.com|
|||HTTPS/TLS v1.2|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS/TLS v1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
## Other Windows 10 editions
diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md
index 01990ccba5..5c4ad7c28d 100644
--- a/windows/privacy/manage-windows-2004-endpoints.md
+++ b/windows/privacy/manage-windows-2004-endpoints.md
@@ -71,7 +71,6 @@ The following methodology was used to derive these network endpoints:
|||HTTPS|*licensing.mp.microsoft.com|
|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2|*maps.windows.com|
-|| The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTP|fs.microsoft.com*|
|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2|*login.live.com|
|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 08d82afd30..e1011307d6 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -40,7 +40,7 @@ Transparency is an important part of the data collection process in Windows 10.
### 1.1 Device set up experience and support for layered transparency
-When setting up a device, a user can configure their privacy settings. Those privacy settings are key in determining the amount of personal data collected. For each privacy setting, the user is provided information about the setting along with the links to supporting information. This information explains what data is collected, how the data is used, and how to manage the setting after the device setup is complete. When connected to the network during this portion of setup, the user can also review the privacy statement. A brief overview of the set up experience for privacy settings is described in [this blog](https://blogs.windows.com/windowsexperience/2018/03/06/windows-insiders-get-first-look-new-privacy-screen-settings-layout-coming-windows-10/#uCC2bKYP8M5BqrDP.97).
+When setting up a device, a user can configure their privacy settings. Those privacy settings are key in determining the amount of personal data collected. For each privacy setting, the user is provided information about the setting along with the links to supporting information. This information explains what data is collected, how the data is used, and how to manage the setting after the device setup is complete. When connected to the network during this portion of setup, the user can also review the privacy statement. A brief overview of the set up experience for privacy settings is described in [Windows Insiders get first look at new privacy screen settings layout coming to Windows 10](https://blogs.windows.com/windowsexperience/2018/03/06/windows-insiders-get-first-look-new-privacy-screen-settings-layout-coming-windows-10/#uCC2bKYP8M5BqrDP.97), a blog entry on Windows Blogs.
The following table provides an overview of the Windows 10 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information.
@@ -88,7 +88,7 @@ The following table provides an overview of the privacy settings discussed earli
| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy: **Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**
MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy: **Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**
MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
| [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy: **Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md##manage-enterprise-diagnostic-data) | Group Policy: **Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**
MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop editions: Required diagnostic data (Windows 10, version 1903 and later)
Server editions: Required diagnostic data | Security and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy: **Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**
MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop editions: Required diagnostic data (Windows 10, version 1903 and later)
Server editions: Required diagnostic data | Security and block endpoints |
| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy: **Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**
MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off |
| Tailored Experiences | Group Policy: **User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**
MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off |
| Advertising ID | Group Policy: **Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**
MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off |
@@ -168,7 +168,7 @@ If a user signs in to a Windows experience or app on their device with their Mic
## 4. Cross-border data transfers
-Microsoft complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States.
+Microsoft complies with applicable law regarding the collection, use, and retention of personal information, including its transfer across borders
Microsoft’s [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) provides details on how we store and process personal data.
diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
index 357c78dd10..d0d7ff467f 100644
--- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
@@ -12,7 +12,7 @@ ms.author: v-hakima
manager: obezeajo
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 7/22/2020
+ms.date: 08/18/2020
---
# Windows 10, version 1909, connection endpoints for non-Enterprise editions
@@ -83,6 +83,7 @@ The following methodology was used to derive the network endpoints:
|*.blob.core.windows.net|HTTP/TLS v1.2|Windows Telemetry
|storage.live.com|HTTP/TLS v1.2|OneDrive
|skydrivesync.policies.live.net|TLS v1.2|OneDrive
+|dm2302.settings.live.net|HTTP|OneDrive
|slscr.update.microsoft.com|HTTPS/TLS V1.2|Windows Update
|tile-service.weather.microsoft.com|HTTP|Used for the Weather app
|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTP|This endpoint is used for content regulation
@@ -92,13 +93,15 @@ The following methodology was used to derive the network endpoints:
|www.bing.com|HTTPS/TLS v1.2|Cortana and Live Tiles
|www.msftconnecttest.com|HTTP|Network Connection Status Indicator (NCSI)
|wdcp.microsoft.com|HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
+|activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
+|adl.windows.com|HTTP|Used for compatibility database updates for Windows
## Windows 10 Pro
| **Destination** | **Protocol** | **Description** |
| --- | --- | --- |
|*.prod.do.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
-|api.onedrive.com|HTTP|One Drive
+|api.onedrive.com|HTTP|OneDrive
|smartscreen-prod.microsoft.com|HTTP|Used for Windows Defender SmartScreen reporting and notifications
|nav.smartscreen.microsoft.com|HTTPS/TLS v1.2|Windows Defender
|*.update.microsoft.com|HTTP|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
@@ -151,8 +154,11 @@ The following methodology was used to derive the network endpoints:
|www.bing.com|HTTPS/TLS v1.2|Cortana and Live Tiles
|www.msftconnecttest.com|HTTP|Network Connection Status Indicator (NCSI)
|outlook.office365.com|HTTP|Microsoft Office
-|storage.live.com|HTTP/TLS v1.2|One Drive
-|skydrivesync.policies.live.net|TLS v1.2|One Drive
+|storage.live.com|HTTP/TLS v1.2|OneDrive
+|skydrivesync.policies.live.net|TLS v1.2|OneDrive
+|windows.policies.live.net|HTTP|OneDrive
+|activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
+|adl.windows.com|HTTP|Used for compatibility database updates for Windows
## Windows 10 Education
@@ -166,7 +172,7 @@ The following methodology was used to derive the network endpoints:
|dmd.metaservices.microsoft.com|HTTP|Device metadata
|Inference.location.live.net|TLS v1.2|Location
|oneclient.sfx.ms|HTTPS|OneDrive
-|storage.live.com|HTTP/TLS v1.2|One Drive
+|storage.live.com|HTTP/TLS v1.2|OneDrive
|skydrivesync.policies.live.net|TLS v1.2|OneDrive
|slscr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
|fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
@@ -201,3 +207,4 @@ The following methodology was used to derive the network endpoints:
|outlook.office365.com|HTTP|Microsoft Office
|www.bing.com|TLS v1.2|Used for updates for Cortana, apps, and Live Tiles
|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
+|adl.windows.com|HTTP|Used for compatibility database updates for Windows
diff --git a/windows/release-information/TOC.md b/windows/release-information/TOC.md
deleted file mode 100644
index f0457af621..0000000000
--- a/windows/release-information/TOC.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# [Windows 10 release information](index.md)
-# [Message center](windows-message-center.yml)
-# Version 1909
-## [Known issues and notifications](status-windows-10-1909.yml)
-## [Resolved issues](resolved-issues-windows-10-1909.yml)
-# Version 1903
-## [Known issues and notifications](status-windows-10-1903.yml)
-## [Resolved issues](resolved-issues-windows-10-1903.yml)
-# Version 1809 and Windows Server 2019
-## [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml)
-## [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml)
-# Version 1803
-## [Known issues and notifications](status-windows-10-1803.yml)
-## [Resolved issues](resolved-issues-windows-10-1803.yml)
-# Version 1709
-## [Known issues and notifications](status-windows-10-1709.yml)
-## [Resolved issues](resolved-issues-windows-10-1709.yml)
-# Version 1607 and Windows Server 2016
-## [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
-## [Resolved issues](resolved-issues-windows-10-1607.yml)
-# Version 1507
-## [Known issues and notifications](status-windows-10-1507.yml)
-## [Resolved issues](resolved-issues-windows-10-1507.yml)
-# Previous versions
-## Windows 8.1 and Windows Server 2012 R2
-### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml)
-### [Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml)
-## Windows Server 2012
-### [Known issues and notifications](status-windows-server-2012.yml)
-### [Resolved issues](resolved-issues-windows-server-2012.yml)
-## Windows 7 and Windows Server 2008 R2
-### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml)
-### [Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml)
-## Windows Server 2008 SP2
-### [Known issues and notifications](status-windows-server-2008-sp2.yml)
-### [Resolved issues](resolved-issues-windows-server-2008-sp2.yml)
diff --git a/windows/release-information/breadcrumb/toc.yml b/windows/release-information/breadcrumb/toc.yml
deleted file mode 100644
index 5c9f236497..0000000000
--- a/windows/release-information/breadcrumb/toc.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-- name: Docs
- tocHref: /
- topicHref: /
- items:
- - name: Windows
- tocHref: /windows
- topicHref: /windows/windows-10
- items:
- - name: Release information
- tocHref: /windows/release-information/
- topicHref: /windows/release-information/index
diff --git a/windows/release-information/index.md b/windows/release-information/index.md
deleted file mode 100644
index c6eba252f9..0000000000
--- a/windows/release-information/index.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Windows 10 - release information
-description: Learn release information for Windows 10 releases
-keywords: ["Windows 10", "Windows 10 October 2018 Update"]
-ms.prod: w10
-layout: LandingPage
-ms.topic: landing-page
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: lizap
-ms.author: elizapo
-ms.localizationpriority: high
----
-
-# Windows 10 release information
-
-Feature updates for Windows 10 are released twice a year, around March and September, via the Semi-Annual Channel. They will be serviced with monthly quality updates for 18 or 30 months from the date of the release, depending on the lifecycle policy.
-
-We recommend that you begin deployment of each Semi-Annual Channel release immediately as a targeted deployment to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
-
-For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
-
-> [!NOTE]
-> Beginning with Windows 10, version 1903, you will find a [single entry for each SAC release](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
-
-
-
-
-
-
diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml
deleted file mode 100644
index 7df978985d..0000000000
--- a/windows/release-information/resolved-issues-windows-10-1507.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows 10, version 1507
-metadata:
- document_id:
- title: Resolved issues in Windows 10, version 1507
- description: Resolved issues in Windows 10, version 1507
- keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1507"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 10, version 1507 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure.
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
- "
diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml
deleted file mode 100644
index 5585df19da..0000000000
--- a/windows/release-information/resolved-issues-windows-10-1607.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows 10, version 1607 and Windows Server 2016
-metadata:
- document_id:
- title: Resolved issues in Windows 10, version 1607 and Windows Server 2016
- description: Resolved issues in Windows 10, version 1607
- keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1607"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 10, version 1607 and Windows Server 2016 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
Apps and scripts using the NetQueryDisplayInformation API may fail with error Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: After investigation, we have found that this issue does not affect this version of Windows.
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”
- "
diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml
deleted file mode 100644
index c85bdd82e9..0000000000
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows 10, version 1709 and Windows Server, version 1709
-metadata:
- document_id:
- title: Resolved issues in Windows 10, version 1709 and Windows Server, version 1709
- description: Resolved issues in Windows 10, version 1709 and Windows Server 1709
- keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1709"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 10, version 1709 and Windows Server, version 1709 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: Due to security related changes in KB4516066, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
Select the Start button and type Services.
Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
Locate Startup type: and change it to Manual
Select Ok
The TabletInputService service is now in the default configuration and IME should work as expected.
- "
diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml
deleted file mode 100644
index 63b5bd826c..0000000000
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ /dev/null
@@ -1,79 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows 10, version 1803
-metadata:
- document_id:
- title: Resolved issues in Windows 10, version 1803
- description: Resolved issues in Windows 10, version 1803
- keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1803"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 10, version 1803 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.
IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
Notification issue: \"Your device is missing important security and quality fixes.\" Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
After installing KB4512501, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.
Affected platforms:
Client: Windows 10, version 1809; Windows 10, version 1803
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: Due to security related changes in KB4516058, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
Select the Start button and type Services.
Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
Locate Startup type: and change it to Manual
Select Ok
The TabletInputService service is now in the default configuration and IME should work as expected.
Notification issue: \"Your device is missing important security and quality fixes.\"
Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes\" in the Windows Update dialog and a red \"!\" in the task tray on the Windows Update tray icon. This notification is intended for devices that are 90 days or more out of date, but some users with installed updates released in June or July also saw this notification.
Affected platforms:
Client: Windows 10, version 1803
Server: Windows Server, version 1803
Resolution: This issue was resolved on the server side on August 30, 2019. Only devices that are out of date by 90 days or more should now see the notification. No action is required by the user to resolve this issue. If you are still seeing the \"Your device is missing important security and quality fixes\" notification, we recommend selecting Check for Updates in the Windows Update dialog. For instructions, see Update Windows 10. Microsoft always recommends trying to keep your devices up to date, as the monthly updates contain important security fixes.
- "
diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
deleted file mode 100644
index 887025029f..0000000000
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ /dev/null
@@ -1,89 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows 10, version 1809 and Windows Server 2019
-metadata:
- document_id:
- title: Resolved issues in Windows 10, version 1809 and Windows Server 2019
- description: Resolved issues in Windows 10, version 1809 or Windows Server 2019
- keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10 1809"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 10, version 1809 and Windows Server 2019 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
Microsoft Defender Advanced Threat Protection might stop running The Microsoft Defender ATP service might stop running and might fail to send reporting data.
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.
Apps and scripts using the NetQueryDisplayInformation API may fail with error Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.
IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Microsoft Defender Advanced Threat Protection might stop running
After installing the optional non-security update (KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe.
Note Microsoft Microsoft Defender Antivirus is not affected by this issue.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
Server: Windows Server, version 1809; Windows Server 2019
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
After installing KB4511553, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.
Affected platforms:
Client: Windows 10, version 1809; Windows 10, version 1803
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: Due to security related changes in KB4512578, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
Select the Start button and type Services.
Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
Locate Startup type: and change it to Manual
Select Ok
The TabletInputService service is now in the default configuration and IME should work as expected.
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”
- "
diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml
deleted file mode 100644
index e0375fb086..0000000000
--- a/windows/release-information/resolved-issues-windows-10-1903.yml
+++ /dev/null
@@ -1,124 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows 10, version 1903 and Windows Server, version 1903
-metadata:
- document_id:
- title: Resolved issues in Windows 10, version 1903 and Windows Server, version 1903
- description: Resolved issues in Windows 10, version 1903 and Windows Server 1903
- keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1903"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 10, version 1903 and Windows Server, version 1903 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.
Unable to discover or connect to Bluetooth devices using some Qualcomm adapters Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.
Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.
dGPU occasionally disappear from device manager on Surface Book 2 Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.
IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
Some users report issues related to the Start menu and Windows Desktop Search A small number of users have reported issues related to the Start menu and Windows Desktop Search.
Windows Desktop Search may not return any results and may have high CPU usage Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.
Domain connected devices that use MIT Kerberos realms will not start up Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
Issues updating when certain versions of Intel storage drivers are installed Windows 10, version 1903 update may fail with certain versions of Intel Rapid Storage Technology (Intel RST) drivers.
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
Initiating a Remote Desktop connection may result in black screen When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.
Windows Sandbox may fail to start with error code “0x80070002” Windows Sandbox may fail to start on devices in which the operating system language was changed between updates.
Devices starting using PXE from a WDS or Configuration Manager servers may fail to start Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Unable to discover or connect to Bluetooth devices using some Qualcomm adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.
Affected platforms:
Client: Windows 10, version 1903
Server: Windows Server, version 1903
Resolution: This issue was resolved in KB4517389 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.
Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
Microsoft and NEC have found incompatibility issues with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903 on specific models of NEC devices. If these devices are updated to Windows 10, version 1903, they will no longer be able to use any Wi-Fi connections. The Wi-Fi driver may have a yellow exclamation point in device manager. The task tray icon for networking may show the icon for no internet and Network & Internet settings may not show any Wi-Fi networks.
To safeguard your update experience, we have applied a compatibility hold on the affected devices from being offered Windows 10, version 1903.
Affected platforms:
Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4522355. The safeguard hold is estimated to be removed in mid-November.
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Audio in games is quiet or different than expected
Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: Due to security related changes in KB4515384, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
Select the Start button and type Services.
Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
Locate Startup type: and change it to Manual
Select Ok
The TabletInputService service is now in the default configuration and IME should work as expected.
Some users report issues related to the Start menu and Windows Desktop Search
Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.
Affected platforms:
Client: Windows 10, version 1903
Resolution: At this time, Microsoft has not found a Search or Start issue significantly impacting users originating from KB4515384. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas. If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub (Windows + F) then try the Windows 10 Troubleshoot settings (found in Settings). If you are having an issue with search, see Fix problems in Windows Search.
Screenshots and Snips have an unnatural orange tint
When creating screenshots or using similar tools (such as Snipping Tool or Snip & Sketch), the resulting images may have an unnatural orange tint. This issue is caused by the Eye Care mode feature of Lenovo Vantage. This issue started on or around September 5, 2019.
Windows Desktop Search may not return any results and may have high CPU usage
Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing KB4512941. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been disabled.
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.
Affected platforms:
Client: Windows 10, version 1903
Server: Windows Server, version 1903
Resolution: This issue has been resolved for most users. If you are still having issues, please see KB4528159.
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512941. The ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512941 and install. For instructions, see Update Windows 10.
Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).
dGPU occasionally disappear from device manager on Surface Book 2
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.
To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until this issue is resolved.
Affected platforms:
Client: Windows 10, version 1903
Resolved: To resolve this issue, you will need to update the firmware of your Surface Book 2 device. Please see the Surface Book 2 update history pagefor instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue.
The safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903.
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.
To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.
Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512941 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).
To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.
Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.
Affected platforms:
Client: Windows 10, version 1903
Server: Windows Server, version 1903
Resolution: This issue was resolved in KB4512941 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).
Devices starting using PXE from a WDS or Configuration Manager servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager might fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.
Affected platforms:
Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).
To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903
Resolution: This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903
Server: Windows 10, version 1909; Windows Server, version 1903
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809
Resolution: This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.
Note If you are still experiencing the issue described, please contact your device manufacturer (OEM).
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.
- "
diff --git a/windows/release-information/resolved-issues-windows-10-1909.yml b/windows/release-information/resolved-issues-windows-10-1909.yml
deleted file mode 100644
index a1e9bd5092..0000000000
--- a/windows/release-information/resolved-issues-windows-10-1909.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows 10, version 1909 and Windows Server, version 1909
-metadata:
- document_id:
- title: Resolved issues in Windows 10, version 1909 and Windows Server, version 1909
- description: Resolved issues in Windows 10, version 1909 and Windows Server 1909
- keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1909"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 10, version 1909 and Windows Server, version 1909 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).
To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903
Resolution: This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903
Server: Windows 10, version 1909; Windows Server, version 1903
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.
- "
diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
deleted file mode 100644
index 0e9d00f112..0000000000
--- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
+++ /dev/null
@@ -1,85 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: See a list of known issues that have been resolved for Windows 7 and Windows Server 2008 R2 SP1 over the last six months.
-metadata:
- document_id:
- title: Resolved issues in Windows 7 and Windows Server 2008 R2 SP1
- description: Resolved issues in Windows 7 and Windows Server 2008 R2 SP1
- keywords: ["Resolved issues in Windows 7", "Windows 7", "Windows Server 2008 R2 SP1"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 7 and Windows Server 2008 R2 SP1 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
After installing an update and restarting, you might receive an error You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History.
MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.
You may receive an error when opening or using the Toshiba Qosmio AV Center Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.
After installing an update and restarting, you might receive an error
After installing KB4537820 and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This is expected in the following circumstances:
If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
If you do not have an ESU MAK add-on key installed and activated.
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the \"How to get this update\" section of this article.
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4539601, if you are using Monthly Rollups. If you are using Security Only updates, see KB4539602. These updates are available for all customers running Windows 7 SP1 and Windows Server 2008 R2 SP1.
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager and Microsoft Endpoint Configuration Manager.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4519976. If you are using Security Only updates, see KB4519974 for resolving KB for your platform.
You may receive an error when opening or using the Toshiba Qosmio AV Center
After installing KB4512506, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in Event Log related to cryptnet.dll.
- "
diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
deleted file mode 100644
index bcebc8ddb6..0000000000
--- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows 8.1 and Windows Server 2012 R2
-metadata:
- document_id:
- title: Resolved issues in Windows 8.1 and Windows Server 2012 R2
- description: Resolved issues in Windows 8.1 and Windows Server 2012 R2
- keywords: ["Resolved issues in Windows 8.1", "Windows 8.1", "Windows Server 2012 R2"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows 8.1 and Windows Server 2012 R2 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Printing from 32-bit apps might fail on a 64-bit OS When attempting to print, you may receive an error or the application may stop responding or close.
Windows RT 8.1 devices may have issues opening Internet Explorer 11 On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.
Printing from 32-bit apps might fail on a 64-bit OS
When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. Note This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.
Affected platforms:
Client: Windows 8.1
Server: Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4525250. However, the issue occurs when you install only KB4512489 (released on August 13, 2019) without installing KB4507457, the previous Security Only update (released July 9, 2019). Reminder When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4520005. If you are using Security Only updates, see KB4519974 for resolving KB for your platform.
Windows RT 8.1 devices may have issues opening Internet Explorer 11
On Windows 8.1 RT devices, Internet Explorer 11 may not open and you may receive the error, \"C:\\Program Files\\Internet Explorer\\iexplore.exe: A certificate was explicitly revoked by its issuer.\"
- "
diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
deleted file mode 100644
index 794271af56..0000000000
--- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Resolved issues in Windows Server 2008 SP2
-metadata:
- document_id:
- title: Resolved issues in Windows Server 2008 SP2
- description: Resolved issues in Windows Server 2008 SP2
- keywords: ["Resolved issues in Windows Server 2008 SP2", "Windows Server 2008 SP2"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows Server 2008 SP2 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
After installing an update and restarting, you might receive an error You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History.
MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.
Issues manually installing updates by double-clicking the .msu file You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.
After installing an update and restarting, you might receive an error
After installing KB4537810 and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This is expected in the following circumstances:
If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
If you do not have an ESU MAK add-on key installed and activated.
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the \"How to get this update\" section of this article.
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager and Microsoft Endpoint Configuration Manager.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).
Issues manually installing updates by double-clicking the .msu file
After installing the SHA-2 update (KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"
Affected platforms:
Server: Windows Server 2008 SP2
Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet
Resolution: This issue is resolved in KB4474419 released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above.
Note If you previously installed KB4474419 released September 23, 2019, then you already have the latest version of this update and do not need to reinstall.
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4520002. If you are using Security Only updates, see KB4519974 for resolving KB for your platform.
- "
diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml
deleted file mode 100644
index d9f4e51351..0000000000
--- a/windows/release-information/resolved-issues-windows-server-2012.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: See a list of known issues that have been resolved for Windows Server 2012 over the last six months.
-metadata:
- document_id:
- title: Resolved issues in Windows Server 2012
- description: Resolved issues in Windows Server 2012
- keywords: ["Resolved issues in Windows Server 2012", "Windows Server 2012"]
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- See a list of known issues that have been resolved for Windows Server 2012 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
-
- "
-- items:
- - type: markdown
- text: "
-
- "
-
-- title: Resolved issues
-- items:
- - type: markdown
- text: "
-
Summary
Originating update
Status
Date resolved
-
Printing from 32-bit apps might fail on a 64-bit OS When attempting to print, you may receive an error or the application may stop responding or close.
Printing from 32-bit apps might fail on a 64-bit OS
When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. Note This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.
Affected platforms:
Client: Windows 8.1
Server: Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4525253. However, the issue occurs when you install only KB4512482 (released on August 13, 2019) without installing KB4507447, the previous Security Only update (released July 9, 2019). Reminder When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019.
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4520007. If you are using Security Only updates, see KB4519974 for resolving KB for your platform.
- "
diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml
deleted file mode 100644
index 9c9ab15b4e..0000000000
--- a/windows/release-information/status-windows-10-1507.yml
+++ /dev/null
@@ -1,101 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10, version 1507
-metadata:
- document_id:
- title: Windows 10, version 1507
- description: View announcements and review known issues and fixes for Windows 10 version 1507
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows 10, version 1507. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
You might encounter issues trying to install or after installing KB4502496.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4502496) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4502496 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
- "
diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
deleted file mode 100644
index 7aa6de52e5..0000000000
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ /dev/null
@@ -1,113 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10, version 1607 and Windows Server 2016
-metadata:
- document_id:
- title: Windows 10, version 1607 and Windows Server 2016
- description: View announcements and review known issues and fixes for Windows 10 version 1607 and Windows Server 2016
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows 10, version 1607 and Windows Server 2016. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
Cluster service may fail if the minimum password length is set to greater than 14 The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.
Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.
If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Upon restart use the “Reset this PC” feature and you should not encounter this issue.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
You might encounter issues trying to install or after installing KB4524244.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Cluster service may fail if the minimum password length is set to greater than 14
After installing KB4467684, the cluster service may fail to start with the error \"2245 (NERR_PasswordTooShort)\" if the Group Policy \"Minimum Password Length\" is configured with greater than 14 characters.
Affected platforms:
Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
Server: Windows Server 2016
Workaround: Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
- "
diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml
deleted file mode 100644
index 8938c52372..0000000000
--- a/windows/release-information/status-windows-10-1709.yml
+++ /dev/null
@@ -1,103 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10, version 1709 and Windows Server, version 1709
-metadata:
- document_id:
- title: Windows 10, version 1709 and Windows Server, version 1709
- description: View announcements and review known issues and fixes for Windows 10 version 1709 and Windows Server 1709
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows 10, version 1709 and Windows Server, version 1709. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.
If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Upon restart use the “Reset this PC” feature and you should not encounter this issue.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
You might encounter issues trying to install or after installing KB4524244.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
- "
diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml
deleted file mode 100644
index a4aa84810e..0000000000
--- a/windows/release-information/status-windows-10-1803.yml
+++ /dev/null
@@ -1,107 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10, version 1803
-metadata:
- document_id:
- title: Windows 10, version 1803
- description: View announcements and review known issues and fixes for Windows 10 version 1803
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows 10, version 1803. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
-
-
Current status as of November 12, 2019:
Windows 10, version 1803 (the April 2018 Update) Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update (with users having the ability to choose a convenient time); keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.
-
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.
If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Upon restart use the “Reset this PC” feature and you should not encounter this issue.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
You might encounter issues trying to install or after installing KB4524244.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
- "
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
deleted file mode 100644
index 1260d1f9d9..0000000000
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ /dev/null
@@ -1,117 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10, version 1809 and Windows Server 2019
-metadata:
- document_id:
- title: Windows 10, version 1809 and Windows Server 2019
- description: View announcements and review known issues and fixes for Windows 10 version 1809 and Windows Server 2019
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows 10, version 1809 and Windows Server 2019. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
-
-
Current status as of November 12, 2019:
Windows 10, version 1809 is designated for broad deployment. The recommended servicing status is Semi-Annual Channel.
-
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Devices with some Asian language packs installed may receive an error Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"
Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.
If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Upon restart use the “Reset this PC” feature and you should not encounter this issue.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
You might encounter issues trying to install or after installing KB4524244.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
Server: Windows Server, version 1809; Windows Server 2019
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
- "
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml
deleted file mode 100644
index e52c2bd1fe..0000000000
--- a/windows/release-information/status-windows-10-1903.yml
+++ /dev/null
@@ -1,99 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10, version 1903 and Windows Server, version 1903
-metadata:
- document_id:
- title: Windows 10, version 1903 and Windows Server, version 1903
- description: View announcements and review known issues and fixes for Windows 10 version 1903 and Windows Server 1903
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues and the status of the rollout for Windows 10, version 1903 and Windows Server, version 1903. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
-
-
Current status as of November 12, 2019:
Windows 10, version 1903 (the May 2019 Update) is designated ready for broad deployment for all users via Windows Update.
We recommend commercial customers running earlier versions of Windows 10 begin broad deployments of Windows 10, version 1903 in their organizations.
Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
-
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Issues with some older versions of Avast and AVG anti-virus products Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.
Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.
If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Upon restart use the “Reset this PC” feature and you should not encounter this issue.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
You might encounter issues trying to install or after installing KB4524244.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Issues with some older versions of Avast and AVG anti-virus products
Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.
To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until the application is updated.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903
Server: Windows Server, version 1909; Windows Server, version 1903
Workaround: Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
- "
diff --git a/windows/release-information/status-windows-10-1909.yml b/windows/release-information/status-windows-10-1909.yml
deleted file mode 100644
index 54406eaa62..0000000000
--- a/windows/release-information/status-windows-10-1909.yml
+++ /dev/null
@@ -1,97 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10, version 1909 and Windows Server, version 1909
-metadata:
- document_id:
- title: Windows 10, version 1909 and Windows Server, version 1909
- description: View announcements and review known issues and fixes for Windows 10 version 1909 and Windows Server 1909
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues and the status of the rollout for Windows 10, version 1909 and Windows Server, version 1909. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
-
-
Current status as of January 21, 2020:
Windows 10, version 1909 is available for any user on a recent version of Windows 10 who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.
We are starting the next phase in our controlled approach to automatically initiate a feature update for an increased number of devices running the October 2018 Update (Windows 10, version 1809) Home and Pro editions, keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health. Our rollout process starts several months in advance of the end of service date to provide adequate time for a smooth update process.
For information on how users running Windows 10, version 1903 can update to Windows 10, version 1909 in a new, streamlined way, see this post.
Note follow @WindowsUpdate on Twitter to find out when new content is published to the release information dashboard.
-
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Issues with some older versions of Avast and AVG anti-virus products Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.
Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.
If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Upon restart use the “Reset this PC” feature and you should not encounter this issue.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
You might encounter issues trying to install or after installing KB4524244.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Issues with some older versions of Avast and AVG anti-virus products
Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.
To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until the application is updated.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903
Server: Windows Server, version 1909; Windows Server, version 1903
Workaround: Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.
- "
diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
deleted file mode 100644
index d7e5928590..0000000000
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ /dev/null
@@ -1,111 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 7 and Windows Server 2008 R2 SP1
-metadata:
- document_id:
- title: Windows 7 and Windows Server 2008 R2 SP1
- description: View announcements and review known issues and fixes for Windows 7 and Windows Server 2008 R2 SP1
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows 7 and Windows Server 2008 R2 SP1. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
-
Summary
Originating update
Status
Last updated
-
After installing an update and restarting, you might receive an error You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History.
IA64 and x64 devices may fail to start after installing updates After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.
After installing an update and restarting, you might receive an error
After installing KB4537820 and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This is expected in the following circumstances:
If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
If you do not have an ESU MAK add-on key installed and activated.
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the \"How to get this update\" section of this article.
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4539601, if you are using Monthly Rollups. If you are using Security Only updates, see KB4539602. These updates are available for all customers running Windows 7 SP1 and Windows Server 2008 R2 SP1.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
IA64 and x64 devices may fail to start after installing updates
IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1
Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.
- "
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
deleted file mode 100644
index 01f8a8436e..0000000000
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ /dev/null
@@ -1,111 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 8.1 and Windows Server 2012 R2
-metadata:
- document_id:
- title: Windows 8.1 and Windows Server 2012 R2
- description: View announcements and review known issues and fixes for Windows 8.1 and Windows Server 2012 R2.
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows 8.1 and Windows Server 2012 R2. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Japanese IME doesn't show the new Japanese Era name as a text input option With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.
Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
You might encounter issues trying to install or after installing KB4502496.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4502496) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4502496 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.
Affected platforms:
Client: Windows 8.1
Server: Windows Server 2012 R2; Windows Server 2012
Workaround:
If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)
Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)
Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)
Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)
Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)
Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
- "
diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml
deleted file mode 100644
index 386d5d16ad..0000000000
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows Server 2008 SP2
-metadata:
- document_id:
- title: Windows Server 2008 SP2
- description: View announcements and review known issues and fixes for Windows Server 2008 SP2.
- keywords: Windows, Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows Server 2008 SP2. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
-
Summary
Originating update
Status
Last updated
-
After installing an update and restarting, you might receive an error You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History.
After installing an update and restarting, you might receive an error
After installing KB4537810 and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This is expected in the following circumstances:
If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
If you do not have an ESU MAK add-on key installed and activated.
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the \"How to get this update\" section of this article.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
- "
diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml
deleted file mode 100644
index cba7737955..0000000000
--- a/windows/release-information/status-windows-server-2012.yml
+++ /dev/null
@@ -1,111 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows Server 2012
-metadata:
- document_id:
- title: Windows Server 2012
- description: View announcements and review known issues and fixes for Windows Server 2012
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: high
- author: greg-lindsay
- ms.author: greglin
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find information on known issues for Windows Server 2012. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
- "
-
-- items:
- - type: list
- style: cards
- className: cardsM
- columns: 3
- items:
-
- - href: https://aka.ms/Windows7ESU
- html: Stay protected with Extended Security Updates >
- image:
- src: https://docs.microsoft.com/media/common/i_subscription.svg
- title: Still have devices running Windows 7 in your enterprise?
- - href: https://aka.ms/1909mechanics
- html: Explore the improvements >
- image:
- src: http://docs.microsoft.com/media/common/i_investigate.svg
- title: Windows 10, version 1909 delivery options
- - href: https://aka.ms/whats-new-in-1909
- html: Learn about the latest capabilities for IT >
- image:
- src: http://docs.microsoft.com/media/common/i_article.svg
- title: What’s new in Windows 10, version 1909
-- items:
- - type: markdown
- text: "
-
Japanese IME doesn't show the new Japanese Era name as a text input option With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.
Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
You might encounter issues trying to install or after installing KB4502496.
Affected platforms:
Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update (KB4502496) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.
If this update is installed and you are experiencing issues, you can uninstall this update.
Select the start button or Windows Desktop Search and type update history and select View your Update history.
On the Settings/View update history dialog window, Select Uninstall Updates.
On the Installed Updates dialog window, find and select KB4502496 and select the Uninstall button.
Restart your device.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
\"The request was aborted: Could not create SSL/TLS secure Channel\"
SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms:
Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.
Affected platforms:
Client: Windows 8.1
Server: Windows Server 2012 R2; Windows Server 2012
Workaround:
If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)
Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)
Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)
Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)
Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)
Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
Perform the operation from a process that has administrator privilege.
Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
The February 2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
February 27, 2020 01:30 PM PT
-
February 2020 Windows \"C\" optional release is available.
The February 2020optional monthly “C” release for all supported versions of Windows prior to Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
February 25, 2020 08:00 AM PT
-
Status of February 2020 “C” release
The optional monthly “C” release for February 2020 for all supported versions of Windows and Windows Server prior to Windows 10, version 1903 and Windows Server, version 1903 will be available in the near term. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
The February 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
February 11, 2020 08:00 AM PT
-
Take action: ESU security updates available for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2
Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 reached end of support on January 14, 2020. For customers who have purchased Extended Security Updates (ESU), the first monthly ESU security updates are now available. If your organization has not yet been able to complete your transition to Windows 10, Windows Server 2016, or Windows Server 2019 and want to continue to receive security updates for your current version of Windows, you will need to purchase Extended Security Updates. For information on how to do so, please see How to get Extended Security Updates for eligible Windows devices, Windows 7 ESU frequently ask questions, and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 ESU frequently asked questions.
We recommend ESU customers review the applicable KB article below for prerequisites and other important information you will need to deploy these updates.
The following updates were released today for Windows Server 2008 SP2:
Internet Explorer 11 Cumulative Updates (KB4537767)
February 11, 2020 08:00 AM PT
-
Resolved: Windows Search shows blank box
We are aware of a temporary server-side issue causing Windows search to show a blank box. This issue has been resolved for most users and in some cases, you might need to restart your device. We are working diligently to fully resolve the issue and will provide an update once resolved.
This issue was resolved at 12:00 PM PST. If you are still experiencing issues, please restart your device. In rare cases, to mitigate this issue you may need to manually end the SearchUI.exe or SearchApp.exe process via Task Manager. (To locate these processes, select CTRL + Shift + Esc then select the Details tab.) If you have restarted and tried the previous mitigations and are still encountering issues with Windows Search, you are not experiencing the issue described here. Please see Fix problems in Windows Search for other mitigations.
The January2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
January 28, 2020 08:00 AM PT
-
January 2020 Windows \"C\" optional release is available.
The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
Windows 7 reached end of support on January 14, 2020. If your organization has not yet been able to complete your transition from Windows 7 to Windows 10, and want to continue to receive security updates while you complete your upgrade projects, please read How to get Extended Security Updates for eligible Windows devices. For more information on end of service dates for currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
On January 14, 2020, Microsoft released security updates to address an elliptic-curve cryptography (ECC) certificate validation issue in the Windows CryptoAPI. This vulnerability applies to all versions of the Windows 10 operating system, client and server. While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to all of your Windows 10 devices with priority. Here is what you need to know:
If you are running a supported version of Windows 10 and have automatic updates enabled, you are automatically protected and do not need to take any further action.
If you are managing updates on behalf of your organization, you should download the latest updates from the Microsoft Security Update Guide and apply those updates to your Windows 10 devices and servers as soon as possible.
The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
December 10, 2019 08:00 AM PT
-
Timing of Windows 10 optional update releases (December 2019)
For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer.
Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how we’ve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.
Learn how devices running Windows 10, version 1903 can update to Windows 10, version 1909 using the same servicing technology used to deliver monthly quality updates, resulting in a single restart and reducing update-related downtime.
The November 2019 security update release, referred to as our “B” release, is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
November 12, 2019 10:00 AM PT
-
Timing of Windows 10 optional update releases (November/December 2019)
For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week. Note There will be a December Security Update Tuesday release, as usual. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer
Windows 10, version 1803 (the April 2018 Update) Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update (with users having the ability to choose a convenient time); keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health. For more information on end of service dates for currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
The October 2019 optional monthly “D” release for Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
October 24, 2019 08:00 AM PT
-
October 2019 Windows \"C\" optional release is available.
The October 2019optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
Consumer and commercial editions of Windows 10, version 1703 have reached end of service. As devices running these editions are no longer receiving monthly security and quality updates containing protections from the latest security threats, we recommend that you update these devices to the latest version of Windows 10 immediately. For more information on end of service dates for currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
Note The Windows 10, version 1703 section will be removed from this dashboard on November 12, 2019.
The October 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
On October 3, 2019, Microsoft expanded delivery of the out-of-band Internet Explorer scripting engine security vulnerability (CVE-2019-1367) update released on September 23, 2019 to Windows Update and Windows Server Update Services (WSUS). This is now a required security update for all supported versions of Windows as it includes the Internet Explorer scripting engine vulnerability mitigation and corrects a recent printing issue some users have experienced. All customers using Windows Update or WSUS will be offered this update automatically. We recommend that you install this update as soon as a possible, then restart your PC to fully apply the mitigations and help secure your devices. As with all cumulative updates, this update supersedes any preceding update.
Note: This update does not replace the standard October 2019 monthly security update release, which is scheduled for October 8, 2019.
The September 2019 optional monthly “D” release for Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
September 26, 2019 02:00 PM PT
-
Status update: September 2019 Windows \"C\" optional release available
The September 2019 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
September 24, 2019 08:10 AM PT
-
Plan for change: Windows Media Center Electronic Program Guide retiring in January 2020
Starting in January 2020, Microsoft is retiring its Electronic Program Guide (EPG) service for all versions of Windows Media Center. To continue receiving TV Program Guide information on your Windows Media Center, you’ll need to configure an alternate TV listing provider.
September 24, 2019 08:00 AM PT
-
Status of September 2019 “C” release
The optional monthly “C” release for September 2019 for all supported versions of Windows and Windows Server prior to Windows 10, version 1903 and Windows Server, version 1903 will be available in the near term. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
September 19, 2019 04:11 PM PT
-
Plan for change: End of service reminders for Windows 10, versions 1703 and 1803
The Enterprise and Education editions of Windows 10, version 1703 (the Creators Update) will reach end of service on October 8, 2019. The Home, Pro, Pro for Workstations, and IoT Core editions of Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019. We recommend that you update devices running these versions and editions to the latest version of Windows 10—Windows 10, version 1903—as soon as possible to help keep them protected and your environments secure.
September 13, 2019 03:23 PM PT
-
September 2019 security update available for all supported versions of Windows
The September 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
The August optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
August 30, 2019 08:00 AM PT
-
Feature update install notification on Windows 10, version 1809 (the October 2018 Update)
We've had reports on August 29th that some customers running Windows 10, version 1809 (the October 2018 Update) have received notification to install the latest feature update (version 1903) early. Updating remains in your control. To install the update, you must select one of the following options: \"Pick a Time\", \"Restart Tonight,\" or \"Restart Now\". If you are not ready to update at this time, simply dismiss the notification by clicking the arrow in the top right corner. If you have updated to Windows 10, version 1903 and would like to go back to your previous version, see the instructions here.
Internet Explorer 11 (KB 4492872) is now available via Windows Update (WU) and Windows Server Update Services (WSUS) for commercial customers running Windows Server 2012 and Windows Embedded 8 Standard. For details about these changes and end of support for IE10, please refer to the IT Pro blog.
August 29, 2019 08:00 AM PT
-
Windows 10, version 1903 rollout begins The Windows 10 May 2019 Update (Windows 10, version 1903) is available today to commercial customers via Windows Server Update Services (WSUS), Windows Update for Business, and the Volume Licensing Service Center (VLSC)—and to end users who manually select “Check for updates.” We are slowly throttling up availability while we carefully monitor data and feedback.
May 21, 2019 10:00 AM PT
-
- "
diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md
index dabc7f749b..2ae163cea6 100644
--- a/windows/security/identity-protection/access-control/active-directory-accounts.md
+++ b/windows/security/identity-protection/access-control/active-directory-accounts.md
@@ -470,7 +470,7 @@ Each default local account in Active Directory has a number of account settings
Account is trusted for delegation
-
Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the Delegation tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the setspn command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously.
+
Lets a service running under this account perform operations on behalf of other user accounts on the network. A service running under a user account (also known as a service account) that is trusted for delegation can impersonate a client to gain access to resources, either on the computer where the service is running or on other computers. For example, in a forest that is set to the Windows Server 2003 functional level, this setting is found on the Delegation tab. It is available only for accounts that have been assigned service principal names (SPNs), which are set by using the setspn command from Windows Support Tools. This setting is security-sensitive and should be assigned cautiously.
Account is sensitive and cannot be delegated
@@ -480,7 +480,7 @@ Each default local account in Active Directory has a number of account settings
Use DES encryption types for this account
Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption, including Microsoft Point-to-Point Encryption (MPPE) Standard (40-bit and 56-bit), MPPE standard (56-bit), MPPE Strong (128-bit), Internet Protocol security (IPSec) DES (40-bit), IPSec 56-bit DES, and IPSec Triple DES (3DES).
-Note
DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see Hunting down DES in order to securely deploy Kerberos.
+Note
DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see Hunting down DES in order to securely deploy Kerberos.
@@ -656,8 +656,8 @@ In this procedure, the workstations are dedicated to domain administrators. By s
-
Windows Update Setting
-
Configuration
+
Windows Update Setting
+
Configuration
Allow Automatic Updates immediate installation
diff --git a/windows/security/identity-protection/access-control/dynamic-access-control.md b/windows/security/identity-protection/access-control/dynamic-access-control.md
index 1ef5a24b40..3ad985610a 100644
--- a/windows/security/identity-protection/access-control/dynamic-access-control.md
+++ b/windows/security/identity-protection/access-control/dynamic-access-control.md
@@ -1,6 +1,6 @@
---
title: Dynamic Access Control Overview (Windows 10)
-description: Dynamic Access Control Overview
+description: Learn about Dynamic Access Control and its associated elements, which were introduced in Windows Server 2012 and Windows 8.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 7e7c2236cd..56e4f2edf2 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -297,9 +297,9 @@ The following table shows the Group Policy and registry settings that are used t
-
No.
-
Setting
-
Detailed Description
+
No.
+
Setting
+
Detailed Description
@@ -334,7 +334,7 @@ The following table shows the Group Policy and registry settings that are used t
@@ -444,9 +444,9 @@ The following table shows the Group Policy settings that are used to deny networ
-
No.
-
Setting
-
Detailed Description
+
No.
+
Setting
+
Detailed Description
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index b4bbe78a9d..32bf1aabaf 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -21,13 +21,14 @@ ms.custom:
# Manage Windows Defender Credential Guard
**Applies to**
-- Windows 10
+- Windows 10 <=1903 Enterprise and Education SKUs
+- Windows 10 >=1909
- Windows Server 2016
- Windows Server 2019
## Enable Windows Defender Credential Guard
-Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard [hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.
+Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard [hardware readiness tool](dg-readiness-tool.md). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.
The same set of procedures used to enable Windows Defender Credential Guard on physical machines applies also to virtual machines.
@@ -36,9 +37,13 @@ The same set of procedures used to enable Windows Defender Credential Guard on p
You can use Group Policy to enable Windows Defender Credential Guard. This will add and enable the virtualization-based security features for you if needed.
1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard**.
+
2. Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option.
+
3. In the **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**.
+
4. In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Windows Defender Credential Guard remotely, choose **Enabled without lock**.
+
5. In the **Secure Launch Configuration** box, choose **Not Configured**, **Enabled** or **Disabled**. Check [this article](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection) for more details.
@@ -49,8 +54,10 @@ To enforce processing of the group policy, you can run ```gpupdate /force```.
### Enable Windows Defender Credential Guard by using Intune
-1. From **Home** click **Microsoft Intune**
-2. Click **Device configuration**
+1. From **Home**, click **Microsoft Intune**.
+
+2. Click **Device configuration**.
+
3. Click **Profiles** > **Create Profile** > **Endpoint protection** > **Windows Defender Credential Guard**.
> [!NOTE]
@@ -66,6 +73,7 @@ Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows
If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security.
You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM).
+
> [!NOTE]
> If you enable Windows Defender Credential Guard by using Group Policy, the steps to enable Windows features through Control Panel or DISM are not required. Group Policy will install Windows features for you.
@@ -73,22 +81,31 @@ You can do this by using either the Control Panel or the Deployment Image Servic
**Add the virtualization-based security features by using Programs and Features**
1. Open the Programs and Features control panel.
+
2. Click **Turn Windows feature on or off**.
+
3. Go to **Hyper-V** -> **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box.
+
4. Select the **Isolated User Mode** check box at the top level of the feature selection.
+
5. Click **OK**.
**Add the virtualization-based security features to an offline image by using DISM**
1. Open an elevated command prompt.
+
2. Add the Hyper-V Hypervisor by running the following command:
- ```
+
+ ```console
dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all
```
+
3. Add the Isolated User Mode feature by running the following command:
- ```
+
+ ```console
dism /image: /Enable-Feature /FeatureName:IsolatedUserMode
```
+
> [!NOTE]
> In Windows 10, version 1607 and later, the Isolated User Mode feature has been integrated into the core operating system. Running the command in step 3 above is therefore no longer required.
@@ -100,11 +117,13 @@ You can do this by using either the Control Panel or the Deployment Image Servic
1. Open Registry Editor.
2. Enable virtualization-based security:
+
- Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard.
- Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it.
- Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**.
3. Enable Windows Defender Credential Guard:
+
- Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA.
- Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it.
@@ -120,9 +139,10 @@ You can do this by using either the Control Panel or the Deployment Image Servic
You can also enable Windows Defender Credential Guard by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md).
-```
+```console
DG_Readiness_Tool.ps1 -Enable -AutoReboot
```
+
> [!IMPORTANT]
> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
> This is a known issue.
@@ -134,7 +154,9 @@ DG_Readiness_Tool.ps1 -Enable -AutoReboot
You can view System Information to check that Windows Defender Credential Guard is running on a PC.
1. Click **Start**, type **msinfo32.exe**, and then click **System Information**.
+
2. Click **System Summary**.
+
3. Confirm that **Credential Guard** is shown next to **Virtualization-based security Services Configured**.
Here's an example:
@@ -143,9 +165,10 @@ You can view System Information to check that Windows Defender Credential Guard
You can also check that Windows Defender Credential Guard is running by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md).
-```
+```console
DG_Readiness_Tool_v3.6.ps1 -Ready
```
+
> [!IMPORTANT]
> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
> This is a known issue.
@@ -165,7 +188,7 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
- **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]
You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0.
- **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: **0x0**. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: **0x1**. TPM PCR mask: **0x0**.
- - You can use Windows Powershell to determine whether credential guard is running on a client computer. On the computer in question, open an elevated Powershell window and run the following command:
+ - You can use Windows PowerShell to determine whether credential guard is running on a client computer. On the computer in question, open an elevated PowerShell window and run the following command:
```powershell
(Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard).SecurityServicesRunning
@@ -195,7 +218,7 @@ To disable Windows Defender Credential Guard, you can use the following set of p
4. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
- ``` syntax
+ ```console
mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
@@ -232,9 +255,10 @@ For more info on virtualization-based security and HVCI, see [Enable virtualizat
You can also disable Windows Defender Credential Guard by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md).
-```
+```console
DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot
```
+
> [!IMPORTANT]
> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
> This is a known issue.
@@ -243,7 +267,7 @@ DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot
From the host, you can disable Windows Defender Credential Guard for a virtual machine:
-``` PowerShell
+```powershell
Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true
```
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 7f5c4ffe62..25d125585e 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -98,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve
| Hardware: **Trusted Platform Module (TPM)** | **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. |
| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. |
| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
-| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
Important: Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.
|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
+| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
Important: Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.
|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
> [!IMPORTANT]
> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide.
@@ -133,5 +133,5 @@ The following table lists qualifications for Windows 10, version 1703, which are
| Protections for Improved Security | Description | Security Benefits
|---|---|---|
-| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**: • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. • UEFI runtime service must meet these requirements: - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. - PE sections need to be page-aligned in memory (not required for in non-volatile storage). - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS: - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.
Notes: • This only applies to UEFI runtime service memory, and not UEFI boot service memory. • This protection is applied by VBS on OS page tables.
Please also note the following: • Do not use sections that are both writeable and executable • Do not attempt to directly modify executable system memory • Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) • Reduces the attack surface to VBS from system firmware. |
+| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**: • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. • UEFI runtime service must meet these requirements: - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. - PE sections need to be page-aligned in memory (not required for in non-volatile storage). - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS: - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.
Notes: • This only applies to UEFI runtime service memory, and not UEFI boot service memory. • This protection is applied by VBS on OS page tables.
Please also note the following: • Do not use sections that are both writeable and executable • Do not attempt to directly modify executable system memory • Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) • Reduces the attack surface to VBS from system firmware. |
| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features. | • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) • Reduces the attack surface to VBS from system firmware. • Blocks additional security attacks against SMM. |
diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index ae96f09ed1..e609c9469d 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -657,7 +657,7 @@ function PrintHardwareReq
{
LogAndConsole "###########################################################################"
LogAndConsole "OS and Hardware requirements for enabling Device Guard and Credential Guard"
- LogAndConsole " 1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education, Enterprise IoT, Pro, and Home"
+ LogAndConsole " 1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education and Enterprise IoT"
LogAndConsole " 2. Hardware: Recent hardware that supports virtualization extension with SLAT"
LogAndConsole "To learn more please visit: https://aka.ms/dgwhcr"
LogAndConsole "########################################################################### `n"
@@ -735,7 +735,7 @@ function CheckOSSKU
$osname = $((gwmi win32_operatingsystem).Name).ToLower()
$_SKUSupported = 0
Log "OSNAME:$osname"
- $SKUarray = @("Enterprise", "Education", "IoT", "Windows Server", "Pro", "Home")
+ $SKUarray = @("Enterprise", "Education", "IoT", "Windows Server")
$HLKAllowed = @("microsoft windows 10 pro")
foreach ($SKUent in $SKUarray)
{
diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md
index eff4754797..8a678b6ff4 100644
--- a/windows/security/identity-protection/enterprise-certificate-pinning.md
+++ b/windows/security/identity-protection/enterprise-certificate-pinning.md
@@ -11,7 +11,6 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.prod: w10
ms.technology: windows
-ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
ms.date: 07/27/2017
diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
index 4579829e90..7cf7eeccbf 100644
--- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
+++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
@@ -1,6 +1,6 @@
---
title: WebAuthn APIs
-description: Enabling password-less authentication for your sites and apps
+description: Learn how to use WebAuthn APIs to enable password-less authentication for your sites and apps.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index 916d1cf629..215c86beea 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -1,6 +1,6 @@
---
title: Multifactor Unlock
-description: Multifactor Unlock
+description: Learn how Windows 10 offers multifactor device unlock by extending Windows Hello with trusted signals.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, multi, factor, multifactor, multi-factor
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index 7189408b7b..13c1e99b51 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -1,6 +1,6 @@
---
title: Windows Hello for Business Deployment Guide
-description: A guide to Windows Hello for Business deployment
+description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment.
keywords: identity, PIN, biometric, Hello, passport
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index 300a074c68..01f18214de 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -98,6 +98,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
| 0x801C03F0 | There is no key registered for the user. |
| 0x801C03F1 | There is no UPN in the token. |
| 0x801C044C | There is no core window for the current thread. |
+| 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request AAD token for provisioning. Unable to enroll a device to use a PIN for login. |
## Related topics
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md
index fca4b7eaa6..babc49afc3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.md
@@ -1,6 +1,6 @@
---
title: Windows Hello for Business Frequently Asked Questions
-description: Windows Hello for Business FAQ
+description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business.
keywords: identity, PIN, biometric, Hello, passport
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
index 015331499c..0a52de0945 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
@@ -1,6 +1,6 @@
---
title: Dual Enrollment
-description: Dual Enrollment
+description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, dual enrollment,
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
index 33a9c450e1..f6a0ebc776 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@@ -1,6 +1,6 @@
---
title: Pin Reset
-description: Pin Reset
+description: Learn how Microsoft PIN reset services enables you to help users recover who have forgotten their PIN.
keywords: identity, PIN, Hello, passport, WHFB, hybrid, cert-trust, device, reset
ms.prod: w10
ms.mktglfcycl: deploy
@@ -84,7 +84,7 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10
1. In the **Custom OMA-URI Settings** blade, Click **Add**.
1. In the **Add Row** blade, type **PIN Reset Settings** in the **Name** field. In the **OMA-URI** field, type **./Device/Vendor/MSFT/PassportForWork/*tenant ID*/Policies/EnablePinRecovery** where *tenant ID* is your Azure Active Directory tenant ID from step 2.
1. Select **Boolean** from the **Data type** list and select **True** from the **Value** list.
-1. Click **OK** to save the row configuration. Click **OK** to close the Custom OMA-URI Settings blade. Click **Create to save the profile.
+1. Click **OK** to save the row configuration. Click **OK** to close the Custom OMA-URI Settings blade. Click **Create to save the profile.
#### Assign the PIN Reset Device configuration profile using Microsoft Intune
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 981587e970..e1cf05225a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -1,6 +1,6 @@
---
title: Remote Desktop
-description: Remote Desktop
+description: Learn how Windows Hello for Business supports using a certificate deployed to a WHFB container to a remote desktop to a server or another device.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md
index d9832ef853..d35d4dea64 100644
--- a/windows/security/identity-protection/hello-for-business/hello-features.md
+++ b/windows/security/identity-protection/hello-for-business/hello-features.md
@@ -1,6 +1,6 @@
---
title: Windows Hello for Business Features
-description: Windows Hello for Business Features
+description: Consider additional features you can use after your organization deploys Windows Hello for Business.
ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
ms.reviewer:
keywords: identity, PIN, biometric, Hello, passport, WHFB, Windows Hello, PIN Reset, Dynamic Lock, Multifactor Unlock, Forgot PIN, Privileged credentials
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index f220db21f6..0fb161ccb5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -17,7 +17,7 @@ ms.reviewer:
---
# Windows Hello for Business Provisioning
-Applies to:
+Applies to:
- Windows 10
Windows Hello for Business provisioning enables a user to enroll a new, strong, two-factor credential that they can use for passwordless authentication. Provisioning experience vary based on:
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index ae11903279..8df0ef33bb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -187,7 +187,7 @@ The web server is ready to host the CRL distribution point. Now, configure the
1. On the issuing certificate authority, sign-in as a local administrator. Start the **Certificate Authority** console from **Administrative Tools**.
2. In the navigation pane, right-click the name of the certificate authority and click **Properties**
3. Click **Extensions**. On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list.
-4. On the **Extensions** tab, click **Add**. Type http://crl.[domainname]/cdp/ in **location**. For example, ** or ** (do not forget the trailing forward slash).
+4. On the **Extensions** tab, click **Add**. Type http://crl.[domainname]/cdp/ in **location**. For example, ** or ** (do not forget the trailing forward slash).
5. Select **\** from the **Variable** list and click **Insert**. Select **\** from the **Variable** list and click **Insert**. Select **\** from the **Variable** list and click **Insert**.
6. Type **.crl** at the end of the text in **Location**. Click **OK**.
@@ -225,7 +225,7 @@ The web server is ready to host the CRL distribution point. Now, configure the
Validate your new CRL distribution point is working.
-1. Open a web browser. Navigate to http://crl.[yourdomain].com/cdp. You should see two files created from publishing your new CRL.
+1. Open a web browser. Navigate to http://crl.[yourdomain].com/cdp. You should see two files created from publishing your new CRL.
### Reissue domain controller certificates
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
index c2550cdfa7..e5664fdeb0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
@@ -1,6 +1,6 @@
---
title: Windows Hello for Business Trust New Installation (Windows Hello for Business)
-description: Windows Hello for Business Hybrid baseline deployment
+description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust depoyments rely on.
keywords: identity, PIN, biometric, Hello, passport, WHFB
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
index ea04aadb72..2857501f75 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
@@ -1,6 +1,6 @@
---
title: Hybrid Certificate Trust Deployment (Windows Hello for Business)
-description: Hybrid Certificate Trust Deployment Overview
+description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index 9d05788513..c9ea9e18f9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -1,6 +1,6 @@
---
title: Hybrid Windows Hello for Business Provisioning (Windows Hello for Business)
-description: Provisioning for hybrid certificate trust deployments of Windows Hello for Businesss.
+description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Businesss.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 7c4e019e6d..8a785dcf5f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -46,13 +46,22 @@ By default, the Active Directory Certificate Authority provides and publishes th
Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
1. Open the **Certificate Authority** management console.
+
2. Right-click **Certificate Templates** and click **Manage**.
+
3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
+
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
+
5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name. Adjust the validity and renewal period to meet your enterprise's needs.
- **Note**If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
+
+ > [!NOTE]
+ > If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
+
6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **None** from the **Subject name format** list. Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.
+
7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list. Click **OK**.
+
8. Close the console.
#### Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template
@@ -66,13 +75,21 @@ The auto-enrollment feature in Windows enables you to effortlessly replace these
Sign-in a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
1. Open the **Certificate Authority** management console.
+
2. Right-click **Certificate Templates** and click **Manage**.
+
3. In the **Certificate Template Console**, right-click the **Domain Controller Authentication (Kerberos)** (or the name of the certificate template you created in the previous section) template in the details pane and click **Properties**.
+
4. Click the **Superseded Templates** tab. Click **Add**.
+
5. From the **Add Superseded Template** dialog, select the **Domain Controller** certificate template and click **OK**. Click **Add**.
+
6. From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **OK**.
+
7. From the **Add Superseded Template dialog**, select the **Kerberos Authentication** certificate template and click **OK**.
+
8. Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab.
+
9. Click **OK** and close the **Certificate Templates** console.
The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
@@ -95,33 +112,54 @@ Approximately 60 days prior to enrollment agent certificate's expiration, the AD
Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
1. Open the **Certificate Authority Management** console.
+
2. Right-click **Certificate Templates** and click **Manage**.
+
3. In the **Certificate Template Console**, right click on the **Exchange Enrollment Agent (Offline request)** template details pane and click **Duplicate Template**.
+
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+
5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs.
-6. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
- **Note:** The preceding step is very important. Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate. You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
+
+6. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
+
+ > [!NOTE]
+ > The preceding step is very important. Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate. You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list.
+
8. On the **Security** tab, click **Add**.
+
9. Click **Object Types**. Select the **Service Accounts** check box and click **OK**.
+
10. Type **adfssvc** in the **Enter the object names to select** text box and click **OK**.
-11. Click the **adfssvc** from the **Group or users names** list. In the **Permissions for adfssvc** section, select the **Allow** check box for the **Enroll** permission. Excluding the **adfssvc** user, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
+
+11. Click the **adfssvc** from the **Group or users names** list. In the **Permissions for adfssvc** section, select the **Allow** check box for the **Enroll** permission. Excluding the **adfssvc** user, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
+
12. Close the console.
-#### Creating an Enrollment Agent certificate for typical Service Acconts
+#### Creating an Enrollment Agent certificate for typical Service Accounts
Sign-in a certificate authority or management workstations with *Domain Admin* equivalent credentials.
1. Open the **Certificate Authority** management console.
+
2. Right-click **Certificate Templates** and click **Manage**.
+
3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent (Offline request)** template in the details pane and click **Duplicate Template**.
+
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
+
5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs.
+
6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
+
7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list.
+
8. On the **Security** tab, click **Add**. Type **adfssvc** in the **Enter the object names to select text box** and click **OK**.
+
9. Click the **adfssvc** from the **Group or users names** list. In the **Permissions for adfssvc** section, select the **Allow** check box for the **Enroll** permission. Excluding the **adfssvc** user, clear the **Allow** check boxes for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
+
10. Close the console.
### Creating Windows Hello for Business authentication certificate template
@@ -131,28 +169,68 @@ During Windows Hello for Business provisioning, the Windows 10, version 1703 cli
Sign-in a certificate authority or management workstations with _Domain Admin equivalent_ credentials.
1. Open the **Certificate Authority** management console.
+
2. Right-click **Certificate Templates** and click **Manage**.
+
3. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
+
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
-5. On the **General** tab, type **WHFB Authentication** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs.
- **Note:** If you use different template names, you'll need to remember and substitute these names in different portions of the deployment.
-6. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list.
+
+5. On the **General** tab, type **WHFB Authentication** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs.
+
+ > [!NOTE]
+ > If you use different template names, you'll need to remember and substitute these names in different portions of the deployment.
+
+6. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list.
+
7. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**.
+
8. On the **Issuance Requirements** tab, select the **This number of authorized signatures** check box. Type **1** in the text box.
- * Select **Application policy** from the **Policy type required in signature**. Select **Certificate Request Agent** from in the **Application policy** list. Select the **Valid existing certificate** option.
+
+ Select **Application policy** from the **Policy type required in signature**. Select **Certificate Request Agent** from in the **Application policy** list. Select the **Valid existing certificate** option.
+
9. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
+
10. On the **Request Handling** tab, select the **Renew with same key** check box.
+
11. On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**.
+
12. Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Read**, **Enroll**, and **AutoEnroll** permissions. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**.
+
13. If you previously issued Windows Hello for Business sign-in certificates using Configuration Manger and are switching to an AD FS registration authority, then on the **Superseded Templates** tab, add the previously used **Windows Hello for Business Authentication** template(s), so they will be superseded by this template for the users that have Enroll permission for this template.
+
14. Click on the **Apply** to save changes and close the console.
#### Mark the template as the Windows Hello Sign-in template
Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equivalent credentials.
+
1. Open an elevated command prompt.
+
2. Run `certutil -dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
+If the template was changed successfully, the output of the command will contain old and new values of the template parameters. The new value must contain the **CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY** parameter. Example:
+
+```console
+CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=[yourdomain]:WHFBAuthentication
+
+Old Value:
+msPKI-Private-Key-Flag REG_DWORD = 5050080 (84213888)
+CTPRIVATEKEY_FLAG_REQUIRE_SAME_KEY_RENEWAL -- 80 (128)
+CTPRIVATEKEY_FLAG_ATTEST_NONE -- 0
+TEMPLATE_SERVER_VER_WINBLUE< [!NOTE]
> If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
@@ -165,11 +243,17 @@ The certificate authority may only issue certificates for certificate templates
#### Publish Certificate Templates to the Certificate Authority
Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
+
1. Open the **Certificate Authority** management console.
+
2. Expand the parent node from the navigation pane.
+
3. Click **Certificate Templates** in the navigation pane.
+
4. Right-click the **Certificate Templates** node. Click **New**, and click **Certificate Template** to issue.
-5. In the **Enable Certificates Templates** window, select the **Domain Controller Authentication (Kerberos)**, **WHFB Enrollment Agent** and **WHFB Authentication** templates you created in the previous steps. Click **OK** to publish the selected certificate templates to the certificate authority.
+
+5. In the **Enable Certificates Templates** window, select the **Domain Controller Authentication (Kerberos)**, **WHFB Enrollment Agent** and **WHFB Authentication** templates you created in the previous steps. Click **OK** to publish the selected certificate templates to the certificate authority.
+
6. Close the console.
@@ -182,9 +266,13 @@ The newly created domain controller authentication certificate template supersed
Sign-in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials.
1. Open the **Certificate Authority** management console.
+
2. Expand the parent node from the navigation pane.
+
3. Click **Certificate Templates** in the navigation pane.
+
4. Right-click the **Domain Controller** certificate template in the content pane and select **Delete**. Click **Yes** on the **Disable certificate templates** window.
+
5. Repeat step 4 for the **Domain Controller Authentication** and **Kerberos Authentication** certificate templates.
@@ -214,4 +302,3 @@ Sign-in to the certificate authority or management workstation with _Enterprise
4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
5. Configure Windows Hello for Business settings: PKI (*You are here*)
6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
-
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
index fba1fd76f8..2f6f72752a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
@@ -1,6 +1,6 @@
---
title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business)
-description: Configuring Windows Hello for Business settings in hybrid certificate trust deployment.
+description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
index 3cb290695f..51e6922080 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@@ -1,6 +1,6 @@
---
title: Windows Hello for Business Key Trust New Installation
-description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business, for systems with no previous installations.
+description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations.
keywords: identity, PIN, biometric, Hello, passport, WHFB
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 5a7e9bb20a..fa3b1d7a97 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -1,6 +1,6 @@
---
title: Hybrid Key trust Windows Hello for Business Prerequisites (Windows Hello for Business)
-description: Prerequisites for hybrid Windows Hello for Business deployments using key trust.
+description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
index 1f4f6b976d..63743f3ea2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
@@ -1,6 +1,6 @@
---
title: Hybrid Key Trust Deployment (Windows Hello for Business)
-description: Hybrid Key Trust Deployment Overview
+description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 85992e20d5..73e002c7c2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -1,6 +1,6 @@
---
title: Hybrid Windows Hello for Business key trust Provisioning (Windows Hello for Business)
-description: Provisioning for hybrid key trust deployments of Windows Hello for Business.
+description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
ms.prod: w10
ms.mktglfcycl: deploy
@@ -27,7 +27,7 @@ ms.reviewer:
## Provisioning
The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
-
+
The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is AAD joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
index 440ab1ea70..d7355b0c32 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
@@ -74,9 +74,12 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory
+> [!NOTE]
+> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows 10 device settings to enable Windows Hello for Business in Intune](https://docs.microsoft.com/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp). For more details about policy conflicts, see [Policy conflicts from multiple policy sources](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-manage-in-organization#policy-conflicts-from-multiple-policy-sources)
+
#### Enable Windows Hello for Business
-The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled.
+The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled.
You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment. Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
index d8eb2ac3ed..9103431811 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
@@ -1,6 +1,6 @@
---
title: Configure Hybrid Windows Hello for Business key trust Settings
-description: Configuring Windows Hello for Business settings in hybrid key trust deployment.
+description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration.
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index cb6105c66b..51d246f3f4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -8,7 +8,6 @@ ms.sitesec: library
ms.pagetype: security, mobile
author: DaniHalfin
audience: ITPro
-author: mikestephens-MS
ms.author: dolmont
manager: dansimp
ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 6a70672f7a..5d10205e13 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -1,7 +1,7 @@
---
title: Windows Hello for Business Overview (Windows 10)
ms.reviewer: An overview of Windows Hello for Business
-description: An overview of Windows Hello for Business
+description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10.
keywords: identity, PIN, biometric, Hello, passport
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index c3acaa98e3..3fff407e34 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -1,6 +1,6 @@
---
title: Planning a Windows Hello for Business Deployment
-description: A guide to planning a Windows Hello for Business deployment
+description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
keywords: identity, PIN, biometric, Hello, passport
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md
index 00eddf6eee..c53586ff18 100644
--- a/windows/security/identity-protection/hello-for-business/hello-videos.md
+++ b/windows/security/identity-protection/hello-for-business/hello-videos.md
@@ -1,6 +1,6 @@
---
title: Windows Hello for Business Videos
-description: Windows Hello for Business Videos
+description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10.
keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/images/event358-2.png b/windows/security/identity-protection/hello-for-business/images/event358-2.png
new file mode 100644
index 0000000000..53fd554323
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/event358-2.png differ
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index 57238c3214..dd1b6b18e0 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -1,6 +1,6 @@
---
title: Passwordless Strategy
-description: Reducing Password Usage Surface
+description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10.
keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 4e95da0531..373339ebcd 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -58,7 +58,7 @@ Use the following table to compare different Remote Desktop connection security
| **Protection benefits** | Credentials on the server are not protected from Pass-the-Hash attacks. | User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the “domain user”. Any attack is local to the server |
| **Version support** | The remote computer can run any Windows operating system | Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**.
For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx). |
| **Helps prevent** | N/A |
Pass-the-Hash
Use of a credential after disconnection
|
Pass-the-Hash
Use of domain identity during connection
|
-| **Credentials supported from the remote desktop client device** |
Signed on credentials
Supplied credentials
Saved credentials
|
Signed on credentials only |
Signed on credentials
Supplied credentials
Saved credentials
|
+| **Credentials supported from the remote desktop client device** |
Signed on credentials
Supplied credentials
Saved credentials
|
Signed on credentials only |
Signed on credentials
Supplied credentials
Saved credentials
|
| **Access** | **Users allowed**, that is, members of Remote Desktop Users group of remote host. | **Users allowed**, that is, members of Remote Desktop Users of remote host. | **Administrators only**, that is, only members of Administrators group of remote host. |
| **Network identity** | Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as remote host’s identity**. |
| **Multi-hop** | From the remote desktop, **you can connect through Remote Desktop to another computer** | From the remote desktop, you **can connect through Remote Desktop to another computer**. | Not allowed for user as the session is running as a local host account |
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 4a92507705..560f4b240c 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -270,7 +270,7 @@ To better understand each component, review the table below:
-The slider will never turn UAC completely off. If you set it to Never notify, it will:
+The slider will never turn UAC completely off. If you set it to Never notify, it will:
- Keep the UAC service running.
- Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index 15ea04101f..9c9011d7ad 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -14,7 +14,6 @@ ms.author: dansimp
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
-ms.localizationpriority: medium
ms.date: 07/27/2017
---
diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 22355b9383..6b9868b0f0 100644
--- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -1,6 +1,6 @@
---
title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10)
-description: Explains how to secure VPN connections for Diffie Hellman Group 2
+description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index 9f6f6fa2a5..3fe2c08d57 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -1,6 +1,6 @@
---
title: VPN authentication options (Windows 10)
-description: tbd
+description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index 09ca26d20e..29c8f5e474 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -1,6 +1,6 @@
---
title: VPN auto-triggered profile options (Windows 10)
-description: tbd
+description: Learn about the types of auto-trigger rules for VPNs in Windows 10, which start a VPN when it is needed to access a resource.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
@@ -61,13 +61,15 @@ When the trigger occurs, VPN tries to connect. If an error occurs or any user in
When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. Devices with multiple users have the same restriction: only one profile and therefore only one user will be able to use the Always On triggers.
-Preserving user Always On preference
+## Preserving user Always On preference
-Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.
-Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
-Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
-Value: AutoTriggerDisabledProfilesList
-Type: REG_MULTI_SZ
+Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value **AutoTriggerDisabledProfilesList**.
+
+Should a management tool remove or add the same profile name back and set **AlwaysOn** to **true**, Windows will not check the box if the profile name exists in the following registry value in order to preserve user preference.
+
+**Key:** HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
+**Value:** AutoTriggerDisabledProfilesList
+**Type:** REG_MULTI_SZ
## Trusted network detection
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index c72139b6db..cb543ad1cd 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -1,6 +1,6 @@
---
title: Windows 10 VPN technical guide (Windows 10)
-description: Use this guide to configure VPN deployment for Windows 10.
+description: Learn about decisions to make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md
index 5c277ef964..6ff26370e3 100644
--- a/windows/security/identity-protection/vpn/vpn-name-resolution.md
+++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md
@@ -1,6 +1,6 @@
---
title: VPN name resolution (Windows 10)
-description: tbd
+description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 3d0fdc211e..19df534358 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -62,8 +62,7 @@ The following is a sample Native VPN profile. This blob would fall under the Pro
- Eap
- Eap
+ Eap
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
index c8ce525e53..416bc57d04 100644
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ b/windows/security/identity-protection/vpn/vpn-routing.md
@@ -1,6 +1,6 @@
---
title: VPN routing decisions (Windows 10)
-description: tbd
+description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index 0ac0b47d38..d8f4768540 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -1,6 +1,6 @@
---
title: VPN security features (Windows 10)
-description: tbd
+description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
index 77709b6ef2..7dd0eb0898 100644
--- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BCD settings and BitLocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
index 65e915649a..d6bad09f03 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker and Active Directory Domain Services (AD DS) FAQ
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index 96fc9bd8c2..1167e9121a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker basic deployment
@@ -252,11 +253,11 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
-
Name
-
Parameters
+
Name
+
Parameters
-
Add-BitLockerKeyProtector
+
Add-BitLockerKeyProtector
-ADAccountOrGroup
-ADAccountOrGroupProtector
-Confirm
@@ -278,26 +279,26 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
-WhatIf
-
Backup-BitLockerKeyProtector
+
Backup-BitLockerKeyProtector
-Confirm
-KeyProtectorId
-MountPoint
-WhatIf
-
Disable-BitLocker
+
Disable-BitLocker
-Confirm
-MountPoint
-WhatIf
-
Disable-BitLockerAutoUnlock
+
Disable-BitLockerAutoUnlock
-Confirm
-MountPoint
-WhatIf
-
Enable-BitLocker
+
Enable-BitLocker
-AdAccountOrGroup
-AdAccountOrGroupProtector
-Confirm
@@ -322,44 +323,44 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
-WhatIf
-
Enable-BitLockerAutoUnlock
+
Enable-BitLockerAutoUnlock
-Confirm
-MountPoint
-WhatIf
-
Get-BitLockerVolume
+
Get-BitLockerVolume
-MountPoint
-
Lock-BitLocker
+
Lock-BitLocker
-Confirm
-ForceDismount
-MountPoint
-WhatIf
-
Remove-BitLockerKeyProtector
+
Remove-BitLockerKeyProtector
-Confirm
-KeyProtectorId
-MountPoint
-WhatIf
-
Resume-BitLocker
+
Resume-BitLocker
-Confirm
-MountPoint
-WhatIf
-
Suspend-BitLocker
+
Suspend-BitLocker
-Confirm
-MountPoint
-RebootCount
-WhatIf
-
Unlock-BitLocker
+
Unlock-BitLocker
-AdAccountOrGroup
-Confirm
-MountPoint
@@ -374,7 +375,7 @@ Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Us
Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets.
A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the Get-BitLocker volume cmdlet. The output from this cmdlet displays information on the volume type, protectors, protection status, and other useful information.
-Occasionally, all protectors may not be shown when using Get-BitLockerVolume due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors.
+Occasionally, all protectors may not be shown when using Get-BitLockerVolume due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a listing of the protectors.
> **Note:** In the event that there are more than four protectors for a volume, the pipe command may run out of display space. For volumes with more than four protectors, use the method described in the section below to generate a listing of all protectors with protector ID.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
index ab57ef7b30..6de06c740a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker Countermeasures
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
index f8fa65855e..ea8ab3bf7a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker frequently asked questions (FAQ)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 7560239ff8..34008453ad 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -14,6 +14,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
ms.reviewer:
+ms.custom: bitlocker
---
# Overview of BitLocker Device Encryption in Windows 10
diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
index 3c5449bfe9..3679c9fde7 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
@@ -15,9 +15,10 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
-# BitLocker frequently asked questions (FAQ)
+# BitLocker frequently asked questions (FAQ) resources
**Applies to**
- Windows 10
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index 436ef15fe7..8b7918f1f7 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/17/2019
+ms.custom: bitlocker
---
# BitLocker Group Policy settings
@@ -106,39 +107,39 @@ This policy setting allows users on devices that are compliant with Modern Stand
-
Policy description
+
Policy description
With this policy setting, you can allow TPM-only protection for newer, more secure devices, such as devices that support Modern Standby or HSTI, while requiring PIN on older devices.
-
Introduced
+
Introduced
Windows 10, version 1703
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-Reference
+Reference
The preboot authentication option Require startup PIN with TPM of the [Require additional authentication at startup](#bkmk-unlockpol1) policy is often enabled to help ensure security for older devices that do not support Modern Standby.
But visually impaired users have no audible way to know when to enter a PIN.
@@ -156,37 +157,37 @@ This policy is used in addition to the BitLocker Drive Encryption Network Unlock
-
Policy description
+
Policy description
With this policy setting, you can control whether a BitLocker-protected computer that is connected to a trusted local area network and joined to a domain can create and use network key protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
Clients configured with a BitLocker Network Unlock certificate can create and use Network Key Protectors.
-
When disabled or not configured
+
When disabled or not configured
Clients cannot create and use Network Key Protectors
-Reference
+Reference
To use a network key protector to unlock the computer, the computer and the server that hosts BitLocker Drive Encryption Network Unlock must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create a network key protector and to protect the information exchange with the server to unlock the computer. You can use the Group Policy setting **Computer Configuration\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate** on the domain controller to distribute this certificate to computers in your organization. This unlock method uses the TPM on the computer, so computers that do not have a TPM cannot create network key protectors to automatically unlock by using Network Unlock.
@@ -205,39 +206,39 @@ This policy setting is used to control which unlock options are available for op
-
Policy description
+
Policy description
With this policy setting, you can configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
If one authentication method is required, the other methods cannot be allowed.
-
Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
+
Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
-
When enabled
+
When enabled
Users can configure advanced startup options in the BitLocker Setup Wizard.
-
When disabled or not configured
+
When disabled or not configured
Users can configure only basic options on computers with a TPM.
Only one of the additional authentication options can be required at startup; otherwise, a policy error occurs.
-Reference
+Reference
If you want to use BitLocker on a computer without a TPM, select **Allow BitLocker without a compatible TPM**. In this mode, a password or USB drive is required for startup. The USB drive stores the startup key that is used to encrypt the drive. When the USB drive is inserted, the startup key is authenticated and the operating system drive is accessible. If the USB drive is lost or unavailable, BitLocker recovery is required to access the drive.
@@ -282,31 +283,31 @@ This policy setting permits the use of enhanced PINs when you use an unlock meth
-
Policy description
+
Policy description
With this policy setting, you can configure whether enhanced startup PINs are used with BitLocker.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
All new BitLocker startup PINs that are set will be enhanced PINs. Existing drives that were protected by using standard startup PINs are not affected.
-
When disabled or not configured
+
When disabled or not configured
Enhanced PINs will not be used.
@@ -330,37 +331,37 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
-
Policy description
+
Policy description
With this policy setting, you can configure a minimum length for a TPM startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits, and it can have a maximum length of 20 digits. By default, the minimum PIN length is 6.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
You can require that startup PINs set by users must have a minimum length you choose that is between 4 and 20 digits.
-
When disabled or not configured
+
When disabled or not configured
Users can configure a startup PIN of any length between 6 and 20 digits.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker.
The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
@@ -413,31 +414,31 @@ This policy setting allows you to configure whether standard users are allowed t
-
Policy description
+
Policy description
With this policy setting, you can configure whether standard users are allowed to change the PIN or password used to protect the operating system drive.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
Standard users are not allowed to change BitLocker PINs or passwords.
-
When disabled or not configured
+
When disabled or not configured
Standard users are permitted to change BitLocker PINs or passwords.
@@ -459,37 +460,37 @@ This policy controls how non-TPM based systems utilize the password protector. U
-
Policy description
+
Policy description
With this policy setting, you can specify the constraints for passwords that are used to unlock operating system drives that are protected with BitLocker.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
Passwords cannot be used if FIPS-compliance is enabled.
-Note
The System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.
+Note
The System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.
-
When enabled
-
Users can configure a password that meets the requirements you define. To enforce complexity requirements for the password, select Require complexity.
+
When enabled
+
Users can configure a password that meets the requirements you define. To enforce complexity requirements for the password, select Require complexity.
-
When disabled or not configured
+
When disabled or not configured
The default length constraint of 8 characters will apply to operating system drive passwords and no complexity checks will occur.
@@ -522,37 +523,37 @@ This policy setting is used to control what unlock options are available for com
-
Policy description
+
Policy description
With this policy setting, you can control whether the BitLocker Setup Wizard on computers running Windows Vista or Windows Server 2008 can set up an additional authentication method that is required each time the computer starts.
-
Introduced
+
Introduced
Windows Server 2008 and Windows Vista
-
Drive type
+
Drive type
Operating system drives (Windows Server 2008 and Windows Vista)
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
If you choose to require an additional authentication method, other authentication methods cannot be allowed.
-
When enabled
+
When enabled
The BitLocker Setup Wizard displays the page that allows the user to configure advanced startup options for BitLocker. You can further configure setting options for computers with or without a TPM.
-
When disabled or not configured
+
When disabled or not configured
The BitLocker Setup Wizard displays basic steps that allow users to enable BitLocker on computers with a TPM. In this basic wizard, no additional startup key or startup PIN can be configured.
-Reference
+Reference
On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB drive that contains a startup key. It can also require users to enter a 6-digit to 20-digit startup PIN.
@@ -586,41 +587,41 @@ This policy setting is used to require, allow, or deny the use of smart cards wi
-
Policy description
+
Policy description
With this policy setting, you can specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Fixed data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
-
Conflicts
-
To use smart cards with BitLocker, you may also need to modify the object identifier setting in the Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance policy setting to match the object identifier of your smart card certificates.
+
Conflicts
+
To use smart cards with BitLocker, you may also need to modify the object identifier setting in the Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance policy setting to match the object identifier of your smart card certificates.
-
When enabled
-
Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the Require use of smart cards on fixed data drives check box.
+
When enabled
+
Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the Require use of smart cards on fixed data drives check box.
-
When disabled
+
When disabled
Users cannot use smart cards to authenticate their access to BitLocker-protected fixed data drives.
-
When not configured
+
When not configured
Smart cards can be used to authenticate user access to a BitLocker-protected drive.
-Reference
+Reference
>**Note:** These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive by using any of the protectors that are available on the drive.
@@ -635,41 +636,41 @@ This policy setting is used to require, allow, or deny the use of passwords with
-
Policy description
+
Policy description
With this policy setting, you can specify whether a password is required to unlock BitLocker-protected fixed data drives.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Fixed data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
-
Conflicts
-
To use password complexity, the Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements policy setting must also be enabled.
+
Conflicts
+
To use password complexity, the Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements policy setting must also be enabled.
-
When enabled
-
Users can configure a password that meets the requirements you define. To require the use of a password, select Require password for fixed data drive. To enforce complexity requirements on the password, select Require complexity.
+
When enabled
+
Users can configure a password that meets the requirements you define. To require the use of a password, select Require password for fixed data drive. To enforce complexity requirements on the password, select Require complexity.
-
When disabled
+
When disabled
The user is not allowed to use a password.
-
When not configured
+
When not configured
Passwords are supported with the default settings, which do not include password complexity requirements and require only 8 characters.
-Reference
+Reference
When set to **Require complexity**, a connection to a domain controller is necessary to validate the complexity of the password when BitLocker is enabled.
@@ -699,41 +700,41 @@ This policy setting is used to require, allow, or deny the use of smart cards wi
-
Policy description
+
Policy description
With this policy setting, you can specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Removable data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
-
Conflicts
-
To use smart cards with BitLocker, you may also need to modify the object identifier setting in the Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance policy setting to match the object identifier of your smart card certificates.
+
Conflicts
+
To use smart cards with BitLocker, you may also need to modify the object identifier setting in the Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance policy setting to match the object identifier of your smart card certificates.
-
When enabled
-
Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the Require use of smart cards on removable data drives check box.
+
When enabled
+
Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the Require use of smart cards on removable data drives check box.
-
When disabled or not configured
+
When disabled or not configured
Users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives.
-
When not configured
+
When not configured
Smart cards are available to authenticate user access to a BitLocker-protected removable data drive.
-Reference
+Reference
>**Note:** These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive with any of the protectors that are available on the drive.
@@ -748,41 +749,41 @@ This policy setting is used to require, allow, or deny the use of passwords with
-
Policy description
+
Policy description
With this policy setting, you can specify whether a password is required to unlock BitLocker-protected removable data drives.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Removable data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
-
Conflicts
-
To use password complexity, the Password must meet complexity requirements policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy must also be enabled.
+
Conflicts
+
To use password complexity, the Password must meet complexity requirements policy setting, which is located at Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy must also be enabled.
-
When enabled
-
Users can configure a password that meets the requirements you define. To require the use of a password, select Require password for removable data drive. To enforce complexity requirements on the password, select Require complexity.
+
When enabled
+
Users can configure a password that meets the requirements you define. To require the use of a password, select Require password for removable data drive. To enforce complexity requirements on the password, select Require complexity.
-
When disabled
+
When disabled
The user is not allowed to use a password.
-
When not configured
+
When not configured
Passwords are supported with the default settings, which do not include password complexity requirements and require only 8 characters.
-Reference
+Reference
If you choose to allow the use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting to be effective, the Group Policy setting **Password must meet complexity requirements**, which is located at
**Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy** must also be enabled.
@@ -812,37 +813,37 @@ This policy setting is used to determine what certificate to use with BitLocker.
-
Policy description
+
Policy description
With this policy setting, you can associate an object identifier from a smart card certificate to a BitLocker-protected drive.
The object identifier that is specified in the Object identifier setting must match the object identifier in the smart card certificate.
+
When enabled
+
The object identifier that is specified in the Object identifier setting must match the object identifier in the smart card certificate.
-
When disabled or not configured
+
When disabled or not configured
The default object identifier is used.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker.
@@ -863,37 +864,37 @@ This policy setting allows users to enable authentication options that require u
-
Policy description
+
Policy description
With this policy setting, you can allow users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drive
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drive
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
Devices must have an alternative means of preboot input (such as an attached USB keyboard).
-
When disabled or not configured
+
When disabled or not configured
The Windows Recovery Environment must be enabled on tablets to support entering the BitLocker recovery password.
-Reference
+Reference
The Windows touch keyboard (such as used by tablets) is not available in the preboot environment where BitLocker requires additional information, such as a PIN or password.
@@ -918,37 +919,37 @@ This policy setting is used to require encryption of fixed drives prior to grant
-
Policy description
+
Policy description
With this policy setting, you can set whether BitLocker protection is required for fixed data drives to be writable on a computer.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Fixed data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
-
Conflicts
+
Conflicts
See the Reference section for a description of conflicts.
-
When enabled
+
When enabled
All fixed data drives that are not BitLocker-protected are mounted as Read-only. If the drive is protected by BitLocker, it is mounted with Read and Write access.
-
When disabled or not configured
+
When disabled or not configured
All fixed data drives on the computer are mounted with Read and Write access.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker.
@@ -973,37 +974,37 @@ This policy setting is used to require that removable drives are encrypted prior
-
Policy description
+
Policy description
With this policy setting, you can configure whether BitLocker protection is required for a computer to be able to write data to a removable data drive.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Removable data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
-
Conflicts
+
Conflicts
See the Reference section for a description of conflicts.
-
When enabled
+
When enabled
All removable data drives that are not BitLocker-protected are mounted as Read-only. If the drive is protected by BitLocker, it is mounted with Read and Write access.
-
When disabled or not configured
+
When disabled or not configured
All removable data drives on the computer are mounted with Read and Write access.
-Reference
+Reference
If the **Deny write access to devices configured in another organization** option is selected, only drives with identification fields that match the computer's identification fields are given Write access. When a removable data drive is accessed, it is checked for a valid identification field and allowed identification fields. These fields are defined by the **Provide the unique identifiers for your organization** policy setting.
@@ -1026,41 +1027,41 @@ This policy setting is used to prevent users from turning BitLocker on or off on
-
Policy description
+
Policy description
With this policy setting, you can control the use of BitLocker on removable data drives.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Removable data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
You can select property settings that control how users can configure BitLocker.
-
When disabled
+
When disabled
Users cannot use BitLocker on removable data drives.
-
When not configured
+
When not configured
Users can use BitLocker on removable data drives.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker.
@@ -1082,37 +1083,37 @@ This policy setting is used to control the encryption method and cipher strength
-
Policy description
+
Policy description
With this policy setting, you can control the encryption method and strength for drives.
You can choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.
-
When disabled or not configured
+
When disabled or not configured
Beginning with Windows 10, version 1511, BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. Windows Phone does not support XTS; it uses AES-CBC 128-bit by default and supports AES-CBC 256-bit by policy.
-Reference
+Reference
The values of this policy determine the strength of the cipher that BitLocker uses for encryption.
Enterprises may want to control the encryption level for increased security (AES-256 is stronger than AES-128).
@@ -1138,42 +1139,42 @@ This policy controls how BitLocker reacts to systems that are equipped with encr
-
Policy description
+
Policy description
With this policy setting, you can manage BitLocker’s use of hardware-based encryption on fixed data drives and to specify which encryption algorithms BitLocker can use with hardware-based encryption.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Fixed data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.
-
When disabled
+
When disabled
BitLocker cannot use hardware-based encryption with fixed data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.
-
When not configured
+
When not configured
BitLocker software-based encryption is used irrespective of hardware-based encryption ability.
-Reference
+Reference
>**Note:** The **Choose drive encryption method and cipher strength** policy setting does not apply to hardware-based encryption.
@@ -1193,41 +1194,41 @@ This policy controls how BitLocker reacts when encrypted drives are used as oper
-
Policy description
+
Policy description
With this policy setting, you can manage BitLocker’s use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.
-
When disabled
+
When disabled
BitLocker cannot use hardware-based encryption with operating system drives, and BitLocker software-based encryption is used by default when the drive in encrypted.
-
When not configured
+
When not configured
BitLocker software-based encryption is used irrespective of hardware-based encryption ability.
-Reference
+Reference
If hardware-based encryption is not available, BitLocker software-based encryption is used instead.
@@ -1249,41 +1250,41 @@ This policy controls how BitLocker reacts to encrypted drives when they are used
-
Policy description
+
Policy description
With this policy setting, you can manage BitLocker’s use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardware-based encryption.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Removable data drive
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.
-
When disabled
+
When disabled
BitLocker cannot use hardware-based encryption with removable data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.
-
When not configured
+
When not configured
BitLocker software-based encryption is used irrespective of hardware-based encryption ability.
-Reference
+Reference
If hardware-based encryption is not available, BitLocker software-based encryption is used instead.
@@ -1305,37 +1306,37 @@ This policy controls whether fixed data drives utilize Used Space Only encryptio
-
Policy description
+
Policy description
With this policy setting, you can configure the encryption type that is used by BitLocker.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Fixed data drive
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
This policy defines the encryption type that BitLocker uses to encrypt drives, and the encryption type option is not presented in the BitLocker Setup Wizard.
-
When disabled or not configured
+
When disabled or not configured
The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
@@ -1354,37 +1355,37 @@ This policy controls whether operating system drives utilize Full encryption or
-
Policy description
+
Policy description
With this policy setting, you can configure the encryption type that is used by BitLocker.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drive
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
The encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.
-
When disabled or not configured
+
When disabled or not configured
The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
@@ -1403,37 +1404,37 @@ This policy controls whether fixed data drives utilize Full encryption or Used S
-
Policy description
+
Policy description
With this policy setting, you can configure the encryption type that is used by BitLocker.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Removable data drive
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
The encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.
-
When disabled or not configured
+
When disabled or not configured
The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
@@ -1452,38 +1453,38 @@ This policy setting is used to configure recovery methods for operating system d
-
Policy description
+
Policy description
With this policy setting, you can control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
-
You must disallow the use of recovery keys if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
-
When using data recovery agents, you must enable the Provide the unique identifiers for your organization policy setting.
+
Conflicts
+
You must disallow the use of recovery keys if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
+
When using data recovery agents, you must enable the Provide the unique identifiers for your organization policy setting.
-
When enabled
+
When enabled
You can control the methods that are available to users to recover data from BitLocker-protected operating system drives.
-
When disabled or not configured
+
When disabled or not configured
The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker.
@@ -1513,37 +1514,37 @@ This policy setting is used to configure recovery methods for BitLocker-protecte
-
Policy description
+
Policy description
With this policy setting, you can control whether the BitLocker Setup Wizard can display and specify BitLocker recovery options.
-
Introduced
+
Introduced
Windows Server 2008 and Windows Vista
-
Drive type
+
Drive type
Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista
This policy setting provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. If you choose the Do not allow option for both user recovery options, you must enable the Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) policy setting to prevent a policy error.
+
Conflicts
+
This policy setting provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. If you choose the Do not allow option for both user recovery options, you must enable the Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) policy setting to prevent a policy error.
-
When enabled
+
When enabled
You can configure the options that the Bitlocker Setup Wizard displays to users for recovering BitLocker encrypted data.
-
When disabled or not configured
+
When disabled or not configured
The BitLocker Setup Wizard presents users with ways to store recovery options.
-Reference
+Reference
This policy is only applicable to computers running Windows Server 2008 or Windows Vista. This policy setting is applied when you turn on BitLocker.
@@ -1567,37 +1568,37 @@ This policy setting is used to configure the storage of BitLocker recovery infor
-
Policy description
+
Policy description
With this policy setting, you can manage the AD DS backup of BitLocker Drive Encryption recovery information.
-
Introduced
+
Introduced
Windows Server 2008 and Windows Vista
-
Drive type
+
Drive type
Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista.
BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer.
-
When disabled or not configured
+
When disabled or not configured
BitLocker recovery information is not backed up to AD DS.
-Reference
+Reference
This policy is only applicable to computers running Windows Server 2008 or Windows Vista.
@@ -1625,37 +1626,37 @@ This policy setting is used to configure the default folder for recovery passwor
-
Policy description
+
Policy description
With this policy setting, you can specify the default path that is displayed when the BitLocker Setup Wizard prompts the user to enter the location of a folder in which to save the recovery password.
You can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify a fully qualified path or include the target computer's environment variables in the path. If the path is not valid, the BitLocker Setup Wizard displays the computer's top-level folder view.
-
When disabled or not configured
+
When disabled or not configured
The BitLocker Setup Wizard displays the computer's top-level folder view when the user chooses the option to save the recovery password in a folder.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker.
@@ -1672,38 +1673,38 @@ This policy setting is used to configure recovery methods for fixed data drives.
-
Policy description
+
Policy description
With this policy setting, you can control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Fixed data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
-
Conflicts
-
You must disallow the use of recovery keys if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
-
When using data recovery agents, you must enable and configure the Provide the unique identifiers for your organization policy setting.
+
Conflicts
+
You must disallow the use of recovery keys if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
+
When using data recovery agents, you must enable and configure the Provide the unique identifiers for your organization policy setting.
-
When enabled
+
When enabled
You can control the methods that are available to users to recover data from BitLocker-protected fixed data drives.
-
When disabled or not configured
+
When disabled or not configured
The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker.
@@ -1733,38 +1734,38 @@ This policy setting is used to configure recovery methods for removable data dri
-
Policy description
+
Policy description
With this policy setting, you can control how BitLocker-protected removable data drives are recovered in the absence of the required credentials.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Removable data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
-
Conflicts
-
You must disallow the use of recovery keys if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
-
When using data recovery agents, you must enable and configure the Provide the unique identifiers for your organization policy setting.
+
Conflicts
+
You must disallow the use of recovery keys if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
+
When using data recovery agents, you must enable and configure the Provide the unique identifiers for your organization policy setting.
-
When enabled
+
When enabled
You can control the methods that are available to users to recover data from BitLocker-protected removable data drives.
-
When disabled or not configured
+
When disabled or not configured
The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker.
@@ -1791,37 +1792,37 @@ This policy setting is used to configure the entire recovery message and to repl
-
Policy description
+
Policy description
With this policy setting, you can configure the BitLocker recovery screen to display a customized message and URL.
-
Introduced
+
Introduced
Windows 10
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ Configure pre-boot recovery message and URL
-
Conflicts
+
Conflicts
None
-
When enabled
-
The customized message and URL are displayed on the pre-boot recovery screen. If you have previously enabled a custom recovery message and URL and want to revert to the default message and URL, you must keep the policy setting enabled and select the Use default recovery message and URL option.
+
When enabled
+
The customized message and URL are displayed on the pre-boot recovery screen. If you have previously enabled a custom recovery message and URL and want to revert to the default message and URL, you must keep the policy setting enabled and select the Use default recovery message and URL option.
-
When disabled or not configured
+
When disabled or not configured
If the setting has not been previously enabled the default pre-boot recovery screen is displayed for BitLocker recovery. If the setting previously was enabled and is subsequently disabled the last message in Boot Configuration Data (BCD) is displayed whether it was the default recovery message or the custom message.
-Reference
+Reference
Enabling the **Configure the pre-boot recovery message and URL** policy setting allows you to customize the default recovery screen message and URL to assist customers in recovering their key.
@@ -1846,38 +1847,38 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc
-
Policy description
+
Policy description
With this policy setting, you can configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
All drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
-
If you enable Allow Secure Boot for integrity validation, make sure the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.
+
Conflicts
+
If you enable Allow Secure Boot for integrity validation, make sure the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.
BitLocker uses Secure Boot for platform integrity if the platform is capable of Secure Boot-based integrity validation.
-
When disabled
+
When disabled
BitLocker uses legacy platform integrity validation, even on systems that are capable of Secure Boot-based integrity validation.
-Reference
+Reference
Secure Boot ensures that the computer's preboot environment loads only firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing preboot configurations than BitLocker integrity checks prior to Windows Server 2012 and Windows 8.
When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the **Use enhanced Boot Configuration Data validation profile** Group Policy setting is ignored, and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker.
@@ -1895,37 +1896,37 @@ This policy setting is used to establish an identifier that is applied to all dr
-
Policy description
+
Policy description
With this policy setting, you can associate unique organizational identifiers to a new drive that is enabled with BitLocker.
Identification fields are required to manage certificate-based data recovery agents on BitLocker-protected drives. BitLocker manages and updates certificate-based data recovery agents only when the identification field is present on a drive and it is identical to the value that is configured on the computer.
-
When enabled
+
When enabled
You can configure the identification field on the BitLocker-protected drive and any allowed identification field that is used by your organization.
-
When disabled or not configured
+
When disabled or not configured
The identification field is not required.
-Reference
+Reference
These identifiers are stored as the identification field and the allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx) command-line tool.
@@ -1952,37 +1953,37 @@ This policy setting is used to control whether the computer's memory will be ove
-
Policy description
+
Policy description
With this policy setting, you can control computer restart performance at the risk of exposing BitLocker secrets.
The computer will not overwrite memory when it restarts. Preventing memory overwrite may improve restart performance, but it increases the risk of exposing BitLocker secrets.
-
When disabled or not configured
+
When disabled or not configured
BitLocker secrets are removed from memory when the computer restarts.
-Reference
+Reference
This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material that is used to encrypt data. This policy setting applies only when BitLocker protection is enabled.
@@ -1997,37 +1998,37 @@ This policy setting determines what values the TPM measures when it validates ea
-
Policy description
+
Policy description
With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.
-
When disabled or not configured
+
When disabled or not configured
The TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.
-Reference
+Reference
This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
@@ -2072,37 +2073,37 @@ This policy setting determines what values the TPM measures when it validates ea
-
Policy description
+
Policy description
With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.
-
Introduced
+
Introduced
Windows Server 2008 and Windows Vista
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.
-
When disabled or not configured
+
When disabled or not configured
The TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.
-Reference
+Reference
This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker is already turned on with TPM protection.
@@ -2147,39 +2148,39 @@ This policy setting determines what values the TPM measures when it validates ea
-
Policy description
+
Policy description
With this policy setting, you can configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
-
Setting this policy with PCR 7 omitted, overrides the Allow Secure Boot for integrity validation Group Policy setting, and it prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation.
+
Conflicts
+
Setting this policy with PCR 7 omitted, overrides the Allow Secure Boot for integrity validation Group Policy setting, and it prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation.
If your environments use TPM and Secure Boot for platform integrity checks, this policy should not be configured.
Before you turn on BitLocker, you can configure the boot components that the TPM validates before it unlocks access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.
-
When disabled or not configured
+
When disabled or not configured
BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.
-Reference
+Reference
This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker is already turned on with TPM protection.
@@ -2222,41 +2223,41 @@ This policy setting determines if you want platform validation data to refresh w
-
Policy description
+
Policy description
With this policy setting, you can control whether platform validation data is refreshed when Windows is started following a BitLocker recovery.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
+
Conflicts
None
-
When enabled
+
When enabled
Platform validation data is refreshed when Windows is started following a BitLocker recovery.
-
When disabled
+
When disabled
Platform validation data is not refreshed when Windows is started following a BitLocker recovery.
-
When not configured
+
When not configured
Platform validation data is refreshed when Windows is started following a BitLocker recovery.
-Reference
+Reference
For more information about the recovery process, see the [BitLocker recovery guide](bitlocker-recovery-guide-plan.md).
@@ -2271,41 +2272,41 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t
-
Policy description
+
Policy description
With this policy setting, you can specify Boot Configuration Data (BCD) settings to verify during platform validation.
-
Introduced
+
Introduced
Windows Server 2012 and Windows 8
-
Drive type
+
Drive type
Operating system drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
-
Conflicts
-
When BitLocker is using Secure Boot for platform and Boot Configuration Data integrity validation, the Use enhanced Boot Configuration Data validation profile Group Policy setting is ignored (as defined by the Allow Secure Boot for integrity validation Group Policy setting).
+
Conflicts
+
When BitLocker is using Secure Boot for platform and Boot Configuration Data integrity validation, the Use enhanced Boot Configuration Data validation profile Group Policy setting is ignored (as defined by the Allow Secure Boot for integrity validation Group Policy setting).
-
When enabled
+
When enabled
You can add additional BCD settings, exclude the BCD settings you specify, or combine inclusion and exclusion lists to create a customized BCD validation profile, which gives you the ability to verify those BCD settings.
-
When disabled
+
When disabled
The computer reverts to a BCD profile validation similar to the default BCD profile that is used by Windows 7.
-
When not configured
+
When not configured
The computer verifies the default BCD settings in Windows.
-Reference
+Reference
>**Note:** The setting that controls boot debugging (0x16000010) is always validated, and it has no effect if it is included in the inclusion or the exclusion list.
@@ -2320,37 +2321,37 @@ This policy setting is used to control whether access to drives is allowed by us
-
Policy description
+
Policy description
With this policy setting, you can configure whether fixed data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2).
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Fixed data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
-
Conflicts
+
Conflicts
None
-
When enabled and When not configured
+
When enabled and When not configured
Fixed data drives that are formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have Read-only access to BitLocker-protected drives.
-
When disabled
+
When disabled
Fixed data drives that are formatted with the FAT file system and are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.
-Reference
+Reference
>**Note:** This policy setting does not apply to drives that are formatted with the NTFS file system.
@@ -2367,37 +2368,37 @@ This policy setting controls access to removable data drives that are using the
-
Policy description
+
Policy description
With this policy setting, you can configure whether removable data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2.
-
Introduced
+
Introduced
Windows Server 2008 R2 and Windows 7
-
Drive type
+
Drive type
Removable data drives
-
Policy path
+
Policy path
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
-
Conflicts
+
Conflicts
None
-
When enabled and When not configured
+
When enabled and When not configured
Removable data drives that are formatted with the FAT file system can be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have Read-only access to BitLocker-protected drives.
-
When disabled
+
When disabled
Removable data drives that are formatted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.
-Reference
+Reference
>**Note:** This policy setting does not apply to drives that are formatted with the NTFS file system.
@@ -2414,37 +2415,37 @@ You can configure the Federal Information Processing Standard (FIPS) setting for
-
Policy description
+
Policy description
Notes
-
Introduced
+
Introduced
Windows Server 2003 with SP1
-
Drive type
+
Drive type
System-wide
-
Policy path
-
Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
+
Policy path
+
Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
-
Conflicts
+
Conflicts
Some applications, such as Terminal Services, do not support FIPS-140 on all operating systems.
-
When enabled
+
When enabled
Users will be unable to save a recovery password to any location. This includes AD DS and network folders. In addition, you cannot use WMI or the BitLocker Drive Encryption Setup wizard to create a recovery password.
-
When disabled or not configured
+
When disabled or not configured
No BitLocker encryption key is generated
-Reference
+Reference
This policy needs to be enabled before any encryption key is generated for BitLocker. Note that when this policy is enabled, BitLocker prevents creating or using recovery passwords, so recovery keys should be used instead.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
index 121b0d3e49..4ba7629cc0 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker: How to deploy on Windows Server 2012 and later
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index a7a7e7fce7..d8cb2c79de 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker: How to enable Network Unlock
@@ -367,7 +368,7 @@ The following steps can be used to configure Network Unlock on these older syste
6. Configure registry settings for Network Unlock:
Apply the registry settings by running the following certutil script (assuming your network unlock certificate file is called **BitLocker-NetworkUnlock.cer**) on each computer running any of the client operating systems designated in the **Applies To** list at the beginning of this topic.
-
+```console
certutil -f -grouppolicy -addstore FVE_NKP BitLocker-NetworkUnlock.cer
reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v OSManageNKP /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseAdvancedStartup /t REG_DWORD /d 1 /f
@@ -376,6 +377,7 @@ The following steps can be used to configure Network Unlock on these older syste
reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPM /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKey /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKeyPIN /t REG_DWORD /d 2 /f
+```
7. Set up a TPM protector on the clients
8. Reboot the clients to add the Network (Certificate Based) protector
diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
index 226acb2e7c..d7338589c5 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker Key Management FAQ
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index 2314ea2eaf..78eb7b7715 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -1,6 +1,6 @@
---
title: BitLocker Management Recommendations for Enterprises (Windows 10)
-description: This topic explains recommendations for managing BitLocker.
+description: Refer to relevant documentation, products, and services to learn about managing BitLocker for enterprises and see recommendations for different computers.
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
@@ -14,6 +14,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
ms.reviewer:
+ms.custom: bitlocker
---
# BitLocker Management for Enterprises
diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md
index 153be07099..264ee0242a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md
@@ -14,6 +14,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
ms.reviewer:
+ms.custom: bitlocker
---
# BitLocker Network Unlock FAQ
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
index aca61b7f1d..7f9715b9c0 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker Overview and Requirements FAQ
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index ebece73d96..131a256f82 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 01/26/2018
+ms.custom: bitlocker
---
# BitLocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 822f7a9985..943135fa94 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker recovery guide
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
index 36decb2b2f..f06b11a197 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
@@ -14,6 +14,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/28/2019
+ms.custom: bitlocker
---
# Breaking out of a Bitlocker recovery loop
diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
index 2962d7533b..fb1c2281f8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker Security FAQ
diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
index e8bd11f12b..c34ddf46f1 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 07/10/2018
+ms.custom: bitlocker
---
# BitLocker To Go FAQ
@@ -24,7 +25,7 @@ ms.date: 07/10/2018
## What is BitLocker To Go?
-BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems.
+BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
index 7873e99c18..a856063b96 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
@@ -14,6 +14,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
ms.reviewer:
+ms.custom: bitlocker
---
# BitLocker Upgrading FAQ
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index e4e1a3ffcd..bf20c5efdd 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker
@@ -126,11 +127,11 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
-
Name
-
Parameters
+
Name
+
Parameters
-
Add-BitLockerKeyProtector
+
Add-BitLockerKeyProtector
-ADAccountOrGroup
-ADAccountOrGroupProtector
-Confirm
@@ -152,26 +153,26 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
-WhatIf
-
Backup-BitLockerKeyProtector
+
Backup-BitLockerKeyProtector
-Confirm
-KeyProtectorId
-MountPoint
-WhatIf
-
Disable-BitLocker
+
Disable-BitLocker
-Confirm
-MountPoint
-WhatIf
-
Disable-BitLockerAutoUnlock
+
Disable-BitLockerAutoUnlock
-Confirm
-MountPoint
-WhatIf
-
Enable-BitLocker
+
Enable-BitLocker
-AdAccountOrGroup
-AdAccountOrGroupProtector
-Confirm
@@ -196,44 +197,44 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
-WhatIf
-
Enable-BitLockerAutoUnlock
+
Enable-BitLockerAutoUnlock
-Confirm
-MountPoint
-WhatIf
-
Get-BitLockerVolume
+
Get-BitLockerVolume
-MountPoint
-
Lock-BitLocker
+
Lock-BitLocker
-Confirm
-ForceDismount
-MountPoint
-WhatIf
-
Remove-BitLockerKeyProtector
+
Remove-BitLockerKeyProtector
-Confirm
-KeyProtectorId
-MountPoint
-WhatIf
-
Resume-BitLocker
+
Resume-BitLocker
-Confirm
-MountPoint
-WhatIf
-
Suspend-BitLocker
+
Suspend-BitLocker
-Confirm
-MountPoint
-RebootCount
-WhatIf
-
Unlock-BitLocker
+
Unlock-BitLocker
-AdAccountOrGroup
-Confirm
-MountPoint
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
index 9f41146f0d..1bc4358ba0 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# BitLocker: Use BitLocker Recovery Password Viewer
diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
index 0aebf543c2..ac4286c885 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# Using BitLocker with other programs FAQ
diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index 72436ef74d..baa25d7cf6 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/24/2019
+ms.custom: bitlocker
---
# Prepare your organization for BitLocker: Planning and policies
diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index 1473dadc79..ac7c00f8b6 100644
--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -15,6 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
+ms.custom: bitlocker
---
# Protecting cluster shared volumes and storage area networks with BitLocker
@@ -168,91 +169,91 @@ The following table contains information about both Physical Disk Resources (i.e
-
Action
-
On owner node of failover volume
-
On Metadata Server (MDS) of CSV
-
On (Data Server) DS of CSV
-
Maintenance Mode
+
Action
+
On owner node of failover volume
+
On Metadata Server (MDS) of CSV
+
On (Data Server) DS of CSV
+
Maintenance Mode
-
Manage-bde –on
+
Manage-bde –on
Blocked
Blocked
Blocked
Allowed
-
Manage-bde –off
+
Manage-bde –off
Blocked
Blocked
Blocked
Allowed
-
Manage-bde Pause/Resume
+
Manage-bde Pause/Resume
Blocked
-
Blocked
+
Blocked
Blocked
Allowed
-
Manage-bde –lock
+
Manage-bde –lock
Blocked
Blocked
Blocked
Allowed
-
manage-bde –wipe
+
manage-bde –wipe
Blocked
Blocked
Blocked
Allowed
-
Unlock
+
Unlock
Automatic via cluster service
Automatic via cluster service
Automatic via cluster service
Allowed
-
manage-bde –protector –add
+
manage-bde –protector –add
Allowed
Allowed
Blocked
Allowed
-
manage-bde -protector -delete
+
manage-bde -protector -delete
Allowed
Allowed
Blocked
Allowed
-
manage-bde –autounlock
+
manage-bde –autounlock
Allowed (not recommended)
Allowed (not recommended)
Blocked
Allowed (not recommended)
-
Manage-bde -upgrade
+
Manage-bde -upgrade
Allowed
Allowed
Blocked
Allowed
-
Shrink
+
Shrink
Allowed
Allowed
Blocked
Allowed
-
Extend
+
Extend
Allowed
Allowed
Blocked
@@ -261,7 +262,7 @@ The following table contains information about both Physical Disk Resources (i.e
->Note:** Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node
+>Note:** Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node
In the case where a physical disk resource experiences a failover event during conversion, the new owning node will detect the conversion is not complete and will complete the conversion process.
diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md
index 88e28e59eb..f4020af299 100644
--- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md
@@ -13,6 +13,7 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/17/2019
+ms.custom: bitlocker
---
# Guidelines for troubleshooting BitLocker
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
index 2382b91a2a..03b1c67188 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
@@ -13,6 +13,7 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/17/2019
+ms.custom: bitlocker
---
# BitLocker cannot encrypt a drive: known issues
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md
index c69bb9ab25..c112d898f7 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md
@@ -13,8 +13,10 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/18/2019
+ms.custom: bitlocker
---
+
# BitLocker cannot encrypt a drive: known TPM issues
This article describes common issues that affect the Trusted Platform Module (TPM) and that may prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues.
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md
index 346095b34e..e3c4f3f6d4 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md
@@ -13,6 +13,7 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/17/2019
+ms.custom: bitlocker
---
# BitLocker configuration: known issues
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
index c3e4f16427..3e2cdad741 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
@@ -13,6 +13,7 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/17/2019
+ms.custom: bitlocker
---
# Decode Measured Boot logs to track PCR changes
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
index 18236c1ddf..895c4eec13 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
@@ -13,6 +13,7 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/18/2019
+ms.custom: bitlocker
---
# Enforcing BitLocker policies by using Intune: known issues
@@ -205,7 +206,7 @@ To verify the Secure Boot state, use the System Information app. To do this, fol
1. Verify that the **Secure Boot State** setting is **On**, as follows:
1. If the **Secure Boot State** setting is **Unsupported**, you cannot use Silent BitLocker Encryption on this device.
- 
+ 
> [!NOTE]
> You can also use the [Confirm-SecureBootUEFI](https://docs.microsoft.com/powershell/module/secureboot/confirm-securebootuefi?view=win10-ps) cmdlet to verify the Secure Boot state. To do this, open an elevated PowerShell window and run the following command:
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md
index 77216f2dd1..b5882849d0 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md
@@ -13,7 +13,9 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/7/2019
+ms.custom: bitlocker
---
+
# BitLocker Network Unlock: known issues
By using the BitLocker Network Unlock feature, you can manage computers remotely without having to enter a BitLocker PIN when each computer starts up. To do this, You have to configure your environment to meet the following requirements:
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md
index a25ea79f8a..b9d677c092 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md
@@ -13,6 +13,7 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/18/2019
+ms.custom: bitlocker
---
# BitLocker recovery: known issues
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md
index 553780277a..9e19de9f72 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md
@@ -13,6 +13,7 @@ audience: ITPro
ms.collection: Windows Security Technologies\BitLocker
ms.topic: troubleshooting
ms.date: 10/18/2019
+ms.custom: bitlocker
---
# BitLocker and TPM: other known issues
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index b36af3f717..2d8554f52b 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -84,11 +84,15 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if
1. Launch MSINFO32.exe in a command prompt, or in the Windows search bar.
2. Check the value of **Kernel DMA Protection**.
-3. If the current state of **Kernel DMA Protection** is OFF and **Virtualization Technology in Firmware** is NO:
+3. If the current state of **Kernel DMA Protection** is OFF and **Hyper-V - Virtualization Enabled in Firmware** is NO:
- Reboot into BIOS settings
- Turn on Intel Virtualization Technology.
- Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md).
- Reboot system into Windows 10.
+
+>[!NOTE]
+> **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES.
+
4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature.
For systems that do not support Kernel DMA Protection, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection.
@@ -115,6 +119,12 @@ Please check the driver instance for the device you are testing. Some drivers ma
If the peripherals do have class drivers provided by Windows 10, please use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, please contact your peripheral vendor/driver vendor to update the driver to support [DMA Remapping](https://docs.microsoft.com/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers).
+### My system's Kernel DMA Protection is off. Can DMA-remapping for a specific device be turned on?
+
+Yes. DMA remapping for a specific device can be turned on independent from Kernel DMA Protection. For example, if the driver opts in and VT-d (Virtualization Technology for Directed I/O) is turned on, then DMA remapping will be enabled for the devices driver even if Kernel DMA Protection is turned off.
+
+Kernel DMA Protection is a policy that allows or blocks devices to perform DMA, based on their remapping state and capabilities.
+
### Do Microsoft drivers support DMA-remapping?
In Windows 10 1803 and beyond, the Microsoft inbox drivers for USB XHCI (3.x) Controllers, Storage AHCI/SATA Controllers and Storage NVMe Controllers support DMA Remapping.
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index da6eece1fe..fb2784e2d5 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -112,7 +112,7 @@ The following table defines which Windows features require TPM support.
Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details |
-|-|-|-|-
Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot
- BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required, but [Automatic Device Encryption requires Modern Standby](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) including TPM 2.0 support
+ BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Automatic Device Encryption requires Modern Standby](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) including TPM 2.0 support
Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0.
Windows Defender Application Control (Device Guard) | No | Yes | Yes
Windows Defender System Guard | Yes | No | Yes
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index 94634c4b79..d94485704c 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -41,7 +41,7 @@ This policy setting configured which TPM authorization values are stored in the
|--------------|---------------|---------|-----------------|-----------------|------------------|
| OwnerAuthAdmin | StorageOwnerAuth | Create SRK | No | Yes | Yes |
| OwnerAuthEndorsement | EndorsementAuth | Create or use EK (1.2 only: Create AIK) | No | Yes | Yes |
-| OwnerAuthFull | LockoutAuth | Reset/change Dictionary Attack Protection | No | No | No |
+| OwnerAuthFull | LockoutAuth | Reset/change Dictionary Attack Protection | No | No | Yes |
There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index 60283edd89..97733a4dd7 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -4,7 +4,6 @@ description: Learn how unenlightened and enlightened apps might behave, based on
keywords: WIP, Enterprise Data Protection, EDP, Windows Information Protection, unenlightened apps, enlightened apps
ms.prod: w10
ms.mktglfcycl: explore
-ms.pagetype: security
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
@@ -54,7 +53,7 @@ This table includes info about how unenlightened apps might behave, based on you
Name-based policies, using the /*AppCompat*/ string or proxy-based policies
-
Not required. App connects to enterprise cloud resources directly, using an IP address.
+
Not required. App connects to enterprise cloud resources directly, using an IP address.
App is entirely blocked from both personal and enterprise cloud resources.
@@ -71,7 +70,7 @@ This table includes info about how unenlightened apps might behave, based on you
-
Not required. App connects to enterprise cloud resources, using a hostname.
+
Not required. App connects to enterprise cloud resources, using a hostname.
App is blocked from accessing enterprise cloud resources, but can access other network resources.
@@ -81,7 +80,7 @@ This table includes info about how unenlightened apps might behave, based on you
-
Allow. App connects to enterprise cloud resources, using an IP address or a hostname.
+
Allow. App connects to enterprise cloud resources, using an IP address or a hostname.
App can access both personal and enterprise cloud resources.
@@ -91,7 +90,7 @@ This table includes info about how unenlightened apps might behave, based on you
-
Exempt. App connects to enterprise cloud resources, using an IP address or a hostname.
+
Exempt. App connects to enterprise cloud resources, using an IP address or a hostname.
App can access both personal and enterprise cloud resources.
@@ -111,7 +110,7 @@ This table includes info about how enlightened apps might behave, based on your
Networking policy configuration for name-based policies, possibly using the /*AppCompat*/ string, or proxy-based policies
-
Not required. App connects to enterprise cloud resources, using an IP address or a hostname.
+
Not required. App connects to enterprise cloud resources, using an IP address or a hostname.
App is blocked from accessing enterprise cloud resources, but can access other network resources.
@@ -121,7 +120,7 @@ This table includes info about how enlightened apps might behave, based on your
-
Allow. App connects to enterprise cloud resources, using an IP address or a hostname.
+
Allow. App connects to enterprise cloud resources, using an IP address or a hostname.
App can access both personal and enterprise cloud resources.
@@ -131,7 +130,7 @@ This table includes info about how enlightened apps might behave, based on your
-
Exempt. App connects to enterprise cloud resources, using an IP address or a hostname.
+
Exempt. App connects to enterprise cloud resources, using an IP address or a hostname.
App can access both personal and enterprise cloud resources.
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
index a5baa19809..49a57283b7 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
@@ -190,27 +190,27 @@ For this example, we're going to add Internet Explorer, a desktop app, to the **
All files signed by any publisher. (Not recommended.)
-
Publisher selected
+
Publisher selected
All files signed by the named publisher.
This might be useful if your company is the publisher and signer of internal line-of-business apps.
-
Publisher and Product Name selected
+
Publisher and Product Name selected
All files for the specified product, signed by the named publisher.
-
Publisher, Product Name, and Binary name selected
+
Publisher, Product Name, and Binary name selected
Any version of the named file or package for the specified product, signed by the named publisher.
-
Publisher, Product Name, Binary name, and File Version, and above, selected
+
Publisher, Product Name, Binary name, and File Version, and above, selected
Specified version or newer releases of the named file or package for the specified product, signed by the named publisher.
This option is recommended for enlightened apps that weren't previously enlightened.
-
Publisher, Product Name, Binary name, and File Version, And below selected
+
Publisher, Product Name, Binary name, and File Version, And below selected
Specified version or older releases of the named file or package for the specified product, signed by the named publisher.
-
Publisher, Product Name, Binary name, and File Version, Exactly selected
+
Publisher, Product Name, Binary name, and File Version, Exactly selected
Specified version of the named file or package for the specified product, signed by the named publisher.
@@ -403,8 +403,8 @@ There are no default locations included with WIP, you must add each of your netw
Enterprise Cloud Resources
-
With proxy: contoso.sharepoint.com,contoso.internalproxy1.com| contoso.visualstudio.com,contoso.internalproxy2.com
Without proxy: contoso.sharepoint.com|contoso.visualstudio.com
-
Specify the cloud resources to be treated as corporate and protected by WIP.
For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.
If you have multiple resources, you must separate them using the "|" delimiter. If you don't use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.
Important In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.
+
With proxy: contoso.sharepoint.com,contoso.internalproxy1.com| contoso.visualstudio.com,contoso.internalproxy2.com
Without proxy: contoso.sharepoint.com|contoso.visualstudio.com
+
Specify the cloud resources to be treated as corporate and protected by WIP.
For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.
If you have multiple resources, you must separate them using the "|" delimiter. If you don't use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.
Important In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.
Enterprise Network Domain Names (Required)
@@ -422,12 +422,12 @@ There are no default locations included with WIP, you must add each of your netw
Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
If you have multiple resources, you must separate them using the ";" delimiter.
Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
If you have multiple ranges, you must separate them using the "," delimiter.
Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
If you have multiple ranges, you must separate them using the "," delimiter.
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index b3f555bb13..73946540c5 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -129,7 +129,8 @@ If you don't know the Store app publisher or product name, you can find them by
If you need to add Windows 10 mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
->**Note** Your PC and phone must be on the same wireless network.
+> [!NOTE]
+> Your PC and phone must be on the same wireless network.
1. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
@@ -194,19 +195,19 @@ To add another Desktop app, click the ellipsis **…**. After you’ve entered t
If you’re unsure about what to include for the publisher, you can run this PowerShell command:
-```ps1
+```powershell
Get-AppLockerFileInformation -Path ""
```
Where `""` goes to the location of the app on the device. For example:
-```ps1
+```powershell
Get-AppLockerFileInformation -Path "C:\Program Files\Windows NT\Accessories\wordpad.exe"
```
In this example, you'd get the following info:
-```
+```console
Path Publisher
---- ---------
%PROGRAMFILES%\WINDOWS NT\ACCESSORIES\WORDPAD.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
@@ -214,6 +215,8 @@ Path Publisher
Where `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the **Publisher** name and `WORDPAD.EXE` is the **File** name.
+Regarding to how to get the Product Name for the Apps you wish to Add, please reach out to our Windows Support Team to request the guidelines
+
### Import a list of apps
This section covers two examples of using an AppLocker XML file to the **Protected apps** list. You’ll use this option if you want to add multiple apps at the same time.
@@ -277,22 +280,22 @@ For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com
This is the XML file that AppLocker creates for Microsoft Dynamics 365.
```xml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
```
12. After you’ve created your XML file, you need to import it by using Microsoft Intune.
@@ -333,6 +336,7 @@ The executable rule helps to create an AppLocker rule to sign any unsigned apps.
12. After you’ve created your XML file, you need to import it by using Microsoft Intune.
+
**To import a list of protected apps using Microsoft Intune**
1. In **Protected apps**, click **Import apps**.
@@ -426,7 +430,7 @@ Separate multiple resources with the "|" delimiter.
If you don’t use proxy servers, you must also include the "," delimiter just before the "|".
For example:
-```code
+```console
URL <,proxy>|URL <,proxy>
```
@@ -439,7 +443,7 @@ In this case, Windows blocks the connection by default.
To stop Windows from automatically blocking these connections, you can add the `/*AppCompat*/` string to the setting.
For example:
-```code
+```console
URL <,proxy>|URL <,proxy>/*AppCompat*/
```
@@ -447,24 +451,24 @@ When you use this string, we recommend that you also turn on [Azure Active Direc
Value format with proxy:
-```code
+```console
contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com
```
Value format without proxy:
-```code
-contoso.sharepoint.com|contoso.visualstudio.com
+```console
+contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com
```
### Protected domains
Specify the domains used for identities in your environment.
All traffic to the fully-qualified domains appearing in this list will be protected.
-Separate multiple domains with the "," delimiter.
+Separate multiple domains with the "|" delimiter.
-```code
-exchange.contoso.com,contoso.com,region.contoso.com
+```console
+exchange.contoso.com|contoso.com|region.contoso.com
```
### Network domains
@@ -473,7 +477,7 @@ Specify the DNS suffixes used in your environment.
All traffic to the fully-qualified domains appearing in this list will be protected.
Separate multiple resources with the "," delimiter.
-```code
+```console
corp.contoso.com,region.contoso.com
```
@@ -486,7 +490,7 @@ This list shouldn’t include any servers listed in your Internal proxy servers
Internal proxy servers must be used only for WIP-protected (enterprise) traffic.
Separate multiple resources with the ";" delimiter.
-```code
+```console
proxy.contoso.com:80;proxy2.contoso.com:443
```
@@ -498,7 +502,7 @@ This list shouldn’t include any servers listed in your Proxy servers list.
Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
Separate multiple resources with the ";" delimiter.
-```code
+```console
contoso.internalproxy1.com;contoso.internalproxy2.com
```
@@ -537,7 +541,7 @@ Specify your authentication redirection endpoints for your company.
These locations are considered enterprise or personal, based on the context of the connection before the redirection.
Separate multiple resources with the "," delimiter.
-```code
+```console
sts.contoso.com,sts.contoso2.com
```
@@ -595,8 +599,8 @@ After you've decided where your protected apps can access enterprise data on you
- **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive.
->[!NOTE]
->Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
+ > [!NOTE]
+ > Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
**Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 8c01645295..a099742145 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -108,7 +108,7 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
| Microsoft Messaging | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` **Product Name:** Microsoft.Messaging **App Type:** Universal app |
| IE11 | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US` **Binary Name:** iexplore.exe **App Type:** Desktop app |
| OneDrive Sync Client | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US` **Binary Name:** onedrive.exe **App Type:** Desktop app |
-| OneDrive app | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` **Product Name:** Microsoft.Microsoftskydrive Product Version:Product version: 17.21.0.0 (and later) **App Type:** Universal app |
+| OneDrive app | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` **Product Name:** Microsoft.Microsoftskydrive Product Version:Product version: 17.21.0.0 (and later) **App Type:** Universal app |
| Notepad | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US` **Binary Name:** notepad.exe **App Type:** Desktop app |
| Microsoft Paint | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US` **Binary Name:** mspaint.exe **App Type:** Desktop app |
| Microsoft Remote Desktop | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US` **Binary Name:** mstsc.exe **App Type:** Desktop app |
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
index 340c9edb2a..c1cd7193c0 100644
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@@ -33,18 +33,18 @@ This table provides info about the most common problems you might encounter whil
Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.
-
If you’re using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.
If you’re not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.
+
If you’re using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.
If you’re not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.
Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.
We strongly recommend educating employees about how to limit or eliminate the need for this decryption.
Direct Access is incompatible with WIP.
Direct Access might experience problems with how WIP enforces app behavior and data movement because of how WIP determines what is and isn’t a corporate network resource.
-
We recommend that you use VPN for client access to your intranet resources.
Note VPN is optional and isn’t required by WIP.
+
We recommend that you use VPN for client access to your intranet resources.
Note VPN is optional and isn’t required by WIP.
-
NetworkIsolation Group Policy setting takes precedence over MDM Policy settings.
-
The NetworkIsolation Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.
-
If you use both Group Policy and MDM to configure your NetworkIsolation settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.
+
NetworkIsolation Group Policy setting takes precedence over MDM Policy settings.
+
The NetworkIsolation Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.
+
If you use both Group Policy and MDM to configure your NetworkIsolation settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.
Cortana can potentially allow data leakage if it’s on the allowed apps list.
@@ -63,7 +63,7 @@ This table provides info about the most common problems you might encounter whil
Start the installer directly from the file share.
-OR-
Decrypt the locally copied files needed by the installer.
-OR-
-
Mark the file share with the installation media as “personal”. To do this, you’ll need to set the Enterprise IP ranges as Authoritative and then exclude the IP address of the file server, or you’ll need to put the file server on the Enterprise Proxy Server list.
+
Mark the file share with the installation media as “personal”. To do this, you’ll need to set the Enterprise IP ranges as Authoritative and then exclude the IP address of the file server, or you’ll need to put the file server on the Enterprise Proxy Server list.
@@ -74,17 +74,17 @@ This table provides info about the most common problems you might encounter whil
Redirected folders with Client Side Caching are not compatible with WIP.
Apps might encounter access errors while attempting to read a cached, offline file.
-
Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.
An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device.
-
Data copied from the WIP-managed device is marked as Work.
Data copied to the WIP-managed device is not marked as Work.
Local Work data copied to the WIP-managed device remains Work data.
Work data that is copied between two apps in the same session remains data.
+
Data copied from the WIP-managed device is marked as Work.
Data copied to the WIP-managed device is not marked as Work.
Local Work data copied to the WIP-managed device remains Work data.
Work data that is copied between two apps in the same session remains data.
Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default.
You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.
-
A message appears stating that the content is marked as Work and the user isn't given an option to override to Personal.
-
Open File Explorer and change the file ownership to Personal before you upload.
+
A message appears stating that the content is marked as Work and the user isn't given an option to override to Personal.
+
Open File Explorer and change the file ownership to Personal before you upload.
ActiveX controls should be used with caution.
@@ -97,7 +97,7 @@ This table provides info about the most common problems you might encounter whil
Format drive for NTFS, or use a different drive.
-
WIP isn’t turned on if any of the following folders have the MakeFolderAvailableOfflineDisabled option set to False:
+
WIP isn’t turned on if any of the following folders have the MakeFolderAvailableOfflineDisabled option set to False:
AppDataRoaming
Desktop
@@ -115,7 +115,7 @@ This table provides info about the most common problems you might encounter whil
WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using Microsoft Endpoint Configuration Manager.
-
Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders. You can configure this parameter, as described here.
If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see Can't open files offline when you use Offline Files and Windows Information Protection.
+
Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders. You can configure this parameter, as described here.
If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see Can't open files offline when you use Offline Files and Windows Information Protection.
@@ -143,7 +143,7 @@ This table provides info about the most common problems you might encounter whil
Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut. Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the “Open in app” button.
-
Microsoft Office Outlook offline data files (PST and OST files) are not marked as Work files, and are therefore not protected.
+
Microsoft Office Outlook offline data files (PST and OST files) are not marked as Work files, and are therefore not protected.
If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected.
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index 961744bbf6..7353daae25 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -39,30 +39,30 @@ You can try any of the processes included in these scenarios, but you should foc
Encrypt and decrypt files using File Explorer.
-
For desktop:
+
For desktop:
-
Open File Explorer, right-click a work document, and then click Work from the File Ownership menu. Make sure the file is encrypted by right-clicking the file again, clicking Advanced from the General tab, and then clicking Details from the Compress or Encrypt attributes area. The file should show up under the heading, This enterprise domain can remove or revoke access:<your_enterprise_identity>. For example, contoso.com.
-
In File Explorer, right-click the same document, and then click Personal from the File Ownership menu. Make sure the file is decrypted by right-clicking the file again, clicking Advanced from the General tab, and then verifying that the Details button is unavailable.
+
Open File Explorer, right-click a work document, and then click Work from the File Ownership menu. Make sure the file is encrypted by right-clicking the file again, clicking Advanced from the General tab, and then clicking Details from the Compress or Encrypt attributes area. The file should show up under the heading, This enterprise domain can remove or revoke access:<your_enterprise_identity>. For example, contoso.com.
+
In File Explorer, right-click the same document, and then click Personal from the File Ownership menu. Make sure the file is decrypted by right-clicking the file again, clicking Advanced from the General tab, and then verifying that the Details button is unavailable.
- For mobile:
+ For mobile:
-
Open the File Explorer app, browse to a file location, click the elipsis (...), and then click Select to mark at least one file as work-related.
-
Click the elipsis (...) again, click File ownership from the drop down menu, and then click Work. Make sure the file is encrypted, by locating the Briefcase icon next to the file name.
-
Select the same file, click File ownership from the drop down menu, and then click Personal. Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
+
Open the File Explorer app, browse to a file location, click the elipsis (...), and then click Select to mark at least one file as work-related.
+
Click the elipsis (...) again, click File ownership from the drop down menu, and then click Work. Make sure the file is encrypted, by locating the Briefcase icon next to the file name.
+
Select the same file, click File ownership from the drop down menu, and then click Personal. Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
Create work documents in enterprise-allowed apps.
-
For desktop:
+
For desktop:
-
Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes. Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.
Important Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.
Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes. Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.
Important Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.
Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as Work to a local, work-related location. Make sure the document is encrypted, by locating the Briefcase icon next to the file name.
+
Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as Work to a local, work-related location. Make sure the document is encrypted, by locating the Briefcase icon next to the file name.
Open the same document and attempt to save it to a non-work-related location. WIP should stop you from saving the file to this location.
-
Open the same document one last time, make a change to the contents, and then save it again using the Personal option. Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
+
Open the same document one last time, make a change to the contents, and then save it again using the Personal option. Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
@@ -70,7 +70,7 @@ You can try any of the processes included in these scenarios, but you should foc
Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file. The app shouldn't be able to access the file.
-
Try double-clicking or tapping on the work-encrypted file. If your default app association is an app not on your allowed apps list, you should get an Access Denied error message.
+
Try double-clicking or tapping on the work-encrypted file. If your default app association is an app not on your allowed apps list, you should get an Access Denied error message.
@@ -78,9 +78,9 @@ You can try any of the processes included in these scenarios, but you should foc
Copy and paste from enterprise apps to non-enterprise apps.
-
Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list. You should see a WIP-related warning box, asking you to click either Change to personal or Keep at work.
-
Click Keep at work. The content isn't pasted into the non-enterprise app.
-
Repeat Step 1, but this time click Change to personal, and try to paste the content again. The content is pasted into the non-enterprise app.
+
Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list. You should see a WIP-related warning box, asking you to click either Change to personal or Keep at work.
+
Click Keep at work. The content isn't pasted into the non-enterprise app.
+
Repeat Step 1, but this time click Change to personal, and try to paste the content again. The content is pasted into the non-enterprise app.
Try copying and pasting content between apps on your allowed apps list. The content should copy and paste between apps without any warning messages.
@@ -89,9 +89,9 @@ You can try any of the processes included in these scenarios, but you should foc
Drag and drop from enterprise apps to non-enterprise apps.
-
Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list. You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
-
Click Keep at work. The content isn't dropped into the non-enterprise app.
-
Repeat Step 1, but this time click Change to personal, and try to drop the content again. The content is dropped into the non-enterprise app.
+
Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list. You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
+
Click Keep at work. The content isn't dropped into the non-enterprise app.
+
Repeat Step 1, but this time click Change to personal, and try to drop the content again. The content is dropped into the non-enterprise app.
Try dragging and dropping content between apps on your allowed apps list. The content should move between the apps without any warning messages.
@@ -100,9 +100,9 @@ You can try any of the processes included in these scenarios, but you should foc
Share between enterprise apps and non-enterprise apps.
-
Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook. You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
-
Click Keep at work. The content isn't shared into Facebook.
-
Repeat Step 1, but this time click Change to personal, and try to share the content again. The content is shared into Facebook.
+
Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook. You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
+
Click Keep at work. The content isn't shared into Facebook.
+
Repeat Step 1, but this time click Change to personal, and try to share the content again. The content is shared into Facebook.
Try sharing content between apps on your allowed apps list. The content should share between the apps without any warning messages.
@@ -112,8 +112,8 @@ You can try any of the processes included in these scenarios, but you should foc
Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps. Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
-
Open File Explorer and make sure your modified files are appearing with a Lock icon.
-
Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.
Note Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data.
A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
+
Open File Explorer and make sure your modified files are appearing with a Lock icon.
+
Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.
Note Most Windows-signed components like File Explorer (when running in the user's context), should have access to enterprise data.
A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
@@ -130,7 +130,7 @@ You can try any of the processes included in these scenarios, but you should foc
Verify your shared files can use WIP.
-
Download a file from a protected file share, making sure the file is encrypted by locating the Briefcase icon next to the file name.
+
Download a file from a protected file share, making sure the file is encrypted by locating the Briefcase icon next to the file name.
Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.
Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share. The app shouldn't be able to access the file share.
@@ -142,7 +142,7 @@ You can try any of the processes included in these scenarios, but you should foc
Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.
Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge. Both browsers should respect the enterprise and personal boundary.
-
Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource. IE11 shouldn't be able to access the sites.
Note Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as Work.
+
Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource. IE11 shouldn't be able to access the sites.
Note Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as Work.
@@ -150,7 +150,7 @@ You can try any of the processes included in these scenarios, but you should foc
Verify your Virtual Private Network (VPN) can be auto-triggered.
Start an app from your allowed apps list. The VPN network should automatically start.
Disconnect from your network and then start an app that isn't on your allowed apps list. The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
@@ -160,7 +160,7 @@ You can try any of the processes included in these scenarios, but you should foc
Unenroll client devices from WIP.
-
Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove. The device should be removed and all of the enterprise content for that managed account should be gone.
Important On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
+
Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove. The device should be removed and all of the enterprise content for that managed account should be gone.
Important On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index ab71e3e567..78cbfc5ab5 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -26,6 +26,12 @@
#### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
#### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
#### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
+### [Manage Microsoft Defender ATP post migration]()
+#### [Overview](microsoft-defender-atp/manage-atp-post-migration.md)
+#### [Intune (recommended)](microsoft-defender-atp/manage-atp-post-migration-intune.md)
+#### [Configuration Manager](microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md)
+#### [Group Policy Objects](microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md)
+#### [PowerShell, WMI, and MPCmdRun.exe](microsoft-defender-atp/manage-atp-post-migration-other-tools.md)
## [Security administration]()
### [Threat & Vulnerability Management]()
@@ -43,7 +49,7 @@
### [Attack surface reduction]()
#### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
-#### [Attack surface reduction evaluation](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
+#### [Evaluate attack surface reduction rules](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
#### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md)
@@ -51,6 +57,7 @@
##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
##### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
##### [Customize attack surface reduction rules](microsoft-defender-atp/customize-attack-surface-reduction.md)
+##### [View attack surface reduction events](microsoft-defender-atp/event-views.md)
#### [Hardware-based isolation]()
##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
@@ -76,12 +83,15 @@
#### [Exploit protection]()
##### [Protect devices from exploits](microsoft-defender-atp/exploit-protection.md)
##### [Exploit protection evaluation](microsoft-defender-atp/evaluate-exploit-protection.md)
+##### [Enable exploit protection](microsoft-defender-atp/enable-exploit-protection.md)
+##### [Customize exploit protection](microsoft-defender-atp/customize-exploit-protection.md)
+##### [Import, export, and deploy exploit protection configurations](microsoft-defender-atp/import-export-exploit-protection-emet-xml.md)
#### [Network protection]()
##### [Protect your network](microsoft-defender-atp/network-protection.md)
-##### [Network protection evaluation](microsoft-defender-atp/evaluate-network-protection.md)
-##### [Enable network protection](microsoft-defender-atp/enable-network-protection.md)
+##### [Evaluate network protection](microsoft-defender-atp/evaluate-network-protection.md)
+##### [Turning on network protection](microsoft-defender-atp/enable-network-protection.md)
#### [Web protection]()
##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
@@ -93,7 +103,9 @@
#### [Controlled folder access]()
##### [Protect folders](microsoft-defender-atp/controlled-folders.md)
-##### [Controlled folder access evaluation](microsoft-defender-atp/evaluate-controlled-folder-access.md)
+##### [Evaluate controlled folder access](microsoft-defender-atp/evaluate-controlled-folder-access.md)
+##### [Enable controlled folder access](microsoft-defender-atp/enable-controlled-folders.md)
+##### [Customize controlled folder access](microsoft-defender-atp/customize-controlled-folders.md)
@@ -109,7 +121,7 @@
#### [Configure next-generation protection]()
##### [Configure Microsoft Defender Antivirus features](microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md)
-##### [Utilize Microsoft cloud-delivered protection](microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)
+##### [Use Microsoft cloud-delivered protection](microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)
###### [Enable cloud-delivered protection](microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md)
###### [Specify the cloud-delivered protection level](microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md)
###### [Configure and validate network connections](microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md)
@@ -127,6 +139,15 @@
##### [Antivirus compatibility]()
###### [Compatibility charts](microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md)
###### [Use limited periodic antivirus scanning](microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md)
+
+##### [Manage next-generation protection in your business]()
+###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
+###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next-generation protection](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
+###### [Use Group Policy settings to manage next-generation protection](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
+###### [Use PowerShell cmdlets to manage next-generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
+###### [Use Windows Management Instrumentation (WMI) to manage next-generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
+###### [Use the mpcmdrun.exe command line tool to manage next-generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
+###### [Handle false positives/negatives in Microsoft Defender Antivirus](microsoft-defender-antivirus/antivirus-false-positives-negatives.md)
##### [Deploy, manage updates, and report on antivirus]()
###### [Preparing to deploy](microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md)
@@ -163,14 +184,6 @@
##### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
-##### [Manage antivirus in your business]()
-###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
-###### [Use Group Policy settings to configure and manage antivirus](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
-###### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
-###### [Use PowerShell cmdlets to configure and manage antivirus](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
-###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
-###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
-
##### [Manage scans and remediation]()
###### [Management overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
@@ -190,16 +203,6 @@
###### [Run and review the results of an offline scan](microsoft-defender-antivirus/microsoft-defender-offline.md)
###### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
-##### [Manage next-generation protection in your business]()
-###### [Handle false positives/negatives in Microsoft Defender Antivirus](microsoft-defender-antivirus/antivirus-false-positives-negatives.md)
-###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
-###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
-###### [Use Group Policy settings to manage next generation protection](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
-###### [Use PowerShell cmdlets to manage next generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
-###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
-###### [Use the mpcmdrun.exe command line tool to manage next generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
-
-
#### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md)
#### [Better together: Microsoft Defender Antivirus and Office 365](microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md)
@@ -296,14 +299,15 @@
#### [Devices list]()
##### [View and organize the Devices list](microsoft-defender-atp/machines-view-overview.md)
+##### [Device timeline event flags](microsoft-defender-atp/device-timeline-event-flag.md)
##### [Manage device group and tags](microsoft-defender-atp/machine-tags.md)
#### [Take response actions]()
##### [Take response actions on a device]()
###### [Response actions on devices](microsoft-defender-atp/respond-machine-alerts.md)
###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
-###### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
-###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
+###### [Start an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
+###### [Start a Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-devices)
###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-microsoft-defender-antivirus-scan-on-devices)
###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
@@ -320,9 +324,6 @@
###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
-###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
-###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
-###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
#### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
##### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
@@ -343,8 +344,9 @@
#### [Custom detections]()
-##### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md)
-##### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md)
+##### [Custom detections overview](microsoft-defender-atp/overview-custom-detections.md)
+##### [Create detection rules](microsoft-defender-atp/custom-detection-rules.md)
+##### [View & manage detection rules](microsoft-defender-atp/custom-detections-manage.md)
### [Behavioral blocking and containment]()
#### [Behavioral blocking and containment](microsoft-defender-atp/behavioral-blocking-containment.md)
@@ -422,7 +424,7 @@
#### [Ensure your devices are configured properly](microsoft-defender-atp/configure-machines.md)
#### [Monitor and increase device onboarding](microsoft-defender-atp/configure-machines-onboarding.md)
#### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md)
-#### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
+#### [Optimize attack surface reduction rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
### [Configure portal settings]()
#### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
@@ -461,7 +463,7 @@
#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
-
+### [Use audit mode](microsoft-defender-atp/audit-windows-defender.md)
## Reference
### [Management and APIs]()
@@ -556,7 +558,7 @@
####### [Score methods and properties](microsoft-defender-atp/score.md)
####### [List exposure score by machine group](microsoft-defender-atp/get-machine-group-exposure-score.md)
####### [Get exposure score](microsoft-defender-atp/get-exposure-score.md)
-####### [Get machine secure score](microsoft-defender-atp/get-device-secure-score.md)
+####### [Get device secure score](microsoft-defender-atp/get-device-secure-score.md)
###### [Software]()
####### [Software methods and properties](microsoft-defender-atp/software.md)
@@ -570,7 +572,7 @@
###### [Vulnerability]()
####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md)
####### [List vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md)
-####### [List vulnerabilities by Machine and Software](microsoft-defender-atp/get-all-vulnerabilities-by-machines.md)
+####### [List vulnerabilities by machine and software](microsoft-defender-atp/get-all-vulnerabilities-by-machines.md)
####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md)
####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md)
@@ -822,7 +824,7 @@
####### [Event 4765 S: SID History was added to an account.](auditing/event-4765.md)
####### [Event 4766 F: An attempt to add SID History to an account failed.](auditing/event-4766.md)
####### [Event 4767 S: A user account was unlocked.](auditing/event-4767.md)
-####### [Event 4780 S: The ACL was set on accounts which are members of administrators groups.](auditing/event-4780.md)
+####### [Event 4780 S: The ACL was set on accounts that are members of administrators groups.](auditing/event-4780.md)
####### [Event 4781 S: The name of an account was changed.](auditing/event-4781.md)
####### [Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password.](auditing/event-4794.md)
####### [Event 4798 S: A user's local group membership was enumerated.](auditing/event-4798.md)
@@ -1215,7 +1217,7 @@
###### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)
###### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)
###### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md)
-###### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md)
+###### [System objects: Strengthen default permissions of internal system objects (Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md)
###### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md)
###### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)
###### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)
diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
index b062a6e72b..505da9bbb0 100644
--- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
+++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
@@ -1,6 +1,6 @@
---
title: Appendix A, Security monitoring recommendations for many audit events (Windows 10)
-description: Appendix A, Security monitoring recommendations for many audit events
+description: Learn about recommendations for the type of monitoring required for certain classes of security audit events.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
index f6d870f605..9adb4cfd74 100644
--- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
@@ -1,6 +1,6 @@
---
title: Audit Other Privilege Use Events (Windows 10)
-description: This security policy setting is not used.
+description: Learn about the audit other privilege use events, an auditing subcategory that should not have any events in it but enables generation of event 4985(S).
ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c
ms.reviewer:
manager: dansimp
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
index 1e73acf50d..3856637432 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
@@ -1,6 +1,6 @@
---
title: Basic security audit policies (Windows 10)
-description: Before you implement auditing, you must decide on an auditing policy.
+description: Learn about basic security audit policies that specify the categories of security-related events that you want to audit for the needs of your organization.
ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md
index 22a7d07d71..5f0730407d 100644
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@@ -1,6 +1,6 @@
---
title: 4608(S) Windows is starting up. (Windows 10)
-description: Describes security event 4608(S) Windows is starting up.
+description: Describes security event 4608(S) Windows is starting up. This event is logged when the LSASS.EXE process starts and the auditing subsystem is initialized.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -20,7 +20,7 @@ ms.author: dansimp
- Windows Server 2016
-
+
***Subcategory:*** [Audit Security State Change](audit-security-state-change.md)
@@ -30,12 +30,13 @@ This event is logged when LSASS.EXE process starts and the auditing subsystem is
It typically generates during operating system startup process.
-> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
+> [!NOTE]
+> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
***Event XML:***
-```
+```xml
-
-
diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md
index 9231f28b82..0490e0ae3e 100644
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@@ -1,6 +1,6 @@
---
title: 4615(S) Invalid use of LPC port. (Windows 10)
-description: Describes security event 4615(S) Invalid use of LPC port.
+description: Describes security event 4615(S) Invalid use of LPC port. It appears that the Invalid use of LPC port event never occurs.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md
index 8681a67e8f..3f700f0719 100644
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@@ -1,6 +1,6 @@
---
title: 4616(S) The system time was changed. (Windows 10)
-description: Describes security event 4616(S) The system time was changed.
+description: Describes security event 4616(S) The system time was changed. This event is generated every time system time is changed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -20,7 +20,7 @@ ms.author: dansimp
- Windows Server 2016
-
+
***Subcategory:*** [Audit Security State Change](audit-security-state-change.md)
@@ -32,12 +32,13 @@ This event is always logged regardless of the "Audit Security State Change" sub-
You will typically see these events with “**Subject\\Security ID**” = “**LOCAL SERVICE**”, these are normal time correction actions.
-> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
+> [!NOTE]
+> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
***Event XML:***
-```
+```xml
-
-
@@ -87,7 +88,8 @@ You will typically see these events with “**Subject\\Security ID**” = “**L
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change system time” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+ > [!NOTE]
+ > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change system time” operation.
@@ -161,7 +163,8 @@ You will typically see these events with “**Subject\\Security ID**” = “**L
For 4616(S): The system time was changed.
-> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
+> [!IMPORTANT]
+> For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
- Report all “**Subject\\Security ID**” not equals **“LOCAL SERVICE”**, which means that the time change was not made not by Windows Time service.
diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md
index cf8e0d63b8..b310cd06ca 100644
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@@ -146,6 +146,7 @@ This event generates when a logon session is created (on destination machine). I
| Logon Type | Logon Title | Description |
|:----------:|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `0` | `System` | Used only by the System account, for example at system startup. |
| `2` | `Interactive` | A user logged on to this computer. |
| `3` | `Network` | A user or computer logged on to this computer from the network. |
| `4` | `Batch` | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |
@@ -155,6 +156,8 @@ This event generates when a logon session is created (on destination machine). I
| `9` | `NewCredentials` | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |
| `10` | `RemoteInteractive` | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |
| `11` | `CachedInteractive` | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |
+| `12` | `CashedRemoteInteractive` | Same as RemoteInteractive. This is used for internal auditing. |
+| `13` | `CachedUnlock` | Workstation logon. |
- **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index 08fcff8219..84cf52d450 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -1,6 +1,6 @@
---
title: 4625(F) An account failed to log on. (Windows 10)
-description: Describes security event 4625(F) An account failed to log on.
+description: Describes security event 4625(F) An account failed to log on. This event is generated if an account logon attempt failed for a locked out account.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -20,7 +20,7 @@ ms.author: dansimp
- Windows Server 2016
-
+
***Subcategories:*** [Audit Account Lockout](audit-account-lockout.md) and [Audit Logon](audit-logon.md)
@@ -32,12 +32,13 @@ It generates on the computer where logon attempt was made, for example, if logon
This event generates on domain controllers, member servers, and workstations.
-> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
+> [!NOTE]
+> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
***Event XML:***
-```
+```xml
-
-
@@ -93,7 +94,8 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of account that reported information about logon failure. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+ > [!NOTE]
+ > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about logon failure.
@@ -109,27 +111,30 @@ This event generates on domain controllers, member servers, and workstations.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.
-**Logon Type** \[Type = UInt32\]**:** the type of logon which was performed. “Table 11. Windows Logon Types” contains the list of possible values for this field.
+- **Logon Type** \[Type = UInt32\]**:** the type of logon which was performed. “Table 11. Windows Logon Types” contains the list of possible values for this field.
-| Logon Type | Logon Title | Description |
-|-----------------------------------------------------------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 2 | Interactive | A user logged on to this computer. |
-| 3 | Network | A user or computer logged on to this computer from the network. |
-| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |
-| 5 | Service | A service was started by the Service Control Manager. |
-| 7 | Unlock | This workstation was unlocked. |
-| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |
-| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |
-| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |
-| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |
-> Table: Windows Logon Types
+ **Table 11: Windows Logon Types**
+
+ | Logon Type | Logon Title | Description |
+ |-----------------------------------------------------------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+ | 2 | Interactive | A user logged on to this computer. |
+ | 3 | Network | A user or computer logged on to this computer from the network. |
+ | 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |
+ | 5 | Service | A service was started by the Service Control Manager. |
+ | 7 | Unlock | This workstation was unlocked. |
+ | 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |
+ | 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |
+ | 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |
+ | 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |
+
**Account For Which Logon Failed:**
- **Security ID** \[Type = SID\]**:** SID of the account that was specified in the logon attempt. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+ > [!NOTE]
+ > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that was specified in the logon attempt.
@@ -151,35 +156,36 @@ This event generates on domain controllers, member servers, and workstations.
- **Failure Reason** \[Type = UnicodeString\]**:** textual explanation of **Status** field value. For this event it typically has “**Account locked out**” value.
-- **Status** \[Type = HexInt32\]**:** the reason why logon failed. For this event it typically has “**0xC0000234**” value. The most common status codes are listed in “Table 12. Windows logon status codes.”
+- **Status** \[Type = HexInt32\]**:** the reason why logon failed. For this event it typically has “**0xC0000234**” value. The most common status codes are listed in Table 12. Windows logon status codes.
-| Status\\Sub-Status Code | Description |
-|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 0XC000005E | There are currently no logon servers available to service the logon request. |
-| 0xC0000064 | User logon with misspelled or bad user account |
-| 0xC000006A | User logon with misspelled or bad password |
-| 0XC000006D | This is either due to a bad username or authentication information |
-| 0XC000006E | Unknown user name or bad password. |
-| 0xC000006F | User logon outside authorized hours |
-| 0xC0000070 | User logon from unauthorized workstation |
-| 0xC0000071 | User logon with expired password |
-| 0xC0000072 | User logon to account disabled by administrator |
-| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |
-| 0XC0000133 | Clocks between DC and other computer too far out of sync |
-| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |
-| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |
-| 0XC0000192 | An attempt was made to logon, but the N**etlogon** service was not started. |
-| 0xC0000193 | User logon with expired account |
-| 0XC0000224 | User is required to change password at next logon |
-| 0XC0000225 | Evidently a bug in Windows and not a risk |
-| 0xC0000234 | User logon with account locked |
-| 0XC00002EE | Failure Reason: An Error occurred during Logon |
-| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |
-| 0x0 | Status OK. |
+ **Table 12: Windows logon status codes.**
-> Table: Windows logon status codes.
->
-> **Note** To see the meaning of other status\\sub-status codes you may also check for status code in the Window header file ntstatus.h in Windows SDK.
+ | Status\\Sub-Status Code | Description |
+ |-------------------------|------------------------------------------------------------------------------------------------------|
+ | 0XC000005E | There are currently no logon servers available to service the logon request. |
+ | 0xC0000064 | User logon with misspelled or bad user account |
+ | 0xC000006A | User logon with misspelled or bad password |
+ | 0XC000006D | This is either due to a bad username or authentication information |
+ | 0XC000006E | Unknown user name or bad password. |
+ | 0xC000006F | User logon outside authorized hours |
+ | 0xC0000070 | User logon from unauthorized workstation |
+ | 0xC0000071 | User logon with expired password |
+ | 0xC0000072 | User logon to account disabled by administrator |
+ | 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |
+ | 0XC0000133 | Clocks between DC and other computer too far out of sync |
+ | 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |
+ | 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |
+ | 0XC0000192 | An attempt was made to logon, but the N**etlogon** service was not started. |
+ | 0xC0000193 | User logon with expired account |
+ | 0XC0000224 | User is required to change password at next logon |
+ | 0XC0000225 | Evidently a bug in Windows and not a risk |
+ | 0xC0000234 | User logon with account locked |
+ | 0XC00002EE | Failure Reason: An Error occurred during Logon |
+ | 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |
+ | 0x0 | Status OK. |
+
+> [!NOTE]
+> To see the meaning of other status\\sub-status codes you may also check for status code in the Window header file ntstatus.h in Windows SDK.
More information:
@@ -187,7 +193,7 @@ More information:
**Process Information:**
-- **Caller Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that attempted the logon. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
+- **Caller Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that attempted the logon. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
@@ -241,7 +247,8 @@ More information:
For 4625(F): An account failed to log on.
-> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
+> [!IMPORTANT]
+> For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
- If you have a pre-defined “**Process Name**” for the process reported in this event, monitor all events with “**Process Name**” not equal to your defined value.
@@ -277,17 +284,17 @@ For 4625(F): An account failed to log on.
- Monitor for all events with the fields and values in the following table:
-| **Field** | Value to monitor for |
-|----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC000005E – “There are currently no logon servers available to service the logon request.” This is typically not a security issue but it can be an infrastructure or availability issue. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC0000064 – “User logon with misspelled or bad user account”. Especially if you get a number of these in a row, it can be a sign of user enumeration attack. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC000006A – “User logon with misspelled or bad password” for critical accounts or service accounts. Especially watch for a number of such events in a row. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC000006D – “This is either due to a bad username or authentication information” for critical accounts or service accounts. Especially watch for a number of such events in a row. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC000006F – “User logon outside authorized hours”. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC0000070 – “User logon from unauthorized workstation”. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC0000072 – “User logon to account disabled by administrator”. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC000015B – “The user has not been granted the requested logon type (aka logon right) at this machine”. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC0000192 – “An attempt was made to logon, but the Netlogon service was not started”. This is typically not a security issue but it can be an infrastructure or availability issue. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC0000193 – “User logon with expired account”. |
-| **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC0000413 – “Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine”. |
+ | **Field** | Value to monitor for |
+ |----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC000005E – “There are currently no logon servers available to service the logon request.” This is typically not a security issue but it can be an infrastructure or availability issue. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC0000064 – “User logon with misspelled or bad user account”. Especially if you get a number of these in a row, it can be a sign of user enumeration attack. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC000006A – “User logon with misspelled or bad password” for critical accounts or service accounts. Especially watch for a number of such events in a row. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC000006D – “This is either due to a bad username or authentication information” for critical accounts or service accounts. Especially watch for a number of such events in a row. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC000006F – “User logon outside authorized hours”. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC0000070 – “User logon from unauthorized workstation”. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC0000072 – “User logon to account disabled by administrator”. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC000015B – “The user has not been granted the requested logon type (aka logon right) at this machine”. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC0000192 – “An attempt was made to logon, but the Netlogon service was not started”. This is typically not a security issue but it can be an infrastructure or availability issue. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0xC0000193 – “User logon with expired account”. |
+ | **Failure Information\\Status** or **Failure Information\\Sub Status** | 0XC0000413 – “Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine”. |
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index d0474f5941..2adc4b2f1b 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -1,6 +1,6 @@
---
title: 4626(S) User/Device claims information. (Windows 10)
-description: Describes security event 4626(S) User/Device claims information.
+description: Describes security event 4626(S) User/Device claims information. This event is generated for new account logons.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -157,7 +157,7 @@ This event generates on the computer to which the logon was performed (target co
- “dadmin” – claim value.
-**Device Claims** \[Type = UnicodeString\]**:** list of device claims for new logon session. For user accounts this field typically has “**-**“ value. For computer accounts this field has device claims listed.
+**Device Claims** \[Type = UnicodeString\]**:** list of device claims for new logon session. For user accounts this field typically has “**-**“ value. For computer accounts this field has device claims listed.
## Security Monitoring Recommendations
diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md
index 37bc83b16f..fb47564ea9 100644
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@@ -1,6 +1,6 @@
---
title: 4627(S) Group membership information. (Windows 10)
-description: Describes security event 4627(S) Group membership information.
+description: Describes security event 4627(S) Group membership information. This event is generated with event 4624(S) An account was successfully logged on.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md
index c7fd725041..d76dc2df61 100644
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@@ -1,6 +1,6 @@
---
title: 4634(S) An account was logged off. (Windows 10)
-description: Describes security event 4634(S) An account was logged off.
+description: Describes security event 4634(S) An account was logged off. This event is generated when a logon session is terminated and no longer exists.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md
index 3cb68ae77c..26bbcd86f8 100644
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@@ -1,6 +1,6 @@
---
title: 4647(S) User initiated logoff. (Windows 10)
-description: Describes security event 4647(S) User initiated logoff.
+description: Describes security event 4647(S) User initiated logoff. This event is generated when a logoff is initiated. No further user-initiated activity can occur.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md
index 0c3b10dff5..dce0305250 100644
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@@ -1,6 +1,6 @@
---
title: 4649(S) A replay attack was detected. (Windows 10)
-description: Describes security event 4649(S) A replay attack was detected.
+description: Describes security event 4649(S) A replay attack was detected. This event is generated when a KRB_AP_ERR_REPEAT Kerberos response is sent to the client.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md
index f27a05c4d3..cb009c97df 100644
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@@ -1,6 +1,6 @@
---
title: 4657(S) A registry value was modified. (Windows 10)
-description: Describes security event 4657(S) A registry value was modified.
+description: Describes security event 4657(S) A registry value was modified. This event is generated when a registry key value is modified.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md
index 1569c43d0f..c461aa3d20 100644
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@@ -1,6 +1,6 @@
---
title: 4658(S) The handle to an object was closed. (Windows 10)
-description: Describes security event 4658(S) The handle to an object was closed.
+description: Describes security event 4658(S) The handle to an object was closed. This event is generated when the handle to an object is closed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md
index 7c03634e8e..0823b6ae3e 100644
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@@ -1,6 +1,6 @@
---
title: 4660(S) An object was deleted. (Windows 10)
-description: Describes security event 4660(S) An object was deleted.
+description: Describes security event 4660(S) An object was deleted. This event is generated when an object is deleted.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index 45dcd000c9..bc6d20907b 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -274,5 +274,5 @@ For file system and registry objects, the following recommendations apply.
- If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.**
-- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers. For example, you could monitor the **ntds.dit** file on domain controllers.
+- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers. For example, you could monitor the **ntds.dit** file on domain controllers.
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index 1641acbc10..81b9fd94a0 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -22,7 +22,7 @@ ms.author: dansimp
-Subcategory:Audit Special Logon
+Subcategory:Audit Special Logon
***Event Description:***
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index 1caa24d32d..c647485d66 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -1,6 +1,6 @@
---
title: 4673(S, F) A privileged service was called. (Windows 10)
-description: Describes security event 4673(S, F) A privileged service was called.
+description: Describes security event 4673(S, F) A privileged service was called. This event is generated for an attempt to perform privileged system service operations.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -135,40 +135,40 @@ Failure event generates when service call attempt fails.
| **Subcategory of event** | **Privilege Name: User Right Group Policy Name** | **Description** |
|-----------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Audit Non Sensitive Privilege Use | SeChangeNotifyPrivilege: Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. |
-| Audit Non Sensitive Privilege Use | SeCreateGlobalPrivilege: Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. |
-| Audit Non Sensitive Privilege Use | SeCreatePagefilePrivilege: Create a pagefile | With this privilege, the user can create and change the size of a pagefile. |
-| Audit Non Sensitive Privilege Use | SeCreatePermanentPrivilege: Create permanent shared objects | Required to create a permanent object. This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. |
-| Audit Non Sensitive Privilege Use | SeCreateSymbolicLinkPrivilege: Create symbolic links | Required to create a symbolic link. |
-| Audit Non Sensitive Privilege Use | SeIncreaseBasePriorityPrivilege: Increase scheduling priority | Required to increase the base priority of a process. With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. |
-| Audit Non Sensitive Privilege Use | SeIncreaseQuotaPrivilege: Adjust memory quotas for a process | Required to increase the quota assigned to a process. With this privilege, the user can change the maximum memory that can be consumed by a process. |
-| Audit Non Sensitive Privilege Use | SeIncreaseWorkingSetPrivilege: Increase a process working set | Required to allocate more memory for applications that run in the context of users. |
-| Audit Non Sensitive Privilege Use | SeLockMemoryPrivilege: Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). |
-| Audit Non Sensitive Privilege Use | SeMachineAccountPrivilege: Add workstations to domain | With this privilege, the user can create a computer account. This privilege is valid only on domain controllers. |
-| Audit Non Sensitive Privilege Use | SeManageVolumePrivilege: Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. |
-| Audit Non Sensitive Privilege Use | SeProfileSingleProcessPrivilege: Profile single process | Required to gather profiling information for a single process. With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. |
-| Audit Non Sensitive Privilege Use | SeRelabelPrivilege: Modify an object label | Required to modify the mandatory integrity level of an object. |
-| Audit Non Sensitive Privilege Use | SeRemoteShutdownPrivilege: Force shutdown from a remote system | Required to shut down a system using a network request. |
-| Audit Non Sensitive Privilege Use | SeShutdownPrivilege: Shut down the system | Required to shut down a local system. |
-| Audit Non Sensitive Privilege Use | SeSyncAgentPrivilege: Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers. With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. |
-| Audit Non Sensitive Privilege Use | SeSystemProfilePrivilege: Profile system performance | Required to gather profiling information for the entire system. With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. |
-| Audit Non Sensitive Privilege Use | SeSystemtimePrivilege: Change the system time | Required to modify the system time. With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. |
-| Audit Non Sensitive Privilege Use | SeTimeZonePrivilege: Change the time zone | Required to adjust the time zone associated with the computer's internal clock. |
-| Audit Non Sensitive Privilege Use | SeTrustedCredManAccessPrivilege: Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. |
-| Audit Non Sensitive Privilege Use | SeUndockPrivilege: Remove computer from docking station | Required to undock a laptop. With this privilege, the user can undock a portable computer from its docking station without logging on. |
+| Audit Non Sensitive Privilege Use | SeChangeNotifyPrivilege: Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. |
+| Audit Non Sensitive Privilege Use | SeCreateGlobalPrivilege: Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. |
+| Audit Non Sensitive Privilege Use | SeCreatePagefilePrivilege: Create a pagefile | With this privilege, the user can create and change the size of a pagefile. |
+| Audit Non Sensitive Privilege Use | SeCreatePermanentPrivilege: Create permanent shared objects | Required to create a permanent object. This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. |
+| Audit Non Sensitive Privilege Use | SeCreateSymbolicLinkPrivilege: Create symbolic links | Required to create a symbolic link. |
+| Audit Non Sensitive Privilege Use | SeIncreaseBasePriorityPrivilege: Increase scheduling priority | Required to increase the base priority of a process. With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. |
+| Audit Non Sensitive Privilege Use | SeIncreaseQuotaPrivilege: Adjust memory quotas for a process | Required to increase the quota assigned to a process. With this privilege, the user can change the maximum memory that can be consumed by a process. |
+| Audit Non Sensitive Privilege Use | SeIncreaseWorkingSetPrivilege: Increase a process working set | Required to allocate more memory for applications that run in the context of users. |
+| Audit Non Sensitive Privilege Use | SeLockMemoryPrivilege: Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). |
+| Audit Non Sensitive Privilege Use | SeMachineAccountPrivilege: Add workstations to domain | With this privilege, the user can create a computer account. This privilege is valid only on domain controllers. |
+| Audit Non Sensitive Privilege Use | SeManageVolumePrivilege: Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. |
+| Audit Non Sensitive Privilege Use | SeProfileSingleProcessPrivilege: Profile single process | Required to gather profiling information for a single process. With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. |
+| Audit Non Sensitive Privilege Use | SeRelabelPrivilege: Modify an object label | Required to modify the mandatory integrity level of an object. |
+| Audit Non Sensitive Privilege Use | SeRemoteShutdownPrivilege: Force shutdown from a remote system | Required to shut down a system using a network request. |
+| Audit Non Sensitive Privilege Use | SeShutdownPrivilege: Shut down the system | Required to shut down a local system. |
+| Audit Non Sensitive Privilege Use | SeSyncAgentPrivilege: Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers. With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. |
+| Audit Non Sensitive Privilege Use | SeSystemProfilePrivilege: Profile system performance | Required to gather profiling information for the entire system. With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. |
+| Audit Non Sensitive Privilege Use | SeSystemtimePrivilege: Change the system time | Required to modify the system time. With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. |
+| Audit Non Sensitive Privilege Use | SeTimeZonePrivilege: Change the time zone | Required to adjust the time zone associated with the computer's internal clock. |
+| Audit Non Sensitive Privilege Use | SeTrustedCredManAccessPrivilege: Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. |
+| Audit Non Sensitive Privilege Use | SeUndockPrivilege: Remove computer from docking station | Required to undock a laptop. With this privilege, the user can undock a portable computer from its docking station without logging on. |
| **Subcategory of event** | **Privilege Name: User Right Group Policy Name** | **Description** |
|-------------------------------|------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Audit Sensitive Privilege Use | SeAssignPrimaryTokenPrivilege: Replace a process-level token | Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. |
-| Audit Sensitive Privilege Use | SeAuditPrivilege: Generate security audits | With this privilege, the user can add entries to the security log. |
-| Audit Sensitive Privilege Use | SeCreateTokenPrivilege: Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. |
-| Audit Sensitive Privilege Use | SeDebugPrivilege: Debug programs | Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. |
-| Audit Sensitive Privilege Use | SeImpersonatePrivilege: Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. |
-| Audit Sensitive Privilege Use | SeLoadDriverPrivilege: Load and unload device drivers | Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. |
-| Audit Sensitive Privilege Use | SeLockMemoryPrivilege: Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). |
-| Audit Sensitive Privilege Use | SeSystemEnvironmentPrivilege: Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. |
-| Audit Sensitive Privilege Use | SeTcbPrivilege: Act as part of the operating system | This privilege identifies its holder as part of the trusted computer base. This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. |
-| Audit Sensitive Privilege Use | SeEnableDelegationPrivilege: Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation. With this privilege, the user can set the **Trusted for Deleg**ation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set. |
+| Audit Sensitive Privilege Use | SeAssignPrimaryTokenPrivilege: Replace a process-level token | Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. |
+| Audit Sensitive Privilege Use | SeAuditPrivilege: Generate security audits | With this privilege, the user can add entries to the security log. |
+| Audit Sensitive Privilege Use | SeCreateTokenPrivilege: Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. |
+| Audit Sensitive Privilege Use | SeDebugPrivilege: Debug programs | Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. |
+| Audit Sensitive Privilege Use | SeImpersonatePrivilege: Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. |
+| Audit Sensitive Privilege Use | SeLoadDriverPrivilege: Load and unload device drivers | Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. |
+| Audit Sensitive Privilege Use | SeLockMemoryPrivilege: Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). |
+| Audit Sensitive Privilege Use | SeSystemEnvironmentPrivilege: Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. |
+| Audit Sensitive Privilege Use | SeTcbPrivilege: Act as part of the operating system | This privilege identifies its holder as part of the trusted computer base. This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. |
+| Audit Sensitive Privilege Use | SeEnableDelegationPrivilege: Enable computer and user accounts to be trusted for delegation | Required to mark user and computer accounts as trusted for delegation. With this privilege, the user can set the **Trusted for Deleg**ation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the **Account cannot be delegated** account control flag set. |
## Security Monitoring Recommendations
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index b4146f681a..5781254277 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -157,42 +157,42 @@ Failure event generates when operation attempt fails.
| **Subcategory of event** | **Privilege Name: User Right Group Policy Name** | **Description** |
|-----------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Audit Non Sensitive Privilege Use | SeChangeNotifyPrivilege: Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. |
-| Audit Non Sensitive Privilege Use | SeCreateGlobalPrivilege: Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. |
-| Audit Non Sensitive Privilege Use | SeCreatePagefilePrivilege: Create a pagefile | With this privilege, the user can create and change the size of a pagefile. |
-| Audit Non Sensitive Privilege Use | SeCreatePermanentPrivilege: Create permanent shared objects | Required to create a permanent object. This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. |
-| Audit Non Sensitive Privilege Use | SeCreateSymbolicLinkPrivilege: Create symbolic links | Required to create a symbolic link. |
-| Audit Non Sensitive Privilege Use | SeIncreaseBasePriorityPrivilege: Increase scheduling priority | Required to increase the base priority of a process. With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. |
-| Audit Non Sensitive Privilege Use | SeIncreaseQuotaPrivilege: Adjust memory quotas for a process | Required to increase the quota assigned to a process. With this privilege, the user can change the maximum memory that can be consumed by a process. |
-| Audit Non Sensitive Privilege Use | SeIncreaseWorkingSetPrivilege: Increase a process working set | Required to allocate more memory for applications that run in the context of users. |
-| Audit Non Sensitive Privilege Use | SeLockMemoryPrivilege: Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). |
-| Audit Non Sensitive Privilege Use | SeMachineAccountPrivilege: Add workstations to domain | With this privilege, the user can create a computer account. This privilege is valid only on domain controllers. |
-| Audit Non Sensitive Privilege Use | SeManageVolumePrivilege: Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. |
-| Audit Non Sensitive Privilege Use | SeProfileSingleProcessPrivilege: Profile single process | Required to gather profiling information for a single process. With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. |
-| Audit Non Sensitive Privilege Use | SeRelabelPrivilege: Modify an object label | Required to modify the mandatory integrity level of an object. |
-| Audit Non Sensitive Privilege Use | SeRemoteShutdownPrivilege: Force shutdown from a remote system | Required to shut down a system using a network request. |
-| Audit Non Sensitive Privilege Use | SeShutdownPrivilege: Shut down the system | Required to shut down a local system. |
-| Audit Non Sensitive Privilege Use | SeSyncAgentPrivilege: Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers. With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. |
-| Audit Non Sensitive Privilege Use | SeSystemProfilePrivilege: Profile system performance | Required to gather profiling information for the entire system. With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. |
-| Audit Non Sensitive Privilege Use | SeSystemtimePrivilege: Change the system time | Required to modify the system time. With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. |
-| Audit Non Sensitive Privilege Use | SeTimeZonePrivilege: Change the time zone | Required to adjust the time zone associated with the computer's internal clock. |
-| Audit Non Sensitive Privilege Use | SeTrustedCredManAccessPrivilege: Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. |
-| Audit Non Sensitive Privilege Use | SeUndockPrivilege: Remove computer from docking station | Required to undock a laptop. With this privilege, the user can undock a portable computer from its docking station without logging on. |
+| Audit Non Sensitive Privilege Use | SeChangeNotifyPrivilege: Bypass traverse checking | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. |
+| Audit Non Sensitive Privilege Use | SeCreateGlobalPrivilege: Create global objects | Required to create named file mapping objects in the global namespace during Terminal Services sessions. |
+| Audit Non Sensitive Privilege Use | SeCreatePagefilePrivilege: Create a pagefile | With this privilege, the user can create and change the size of a pagefile. |
+| Audit Non Sensitive Privilege Use | SeCreatePermanentPrivilege: Create permanent shared objects | Required to create a permanent object. This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. |
+| Audit Non Sensitive Privilege Use | SeCreateSymbolicLinkPrivilege: Create symbolic links | Required to create a symbolic link. |
+| Audit Non Sensitive Privilege Use | SeIncreaseBasePriorityPrivilege: Increase scheduling priority | Required to increase the base priority of a process. With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. |
+| Audit Non Sensitive Privilege Use | SeIncreaseQuotaPrivilege: Adjust memory quotas for a process | Required to increase the quota assigned to a process. With this privilege, the user can change the maximum memory that can be consumed by a process. |
+| Audit Non Sensitive Privilege Use | SeIncreaseWorkingSetPrivilege: Increase a process working set | Required to allocate more memory for applications that run in the context of users. |
+| Audit Non Sensitive Privilege Use | SeLockMemoryPrivilege: Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). |
+| Audit Non Sensitive Privilege Use | SeMachineAccountPrivilege: Add workstations to domain | With this privilege, the user can create a computer account. This privilege is valid only on domain controllers. |
+| Audit Non Sensitive Privilege Use | SeManageVolumePrivilege: Perform volume maintenance tasks | Required to run maintenance tasks on a volume, such as remote defragmentation. |
+| Audit Non Sensitive Privilege Use | SeProfileSingleProcessPrivilege: Profile single process | Required to gather profiling information for a single process. With this privilege, the user can use performance monitoring tools to monitor the performance of non-system processes. |
+| Audit Non Sensitive Privilege Use | SeRelabelPrivilege: Modify an object label | Required to modify the mandatory integrity level of an object. |
+| Audit Non Sensitive Privilege Use | SeRemoteShutdownPrivilege: Force shutdown from a remote system | Required to shut down a system using a network request. |
+| Audit Non Sensitive Privilege Use | SeShutdownPrivilege: Shut down the system | Required to shut down a local system. |
+| Audit Non Sensitive Privilege Use | SeSyncAgentPrivilege: Synchronize directory service data | This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on the objects and properties. By default, it is assigned to the Administrator and LocalSystem accounts on domain controllers. With this privilege, the user can synchronize all directory service data. This is also known as Active Directory synchronization. |
+| Audit Non Sensitive Privilege Use | SeSystemProfilePrivilege: Profile system performance | Required to gather profiling information for the entire system. With this privilege, the user can use performance monitoring tools to monitor the performance of system processes. |
+| Audit Non Sensitive Privilege Use | SeSystemtimePrivilege: Change the system time | Required to modify the system time. With this privilege, the user can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. |
+| Audit Non Sensitive Privilege Use | SeTimeZonePrivilege: Change the time zone | Required to adjust the time zone associated with the computer's internal clock. |
+| Audit Non Sensitive Privilege Use | SeTrustedCredManAccessPrivilege: Access Credential Manager as a trusted caller | Required to access Credential Manager as a trusted caller. |
+| Audit Non Sensitive Privilege Use | SeUndockPrivilege: Remove computer from docking station | Required to undock a laptop. With this privilege, the user can undock a portable computer from its docking station without logging on. |
| **Subcategory of event** | **Privilege Name: User Right Group Policy Name** | **Description** |
|-------------------------------|-----------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Audit Sensitive Privilege Use | SeAssignPrimaryTokenPrivilege: Replace a process-level token | Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. |
-| Audit Sensitive Privilege Use | SeAuditPrivilege: Generate security audits | With this privilege, the user can add entries to the security log. |
-| Audit Sensitive Privilege Use | SeBackupPrivilege: Back up files and directories | - Required to perform backup operations. With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](https://msdn.microsoft.com/library/windows/desktop/ms721532(v=vs.85).aspx#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. The following access rights are granted if this privilege is held: READ\_CONTROL ACCESS\_SYSTEM\_SECURITY FILE\_GENERIC\_READ FILE\_TRAVERSE |
-| Audit Sensitive Privilege Use | SeCreateTokenPrivilege: Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. |
-| Audit Sensitive Privilege Use | SeDebugPrivilege: Debug programs | Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. |
-| Audit Sensitive Privilege Use | SeImpersonatePrivilege: Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. |
-| Audit Sensitive Privilege Use | SeLoadDriverPrivilege: Load and unload device drivers | Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. |
-| Audit Sensitive Privilege Use | SeLockMemoryPrivilege: Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). |
-| Audit Sensitive Privilege Use | SeRestorePrivilege: Restore files and directories | Required to perform restore operations. This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file. The following access rights are granted if this privilege is held: WRITE\_DAC WRITE\_OWNER ACCESS\_SYSTEM\_SECURITY FILE\_GENERIC\_WRITE FILE\_ADD\_FILE FILE\_ADD\_SUBDIRECTORY DELETE With this privilege, the user can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories and determines which users can set any valid security principal as the owner of an object. |
-| Audit Sensitive Privilege Use | SeSecurityPrivilege: Manage auditing and security log | Required to perform a number of security-related functions, such as controlling and viewing audit events in security event log. With this privilege, the user can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. A user with this privilege can also view and clear the security log. |
-| Audit Sensitive Privilege Use | SeSystemEnvironmentPrivilege: Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. |
-| Audit Sensitive Privilege Use | SeTakeOwnershipPrivilege: Take ownership of files or other objects | Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object. With this privilege, the user can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. |
+| Audit Sensitive Privilege Use | SeAssignPrimaryTokenPrivilege: Replace a process-level token | Required to assign the [*primary token*](https://msdn.microsoft.com/library/windows/desktop/ms721603(v=vs.85).aspx#_security_primary_token_gly) of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess. |
+| Audit Sensitive Privilege Use | SeAuditPrivilege: Generate security audits | With this privilege, the user can add entries to the security log. |
+| Audit Sensitive Privilege Use | SeBackupPrivilege: Back up files and directories | - Required to perform backup operations. With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This privilege causes the system to grant all read access control to any file, regardless of the [*access control list*](https://msdn.microsoft.com/library/windows/desktop/ms721532(v=vs.85).aspx#_security_access_control_list_gly) (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. The following access rights are granted if this privilege is held: READ\_CONTROL ACCESS\_SYSTEM\_SECURITY FILE\_GENERIC\_READ FILE\_TRAVERSE |
+| Audit Sensitive Privilege Use | SeCreateTokenPrivilege: Create a token object | Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it. |
+| Audit Sensitive Privilege Use | SeDebugPrivilege: Debug programs | Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components. |
+| Audit Sensitive Privilege Use | SeImpersonatePrivilege: Impersonate a client after authentication | With this privilege, the user can impersonate other accounts. |
+| Audit Sensitive Privilege Use | SeLoadDriverPrivilege: Load and unload device drivers | Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. |
+| Audit Sensitive Privilege Use | SeLockMemoryPrivilege: Lock pages in memory | Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). |
+| Audit Sensitive Privilege Use | SeRestorePrivilege: Restore files and directories | Required to perform restore operations. This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file. The following access rights are granted if this privilege is held: WRITE\_DAC WRITE\_OWNER ACCESS\_SYSTEM\_SECURITY FILE\_GENERIC\_WRITE FILE\_ADD\_FILE FILE\_ADD\_SUBDIRECTORY DELETE With this privilege, the user can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories and determines which users can set any valid security principal as the owner of an object. |
+| Audit Sensitive Privilege Use | SeSecurityPrivilege: Manage auditing and security log | Required to perform a number of security-related functions, such as controlling and viewing audit events in security event log. With this privilege, the user can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. A user with this privilege can also view and clear the security log. |
+| Audit Sensitive Privilege Use | SeSystemEnvironmentPrivilege: Modify firmware environment values | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. |
+| Audit Sensitive Privilege Use | SeTakeOwnershipPrivilege: Take ownership of files or other objects | Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object. With this privilege, the user can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. |
## Security Monitoring Recommendations
diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md
index 20ed1e1911..978d25bf39 100644
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@@ -1,6 +1,6 @@
---
title: 4675(S) SIDs were filtered. (Windows 10)
-description: Describes security event 4675(S) SIDs were filtered.
+description: Describes security event 4675(S) SIDs were filtered. This event is generated when SIDs were filtered for a specific Active Directory trust.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 55ace9419d..cba2f4eb49 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -1,6 +1,6 @@
---
title: 4688(S) A new process has been created. (Windows 10)
-description: Describes security event 4688(S) A new process has been created.
+description: Describes security event 4688(S) A new process has been created. This event is generated when a new process starts.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -206,9 +206,9 @@ For 4688(S): A new process has been created.
- It can be unusual for a process to run using a local account in either **Creator Subject\\Security ID** or in **Target** **Subject\\Security ID**.
-- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (1)** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol. Typically this means that UAC is disabled for this account for some reason.
+- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (1)** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol. Typically this means that UAC is disabled for this account for some reason.
-- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol. This means that a user ran a program using administrative privileges.
+- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn’t contain the $ symbol. This means that a user ran a program using administrative privileges.
- You can also monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when a computer object was used to run the process, but that computer object is not the same computer where the event occurs.
diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md
index cf6f0fce07..81c27d0423 100644
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@@ -1,6 +1,6 @@
---
title: 4689(S) A process has exited. (Windows 10)
-description: Describes security event 4689(S) A process has exited.
+description: Describes security event 4689(S) A process has exited. This event is generates when a process exits.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md
index d848e88861..a6f3256c16 100644
--- a/windows/security/threat-protection/auditing/event-4698.md
+++ b/windows/security/threat-protection/auditing/event-4698.md
@@ -1,6 +1,6 @@
---
title: 4698(S) A scheduled task was created. (Windows 10)
-description: Describes security event 4698(S) A scheduled task was created.
+description: Describes security event 4698(S) A scheduled task was created. This event is generated when a scheduled task is created.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md
index 280aad111e..35eccf157c 100644
--- a/windows/security/threat-protection/auditing/event-4699.md
+++ b/windows/security/threat-protection/auditing/event-4699.md
@@ -1,6 +1,6 @@
---
title: 4699(S) A scheduled task was deleted. (Windows 10)
-description: Describes security event 4699(S) A scheduled task was deleted.
+description: Describes security event 4699(S) A scheduled task was deleted. This event is generated every time a scheduled task is deleted.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md
index a53997c7b8..7de372086e 100644
--- a/windows/security/threat-protection/auditing/event-4700.md
+++ b/windows/security/threat-protection/auditing/event-4700.md
@@ -1,6 +1,6 @@
---
title: 4700(S) A scheduled task was enabled. (Windows 10)
-description: Describes security event 4700(S) A scheduled task was enabled.
+description: Describes security event 4700(S) A scheduled task was enabled. This event is generated every time a scheduled task is enabled.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md
index d1991b0941..efe36fcc4d 100644
--- a/windows/security/threat-protection/auditing/event-4701.md
+++ b/windows/security/threat-protection/auditing/event-4701.md
@@ -1,6 +1,6 @@
---
title: 4701(S) A scheduled task was disabled. (Windows 10)
-description: Describes security event 4701(S) A scheduled task was disabled.
+description: Describes security event 4701(S) A scheduled task was disabled. This event is generated every time a scheduled task is disabled.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md
index 01ef0250a8..4ae828770c 100644
--- a/windows/security/threat-protection/auditing/event-4702.md
+++ b/windows/security/threat-protection/auditing/event-4702.md
@@ -1,6 +1,6 @@
---
title: 4702(S) A scheduled task was updated. (Windows 10)
-description: Describes security event 4702(S) A scheduled task was updated.
+description: Describes security event 4702(S) A scheduled task was updated. This event is generated when a scheduled task is updated/changed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index 9e2056f25d..7483483ea2 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -1,6 +1,6 @@
---
title: 4703(S) A user right was adjusted. (Windows 10)
-description: Describes security event 4703(S) A user right was adjusted.
+description: Describes security event 4703(S) A user right was adjusted. This event is generated when token privileges are enabled or disabled for a specific account.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md
index 7db8499254..bc3e9d5c3a 100644
--- a/windows/security/threat-protection/auditing/event-4704.md
+++ b/windows/security/threat-protection/auditing/event-4704.md
@@ -1,6 +1,6 @@
---
title: 4704(S) A user right was assigned. (Windows 10)
-description: Describes security event 4704(S) A user right was assigned.
+description: Describes security event 4704(S) A user right was assigned. This event is generated when a user right is assigned to an account.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md
index a89086caee..5b337c9941 100644
--- a/windows/security/threat-protection/auditing/event-4705.md
+++ b/windows/security/threat-protection/auditing/event-4705.md
@@ -1,6 +1,6 @@
---
title: 4705(S) A user right was removed. (Windows 10)
-description: Describes security event 4705(S) A user right was removed.
+description: Describes security event 4705(S) A user right was removed. This event is generated when a user right is removed from an account.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md
index c566c246bf..2a57c47db5 100644
--- a/windows/security/threat-protection/auditing/event-4706.md
+++ b/windows/security/threat-protection/auditing/event-4706.md
@@ -1,6 +1,6 @@
---
title: 4706(S) A new trust was created to a domain. (Windows 10)
-description: Describes security event 4706(S) A new trust was created to a domain.
+description: Describes security event 4706(S) A new trust was created to a domain. This event is generated when a new trust is created for a domain.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md
index f998718c41..dc7e2f5419 100644
--- a/windows/security/threat-protection/auditing/event-4707.md
+++ b/windows/security/threat-protection/auditing/event-4707.md
@@ -1,6 +1,6 @@
---
title: 4707(S) A trust to a domain was removed. (Windows 10)
-description: Describes security event 4707(S) A trust to a domain was removed.
+description: Describes security event 4707(S) A trust to a domain was removed. This event is generated when a domain trust is removed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md
index a4809630b7..69c6f2f153 100644
--- a/windows/security/threat-protection/auditing/event-4713.md
+++ b/windows/security/threat-protection/auditing/event-4713.md
@@ -1,6 +1,6 @@
---
title: 4713(S) Kerberos policy was changed. (Windows 10)
-description: Describes security event 4713(S) Kerberos policy was changed.
+description: Describes security event 4713(S) Kerberos policy was changed. This event is generated when Kerberos policy is changed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md
index 4498dfe0fc..e634cf0bbf 100644
--- a/windows/security/threat-protection/auditing/event-4719.md
+++ b/windows/security/threat-protection/auditing/event-4719.md
@@ -1,6 +1,6 @@
---
title: 4719(S) System audit policy was changed. (Windows 10)
-description: Describes security event 4719(S) System audit policy was changed.
+description: Describes security event 4719(S) System audit policy was changed. This event is generated when the computer audit policy changes.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md
index fffcee9e09..d18fd86200 100644
--- a/windows/security/threat-protection/auditing/event-4720.md
+++ b/windows/security/threat-protection/auditing/event-4720.md
@@ -1,6 +1,6 @@
---
title: 4720(S) A user account was created. (Windows 10)
-description: Describes security event 4720(S) A user account was created.
+description: Describes security event 4720(S) A user account was created. This event is generated a user object is created.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md
index 2029ba7eae..97a958aba9 100644
--- a/windows/security/threat-protection/auditing/event-4722.md
+++ b/windows/security/threat-protection/auditing/event-4722.md
@@ -1,6 +1,6 @@
---
title: 4722(S) A user account was enabled. (Windows 10)
-description: Describes security event 4722(S) A user account was enabled.
+description: Describes security event 4722(S) A user account was enabled. This event is generated when a user or computer object is enabled.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md
index e1103b365e..c1bdc4c1f4 100644
--- a/windows/security/threat-protection/auditing/event-4725.md
+++ b/windows/security/threat-protection/auditing/event-4725.md
@@ -1,6 +1,6 @@
---
title: 4725(S) A user account was disabled. (Windows 10)
-description: Describes security event 4725(S) A user account was disabled.
+description: Describes security event 4725(S) A user account was disabled. This event is generated when a user or computer object is disabled.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md
index 5d48cc9ae6..ae0997e85e 100644
--- a/windows/security/threat-protection/auditing/event-4726.md
+++ b/windows/security/threat-protection/auditing/event-4726.md
@@ -1,6 +1,6 @@
---
title: 4726(S) A user account was deleted. (Windows 10)
-description: Describes security event 4726(S) A user account was deleted.
+description: Describes security event 4726(S) A user account was deleted. This event is generated when a user object is deleted.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index e9761cde7b..3ad4e0bb93 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -1,6 +1,6 @@
---
title: 4738(S) A user account was changed. (Windows 10)
-description: Describes security event 4738(S) A user account was changed.
+description: Describes security event 4738(S) A user account was changed. This event is generated when a user object is changed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -32,7 +32,7 @@ This event generates on domain controllers, member servers, and workstations.
For each change, a separate 4738 event will be generated.
-You might see this event without any changes inside, that is, where all **Changed Attributes** apear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4738 event will generate, but all attributes will be “-“.
+You might see this event without any changes inside, that is, where all **Changed Attributes** appear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4738 event will generate, but all attributes will be “-“.
Some changes do not invoke a 4738 event.
diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md
index 9d9732a82c..644aa94187 100644
--- a/windows/security/threat-protection/auditing/event-4739.md
+++ b/windows/security/threat-protection/auditing/event-4739.md
@@ -1,6 +1,6 @@
---
title: 4739(S) Domain Policy was changed. (Windows 10)
-description: Describes security event 4739(S) Domain Policy was changed.
+description: Describes security event 4739(S) Domain Policy was changed. This event is generated when certain changes are made to the local computer security policy.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md
index 95cdfe7ee6..68838caedf 100644
--- a/windows/security/threat-protection/auditing/event-4740.md
+++ b/windows/security/threat-protection/auditing/event-4740.md
@@ -1,6 +1,6 @@
---
title: 4740(S) A user account was locked out. (Windows 10)
-description: Describes security event 4740(S) A user account was locked out.
+description: Describes security event 4740(S) A user account was locked out. This event is generated every time a user account is locked out.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index ef907d69b0..22809b4f8f 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -1,6 +1,6 @@
---
title: 4741(S) A computer account was created. (Windows 10)
-description: Describes security event 4741(S) A computer account was created.
+description: Describes security event 4741(S) A computer account was created. This event is generated every time a computer object is created.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -242,7 +242,7 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT
- **DNS Host Name** \[Type = UnicodeString\]: name of computer account as registered in DNS. The value of **dNSHostName** attribute of new computer object. For manually created computer account objects this field has value “**-**“.
-- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. For new computer accounts it will typically contain HOST SPNs and RestrictedKrbHost SPNs. The value of **servicePrincipalName** attribute of new computer object. For manually created computer objects it is typically equals “**-**“. This is an example of **Service Principal Names** field for new domain joined workstation:
+- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. For new computer accounts it will typically contain HOST SPNs and RestrictedKrbHost SPNs. The value of **servicePrincipalName** attribute of new computer object. For manually created computer objects it is typically equals “**-**“. This is an example of **Service Principal Names** field for new domain joined workstation:
HOST/Win81.contoso.local
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index b39135ee00..0d9f50526b 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -1,6 +1,6 @@
---
title: 4742(S) A computer account was changed. (Windows 10)
-description: Describes security event 4742(S) A computer account was changed.
+description: Describes security event 4742(S) A computer account was changed. This event is generated every time a computer object is changed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -36,7 +36,7 @@ For each change, a separate 4742 event will be generated.
Some changes do not invoke a 4742 event, for example, changes made using Active Directory Users and Computers management console in **Managed By** tab in computer account properties.
-You might see this event without any changes inside, that is, where all **Changed Attributes** apear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, this would happen if you change the **Description** of a group object using the Active Directory Users and Computers administrative console. Also, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4742 event will generate, but all attributes will be “-“.
+You might see this event without any changes inside, that is, where all **Changed Attributes** appear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, this would happen if you change the **Description** of a group object using the Active Directory Users and Computers administrative console. Also, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4742 event will generate, but all attributes will be “-“.
***Important*:** If you manually change any user-related setting or attribute, for example if you set the SMARTCARD\_REQUIRED flag in **userAccountControl** for the computer account, then the **sAMAccountType** of the computer account will be changed to NORMAL\_USER\_ACCOUNT and you will get “[4738](event-4738.md): A user account was changed” instead of 4742 for this computer account. Essentially, the computer account will “become” a user account. For NORMAL\_USER\_ACCOUNT you will always get events from [Audit User Account Management](audit-user-account-management.md) subcategory. We strongly recommend that you avoid changing any user-related settings manually for computer objects.
@@ -243,7 +243,7 @@ So this UAC flags value decodes to: LOCKOUT and SCRIPT
- **Service Principal Names** \[Type = UnicodeString\]**:** The list of SPNs, registered for computer account. If the SPN list of a computer account changed, you will see the new SPN list in **Service Principal Names** field (note that you will see the new list instead of changes). If the value of **servicePrincipalName** attribute of computer object was changed, you will see the new value here.
- Here is an example of **Service Principal Names** field for new domain joined workstation in event 4742 on domain controller, after workstation reboots:
+ Here is an example of **Service Principal Names** field for new domain joined workstation in event 4742 on domain controller, after workstation reboots:
HOST/Win81.contoso.local
diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md
index 3fc25787d1..3cc90698fb 100644
--- a/windows/security/threat-protection/auditing/event-4743.md
+++ b/windows/security/threat-protection/auditing/event-4743.md
@@ -1,6 +1,6 @@
---
title: 4743(S) A computer account was deleted. (Windows 10)
-description: Describes security event 4743(S) A computer account was deleted.
+description: Describes security event 4743(S) A computer account was deleted. This event is generated every time a computer object is deleted.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md
index 28f41dff94..86df9d9645 100644
--- a/windows/security/threat-protection/auditing/event-4764.md
+++ b/windows/security/threat-protection/auditing/event-4764.md
@@ -1,6 +1,6 @@
---
title: 4764(S) A group's type was changed. (Windows 10)
-description: Describes security event 4764(S) A group’s type was changed.
+description: "Describes security event 4764(S) A group's type was changed. This event is generated when the type of a group is changed."
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md
index c5310d9f72..3ea2c4e756 100644
--- a/windows/security/threat-protection/auditing/event-4765.md
+++ b/windows/security/threat-protection/auditing/event-4765.md
@@ -1,6 +1,6 @@
---
title: 4765(S) SID History was added to an account. (Windows 10)
-description: Describes security event 4765(S) SID History was added to an account.
+description: Describes security event 4765(S) SID History was added to an account. This event is generated when SID History is added to an account.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md
index e5f3f71068..87baefbc54 100644
--- a/windows/security/threat-protection/auditing/event-4767.md
+++ b/windows/security/threat-protection/auditing/event-4767.md
@@ -1,6 +1,6 @@
---
title: 4767(S) A user account was unlocked. (Windows 10)
-description: Describes security event 4767(S) A user account was unlocked.
+description: Describes security event 4767(S) A user account was unlocked. This event is generated every time a user account is unlocked.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index d8e637e093..af44f02711 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -1,6 +1,6 @@
---
title: 4771(F) Kerberos pre-authentication failed. (Windows 10)
-description: Describes security event 4771(F) Kerberos pre-authentication failed.
+description: Describes security event 4771(F) Kerberos pre-authentication failed. This event is generated when the Key Distribution Center fails to issue a Kerberos TGT.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index df9ff558e3..21a33e20a2 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -1,6 +1,6 @@
---
title: 4774(S, F) An account was mapped for logon. (Windows 10)
-description: Describes security event 4774(S, F) An account was mapped for logon.
+description: Describes security event 4774(S, F) An account was mapped for logon. This event is generated when an account is mapped for logon.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index 042f226a20..a48651e686 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -1,6 +1,6 @@
---
title: 4781(S) The name of an account was changed. (Windows 10)
-description: Describes security event 4781(S) The name of an account was changed.
+description: Describes security event 4781(S) The name of an account was changed. This event is generated every time a user or computer account name is changed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index e661f5ed3d..b0be9a0f3a 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -1,6 +1,6 @@
---
title: 4800(S) The workstation was locked. (Windows 10)
-description: Describes security event 4800(S) The workstation was locked.
+description: Describes security event 4800(S) The workstation was locked. This event is generated when a workstation is locked.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index 937d79b878..61e2682379 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -1,6 +1,6 @@
---
title: 4801(S) The workstation was unlocked. (Windows 10)
-description: Describes security event 4801(S) The workstation was unlocked.
+description: Describes security event 4801(S) The workstation was unlocked. This event is generated when workstation is unlocked.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index 41f5ba4f6e..a00ead7497 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -1,6 +1,6 @@
---
title: 4802(S) The screen saver was invoked. (Windows 10)
-description: Describes security event 4802(S) The screen saver was invoked.
+description: Describes security event 4802(S) The screen saver was invoked. This event is generated when screen saver is invoked.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index c50d78d76c..0354849e13 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -1,6 +1,6 @@
---
title: 4803(S) The screen saver was dismissed. (Windows 10)
-description: Describes security event 4803(S) The screen saver was dismissed.
+description: Describes security event 4803(S) The screen saver was dismissed. This event is generated when screen saver is dismissed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 4e45693aaa..3729924d93 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -1,6 +1,6 @@
---
title: 4826(S) Boot Configuration Data loaded. (Windows 10)
-description: Describes security event 4826(S) Boot Configuration Data loaded.
+description: Describes security event 4826(S) Boot Configuration Data loaded. This event is generated every time system starts and loads Boot Configuration Data settings.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index 62ced88fe8..5556b207b5 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -1,6 +1,6 @@
---
title: 4864(S) A namespace collision was detected. (Windows 10)
-description: Describes security event 4864(S) A namespace collision was detected.
+description: Describes security event 4864(S) A namespace collision was detected. This event is generated when a namespace collision is detected.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index 34454c6d14..6610d670eb 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -285,5 +285,5 @@ For 4907(S): Auditing settings on object were changed.
- If you have critical file or registry objects and you need to monitor all modifications (especially changes in SACL), monitor for specific “**Object\\Object Name”**.
-- If you have high-value computers for which you need to monitor all changes for all or specific file or registry objects, monitor for all [4907](event-4907.md) events on these computers.
+- If you have high-value computers for which you need to monitor all changes for all or specific file or registry objects, monitor for all [4907](event-4907.md) events on these computers.
diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md
index 847263668e..7573adb5f7 100644
--- a/windows/security/threat-protection/auditing/event-4908.md
+++ b/windows/security/threat-protection/auditing/event-4908.md
@@ -1,6 +1,6 @@
---
title: 4908(S) Special Groups Logon table modified. (Windows 10)
-description: Describes security event 4908(S) Special Groups Logon table modified.
+description: Describes security event 4908(S) Special Groups Logon table modified. This event is generated when the Special Groups Logon table is modified.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md
index 4e98d50f44..cf141b9a2d 100644
--- a/windows/security/threat-protection/auditing/event-4912.md
+++ b/windows/security/threat-protection/auditing/event-4912.md
@@ -1,6 +1,6 @@
---
title: 4912(S) Per User Audit Policy was changed. (Windows 10)
-description: Describes security event 4912(S) Per User Audit Policy was changed.
+description: Describes security event 4912(S) Per User Audit Policy was changed. This event is generated every time Per User Audit Policy is changed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md
index 18964e5c16..c9e2159bc0 100644
--- a/windows/security/threat-protection/auditing/event-4935.md
+++ b/windows/security/threat-protection/auditing/event-4935.md
@@ -1,6 +1,6 @@
---
title: 4935(F) Replication failure begins. (Windows 10)
-description: Describes security event 4935(F) Replication failure begins.
+description: Describes security event 4935(F) Replication failure begins. This event is generated when Active Directory replication failure begins.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md
index 214811e890..d9d60e43be 100644
--- a/windows/security/threat-protection/auditing/event-4936.md
+++ b/windows/security/threat-protection/auditing/event-4936.md
@@ -1,6 +1,6 @@
---
title: 4936(S) Replication failure ends. (Windows 10)
-description: Describes security event 4936(S) Replication failure ends.
+description: Describes security event 4936(S) Replication failure ends. This event is generated when Active Directory replication failure ends.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md
index 43677f0e97..1f6c100b8d 100644
--- a/windows/security/threat-protection/auditing/event-5039.md
+++ b/windows/security/threat-protection/auditing/event-5039.md
@@ -1,6 +1,6 @@
---
title: 5039(-) A registry key was virtualized. (Windows 10)
-description: Describes security event 5039(-) A registry key was virtualized.
+description: Describes security event 5039(-) A registry key was virtualized. This event is generated when a registry key is virtualized using LUAFV.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md
index adfb677ffd..0bf8362113 100644
--- a/windows/security/threat-protection/auditing/event-5051.md
+++ b/windows/security/threat-protection/auditing/event-5051.md
@@ -1,6 +1,6 @@
---
title: 5051(-) A file was virtualized. (Windows 10)
-description: Describes security event 5051(-) A file was virtualized.
+description: Describes security event 5051(-) A file was virtualized. This event is generated when a file is virtualized using LUAFV.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md
index 508bb9d381..008ecb3292 100644
--- a/windows/security/threat-protection/auditing/event-5058.md
+++ b/windows/security/threat-protection/auditing/event-5058.md
@@ -1,6 +1,6 @@
---
title: 5058(S, F) Key file operation. (Windows 10)
-description: Describes security event 5058(S, F) Key file operation.
+description: Describes security event 5058(S, F) Key file operation. This event is generated when an operation is performed on a file that contains a KSP key.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md
index e3f73073f3..096fcfe2c9 100644
--- a/windows/security/threat-protection/auditing/event-5059.md
+++ b/windows/security/threat-protection/auditing/event-5059.md
@@ -1,6 +1,6 @@
---
title: 5059(S, F) Key migration operation. (Windows 10)
-description: Describes security event 5059(S, F) Key migration operation.
+description: Describes security event 5059(S, F) Key migration operation. This event is generated when a cryptographic key is exported/imported using a Key Storage Provider.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md
index bd0414e3ca..96344c475f 100644
--- a/windows/security/threat-protection/auditing/event-5060.md
+++ b/windows/security/threat-protection/auditing/event-5060.md
@@ -1,6 +1,6 @@
---
title: 5060(F) Verification operation failed. (Windows 10)
-description: Describes security event 5060(F) Verification operation failed.
+description: Describes security event 5060(F) Verification operation failed. This event is generated in case of CNG verification operation failure.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md
index 271b5d582b..d283324906 100644
--- a/windows/security/threat-protection/auditing/event-5061.md
+++ b/windows/security/threat-protection/auditing/event-5061.md
@@ -1,6 +1,6 @@
---
title: 5061(S, F) Cryptographic operation. (Windows 10)
-description: Describes security event 5061(S, F) Cryptographic operation.
+description: Describes security event 5061(S, F) Cryptographic operation. This event is generated when a cryptographic operation is performed using a Key Storage Provider.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index a4f705ba93..3d3d5152cc 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -145,7 +145,7 @@ For 5140(S, F): A network share object was accessed.
> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
-- If you have high-value computers for which you need to monitor all access to all shares or specific shares (“**Share Name**”), monitor this event. For example, you could monitor share **C$** on domain controllers.
+- If you have high-value computers for which you need to monitor all access to all shares or specific shares (“**Share Name**”), monitor this event. For example, you could monitor share **C$** on domain controllers.
- Monitor this event if the **Network Information\\Source Address** is not from your internal IP range.
diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md
index 858e4a608f..fdb2fe2741 100644
--- a/windows/security/threat-protection/auditing/event-5142.md
+++ b/windows/security/threat-protection/auditing/event-5142.md
@@ -1,6 +1,6 @@
---
title: 5142(S) A network share object was added. (Windows 10)
-description: Describes security event 5142(S) A network share object was added.
+description: Describes security event 5142(S) A network share object was added. This event is generated when a network share object is added.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -104,7 +104,7 @@ For 5142(S): A network share object was added.
> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
-- If you have high-value computers for which you need to monitor creation of new file shares, monitor this event. For example, you could monitor domain controllers.
+- If you have high-value computers for which you need to monitor creation of new file shares, monitor this event. For example, you could monitor domain controllers.
- We recommend checking “**Share Path**”, because it should not point to system directories, such as **C:\\Windows** or **C:\\**, or to critical local folders which contain private or high value information.
diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md
index c7f46521ae..a62699a745 100644
--- a/windows/security/threat-protection/auditing/event-5143.md
+++ b/windows/security/threat-protection/auditing/event-5143.md
@@ -1,6 +1,6 @@
---
title: 5143(S) A network share object was modified. (Windows 10)
-description: Describes security event 5143(S) A network share object was modified.
+description: Describes security event 5143(S) A network share object was modified. This event is generated when a network share object is modified.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -259,5 +259,5 @@ For 5143(S): A network share object was modified.
> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
-- If you have high-value computers for which you need to monitor all modifications to all shares or specific shares (“**Share Name**”), monitor this event. For example, you could monitor all changes to the SYSVOL share on domain controllers.
+- If you have high-value computers for which you need to monitor all modifications to all shares or specific shares (“**Share Name**”), monitor this event. For example, you could monitor all changes to the SYSVOL share on domain controllers.
diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md
index 4c20a34092..581c19e3c9 100644
--- a/windows/security/threat-protection/auditing/event-5144.md
+++ b/windows/security/threat-protection/auditing/event-5144.md
@@ -1,6 +1,6 @@
---
title: 5144(S) A network share object was deleted. (Windows 10)
-description: Describes security event 5144(S) A network share object was deleted.
+description: Describes security event 5144(S) A network share object was deleted. This event is generated when a network share object is deleted.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -106,5 +106,5 @@ For 5144(S): A network share object was deleted.
- If you have critical network shares for which you need to monitor all changes (especially, the deletion of that share), monitor for specific “**Share Information\\Share Name”.**
-- If you have high-value computers for which you need to monitor all changes (especially, deletion of file shares), monitor for all [5144](event-5144.md) events on these computers. For example, you could monitor file shares on domain controllers.
+- If you have high-value computers for which you need to monitor all changes (especially, deletion of file shares), monitor for all [5144](event-5144.md) events on these computers. For example, you could monitor file shares on domain controllers.
diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md
index 9889690df3..fcc35ba385 100644
--- a/windows/security/threat-protection/auditing/event-5168.md
+++ b/windows/security/threat-protection/auditing/event-5168.md
@@ -1,6 +1,6 @@
---
title: 5168(F) SPN check for SMB/SMB2 failed. (Windows 10)
-description: Describes security event 5168(F) SPN check for SMB/SMB2 failed.
+description: Describes security event 5168(F) SPN check for SMB/SMB2 failed. This event is generated when an SMB SPN check fails.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md
index 396bf6af15..ca5e8e02d6 100644
--- a/windows/security/threat-protection/auditing/event-6407.md
+++ b/windows/security/threat-protection/auditing/event-6407.md
@@ -1,6 +1,6 @@
---
title: 6407(-) 1%. (Windows 10)
-description: Describes security event 6407(-) 1%.
+description: Describes security event 6407(-) 1%. This is a BranchCache event, which is outside the scope of this document.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md
index 37b3ec6aaf..2ede6f7fce 100644
--- a/windows/security/threat-protection/auditing/event-6420.md
+++ b/windows/security/threat-protection/auditing/event-6420.md
@@ -1,6 +1,6 @@
---
title: 6420(S) A device was disabled. (Windows 10)
-description: Describes security event 6420(S) A device was disabled.
+description: Describes security event 6420(S) A device was disabled. This event is generated when a specific device is disabled.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md
index 5c4de3d822..606f0228a6 100644
--- a/windows/security/threat-protection/auditing/event-6422.md
+++ b/windows/security/threat-protection/auditing/event-6422.md
@@ -1,6 +1,6 @@
---
title: 6422(S) A device was enabled. (Windows 10)
-description: Describes security event 6422(S) A device was enabled.
+description: Describes security event 6422(S) A device was enabled. This event is generated when a specific device is enabled.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md
index 5a7b38d9c1..42a1f36edd 100644
--- a/windows/security/threat-protection/auditing/other-events.md
+++ b/windows/security/threat-protection/auditing/other-events.md
@@ -1,6 +1,6 @@
---
title: Other Events (Windows 10)
-description: Describes the Other Events auditing subcategory.
+description: Describes the Other Events auditing subcategory, which includes events that are generated automatically and enabled by default.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
index bddb29f760..2bc61ffce1 100644
--- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
@@ -2,7 +2,6 @@
title: Plan and deploy advanced security audit policies (Windows 10)
description: Learn to deploy an effective security audit policy in a network that includes advanced security audit policies.
ms.assetid: 7428e1db-aba8-407b-a39e-509671e5a442
-
ms.reviewer:
ms.author: dansimp
ms.prod: w10
diff --git a/windows/security/threat-protection/device-guard/memory-integrity.md b/windows/security/threat-protection/device-guard/memory-integrity.md
index 7cdda06143..3ebdf7bf95 100644
--- a/windows/security/threat-protection/device-guard/memory-integrity.md
+++ b/windows/security/threat-protection/device-guard/memory-integrity.md
@@ -1,9 +1,8 @@
---
title: Memory integrity
keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
-description: Memory integrity.
+description: Learn about memory integrity, a feature of Windows that ensures code running in the Windows kernel is securely designed and trustworthy.
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index 725e9d2023..d594900ce7 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -42,7 +42,7 @@ The following tables provide more information about the hardware, firmware, and
| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | See the System.Fundamentals.Firmware.UEFISecureBoot requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Systems download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies). | UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. |
| Firmware: **Secure firmware update process** | UEFI firmware must support secure firmware update found under the System.Fundamentals.Firmware.UEFISecureBoot requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Systems download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies). | UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
| Software: **HVCI compatible drivers** | See the Filter.Driver.DeviceGuard.DriverCompatibility requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Filter driver download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies). | [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. |
-| Software: Qualified **Windows operating system** | Windows 10 Enterprise, Windows 10 Pro, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
Important: Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.
| Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
+| Software: Qualified **Windows operating system** | Windows 10 Enterprise, Windows 10 Pro, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
Important: Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.
| Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
> **Important** The following tables list additional qualifications for improved security. You can use Windows Defender Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting these additional qualifications to significantly strengthen the level of security that Windows Defender Device Guard can provide.
@@ -75,6 +75,6 @@ The following tables describe additional hardware and firmware qualifications, a
| Protections for Improved Security | Description | Security benefits |
|---------------------------------------------|----------------------------------------------------|------|
-| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. • UEFI runtime service must meet these requirements: • Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. • PE sections need to be page-aligned in memory (not required for in non-volitile storage). • The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS: • All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both • No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.
Notes: • This only applies to UEFI runtime service memory, and not UEFI boot service memory. • This protection is applied by VBS on OS page tables.
Please also note the following: • Do not use sections that are both writeable and executable • Do not attempt to directly modify executable system memory • Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) • Reduces the attack surface to VBS from system firmware. |
+| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. • UEFI runtime service must meet these requirements: • Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. • PE sections need to be page-aligned in memory (not required for in non-volitile storage). • The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS: • All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both • No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.
Notes: • This only applies to UEFI runtime service memory, and not UEFI boot service memory. • This protection is applied by VBS on OS page tables.
Please also note the following: • Do not use sections that are both writeable and executable • Do not attempt to directly modify executable system memory • Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) • Reduces the attack surface to VBS from system firmware. |
| Firmware: **Firmware support for SMM protection** | The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.| • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) • Reduces the attack surface to VBS from system firmware. • Blocks additional security attacks against SMM. |
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 7bc3af8993..262058bf1d 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -102,10 +102,10 @@ Validated Editions: Home, Pro, Enterprise, Education
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
Version 10.0.15063
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434
Version 7.00.2872
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433
Version 8.00.6246
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
-
CTR ( int only; 128 , 192 , 256 )
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
+
CTR ( int only; 128 , 192 , 256 )
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431
Version 7.00.2872
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
-
CTR ( int only; 128 , 192 , 256 )
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
+
CTR ( int only; 128 , 192 , 256 )
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430
Version 8.00.6246
-
CBC ( e/d; 128 , 192 , 256 );
-
CFB128 ( e/d; 128 , 192 , 256 );
-
OFB ( e/d; 128 , 192 , 256 );
-
CTR ( int only; 128 , 192 , 256 )
+
CBC ( e/d; 128 , 192 , 256 );
+
CFB128 ( e/d; 128 , 192 , 256 );
+
OFB ( e/d; 128 , 192 , 256 );
+
CTR ( int only; 128 , 192 , 256 )
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
Version 10.0.14393
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
-
CFB8 ( e/d; 128 , 192 , 256 );
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
+
CFB8 ( e/d; 128 , 192 , 256 );
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
Version 10.0.14393
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653
Version 10.0.10586
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
-
CFB8 ( e/d; 128 , 192 , 256 );
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
+
CFB8 ( e/d; 128 , 192 , 256 );
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
Version 10.0.10586
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
Version 10.0.10240
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
-
CFB8 ( e/d; 128 , 192 , 256 );
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
+
CFB8 ( e/d; 128 , 192 , 256 );
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
Version 10.0.10240
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
-
CFB8 ( e/d; 128 , 192 , 256 );
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
+
CFB8 ( e/d; 128 , 192 , 256 );
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
-
CFB8 ( e/d; 128 , 192 , 256 );
-
CFB128 ( e/d; 128 , 192 , 256 );
-
CTR ( int only; 128 , 192 , 256 )
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
+
CFB8 ( e/d; 128 , 192 , 256 );
+
CFB128 ( e/d; 128 , 192 , 256 );
+
CTR ( int only; 128 , 192 , 256 )
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197
-
ECB ( e/d; 128 , 192 , 256 );
-
CBC ( e/d; 128 , 192 , 256 );
-
CFB8 ( e/d; 128 , 192 , 256 );
+
ECB ( e/d; 128 , 192 , 256 );
+
CBC ( e/d; 128 , 192 , 256 );
+
CFB8 ( e/d; 128 , 192 , 256 );
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
FIPS186-4:
+PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
SHS: #1903
DRBG: #258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
FIPS186-2:
+PQG(ver) MOD(1024);
+SIG(ver) MOD(1024);
SHS: #1902
DRBG: #258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
-
FIPS186-2:
-SIG(ver) MOD(1024);
+
FIPS186-2:
+SIG(ver) MOD(1024);
SHS: Val# 1773
DRBG: Val# 193
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
@@ -3265,16 +3265,16 @@ Some of the previously validated components for this validation have been remove
Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385
-
FIPS186-2:
-SIG(ver) MOD(1024);
+
FIPS186-2:
+SIG(ver) MOD(1024);
SHS: Val# 753
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.
FIPS186-2:
+SIG(ver) MOD(1024);
SHS: Val# 784
RNG: Val# 448
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.
Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
-
FIPS186-2:
-SIG(ver) MOD(1024);
+
FIPS186-2:
+SIG(ver) MOD(1024);
SHS: Val# 783
RNG: Val# 447
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: #1903
+DRBG: #258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341
FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#1773
+DRBG: Val# 193
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#1081
+DRBG: Val# 23
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#1081
+DRBG: Val# 23
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.
Windows Server 2008 R2 and SP1 CNG algorithms #142
FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#753
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#753
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.
FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#618
+RNG: Val# 321
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#618
+RNG: Val# 321
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36
-
KAS (SP 800–56A)
+
KAS (SP 800–56A)
key agreement
key establishment methodology provides 80 to 256 bits of encryption strength
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
@@ -5087,34 +5087,34 @@ Random Number Generator (RNG)
-
Modes / States / Key Sizes
-
Algorithm Implementation and Certificate #
+
Modes / States / Key Sizes
+
Algorithm Implementation and Certificate #
-
FIPS 186-2 General Purpose
-
[ (x-Original); (SHA-1) ]
+
FIPS 186-2 General Purpose
+
[ (x-Original); (SHA-1) ]
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
-
FIPS 186-2
-[ (x-Original); (SHA-1) ]
+
FIPS 186-2
+[ (x-Original); (SHA-1) ]
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060
Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292
Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286
Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66
-
FIPS 186-2
-[ (x-Change Notice); (SHA-1) ]
-
FIPS 186-2 General Purpose
-[ (x-Change Notice); (SHA-1) ]
+
FIPS 186-2
+[ (x-Change Notice); (SHA-1) ]
+
FIPS 186-2 General Purpose
+[ (x-Change Notice); (SHA-1) ]
Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649
Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195
soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
-
FIPS186-2:
-ALG[ANSIX9.31]:
+
FIPS186-2:
+ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.
Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.
Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.
Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
-
FIPS186-2:
+
FIPS186-2:
ALG[ANSIX9.31]:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
-
FIPS186-2:
-ALG[ANSIX9.31]:
+
FIPS186-2:
+ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.
Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.
Windows Vista RSA key generation implementation #258
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.
Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
-
FIPS186-2:
-ALG[ANSIX9.31]:
+
FIPS186-2:
+ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
-
FIPS186-2:
-ALG[ANSIX9.31]:
+
FIPS186-2:
+ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.
Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
-
FIPS186-2:
-ALG[ANSIX9.31]:
+
FIPS186-2:
+ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.
Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
-
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]:
+
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]:
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.
Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
-
FIPS186-2:
-ALG[ANSIX9.31]:
+
FIPS186-2:
+ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.
Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52
-
FIPS186-2:
+
FIPS186-2:
– PKCS#1 v1.5, signature generation and verification
– Mod sizes: 1024, 1536, 2048, 3072, 4096
– SHS: SHA–1/256/384/512
@@ -6143,8 +6143,8 @@ Some of the previously validated components for this validation have been remove
-
Modes / States / Key Sizes
-
Algorithm Implementation and Certificate #
+
Modes / States / Key Sizes
+
Algorithm Implementation and Certificate #
@@ -6213,170 +6213,170 @@ Some of the previously validated components for this validation have been remove
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
Version 10.0.14393
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
Version 10.0.14393
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
Version 10.0.10586
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
Version 10.0.10586
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
Version 10.0.10240
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
Version 10.0.10240
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
Version 6.3.9600
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
Version 6.3.9600
-
SHA-1 (BYTE-only)
-
SHA-256 (BYTE-only)
-
SHA-384 (BYTE-only)
-
SHA-512 (BYTE-only)
+
SHA-1 (BYTE-only)
+
SHA-256 (BYTE-only)
+
SHA-384 (BYTE-only)
+
SHA-512 (BYTE-only)
Implementation does not support zero-length (null) messages.
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902
Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32
@@ -6417,8 +6417,8 @@ Version 6.3.9600
-
Modes / States / Key Sizes
-
Algorithm Implementation and Certificate #
+
Modes / States / Key Sizes
+
Algorithm Implementation and Certificate #
@@ -6499,112 +6499,112 @@ Version 6.3.9600
Version 10.0.16299
-
TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, )
+
TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, )
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
Version 10.0.15063
-
TECB( KO 1 e/d, ) ;
-
TCBC( KO 1 e/d, )
+
TECB( KO 1 e/d, ) ;
+
TCBC( KO 1 e/d, )
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
Version 8.00.6246
-
TECB( KO 1 e/d, ) ;
-
TCBC( KO 1 e/d, )
+
TECB( KO 1 e/d, ) ;
+
TCBC( KO 1 e/d, )
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
Version 8.00.6246
-
TECB( KO 1 e/d, ) ;
-
TCBC( KO 1 e/d, ) ;
-
CTR ( int only )
+
TECB( KO 1 e/d, ) ;
+
TCBC( KO 1 e/d, ) ;
+
CTR ( int only )
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
Version 7.00.2872
-
TECB( KO 1 e/d, ) ;
-
TCBC( KO 1 e/d, )
+
TECB( KO 1 e/d, ) ;
+
TCBC( KO 1 e/d, )
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
Version 8.00.6246
-
TECB( KO 1 e/d, ) ;
-
TCBC( KO 1 e/d, ) ;
-
TCFB8( KO 1 e/d, ) ;
-
TCFB64( KO 1 e/d, )
+
TECB( KO 1 e/d, ) ;
+
TCBC( KO 1 e/d, ) ;
+
TCFB8( KO 1 e/d, ) ;
+
TCFB64( KO 1 e/d, )
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
Version 10.0.14393
-
TECB( KO 1 e/d, ) ;
-
TCBC( KO 1 e/d, ) ;
-
TCFB8( KO 1 e/d, ) ;
-
TCFB64( KO 1 e/d, )
+
TECB( KO 1 e/d, ) ;
+
TCBC( KO 1 e/d, ) ;
+
TCFB8( KO 1 e/d, ) ;
+
TCFB64( KO 1 e/d, )
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
Version 10.0.10586
-
TECB( KO 1 e/d, ) ;
-
TCBC( KO 1 e/d, ) ;
-
TCFB8( KO 1 e/d, ) ;
-
TCFB64( KO 1 e/d, )
+
TECB( KO 1 e/d, ) ;
+
TCBC( KO 1 e/d, ) ;
+
TCFB8( KO 1 e/d, ) ;
+
TCFB64( KO 1 e/d, )
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
Version 10.0.10240
-
TECB( KO 1 e/d, ) ;
-
TCBC( KO 1 e/d, ) ;
-
TCFB8( KO 1 e/d, ) ;
-
TCFB64( KO 1 e/d, )
+
TECB( KO 1 e/d, ) ;
+
TCBC( KO 1 e/d, ) ;
+
TCFB8( KO 1 e/d, ) ;
+
TCFB64( KO 1 e/d, )
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
Version 6.3.9600
-
TECB( e/d; KO 1,2 ) ;
-
TCBC( e/d; KO 1,2 ) ;
-
TCFB8( e/d; KO 1,2 ) ;
-
TCFB64( e/d; KO 1,2 )
+
TECB( e/d; KO 1,2 ) ;
+
TCBC( e/d; KO 1,2 ) ;
+
TCFB8( e/d; KO 1,2 ) ;
+
TCFB64( e/d; KO 1,2 )
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387
-
TECB( e/d; KO 1,2 ) ;
-
TCBC( e/d; KO 1,2 ) ;
-
TCFB8( e/d; KO 1,2 )
+
TECB( e/d; KO 1,2 ) ;
+
TCBC( e/d; KO 1,2 ) ;
+
TCFB8( e/d; KO 1,2 )
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386
-
TECB( e/d; KO 1,2 ) ;
-
TCBC( e/d; KO 1,2 ) ;
-
TCFB8( e/d; KO 1,2 )
+
TECB( e/d; KO 1,2 ) ;
+
TCBC( e/d; KO 1,2 ) ;
+
TCFB8( e/d; KO 1,2 )
Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846
-
TECB( e/d; KO 1,2 ) ;
-
TCBC( e/d; KO 1,2 ) ;
-
TCFB8( e/d; KO 1,2 )
+
TECB( e/d; KO 1,2 ) ;
+
TCBC( e/d; KO 1,2 ) ;
+
TCFB8( e/d; KO 1,2 )
Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656
-
TECB( e/d; KO 1,2 ) ;
-
TCBC( e/d; KO 1,2 ) ;
-
TCFB8( e/d; KO 1,2 )
+
TECB( e/d; KO 1,2 ) ;
+
TCBC( e/d; KO 1,2 ) ;
+
TCFB8( e/d; KO 1,2 )
Windows Vista Symmetric Algorithm Implementation #549
-
Triple DES MAC
+
Triple DES MAC
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed
Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed
-
TECB( e/d; KO 1,2 ) ;
-
TCBC( e/d; KO 1,2 )
+
TECB( e/d; KO 1,2 ) ;
+
TCBC( e/d; KO 1,2 )
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691
@@ -6636,15 +6636,15 @@ Version 6.3.9600
- Modes / States / Key Sizes
+ Modes / States / Key Sizes
- Algorithm Implementation and Certificate #
+ Algorithm Implementation and Certificate #
- PBKDF (vendor affirmed)
+ PBKDF (vendor affirmed)
Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937 (Software Version: 10.0.14393)
Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936 (Software Version: 10.0.14393)
@@ -6654,7 +6654,7 @@ Version 6.3.9600
- PBKDF (vendor affirmed)
+ PBKDF (vendor affirmed)
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936 (Software Version: 10.0.14393)
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed
@@ -6672,8 +6672,8 @@ Version 6.3.9600
-
Publication / Component Validated / Description
-
Implementation and Certificate #
+
Publication / Component Validated / Description
+
Implementation and Certificate #
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 3d52254721..279b1a69a3 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -1,7 +1,7 @@
---
title: Threat Protection (Windows 10)
-description: Learn how Microsoft Defender ATP helps protect against threats.
-keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection
+description: Microsoft Defender Advanced Threat Protection is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
+keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -27,7 +27,7 @@ ms.topic: conceptual
@@ -77,8 +77,8 @@ The attack surface reduction set of capabilities provide the first line of defen
-**[Next generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**
-To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
+**[Next-generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**
+To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats.
- [Behavior monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus)
- [Cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus)
diff --git a/windows/security/threat-protection/intelligence/TOC.md b/windows/security/threat-protection/intelligence/TOC.md
index a01098c5a3..48c382b306 100644
--- a/windows/security/threat-protection/intelligence/TOC.md
+++ b/windows/security/threat-protection/intelligence/TOC.md
@@ -34,6 +34,8 @@
## [Submit files for analysis](submission-guide.md)
+## [Troubleshoot malware submission](portal-submission-troubleshooting.md)
+
## [Safety Scanner download](safety-scanner-download.md)
## [Industry collaboration programs](cybersecurity-industry-partners.md)
diff --git a/windows/security/threat-protection/intelligence/coinminer-malware.md b/windows/security/threat-protection/intelligence/coinminer-malware.md
index 52771c8630..2584ee9200 100644
--- a/windows/security/threat-protection/intelligence/coinminer-malware.md
+++ b/windows/security/threat-protection/intelligence/coinminer-malware.md
@@ -31,7 +31,7 @@ Many infections start with:
Mining is the process of running complex mathematical calculations necessary to maintain the blockchain ledger. This process generates coins but requires significant computing resources.
-Coin miners are not inherently malicious. Some individuals and organizations invest in hardware and electric power for legitimate coin mining operations. However, others look for alternative sources of computing power and try to find their way into corporate networks. These coin miners are not wanted in enterprise environments because they eat up precious computing resources.
+Coin miners aren't inherently malicious. Some individuals and organizations invest in hardware and electric power for legitimate coin mining operations. However, others look for alternative sources of computing power and try to find their way into corporate networks. These coin miners aren't wanted in enterprise environments because they eat up precious computing resources.
Cybercriminals see an opportunity to make money by running malware campaigns that distribute, install, and run trojanized miners at the expense of other people’s computing resources.
@@ -41,12 +41,12 @@ DDE exploits, which have been known to distribute ransomware, are now delivering
For example, a sample of the malware detected as Trojan:Win32/Coinminer (SHA-256: 7213cbbb1a634d780f9bb861418eb262f58954e6e5dca09ca50c1e1324451293) is installed by Exploit:O97M/DDEDownloader.PA, a Word document that contains the DDE exploit.
-The exploit launches a cmdlet that executes a malicious PowerShell script (Trojan:PowerShell/Maponeir.A), which then downloads the trojanized miner: a modified version of the miner XMRig, which mines Monero cryptocurrency.
+The exploit launches a cmdlet that executes a malicious PowerShell script (Trojan:PowerShell/Maponeir.A). It downloads the trojanized miner, a modified version of the miner XMRig, which then mines Monero cryptocurrency.
## How to protect against coin miners
-**Enable PUA detection**: Some coin mining tools are not considered malware but are detected as potentially unwanted applications (PUA). Many applications detected as PUA can negatively impact machine performance and employee productivity. In enterprise environments, you can stop adware, torrent downloaders, and coin mining by enabling PUA detection.
+**Enable potentially unwanted applications (PUA) detection**. Some coin mining tools aren't considered malware but are detected as PUA. Many applications detected as PUA can negatively impact machine performance and employee productivity. In enterprise environments, you can stop adware, torrent downloaders, and coin mining by enabling PUA detection.
-Since coin miners is becoming a popular payload in many different kinds of attacks, see general tips on how to [prevent malware infection](prevent-malware-infection.md).
+Since coin miners are becoming a popular payload in many different kinds of attacks, see general tips on how to [prevent malware infection](prevent-malware-infection.md).
For more information on coin miners, see the blog post [Invisible resource thieves: The increasing threat of cryptocurrency miners](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/13/invisible-resource-thieves-the-increasing-threat-of-cryptocurrency-miners/).
diff --git a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md
index fef7da884b..6a3a933a3f 100644
--- a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md
+++ b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md
@@ -20,20 +20,20 @@ ms.topic: article
Coordinated Malware Eradication (CME) aims to bring organizations in cybersecurity and in other industries together to change the game against malware. While the cybersecurity industry today is effective at disrupting malware families through individual efforts, those disruptions rarely lead to eradication since malware authors quickly adapt their tactics to survive.
-CME calls for organizations to pool their tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to drive efficient and long lasting results for better protection of our collective communities, customers, and businesses.
+CME calls for organizations to pool their tools, information, and actions to drive coordinated campaigns against malware. The goal is to drive efficient and long-lasting results to better protect our communities, customers, and businesses.
## Combining our tools, information, and actions
-Diversity of participation across industries and disciplines, extending beyond cybersecurity, makes eradication campaigns even stronger across the malware lifecycle. For instance, while security vendors, computer emergency response/readiness teams (CERTs), and Internet service providers (ISPs) can contribute with malware telemetry, online businesses can identify fraudulent behavior and law enforcement agencies can drive legal action.
+Diversity of participation across industries and disciplines, extending beyond cybersecurity, makes eradication campaigns even stronger across the malware lifecycle. Security vendors, computer emergency response/readiness teams (CERTs), and Internet service providers (ISPs) can contribute with malware telemetry. Online businesses can identify fraudulent behavior and law enforcement agencies can drive legal action.
-In addition to telemetry and analysis data, Microsoft is planning to contribute cloud-based scalable storage and computing horsepower with the necessary big data analysis tools built-in to these campaigns.
+Microsoft is planning to contribute telemetry and analysis data to these campaigns. It will also provide cloud-based scalable storage and computing horsepower with the necessary big data analysis tools built-in.
## Coordinated campaigns for lasting results
-Organizations participating in the CME effort work together to help eradicate selected malware families by contributing their own telemetry data, expertise, tools, and other resources. These organizations operate under a campaign umbrella with clearly defined end goals and metrics. Any organization or member can initiate a campaign and invite others to join it. The members then have the option to accept or decline the invitations they receive.
+Organizations participating in the CME effort work together to help eradicate selected malware families by contributing their own telemetry data, expertise, tools, and other resources. These organizations operate under a campaign umbrella with clearly defined end goals and metrics. Any organization or member can start a campaign and invite others to join it. The members can then accept or decline the invitations they receive.
## Join the effort
-Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). It ensures that everyone agrees to use the information and tools available for campaigns for their intended purpose (that is, the eradication of malware).
+Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). Everyone agrees to use the available information and tools for their intended purpose (that is, the eradication of malware).
-If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For any questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md
index 74c19eb50f..77a3c4e33d 100644
--- a/windows/security/threat-protection/intelligence/criteria.md
+++ b/windows/security/threat-protection/intelligence/criteria.md
@@ -1,7 +1,7 @@
---
title: How Microsoft identifies malware and potentially unwanted applications
ms.reviewer:
-description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it is malware or a potentially unwanted application.
+description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application.
keywords: security, malware, virus research threats, research malware, device protection, computer infection, virus infection, descriptions, remediation, latest threats, MMdevice, Microsoft Malware Protection Center, PUA, potentially unwanted applications
ms.prod: w10
ms.mktglfcycl: secure
@@ -18,7 +18,7 @@ search.appverid: met150
# How Microsoft identifies malware and potentially unwanted applications
-Microsoft aims to provide a delightful and productive Windows experience by working to ensure you are safe and in control of your devices. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. When you download, install, and run software, we check the reputation of downloaded programs and ensure you are protected against known threats and warned about software that is unknown to us.
+Microsoft aims to provide a delightful and productive Windows experience by working to ensure you're safe and in control of your devices. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. When you download, install, and run software, we check the reputation of downloaded programs and ensure you're protected against known threats. You are also warned about software that is unknown to us.
You can assist Microsoft by [submitting unknown or suspicious software for analysis](https://www.microsoft.com/wdsi/filesubmission/). This will help ensure that unknown or suspicious software is scanned by our system to start establishing reputation. [Learn more about submitting files for analysis](submission-guide.md)
@@ -29,9 +29,9 @@ The next sections provide an overview of the classifications we use for applicat
## Unknown – Unrecognized software
-No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates. With almost 2 billion websites on the internet and software continuously being updated and released, it's impossible to have information about every single site and program.
+No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates. With almost 2 billion websites on the internet and software continuously updated and released, it's impossible to have information about every single site and program.
-You can think of Unknown/Uncommonly downloaded warnings as an early warning system for potentially undetected malware, as there is generally a delay from the time new malware is released until it is identified. Not all uncommon programs are malicious, but the risk in the unknown category is significantly higher for the typical user. Warnings for unknown software are not blocks, and users can choose to download and run the application normally if they wish to.
+Think of Unknown/Uncommonly downloaded warnings as an early warning system for potentially undetected malware. There's generally a delay from the time new malware is released until it's identified. Not all uncommon programs are malicious, but the risk in the unknown category is much higher for the typical user. Warnings for unknown software aren't blocks. Users can choose to download and run the application normally if they wish to.
Once enough data is gathered, Microsoft's security solutions can make a determination. Either no threats are found, or an application or software is categorized as malware or potentially unwanted software.
@@ -61,11 +61,11 @@ Microsoft classifies most malicious software into one of the following categorie
* **Password stealer:** A type of malware that gathers your personal information, such as usernames and passwords. It often works along with a keylogger, which collects and sends information about the keys you press and websites you visit.
-* **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note which states you must pay money, complete surveys, or perform other actions before you can use your device again. [See more information about ransomware](ransomware-malware.md).
+* **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note that states you must pay money or perform other actions before you can use your device again. [See more information about ransomware](ransomware-malware.md).
* **Rogue security software:** Malware that pretends to be security software but doesn't provide any protection. This type of malware usually displays alerts about nonexistent threats on your device. It also tries to convince you to pay for its services.
-* **Trojan:** A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead, it tries to look legitimate and tricks users into downloading and installing it. Once installed, trojans perform various malicious activities such as stealing personal information, downloading other malware, or giving attackers access to your device.
+* **Trojan:** A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead, it tries to look legitimate to tricks users into downloading and installing it. Once installed, trojans perform various malicious activities such as stealing personal information, downloading other malware, or giving attackers access to your device.
* **Trojan clicker:** A type of trojan that automatically clicks buttons or similar controls on websites or applications. Attackers can use this trojan to click on online advertisements. These clicks can skew online polls or other tracking systems and can even install applications on your device.
@@ -73,17 +73,17 @@ Microsoft classifies most malicious software into one of the following categorie
### Unwanted software
-Microsoft believes that you should have control over your Windows experience. Software running on Windows should keep you in control of your device through informed choices and accessible controls. Microsoft identifies software behaviors that ensure you stay in control. We classify software that does not fully demonstrate these behaviors as "unwanted software".
+Microsoft believes that you should have control over your Windows experience. Software running on Windows should keep you in control of your device through informed choices and accessible controls. Microsoft identifies software behaviors that ensure you stay in control. We classify software that doesn't fully demonstrate these behaviors as "unwanted software".
#### Lack of choice
-You must be notified about what is happening on your device, including what software does and whether it is active.
+You must be notified about what is happening on your device, including what software does and whether it's active.
Software that exhibits lack of choice might:
* Fail to provide prominent notice about the behavior of the software and its purpose and intent.
-* Fail to clearly indicate when the software is active and might also attempt to hide or disguise its presence.
+* Fail to clearly indicate when the software is active. It might also attempt to hide or disguise its presence.
* Install, reinstall, or remove software without your permission, interaction, or consent.
@@ -93,7 +93,7 @@ Software that exhibits lack of choice might:
* Falsely claim to be software from Microsoft.
-Software must not mislead or coerce you into making decisions about your device. This is considered behavior that limits your choices. In addition to the previous list, software that exhibits lack of choice might:
+Software must not mislead or coerce you into making decisions about your device. It is considered behavior that limits your choices. In addition to the previous list, software that exhibits lack of choice might:
* Display exaggerated claims about your device's health.
@@ -103,7 +103,7 @@ Software must not mislead or coerce you into making decisions about your device.
Software that stores or transmits your activities or data must:
-* Give you notice and get consent to do so. Software should not include an option that configures it to hide activities associated with storing or transmitting your data.
+* Give you notice and get consent to do so. Software shouldn't include an option that configures it to hide activities associated with storing or transmitting your data.
#### Lack of control
@@ -119,7 +119,7 @@ Software that exhibits lack of control might:
* Modify or manipulate webpage content without your consent.
-Software that changes your browsing experience must only use the browser's supported extensibility model for installation, execution, disabling, or removal. Browsers that do not provide supported extensibility models are considered non-extensible and should not be modified.
+Software that changes your browsing experience must only use the browser's supported extensibility model for installation, execution, disabling, or removal. Browsers that don't provide supported extensibility models are considered non-extensible and shouldn't be modified.
#### Installation and removal
diff --git a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md
index 1a57f85019..3cb57c45ef 100644
--- a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md
+++ b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md
@@ -38,6 +38,6 @@ Go to the [MVI program page](virus-initiative-criteria.md) for more information.
CME is open to organizations who are involved in cybersecurity and antimalware or interested in fighting cybercrime.
-The program aims to bring organizations in cybersecurity and other industries together to pool tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to create efficient and long-lasting results for better protection of our collective communities, customers, and businesses.
+The program aims to bring organizations in cybersecurity and other industries together to pool tools, information, and actions to drive coordinated campaigns against malware. The ultimate goal is to create efficient and long-lasting results for better protection of our communities, customers, and businesses.
Go to the [CME program page](coordinated-malware-eradication.md) for more information.
diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md
index e3d47a044c..06734edb7a 100644
--- a/windows/security/threat-protection/intelligence/developer-faq.md
+++ b/windows/security/threat-protection/intelligence/developer-faq.md
@@ -23,19 +23,19 @@ This page provides answers to common questions we receive from software develope
## Does Microsoft accept files for a known list or false-positive prevention program?
-No. We do not accept these requests from software developers. Signing your program's files in a consistent manner, with a digital certificate issued by a trusted root authority, helps our research team quickly identify the source of a program and apply previously gained knowledge. In some cases, this might result in your program being quickly added to the known list or, far less frequently, in adding your digital certificate to a list of trusted publishers.
+No. We don't accept these requests from software developers. Signing your program's files in a consistent manner, with a digital certificate issued by a trusted root authority, helps our research team quickly identify the source of a program and apply previously gained knowledge. In some cases, this might result in your program being quickly added to the known list. Far less frequently, in will add your digital certificate to a list of trusted publishers.
## How do I dispute the detection of my program?
Submit the file in question as a software developer. Wait until your submission has a final determination.
-If you're not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary.
+If you're not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We'll use the information you provide to investigate further if necessary.
We encourage all software vendors and developers to read about [how Microsoft identifies malware and Potentially Unwanted Applications (PUA)](criteria.md).
## Why is Microsoft asking for a copy of my program?
-This can help us with our analysis. Participants of the [Microsoft Active Protection Service (MAPS)](https://www.microsoft.com/msrc/mapp) may occasionally receive these requests. The requests will stop once our systems have received and processed the file.
+Providing copies can help us with our analysis. Participants of the [Microsoft Active Protection Service (MAPS)](https://www.microsoft.com/msrc/mapp) may occasionally receive these requests. The requests will stop once our systems have received and processed the file.
## Why does Microsoft classify my installer as a software bundler?
@@ -43,8 +43,8 @@ It contains instructions to offer a program classified as unwanted software. You
## Why is the Windows Defender Firewall blocking my program?
-This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Windows Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security).
+Firewall blocks aren't related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Windows Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security).
-## Why does the Microsoft Defender SmartScreen say my program is not commonly downloaded?
+## Why does the Microsoft Defender Windows Defender SmartScreen say my program isn't commonly downloaded?
-This is not related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Microsoft Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)
+This isn't related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Microsoft Defender Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)
diff --git a/windows/security/threat-protection/intelligence/developer-info.md b/windows/security/threat-protection/intelligence/developer-info.md
index 19d1a76072..eb0ac99896 100644
--- a/windows/security/threat-protection/intelligence/developer-info.md
+++ b/windows/security/threat-protection/intelligence/developer-info.md
@@ -26,4 +26,4 @@ Learn about the common questions we receive from software developers and get oth
Topic | Description
:---|:---
[Software developer FAQ](developer-faq.md) | Provides answers to common questions we receive from software developers.
-[Developer resources](developer-resources.md) | Provides information about how to submit files, detection criteria, and how to check your software against the latest security intelligence and cloud protection from Microsoft.
+[Developer resources](developer-resources.md) | Provides information about how to submit files and the detection criteria. Learn how to check your software against the latest security intelligence and cloud protection from Microsoft.
diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md
index beff687643..c7b63fd5fd 100644
--- a/windows/security/threat-protection/intelligence/exploits-malware.md
+++ b/windows/security/threat-protection/intelligence/exploits-malware.md
@@ -1,7 +1,7 @@
---
title: Exploits and exploit kits
ms.reviewer:
-description: Learn about how exploits use vulnerabilities in common software to give an attackers access to your computer and to install other malware.
+description: Learn about how exploits use vulnerabilities in common software to give attackers access to your computer and install other malware.
keywords: security, malware, exploits, exploit kits, prevention, vulnerabilities, Microsoft, Exploit malware family, exploits, java, flash, adobe, update software, prevent exploits, exploit pack, vulnerability, 0-day, holes, weaknesses, attack, Flash, Adobe, out-of-date software, out of date software, update, update software, reinfection, Java cache, reinfected, won't remove, won't clean, still detects, full scan, MSE, Defender, WDSI, MMPC, Microsoft Malware Protection Center
ms.prod: w10
ms.mktglfcycl: secure
@@ -21,17 +21,17 @@ Exploits take advantage of vulnerabilities in software. A vulnerability is like
## How exploits and exploit kits work
-Exploits are often the first part of a larger attack. Hackers scan for outdated systems that contain critical vulnerabilities, which they then exploit by deploying targeted malware. Exploits often include what's called "shellcode". This is a small malware payload that's used to download additional malware from attacker-controlled networks. This allows hackers to infect devices and infiltrate organizations.
+Exploits are often the first part of a larger attack. Hackers scan for outdated systems that contain critical vulnerabilities, which they then exploit by deploying targeted malware. Exploits often include shellcode, which is a small malware payload used to download additional malware from attacker-controlled networks. Shellcode allows hackers to infect devices and infiltrate organizations.
-Exploit kits are more comprehensive tools that contain a collection of exploits. These kits scan devices for different kinds of software vulnerabilities and, if any are detected, deploys additional malware to further infect a device. Kits can use exploits targeting a variety of software, including Adobe Flash Player, Adobe Reader, Internet Explorer, Oracle Java and Sun Java.
+Exploit kits are more comprehensive tools that contain a collection of exploits. These kits scan devices for different kinds of software vulnerabilities and, if any are detected, deploy additional malware to further infect a device. Kits can use exploits targeting a variety of software, including Adobe Flash Player, Adobe Reader, Internet Explorer, Oracle Java, and Sun Java.
The most common method used by attackers to distribute exploits and exploit kits is through webpages, but exploits can also arrive in emails. Some websites unknowingly and unwillingly host malicious code and exploits in their ads.
-The infographic below shows how an exploit kit might attempt to exploit a device when a compromised webpage is visited.
+The infographic below shows how an exploit kit might attempt to exploit a device after you visit a compromised webpage.
-
+
-*Figure 1. Example of how exploit kits work*
+*Figure 1. Example of how to exploit kits work*
Several notable threats, including Wannacry, exploit the Server Message Block (SMB) vulnerability CVE-2017-0144 to launch malware.
@@ -56,6 +56,6 @@ You can read more on the [CVE website](https://cve.mitre.org/).
## How to protect against exploits
-The best prevention for exploits is to keep your organization's [software up to date](https://portal.msrc.microsoft.com/). Software vendors provide updates for many known vulnerabilities and making sure these updates are applied to all devices is an important step to prevent malware.
+The best prevention for exploits is to keep your organization's [software up to date](https://portal.msrc.microsoft.com/). Software vendors provide updates for many known vulnerabilities, so make sure these updates are applied to all devices.
For more general tips, see [prevent malware infection](prevent-malware-infection.md).
diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md
index bc3ecd48d1..6ae2dcfe4c 100644
--- a/windows/security/threat-protection/intelligence/fileless-threats.md
+++ b/windows/security/threat-protection/intelligence/fileless-threats.md
@@ -2,7 +2,7 @@
title: Fileless threats
ms.reviewer:
description: Learn about the categories of fileless threats and malware that "live off the land"
-keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next generation protection
+keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next-generation protection
ms.prod: w10
ms.mktglfcycl: secure
ms.sitesec: library
@@ -18,9 +18,9 @@ search.appverid: met150
# Fileless threats
-What exactly are fileless threats? The term "fileless" suggests that a threat does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition for fileless malware. The term is used broadly; it's also used to describe malware families that do rely on files to operate.
+What exactly are fileless threats? The term "fileless" suggests that a threat doesn't come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no one definition for fileless malware. The term is used broadly, and sometimes to describe malware families that do rely on files to operate.
-Given that attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, or information theft, some parts of the attack chain may be fileless, while others may involve the filesystem in some form.
+Attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, or information theft. Some parts of the attack chain may be fileless, while others may involve the file system in some form.
For clarity, fileless threats are grouped into different categories.
@@ -29,42 +29,42 @@ For clarity, fileless threats are grouped into different categories.
Fileless threats can be classified by their entry point, which indicates how fileless malware can arrive on a machine. They can arrive via an exploit, through compromised hardware, or via regular execution of applications and scripts.
-Next, list the form of entry point. For example, exploits can be based on files or network data, PCI peripherals are a type of hardware vector, and scripts and executables are sub-categories of the execution vector.
+Next, list the form of entry point. For example, exploits can be based on files or network data, PCI peripherals are a type of hardware vector, and scripts and executables are subcategories of the execution vector.
-Finally, classify the host of the infection. For example, a Flash application that may contain an exploit, a simple executable, malicious firmware from a hardware device, or an infected MBR, which could bootstrap the execution of a malware before the operating system even loads.
+Finally, classify the host of the infection. For example, a Flash application may contain a variety of threats such as an exploit, a simple executable, and malicious firmware from a hardware device.
-This helps you divide and categorize the various kinds of fileless threats. Clearly, the categories are not all the same: some are more dangerous but also more difficult to implement, while others are more commonly used despite (or precisely because of) not being very advanced.
+Classifying helps you divide and categorize the various kinds of fileless threats. Some are more dangerous but also more difficult to implement, while others are more commonly used despite (or precisely because of) not being very advanced.
From this categorization, you can glean three main types of fileless threats based on how much fingerprint they may leave on infected machines.
## Type I: No file activity performed
-A completely fileless malware can be considered one that never requires writing a file on the disk. How would such malware infect a machine in the first place? An example scenario could be a target machine receiving malicious network packets that exploit the EternalBlue vulnerability, leading to the installation of the DoublePulsar backdoor, which ends up residing only in the kernel memory. In this case, there is no file or any data written on a file.
+A fully fileless malware can be considered one that never requires writing a file on the disk. How would such malware infect a machine in the first place? One example is where a target machine receives malicious network packets that exploit the EternalBlue vulnerability. The vulnerability allows the installation of the DoublePulsar backdoor, which ends up residing only in the kernel memory. In this case, there's no file or any data written on a file.
-Another scenario could involve compromised devices, where malicious code could be hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or even in the firmware of a network card. All these examples do not require a file on the disk to run and can theoretically live only in memory, surviving even reboots, disk reformats, and OS reinstalls.
+A compromised device may also have malicious code hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or in the firmware of a network card. All these examples don't require a file on the disk to run, and can theoretically live only in memory. The malicious code would survive reboots, disk reformats, and OS reinstalls.
-Infections of this type can be extra difficult to detect and remediate. Antivirus products usually don’t have the capability to access firmware for inspection; even if they did, it would be extremely challenging to detect and remediate threats at this level. Because this type of fileless malware requires high levels of sophistication and often depend on particular hardware or software configuration, it’s not an attack vector that can be exploited easily and reliably. For this reason, while extremely dangerous, threats of this type tend to be very uncommon and not practical for most attacks.
+Infections of this type can be extra difficult deal with because antivirus products usually don’t have the capability to inspect firmware. Even if they did, it would be extremely challenging to detect and remediate threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks.
## Type II: Indirect file activity
-There are other ways that malware can achieve fileless presence on a machine without requiring significant engineering effort. Fileless malware of this type doesn't directly write files on the file system, but they can end up using files indirectly. This is the case for [Poshspy backdoor](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html). Attackers installed a malicious PowerShell command within the WMI repository and configured a WMI filter to run such command periodically.
+There are other ways that malware can achieve fileless presence on a machine without requiring significant engineering effort. Fileless malware of this type doesn't directly write files on the file system, but they can end up using files indirectly. For example, with the [Poshspy backdoor](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html) attackers installed a malicious PowerShell command within the WMI repository and configured a WMI filter to run the command periodically.
-It’s possible to carry out such installation via command line without requiring the presence of the backdoor to be on a file in the first place. The malware can thus be installed and theoretically run without ever touching the file system. However, the WMI repository is stored on a physical file that is a central storage area managed by the CIM Object Manager and usually contains legitimate data. Therefore, while the infection chain does technically use a physical file, for practical purposes it’s considered a fileless attack given that the WMI repository is a multi-purpose data container that cannot be simply detected and removed.
+It’s possible to carry out such installation via command line without requiring a backdoor to already be on the file. The malware can be installed and theoretically run without ever touching the file system. However, the WMI repository is stored on a physical file in a central storage area managed by the CIM Object Manager, and usually contains legitimate data. Even though the infection chain does technically use a physical file, it’s considered a fileless attack because the WMI repository is a multi-purpose data container that can't be detected and removed.
## Type III: Files required to operate
-Some malware can have some sort of fileless persistence but not without using files to operate. An example for this scenario is Kovter, which creates a shell open verb handler in the registry for a random file extension. This action means that opening a file with such extension will lead to the execution of a script through the legitimate tool mshta.exe.
+Some malware can have a sort of fileless persistence, but not without using files to operate. An example for this scenario is Kovter, which creates a shell open verb handler in the registry for a random file extension. Opening a file with such extension will lead to the execution of a script through the legitimate tool mshta.exe.
*Figure 2. Kovter’s registry key*
-When the open verb is invoked, the associated command from the registry is launched, which results in the execution of a small script. This script reads data from a further registry key and executes it, in turn leading to the loading of the final payload. However, to trigger the open verb in the first place, Kovter has to drop a file with the same extension targeted by the verb (in the example above, the extension is .bbf5590fd). It also has to set an auto-run key configured to open such file when the machine starts.
+When the open verb is invoked, the associated command from the registry is launched, which results in the execution of a small script. This script reads data from a further registry key and executes it, in turn leading to the loading of the final payload. However, to trigger the open verb in the first place, Kovter has to drop a file with the same extension targeted by the verb (in the example above, the extension is .bbf5590fd). It also has to set an autorun key configured to open such file when the machine starts.
-Kovter is considered a fileless threat because the file system is of no practical use: the files with random extension contain junk data that is not usable in verifying the presence of the threat, and the files that store the registry are containers that cannot be detected and deleted if malicious content is present.
+Kovter is considered a fileless threat because the file system is of no practical use. The files with random extensions contain junk data that isn't usable in verifying the presence of the threat. The files that store the registry are containers that can't be detected and deleted if malicious content is present.
## Categorizing fileless threats by infection host
-Having described the broad categories, we can now dig into the details and provide a breakdown of the infection hosts. This comprehensive classification covers the panorama of what is usually referred to as fileless malware. It drives our efforts to research and develop new protection features that neutralize classes of attacks and ensure malware does not get the upper hand in the arms race.
+Having described the broad categories, we can now dig into the details and provide a breakdown of the infection hosts. This comprehensive classification covers the panorama of what is usually referred to as fileless malware. It drives our efforts to research and develop new protection features that neutralize classes of attacks and ensure malware doesn't get the upper hand in the arms race.
### Exploits
@@ -76,26 +76,28 @@ Having described the broad categories, we can now dig into the details and provi
**Device-based** (Type I: network card, hard disk): Devices like hard disks and network cards require chipsets and dedicated software to function. Software residing and running in the chipset of a device is called firmware. Although a complex task, the firmware can be infected by malware, as the [Equation espionage group has been caught doing](https://www.kaspersky.com/blog/equation-hdd-malware/7623/).
-**CPU-based** (Type I): Modern CPUs are extremely complex and may include subsystems running firmware for management purposes. Such firmware may be vulnerable to hijacking and allow the execution of malicious code that would hence operate from within the CPU. In December 2017, two researchers reported a vulnerability that can allow attackers to execute code inside the [Management Engine (ME)](https://en.wikipedia.org/wiki/Intel_Management_Engine) present in any modern CPU from Intel. Meanwhile, the attacker group PLATINUM has been observed to have the capability to use Intel's [Active Management Technology (AMT)](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology) to perform [invisible network communications](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/) bypassing the installed operating system. ME and AMT are essentially autonomous micro-computers that live inside the CPU and that operate at a very low level. Because these technologies’ purpose is to provide remote manageability, they have direct access to hardware, are independent of the operating system, and can run even if the computer is turned off. Besides being vulnerable at the firmware level, CPUs could be manufactured with backdoors inserted directly in the hardware circuitry. This attack has been [researched and proved possible](https://www.emsec.rub.de/media/crypto/veroeffentlichungen/2015/03/19/beckerStealthyExtended.pdf) in the past. Just recently it has been reported that certain models of x86 processors contain a secondary embedded RISC-like CPU core that can [effectively provide a backdoor](https://www.theregister.co.uk/2018/08/10/via_c3_x86_processor_backdoor/) through which regular applications can gain privileged execution.
+**CPU-based** (Type I): Modern CPUs are complex and may include subsystems running firmware for management purposes. Such firmware may be vulnerable to hijacking and allow the execution of malicious code that would operate from within the CPU. In December 2017, two researchers reported a vulnerability that can allow attackers to execute code inside the [Management Engine (ME)](https://en.wikipedia.org/wiki/Intel_Management_Engine) present in any modern CPU from Intel. Meanwhile, the attacker group PLATINUM has been observed to have the capability to use Intel's [Active Management Technology (AMT)](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology) to perform [invisible network communications](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/), bypassing the installed operating system. ME and AMT are essentially autonomous micro-computers that live inside the CPU and that operate at a very low level. Because these technologies’ purpose is to provide remote manageability, they have direct access to hardware, are independent of the operating system, and can run even if the computer is turned off.
-**USB-based** (Type I): USB devices of all kinds can be reprogrammed with malicious firmware capable of interacting with the operating system in nefarious ways. This is the case of the [BadUSB technique](https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/), demonstrated few years ago, which allows a reprogrammed USB stick to act as a keyboard that sends commands to machines via keystrokes, or as a network card that can redirect traffic at will.
+Besides being vulnerable at the firmware level, CPUs could be manufactured with backdoors inserted directly in the hardware circuitry. This attack has been [researched and proved possible](https://www.emsec.rub.de/media/crypto/veroeffentlichungen/2015/03/19/beckerStealthyExtended.pdf) in the past. It has been reported that certain models of x86 processors contain a secondary embedded RISC-like CPU core that can [effectively provide a backdoor](https://www.theregister.co.uk/2018/08/10/via_c3_x86_processor_backdoor/) through which regular applications can gain privileged execution.
-**BIOS-based** (Type I): A BIOS is a firmware running inside a chipset. It executes when a machine is powered on, initializes the hardware, and then transfers control to the boot sector. It’s a very important component that operates at a very low level and executes before the boot sector. It’s possible to reprogram the BIOS firmware with malicious code, as has happened in the past with the [Mebromi rootkit](https://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/).
+**USB-based** (Type I): USB devices of all kinds can be reprogrammed with malicious firmware capable of interacting with the operating system in nefarious ways. For example, the [BadUSB technique](https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/) allows a reprogrammed USB stick to act as a keyboard that sends commands to machines via keystrokes, or as a network card that can redirect traffic at will.
-**Hypervisor-based** (Type I): Modern CPUs provide hardware hypervisor support, allowing the operating system to create robust virtual machines. A virtual machine runs in a confined, simulated environment, and is in theory unaware of the emulation. A malware taking over a machine may implement a small hypervisor to hide itself outside of the realm of the running operating system. Malware of this kind has been theorized in the past, and eventually real hypervisor rootkits [have been observed](http://seclists.org/fulldisclosure/2017/Jun/29), although very few are known to date.
+**BIOS-based** (Type I): A BIOS is a firmware running inside a chipset. It executes when a machine is powered on, initializes the hardware, and then transfers control to the boot sector. The BIOS is an important component that operates at a low level and executes before the boot sector. It’s possible to reprogram the BIOS firmware with malicious code, as has happened in the past with the [Mebromi rootkit](https://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/).
+
+**Hypervisor-based** (Type I): Modern CPUs provide hardware hypervisor support, allowing the operating system to create robust virtual machines. A virtual machine runs in a confined, simulated environment, and is in theory unaware of the emulation. A malware taking over a machine may implement a small hypervisor to hide itself outside of the realm of the running operating system. Malware of this kind has been theorized in the past, and eventually real hypervisor rootkits [have been observed](http://seclists.org/fulldisclosure/2017/Jun/29), although few are known to date.
### Execution and injection
-**File-based** (Type III: executables, DLLs, LNK files, scheduled tasks): This is the standard execution vector. A simple executable can be launched as a first-stage malware to run an additional payload in memory or inject it into other legitimate running processes.
+**File-based** (Type III: executables, DLLs, LNK files, scheduled tasks): This is the standard execution vector. A simple executable can be launched as a first-stage malware to run an additional payload in memory, or injected into other legitimate running processes.
-**Macro-based** (Type III: Office documents): The [VBA language](https://msdn.microsoft.com/vba/office-shared-vba/articles/getting-started-with-vba-in-office) is a flexible and powerful tool designed to automate editing tasks and add dynamic functionality to documents. As such, it can be abused by attackers to carry out malicious operations like decoding, running, or injecting an executable payload, or even implementing an entire ransomware, like in [the case of qkG](https://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/). Macros are executed within the context of an Office process (e.g., Winword.exe), and they’re implemented in a scripting language, so there is no binary executable that an antivirus can inspect. While Office apps require explicit consent from the user to execute macros from a document, attackers use social engineering techniques to trick users into allowing macros to execute.
+**Macro-based** (Type III: Office documents): The [VBA language](https://msdn.microsoft.com/vba/office-shared-vba/articles/getting-started-with-vba-in-office) is a flexible and powerful tool designed to automate editing tasks and add dynamic functionality to documents. As such, it can be abused by attackers to carry out malicious operations like decoding, running, or injecting an executable payload, or even implementing an entire ransomware, like in [the case of qkG](https://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/). Macros are executed within the context of an Office process (e.g., Winword.exe) and implemented in a scripting language. There's no binary executable that an antivirus can inspect. While Office apps require explicit consent from the user to execute macros from a document, attackers use social engineering techniques to trick users into allowing macros to execute.
-**Script-based** (Type II: file, service, registry, WMI repo, shell): The JavaScript, VBScript, and PowerShell scripting languages are available by default on Windows platforms. Scripts have the same advantages as macros: they are textual files (not binary executables) and run within the context of the interpreter (e.g., wscript.exe, powershell.exe, etc.), which is a clean and legitimate component. Scripts are very versatile; they can be run from a file (e.g., by double-clicking them) or, in some cases, executed directly on the command line of an interpreter. Being able to run on the command line can allow malware to encode malicious command-line scripts as auto-start services inside [autorun registry keys](https://www.gdatasoftware.com/blog/2014/07/23947-poweliks-the-persistent-malware-without-a-file) as [WMI event subscriptions](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html) from the WMI repo. Furthermore, an attacker who has gained access to an infected machine may input the script on the command prompt.
+**Script-based** (Type II: file, service, registry, WMI repo, shell): The JavaScript, VBScript, and PowerShell scripting languages are available by default on Windows platforms. Scripts have the same advantages as macros, they are textual files (not binary executables) and run within the context of the interpreter (like wscript.exe, powershell.exe), which is a clean and legitimate component. Scripts are versatile and can be run from a file (by double-clicking them) or executed directly on the command line of an interpreter. Running on the command line allows malware to encode malicious scripts as autostart services inside [autorun registry keys](https://www.gdatasoftware.com/blog/2014/07/23947-poweliks-the-persistent-malware-without-a-file) as [WMI event subscriptions](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html) from the WMI repo. Furthermore, an attacker who has gained access to an infected machine may input the script on the command prompt.
-**Disk-based** (Type II: Boot Record): The [Boot Record](https://en.wikipedia.org/wiki/Boot_sector) is the first sector of a disk or volume and contains executable code required to start the boot process of the operating system. Threats like [Petya](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/?source=mmpc) are capable of infecting the Boot Record by overwriting it with malicious code, so that when the machine is booted the malware immediately gains control (and in the case of Petya, with disastrous consequences). The Boot Record resides outside the file system, but it’s accessible by the operating system, and modern antivirus products have the capability to scan and restore it.
+**Disk-based** (Type II: Boot Record): The Boot Record is the first sector of a disk or volume, and contains executable code required to start the boot process of the operating system. Threats like [Petya](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/?source=mmpc) are capable of infecting the Boot Record by overwriting it with malicious code. When the machine is booted, the malware immediately gains control. The Boot Record resides outside the file system, but it’s accessible by the operating system. Modern antivirus products have the capability to scan and restore it.
## Defeating fileless malware
-At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions that continuously enhance Windows security and mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender Advanced Threat Protection [(Microsoft Defender ATP)](https://www.microsoft.com/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
+At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions to mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender Advanced Threat Protection [(Microsoft Defender ATP)](https://www.microsoft.com/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/)
diff --git a/windows/security/threat-protection/intelligence/images/msi-contoso-approval-required.png b/windows/security/threat-protection/intelligence/images/msi-contoso-approval-required.png
new file mode 100644
index 0000000000..90bc4428f9
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/msi-contoso-approval-required.png differ
diff --git a/windows/security/threat-protection/intelligence/images/msi-enterprise-app-user-setting.jpg b/windows/security/threat-protection/intelligence/images/msi-enterprise-app-user-setting.jpg
new file mode 100644
index 0000000000..e68ffa40aa
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/msi-enterprise-app-user-setting.jpg differ
diff --git a/windows/security/threat-protection/intelligence/images/msi-grant-admin-consent.jpg b/windows/security/threat-protection/intelligence/images/msi-grant-admin-consent.jpg
new file mode 100644
index 0000000000..2bb2627bc2
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/msi-grant-admin-consent.jpg differ
diff --git a/windows/security/threat-protection/intelligence/images/msi-microsoft-permission-requested-your-organization.png b/windows/security/threat-protection/intelligence/images/msi-microsoft-permission-requested-your-organization.png
new file mode 100644
index 0000000000..e423857bff
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/msi-microsoft-permission-requested-your-organization.png differ
diff --git a/windows/security/threat-protection/intelligence/images/msi-microsoft-permission-required.jpg b/windows/security/threat-protection/intelligence/images/msi-microsoft-permission-required.jpg
new file mode 100644
index 0000000000..fdac1cd4be
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/msi-microsoft-permission-required.jpg differ
diff --git a/windows/security/threat-protection/intelligence/images/msi-permissions.jpg b/windows/security/threat-protection/intelligence/images/msi-permissions.jpg
new file mode 100644
index 0000000000..957c78aac1
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/msi-permissions.jpg differ
diff --git a/windows/security/threat-protection/intelligence/images/msi-properties.png b/windows/security/threat-protection/intelligence/images/msi-properties.png
new file mode 100644
index 0000000000..196a5fce92
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/msi-properties.png differ
diff --git a/windows/security/threat-protection/intelligence/index.md b/windows/security/threat-protection/intelligence/index.md
index a8950a6977..1814307aac 100644
--- a/windows/security/threat-protection/intelligence/index.md
+++ b/windows/security/threat-protection/intelligence/index.md
@@ -1,6 +1,6 @@
---
title: Security intelligence
-description: Safety tips about malware and how you can protect your organization
+description: Learn about different types of malware, safety tips on how you can protect your organization, and resources for industry collaboration programs.
keywords: security, malware
ms.prod: w10
ms.mktglfcycl: secure
diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md
index ec97b244a7..f73ad0c4ca 100644
--- a/windows/security/threat-protection/intelligence/macro-malware.md
+++ b/windows/security/threat-protection/intelligence/macro-malware.md
@@ -21,9 +21,9 @@ Macros are a powerful way to automate common tasks in Microsoft Office and can m
## How macro malware works
-Macro malware hides in Microsoft Office files and are delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more.
+Macro malware hides in Microsoft Office files and is delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more.
-Macro malware was fairly common several years ago because macros ran automatically whenever a document was opened. However, in recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince users to turn on macros so that their malware can run. They do this by showing fake warnings when a malicious document is opened.
+Macro malware was fairly common several years ago because macros ran automatically whenever a document was opened. In recent versions of Microsoft Office, macros are disabled by default. Now, malware authors need to convince users to turn on macros so that their malware can run. They try to scare users by showing fake warnings when a malicious document is opened.
We've seen macro malware download threats from the following families:
diff --git a/windows/security/threat-protection/intelligence/malware-naming.md b/windows/security/threat-protection/intelligence/malware-naming.md
index 001d356c59..d920870809 100644
--- a/windows/security/threat-protection/intelligence/malware-naming.md
+++ b/windows/security/threat-protection/intelligence/malware-naming.md
@@ -21,7 +21,7 @@ We name the malware and unwanted software that we detect according to the Comput
-When our analysts research a particular threat, they will determine what each of the components of the name will be.
+When our analysts research a particular threat, they'll determine what each of the components of the name will be.
## Type
@@ -61,7 +61,7 @@ Describes what the malware does on your computer. Worms, viruses, trojans, backd
## Platforms
-Indicates the operating system (such as Windows, Mac OS X, and Android) that the malware is designed to work on. The platform is also used to indicate programming languages and file formats.
+Platforms indicate the operating system (such as Windows, masOS X, and Android) the malware is designed to work on. The platform is also used to indicate programming languages and file formats.
### Operating systems
@@ -71,8 +71,8 @@ Indicates the operating system (such as Windows, Mac OS X, and Android) that the
* FreeBSD: FreeBSD platform
* iPhoneOS: iPhone operating system
* Linux: Linux platform
-* MacOS: MAC 9.x platform or earlier
-* MacOS_X: MacOS X or later
+* macOS: MAC 9.x platform or earlier
+* macOS_X: MacOS X or later
* OS2: OS2 platform
* Palm: Palm operating system
* Solaris: System V-based Unix platforms
@@ -105,11 +105,11 @@ Indicates the operating system (such as Windows, Mac OS X, and Android) that the
* INF: Install scripts
* IRC: mIRC/pIRC scripts
* Java: Java binaries (classes)
-* JS: Javascript scripts
+* JS: JavaScript scripts
* LOGO: LOGO scripts
* MPB: MapBasic scripts
* MSH: Monad shell scripts
-* MSIL: .Net intermediate language scripts
+* MSIL: .NET intermediate language scripts
* Perl: Perl scripts
* PHP: Hypertext Preprocessor scripts
* Python: Python scripts
@@ -125,7 +125,7 @@ Indicates the operating system (such as Windows, Mac OS X, and Android) that the
* A97M: Access 97, 2000, XP, 2003, 2007, and 2010 macros
* HE: macro scripting
-* O97M: Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint
+* O97M: Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and PowerPoint
* PP97M: PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros
* V5M: Visio5 macros
* W1M: Word1Macro
diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md
index 4f5d3c7278..6e38ba61c8 100644
--- a/windows/security/threat-protection/intelligence/phishing.md
+++ b/windows/security/threat-protection/intelligence/phishing.md
@@ -18,113 +18,13 @@ search.appverid: met150
# Phishing
-Phishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication that often look to be official communication from legitimate companies or individuals.
+Phishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. They try to look like official communication from legitimate companies or individuals.
-The information that phishers (as the cybercriminals behind phishing attacks are called) attempt to steal can be user names and passwords, credit card details, bank account information, or other credentials. Attackers can then use stolen information for malicious purposes, such as hacking, identity theft, or stealing money directly from bank accounts and credit cards. Phishers can also sell the information in cybercriminal underground marketplaces.
+Cybercriminals often attempt to steal usernames, passwords, credit card details, bank account information, or other credentials. They use stolen information for malicious purposes, such as hacking, identity theft, or stealing money directly from bank accounts and credit cards. The information can also be sold in cybercriminal underground markets.
-## How phishing works
+## What to do if you've been a victim of a phishing scam
-Phishing attacks are scams that often use social engineering bait or lure content. For example, during tax season, bait content involves tax-filing announcements that attempt to lure you into providing your personal information such as your Social Security number or bank account information.
-
-Legitimate-looking communication, usually email, that links to a phishing site is one of the most common methods used in phishing attacks. The phishing site typically mimics sign-in pages that require users to input login credentials and account information. The phishing site then captures the sensitive information as soon as the user provides it, giving attackers access to the information.
-
-Another common phishing technique is the use of emails that direct you to open a malicious attachment, for example a PDF file. The attachment often contains a message asking you to provide login credentials to another site such as email or file sharing websites to open the document. When you access these phishing sites using your login credentials, the attacker now has access to your information and can gain additional personal information about you.
-
-## Phishing trends and techniques
-
-### Invoice phishing
-
-In this scam, the attacker attempts to lure you with an email stating that you have an outstanding invoice from a known vendor or company and provides a link for you to access and pay your invoice. When you access the site, the attacker is poised to steal your personal information and funds.
-
-### Payment/delivery scam
-
-You are asked to provide a credit card or other personal information so that your payment information can be updated with a commonly known vendor or supplier. The update is requested so that you can take delivery of your ordered goods. Generally, you may be familiar with the company and have likely done business with them in the past, but you are not aware of any items you have recently purchased from them.
-
-### Tax-themed phishing scams
-
-A common IRS phishing scams is one in which an urgent email letter is sent indicating that you owe money to the IRS. Often the email threatens legal action if you do not access the site in a timely manner and pay your taxes. When you access the site, the attackers can steal your personal credit card or bank information and drain your accounts.
-
-### Downloads
-
-Another frequently-used phishing scam is one in which an attacker sends a fraudulent email requesting you to open or download a document, often one requiring you to sign in.
-
-### Phishing emails that deliver other threats
-
-Phishing emails can be very effective, and so attackers can using them to distribute [ransomware](ransomware-malware.md) through links or attachments in emails. When run, the ransomware encrypts files and displays a ransom note, which asks you to pay a sum of money to access to your files.
-
-We have also seen phishing emails that have links to [tech support scam](support-scams.md) websites, which use various scare tactics to trick you into calling hotlines and paying for unnecessary "technical support services" that supposedly fix contrived device, platform, or software problems.
-
-## Targeted attacks against enterprises
-
-### Spear phishing
-
-Spear phishing is a targeted phishing attack that involves highly customized lure content. To perform spear phishing, attackers will typically do reconnaissance work, surveying social media and other information sources about their intended target.
-
-Spear phishing may involve tricking you into logging into fake sites and divulging credentials. Spear phishing may also be designed to lure you into opening documents by clicking on links that automatically install malware. With this malware in place, attackers can remotely manipulate the infected computer.
-
-The implanted malware serves as the point of entry for a more sophisticated attack known as an advanced persistent threat (APT). APTs are generally designed to establish control and steal data over extended periods. As part of the attack, attackers often try to deploy more covert hacking tools, move laterally to other computers, compromise or create privileged accounts, and regularly exfiltrate information from compromised networks.
-
-### Whaling
-
-Whaling is a form of phishing in which the attack is directed at high-level or senior executives within specific companies with the direct goal of gaining access to their credentials and/or bank information. The content of the email may be written as a legal subpoena, customer complaint, or other executive issue. This type of attack can also lead to an APT attack within an organization. When the links or attachment are opened, it can assist the attacker in accessing credentials and other personal information, or launch a malware that will lead to an APT.
-
-### Business email compromise
-
-Business email compromise (BEC) is a sophisticated scam that targets businesses often working with foreign suppliers and businesses that regularly perform wire transfer payments. One of the most common schemes used by BEC attackers involves gaining access to a company’s network through a spear phishing attack, where the attacker creates a domain similar to the company they are targeting or spoofs their email to scam users into releasing personal account information for money transfers.
-
-## How to protect against phishing attacks
-
-Social engineering attacks are designed to take advantage of a user's possible lapse in decision-making. Be aware and never provide sensitive or personal information through email or unknown websites, or over the phone. Remember, phishing emails are designed to appear legitimate.
-
-### Awareness
-
-The best protection is awareness and education. Don’t open attachments or click links in unsolicited emails, even if the emails came from a recognized source. If the email is unexpected, be wary about opening the attachment and verify the URL.
-
-Enterprises should educate and train their employees to be wary of any communication that requests personal or financial information, and instruct them to report the threat to the company’s security operations team immediately.
-
-Here are several telltale signs of a phishing scam:
-
-* The links or URLs provided in emails are **not pointing to the correct location** or are attempting to have you access a third-party site that is not affiliated with the sender of the email. For example, in the image below the URL provided does not match the URL that you will be taken to.
-
- 
-
-* There is a **request for personal information** such as social security numbers or bank or financial information. Official communications won't generally request personal information from you in the form of an email.
-
-* **Items in the email address will be changed** so that it is similar enough to a legitimate email address but has added numbers or changed letters.
-
-* The message is **unexpected and unsolicited**. If you suddenly receive an email from an entity or a person you rarely deal with, consider this email suspect.
-
-* The message or the attachment asks you to **enable macros, adjust security settings, or install applications**. Normal emails will not ask you to do this.
-
-* The message contains **errors**. Legitimate corporate messages are less likely to have typographic or grammatical errors or contain wrong information.
-
-* The **sender address does not match** the signature on the message itself. For example, an email is purported to be from Mary of Contoso Corp, but the sender address is john@example.com.
-
-* There are **multiple recipients** in the “To” field and they appear to be random addresses. Corporate messages are normally sent directly to individual recipients.
-
-* The greeting on the message itself **does not personally address you**. Apart from messages that mistakenly address a different person, those that misuse your name or pull your name directly from your email address tend to be malicious.
-
-* The website looks familiar but there are **inconsistencies or things that are not quite right** such as outdated logos, typos, or ask users to give additional information that is not asked by legitimate sign-in websites.
-
-* The page that opens is **not a live page** but rather an image that is designed to look like the site you are familiar with. A pop-up may appear that requests credentials.
-
-If in doubt, contact the business by known channels to verify if any suspicious emails are in fact legitimate.
-
-For more information, download and read this Microsoft [e-book on preventing social engineering attacks](https://info.microsoft.com/Protectyourweakestlink.html?ls=social), especially in enterprise environments.
-
-### Software solutions for organizations
-
-* [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) and [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) offer protection from the increasing threat of targeted attacks using Microsoft's industry leading Hyper-V virtualization technology. If a browsed website is deemed untrusted, the Hyper-V container will isolate that device from the rest of your network thereby preventing access to your enterprise data.
-
-* [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies. Using various layers of filtering, EOP can provide different controls for spam filtering, such as bulk mail controls and international spam, that will further enhance your protection services.
-
-* Use [Office 365 Advanced Threat Protection (ATP)](https://products.office.com/exchange/online-email-threat-protection?ocid=cx-blog-mmpc) to help protect your email, files, and online storage against malware. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
-
-For more tips and software solutions, see [prevent malware infection](prevent-malware-infection.md).
-
-## What do I do if I've already been a victim of a phishing scam?
-
-If you feel that you have been a victim of a phishing attack, contact your IT Admin. You should also immediately change all passwords associated with the accounts, and report any fraudulent activity to your bank, credit card company, etc.
+If you feel you've been a victim of a phishing attack, contact your IT admin. Immediately change all passwords associated with the accounts, and report any fraudulent activity to your bank and credit card company.
### Reporting spam
@@ -132,9 +32,109 @@ Submit phishing scam emails to **Microsoft** by sending an email with the scam a
For Outlook and Outlook on the web users, use the **Report Message Add-in** for Microsoft Outlook. For information about how to install and use this tool, see [Enable the Report Message add-in](https://support.office.com/article/4250c4bc-6102-420b-9e0a-a95064837676).
-Send an email with the phishing scam to **The Anti-Phishing Working Group**: reportphishing@apwg.org. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions and law enforcement agencies are involved.
+Send an email with the phishing scam to **The Anti-Phishing Working Group**: reportphishing@apwg.org. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions, and law enforcement agencies are involved.
+
+## How phishing works
-## Where to find more information about phishing attacks
+Phishing attacks are scams that often use social engineering bait or lure content. For example, during tax season bait content can be tax-filing announcements that attempt to lure you into providing personal information such as your SSN or bank account information.
+
+Legitimate-looking communication, usually email, that links to a phishing site is one of the most common methods used in phishing attacks. The phishing site typically mimics sign in pages that require users to input credentials and account information. The phishing site then captures the sensitive information as soon as the user provides it, giving attackers access to the information.
+
+Another common phishing technique is the use of emails that direct you to open a malicious attachment like a PDF file. The attachment often contains a message asking you to sign in to another site, such as email or file sharing websites, to open the document. When you access these phishing sites using your sign-in credentials, the attacker now has access to your information and can gain additional personal information about you.
+
+## Phishing trends and techniques
+
+### Invoice phishing
+
+In this scam, the attacker attempts to lure you with an email stating that you have an outstanding invoice from a known vendor or company. They then provide a link for you to access and pay your invoice. When you access the site, the attacker is poised to steal your personal information and funds.
+
+### Payment/delivery scam
+
+You're asked to provide a credit card or other personal information so that your payment information can be updated with a commonly known vendor or supplier. The update is requested so that you can take delivery of your ordered goods. Generally, you may be familiar with the company and have likely done business with them in the past. However, you aren't aware of any items you have recently purchased from them.
+
+### Tax-themed phishing scams
+
+A common IRS phishing scam is receiving an urgent email letter indicating that you owe money to the IRS. Often the email threatens legal action if you don't access the site in a timely manner and pay your taxes. When you access the site, the attackers can steal your personal credit card or bank information and drain your accounts.
+
+### Downloads
+
+An attacker sends a fraudulent email requesting you to open or download a document, often requiring you to sign in.
+
+### Phishing emails that deliver other threats
+
+Phishing emails are often very effective, so attackers sometimes use them to distribute [ransomware](ransomware-malware.md) through links or attachments in emails. When run, the ransomware encrypts files and displays a ransom note, which asks you to pay a sum of money to access to your files.
+
+We have also seen phishing emails that have links to [tech support scam](support-scams.md) websites. These websites use various scare tactics to trick you into calling hotlines and paying for unnecessary "technical support services" that supposedly fix contrived device, platform, or software problems.
+
+## Targeted attacks against enterprises
+
+### Spear phishing
+
+Spear phishing is a targeted phishing attack that involves highly customized lure content. Attackers will typically do reconnaissance work by surveying social media and other information sources about their intended target.
+
+Spear phishing may involve tricking you into logging into fake sites and divulging credentials. I may also lure you into opening documents by clicking on links that automatically install malware. With this malware in place, attackers can remotely manipulate the infected computer.
+
+The implanted malware serves as the point of entry for a more sophisticated attack, known as an advanced persistent threat (APT). APTs are designed to establish control and steal data over extended periods. Attackers may try to deploy more covert hacking tools, move laterally to other computers, compromise or create privileged accounts, and regularly exfiltrate information from compromised networks.
+
+### Whaling
+
+Whaling is a form of phishing directed at high-level or senior executives within specific companies to gain access to their credentials and/or bank information. The content of the email may be written as a legal subpoena, customer complaint, or other executive issue. This type of attack can also lead to an APT attack within an organization.
+
+### Business email compromise
+
+Business email compromise (BEC) is a sophisticated scam that targets businesses who frequently work with foreign suppliers or do money wire transfers. One of the most common schemes used by BEC attackers involves gaining access to a company’s network through a spear phishing attack. The attacker creates a domain similar to the company they're targeting, or spoofs their email to scam users into releasing personal account information for money transfers.
+
+## How to protect against phishing attacks
+
+Social engineering attacks are designed to take advantage of a user's possible lapse in decision-making. Be aware and never provide sensitive or personal information through email or unknown websites, or over the phone. Remember, phishing emails are designed to appear legitimate.
+
+### Awareness
+
+The best protection is awareness and education. Don’t open attachments or links in unsolicited emails, even if the emails came from a recognized source. If the email is unexpected, be wary about opening the attachment and verify the URL.
+
+Enterprises should educate and train their employees to be wary of any communication that requests personal or financial information. They should also instruct employees to report the threat to the company’s security operations team immediately.
+
+Here are several telltale signs of a phishing scam:
+
+* The links or URLs provided in emails are **not pointing to the correct location** or are pointing to a third-party site not affiliated with the sender of the email. For example, in the image below the URL provided doesn't match the URL that you'll be taken to.
+
+ 
+
+* There's a **request for personal information** such as social security numbers or bank or financial information. Official communications won't generally request personal information from you in the form of an email.
+
+* **Items in the email address will be changed** so that it is similar enough to a legitimate email address, but has added numbers or changed letters.
+
+* The message is **unexpected and unsolicited**. If you suddenly receive an email from an entity or a person you rarely deal with, consider this email suspect.
+
+* The message or the attachment asks you to **enable macros, adjust security settings, or install applications**. Normal emails won't ask you to do this.
+
+* The message contains **errors**. Legitimate corporate messages are less likely to have typographic or grammatical errors or contain wrong information.
+
+* The **sender address doesn't match the signature** on the message itself. For example, an email is purported to be from Mary of Contoso Corp, but the sender address is john@example.com.
+
+* There are **multiple recipients** in the “To” field and they appear to be random addresses. Corporate messages are normally sent directly to individual recipients.
+
+* The greeting on the message itself **doesn't personally address you**. Apart from messages that mistakenly address a different person, greetings that misuse your name or pull your name directly from your email address tend to be malicious.
+
+* The website looks familiar but there are **inconsistencies or things that aren't quite right**. Warning signs include outdated logos, typos, or ask users to give additional information that is not asked by legitimate sign-in websites.
+
+* The page that opens is **not a live page**, but rather an image that is designed to look like the site you are familiar with. A pop-up may appear that requests credentials.
+
+If in doubt, contact the business by known channels to verify if any suspicious emails are in fact legitimate.
+
+For more information, download and read this Microsoft [e-book on preventing social engineering attacks](https://info.microsoft.com/Protectyourweakestlink.html?ls=social), especially in enterprise environments.
+
+### Software solutions for organizations
+
+* [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) and [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) offer protection from the increasing threat of targeted attacks using Microsoft's industry-leading Hyper-V virtualization technology. If a browsed website is deemed untrusted, the Hyper-V container will isolate that device from the rest of your network thereby preventing access to your enterprise data.
+
+* [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies. Using various layers of filtering, EOP can provide different controls for spam filtering, such as bulk mail controls and international spam, that will further enhance your protection services.
+
+* Use [Office 365 Advanced Threat Protection (ATP)](https://products.office.com/exchange/online-email-threat-protection?ocid=cx-blog-mmpc) to help protect your email, files, and online storage against malware. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
+
+For more tips and software solutions, see [prevent malware infection](prevent-malware-infection.md).
+
+## More information about phishing attacks
For information on the latest phishing attacks, techniques, and trends, you can read these entries on the [Microsoft Security blog](https://www.microsoft.com/security/blog/product/windows/):
diff --git a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
new file mode 100644
index 0000000000..df44f6142a
--- /dev/null
+++ b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
@@ -0,0 +1,89 @@
+---
+title: Troubleshoot MSI portal errors caused by admin block
+description: Troubleshoot MSI portal errors
+ms.reviewer:
+keywords: security, sample submission help, malware file, virus file, trojan file, submit, send to Microsoft, submit a sample, virus, trojan, worm, undetected, doesn’t detect, email microsoft, email malware, I think this is malware, I think it's a virus, where can I send a virus, is this a virus, MSE, doesn’t detect, no signature, no detection, suspect file, MMPC, Microsoft Malware Protection Center, researchers, analyst, WDSI, security intelligence
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+search.appverid: met150
+---
+
+# Troubleshooting malware submission errors caused by administrator block
+In some instances, an administrator block might cause submission issues when you try to submit a potentially infected file to the [Microsoft Security intelligence website](https://www.microsoft.com/wdsi) for analysis. The following process shows how to resolve this.
+
+## Review your settings
+Open your Azure [Enterprise application settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/). Under **Enterprise Applications** > **Users can consent to apps accessing company data on their behalf**, check whether Yes or No is selected.
+
+- If this is set to **No**, an AAD administrator for the customer tenant will need to provide consent for the organization. Depending on the configuration with AAD, users might be able to submit a request right from the same dialog box. If there’s no option to ask for admin consent, users need to request for these permissions to be added to their AAD admin. Go to the following section for more information.
+
+- It this is set to **Yes**, ensure the Windows Defender Security Intelligence app setting **Enabled for users to sign-in?** is set to **Yes** [in Azure](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d). If this is set to **No** you'll need to request an AAD admin enable it.
+
+## Implement Required Enterprise Application permissions
+This process requires a global or application admin in the tenant.
+ 1. Open [Enterprise Application settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Permissions/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d).
+ 2. Click **Grant admin consent for organization**.
+ 3. If you're able to do so, Review the API permissions required for this application. This should be exactly the same as in the following image. Provide consent for the tenant.
+
+ 
+
+ 4. If the administrator receives an error while attempting to provide consent manually, try either [Option 1](#option-1-approve-enterprise-application-permissions-by-user-request) or [Option 2](#option-2-provide-admin-consent-by-authenticating-the-application-as-an-admin) as possible workarounds.
+
+## Option 1 Approve enterprise application permissions by user request
+> [!Note]
+> This is currently a preview feature.
+
+Azure Active Directory admins will need to allow for users to request admin consent to apps. Verify the setting is configured to **Yes** in [Enterprise applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/).
+
+
+
+More information is available in [Configure Admin consent workflow](https://docs.microsoft.com/azure/active-directory/manage-apps/configure-admin-consent-workflow).
+
+Once this setting is verified, users can go through the enterprise customer sign-in at [Microsoft security intelligence](https://www.microsoft.com/wdsi/filesubmission), and submit a request for admin consent, including justification.
+
+
+
+Admin will be able to review and approve the application permissions [Azure admin consent requests](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AccessRequests/menuId/).
+
+After providing consent, all users in the tenant will be able to use the application.
+
+## Option 2 Provide admin consent by authenticating the application as an admin
+This process requires that global admins go through the Enterprise customer sign-in flow at [Microsoft security intelligence](https://www.microsoft.com/wdsi/filesubmission).
+
+
+
+Then, admins review the permissions and make sure to select **Consent on behalf of your organization**, and click **Accept**.
+
+All users in the tenant will now be able to use this application.
+
+## Option 3: Delete and re-add app permissions
+If neither of these options resolve the issue, try the following steps (as an admin):
+
+1. Remove previous configurations for the application. Go to [Enterprise applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/982e94b2-fea9-4d1f-9fca-318cda92f90b)
+and click **delete**.
+
+ 
+
+2. Capture TenantID from [Properties](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties).
+
+3. Replace {tenant-id} with the specific tenant that needs to grant consent to this application in the URL below. Copy this URL into browser. The rest of the parameters are already completed.
+``https://login.microsoftonline.com/{tenant-id}/v2.0/adminconsent?client_id=f0cf43e5-8a9b-451c-b2d5-7285c785684d&state=12345&redirect_uri=https%3a%2f%2fwww.microsoft.com%2fwdsi%2ffilesubmission&scope=openid+profile+email+offline_access``
+
+ 
+
+4. Review the permissions required by the application, and then click **Accept**.
+
+5. Confirm the permissions are applied in the [Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Permissions/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/ce60a464-5fca-4819-8423-bcb46796b051).
+
+ 
+
+6. Sign in to [Microsoft security intelligence](https://www.microsoft.com/wdsi/filesubmission) as an enterprise user with a non-admin account to see if you have access.
+
+ If the warning is not resolved after following these troubleshooting steps, call Microsoft support.
diff --git a/windows/security/threat-protection/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md
index b91211e7da..2936cf36c4 100644
--- a/windows/security/threat-protection/intelligence/ransomware-malware.md
+++ b/windows/security/threat-protection/intelligence/ransomware-malware.md
@@ -31,7 +31,7 @@ Most ransomware infections start with:
Once ransomware infects a device, it starts encrypting files, folders, entire hard drive partitions using encryption algorithms like RSA or RC4.
-Ransomware is one of the most lucrative revenue channels for cybercriminals, so malware authors continually improve their malware code to better target enterprise environments. Ransomware-as-a-service is a cybercriminal business model in which malware creators sell their ransomware and other services to cybercriminals, who then operate the ransomware attacks. The business model also defines profit sharing between the malware creators, ransomware operators, and other parties that may be involved. For cybercriminals, ransomware is a big business, at the expense of individuals and businesses.
+Ransomware is one of the most lucrative revenue channels for cybercriminals, so malware authors continually improve their malware code to better target enterprise environments. Ransomware-as-a-service is a cybercriminal business model where malware creators sell their ransomware and other services to cybercriminals, who then operate the ransomware attacks. The business model also defines profit sharing between the malware creators, ransomware operators, and other parties that may be involved. For cybercriminals, ransomware is big business at the expense of individuals and businesses.
### Examples
@@ -43,9 +43,9 @@ Sophisticated ransomware like **Spora**, **WannaCrypt** (also known as WannaCry)
* A Petya variant exploits the same vulnerability, in addition to CVE-2017-0145 (also known as EternalRomance), and uses stolen credentials to move laterally across networks.
-Older ransomware like **Reveton** locks screens instead of encrypting files. They display a full screen image and then disable Task Manager. The files are safe, but they are effectively inaccessible. The image usually contains a message claiming to be from law enforcement that says the computer has been used in illegal cybercriminal activities and fine needs to be paid. Because of this, Reveton is nicknamed "Police Trojan" or "Police ransomware".
+Older ransomware like **Reveton** (nicknamed "Police Trojan" or "Police ransomware") locks screens instead of encrypting files. They display a full screen image and then disable Task Manager. The files are safe, but they're effectively inaccessible. The image usually contains a message claiming to be from law enforcement that says the computer has been used in illegal cybercriminal activities and a fine needs to be paid.
-Ransomware like **Cerber** and **Locky** search for and encrypt specific file types, typically document and media files. When the encryption is complete, the malware leaves a ransom note using text, image, or an HTML file with instructions to pay a ransom to recover files.
+Ransomware like **Cerber** and **Locky** search for and encrypt specific file types, typically document and media files. When the encryption is complete, the malware leaves a ransom note using text, image, or an HTML file with instructions to pay a ransom to recover files.
**Bad Rabbit** ransomware was discovered attempting to spread across networks using hardcoded usernames and passwords in brute force attacks.
diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md
index ad80fad7fe..f5ea7e21b2 100644
--- a/windows/security/threat-protection/intelligence/rootkits-malware.md
+++ b/windows/security/threat-protection/intelligence/rootkits-malware.md
@@ -17,15 +17,15 @@ search.appverid: met150
---
# Rootkits
-Malware authors use rootkits to hide malware on your device, allowing malware to persist as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. During this time it will steal information and resources.
+Malware authors use rootkits to hide malware on your device, allowing malware to persist as long as possible. A successful rootkit can potentially remain in place for years if it's undetected. During this time, it will steal information and resources.
## How rootkits work
Rootkits intercept and change standard operating system processes. After a rootkit infects a device, you can’t trust any information that device reports about itself.
-For example, if you were to ask a device to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn’t want you to know about. Rootkits are all about hiding things. They want to hide both themselves and their malicious activity on a device.
+If you were to ask a device to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn’t want you to know about. Rootkits are all about hiding things. They want to hide both themselves and their malicious activity on a device.
-Many modern malware families use rootkits to try and avoid detection and removal, including:
+Many modern malware families use rootkits to try to avoid detection and removal, including:
* [Alureon](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fAlureon)
@@ -53,12 +53,12 @@ For more general tips, see [prevent malware infection](prevent-malware-infection
### What if I think I have a rootkit on my device?
-Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your device and your antimalware software isn’t detecting it, you might need an extra tool that lets you boot to a known trusted environment.
+Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you have a rootkit that your antimalware software isn’t detecting, you may need an extra tool that lets you boot to a known trusted environment.
-[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection.
+[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly because of a possible malware infection.
[System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity.
### What if I can’t remove a rootkit?
-If the problem persists, we strongly recommend reinstalling the operating system and security software. You should then restore your data from a backup.
+If the problem persists, we strongly recommend reinstalling the operating system and security software. Then restore your data from a backup.
diff --git a/windows/security/threat-protection/intelligence/submission-guide.md b/windows/security/threat-protection/intelligence/submission-guide.md
index 7b4028fb4a..7e771ce477 100644
--- a/windows/security/threat-protection/intelligence/submission-guide.md
+++ b/windows/security/threat-protection/intelligence/submission-guide.md
@@ -26,7 +26,7 @@ You can send us files that you think might be malware or files that have been in
We receive a large number of samples from many sources. Our analysis is prioritized by the number of file detections and the type of submission. You can help us complete a quick analysis by providing detailed information about the product you were using and what you were doing when you found the file.
-If you sign in before you submit a sample, you will be able to track your submissions.
+After you sign in, you will be able to track your submissions.
## Can I send a sample by email?
@@ -34,9 +34,7 @@ No, we only accept submissions through our [sample submission portal](https://ww
## Can I submit a sample without signing in?
-Yes, you many submit a file as an anonymous home customer. You will get a link to a webpage where you can view the status of the submission.
-
-If you're an enterprise customer, you need to sign in so that we can prioritize your submission appropriately. If you are currently experiencing a virus outbreak or security-related incident, you should contact your designated Microsoft support professional or go to [Microsoft Support](https://support.microsoft.com/) for immediate assistance.
+No. If you're an enterprise customer, you need to sign in so that we can prioritize your submission appropriately. If you are currently experiencing a virus outbreak or security-related incident, you should contact your designated Microsoft support professional or go to [Microsoft Support](https://support.microsoft.com/) for immediate assistance.
## What is the Software Assurance ID (SAID)?
@@ -52,9 +50,7 @@ We encourage all software vendors and developers to read about [how Microsoft id
## How do I track or view past sample submissions?
-You can track your submissions through the [submission history page](https://www.microsoft.com/wdsi/submissionhistory). Your submission will only appear on this page if you were signed in when you submitted it.
-
-If you’re not signed in when you submit a sample, you will be redirected to a tracking page. Bookmark this page if you want to come back and check on the status of your submission.
+You can track your submissions through the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
## What does the submission status mean?
@@ -66,7 +62,7 @@ Each submission is shown to be in one of the following status types:
* Closed—a final determination has been given by an analyst
-If you are signed in, you can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
+You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
## How does Microsoft prioritize submissions
diff --git a/windows/security/threat-protection/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md
index 8544b43d61..5ecbd9a101 100644
--- a/windows/security/threat-protection/intelligence/support-scams.md
+++ b/windows/security/threat-protection/intelligence/support-scams.md
@@ -63,6 +63,6 @@ It is also important to keep the following in mind:
Help Microsoft stop scammers, whether they claim to be from Microsoft or from another tech company, by reporting tech support scams:
-www.microsoft.com/reportascam
+www.microsoft.com/reportascam
You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/wdsi/support/report-unsafe-site) or using built in web browser functionality.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
index e9fd6a400e..a0e3d27f66 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
@@ -3,7 +3,6 @@ title: What to do with false positives/negatives in Microsoft Defender Antivirus
description: Did Microsoft Defender Antivirus miss or wrongly detect something? Find out what you can do.
keywords: Microsoft Defender Antivirus, false positives, false negatives, exclusions
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md
index 691027c34e..072cc3c421 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md
@@ -3,7 +3,6 @@ title: Collect diagnostic data for Update Compliance and Windows Defender Micros
description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Microsoft Defender Antivirus Assessment add in
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
index 876f707fc7..9c9ec19ea9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
@@ -3,7 +3,6 @@ title: Collect diagnostic data of Microsoft Defender Antivirus
description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender av
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md
index 0286462e81..8bf5563e09 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md
@@ -3,17 +3,16 @@ title: Use the command line to manage Microsoft Defender Antivirus
description: Run Microsoft Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility.
keywords: run windows defender scan, run antivirus scan from command line, run windows defender scan from command line, mpcmdrun, defender
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.reviewer: ksarens
manager: dansimp
+ms.date: 08/17/2020
---
# Configure and manage Microsoft Defender Antivirus with the mpcmdrun.exe command-line tool
@@ -31,11 +30,12 @@ You can perform various Microsoft Defender Antivirus functions with the dedicate
The utility has the following commands:
-```DOS
+```console
MpCmdRun.exe [command] [-options]
```
Here's an example:
-```
+
+```console
MpCmdRun.exe -Scan -ScanType 2
```
@@ -55,6 +55,22 @@ MpCmdRun.exe -Scan -ScanType 2
| `-ListAllDynamicSignatures` | Lists the loaded dynamic Security intelligence |
| `-RemoveDynamicSignature [-SignatureSetID]` | Removes dynamic Security intelligence |
| `-CheckExclusion -path ` | Checks whether a path is excluded |
+| `-ValidateMapsConnection` | Verifies that your network can communicate with the Microsoft Defender Antivirus cloud service. This command will only work on Windows 10, version 1703 or higher.|
+
+
+## Common errors in running commands via mpcmdrun.exe
+
+|Error message | Possible reason
+|:----|:----|
+| `ValidateMapsConnection failed (800106BA) or 0x800106BA` | The Microsoft Defender Antivirus service is disabled. Enable the service and try again. **Note:** In Windows 10 1909 or older, and Windows Server 2019 or older, the service used to be called "Windows Defender Antivirus" service.|
+| `0x80070667` | You're running the `-ValidateMapsConnection` command from a computer that is Windows 10 version 1607 or older, or Windows Server 2016 or older. Run the command from a machine that is Windows 10 version 1703 or newer, or Windows Server 2019 or newer.|
+| `'MpCmdRun' is not recognized as an internal or external command, operable program or batch file.` | The tool needs to be run from either: `%ProgramFiles%\Windows Defender` or `C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.4-0` (where `2008.4-0` might differ since platform updates are monthly except for December)|
+| `ValidateMapsConnection failed to establish a connection to MAPS (hr=80070005 httpcode=450)` | Not enough privileges. Use the command prompt (cmd.exe) as an administrator.|
+| `ValidateMapsConnection failed to establish a connection to MAPS (hr=80070006 httpcode=451)` | The firewall is blocking the connection or conducting SSL inspection. |
+| `ValidateMapsConnection failed to establish a connection to MAPS (hr=80004005 httpcode=450)` | Possible network-related issues, like name resolution problems|
+| `ValidateMapsConnection failed to establish a connection to MAPS (hr=0x80508015` | The firewall is blocking the connection or conducting SSL inspection. |
+| `ValidateMapsConnection failed to establish a connection to MAPS (hr=800722F0D` | The firewall is blocking the connection or conducting SSL inspection. |
+| `ValidateMapsConnection failed to establish a connection to MAPS (hr=80072EE7 httpcode=451)` | The firewall is blocking the connection or conducting SSL inspection. |
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
index 7be3761332..53d9dc6877 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Common mistakes to avoid when defining exclusions
description: Avoid common mistakes when defining exclusions for Microsoft Defender Antivirus scans.
keywords: exclusions, files, extension, file type, folder name, file name, scans
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md
index 9ca273c668..ac38745a10 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Manage Windows Defender in your business
description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Microsoft Defender AV
keywords: group policy, gpo, config manager, sccm, scep, powershell, wmi, intune, defender, antivirus, antimalware, security, protection
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md
index 3464a06430..9800bbf096 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md
@@ -7,7 +7,6 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
@@ -23,13 +22,11 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-**Use Microsoft Intune to configure scanning options**
+## Use Microsoft Intune to configure scanning options
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details.
-
-
-## Use Microsoft Endpoint Configuration Manager to configure scanning options:
+## Use Microsoft Endpoint Configuration Manager to configure scanning options
See [How to create and deploy antimalware policies: Scan settings](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring Microsoft Endpoint Configuration Manager (current branch).
@@ -70,6 +67,8 @@ See [Manage Microsoft Defender Antivirus with PowerShell cmdlets](use-powershell
For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx).
+
+
## Email scanning limitations
Email scanning enables scanning of email files used by Outlook and other mail clients during on-demand and scheduled scans. Embedded objects within an email file (such as attachments and archived files) are also scanned. The following file format types can be scanned and remediated:
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
index 5fb8feab26..057535efc0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
@@ -1,26 +1,25 @@
---
title: Enable Block at First Sight to detect malware in seconds
-description: Enable the Block at First sight feature to detect and block malware within seconds, and validate that it is configured correctly.
+description: Turn on the block at first sight feature to detect and block malware within seconds, and validate that it is configured correctly.
keywords: scan, BAFS, malware, first seen, first sight, cloud, defender
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
+ms.localizationpriority: high
author: denisebmsft
ms.author: deniseb
ms.reviewer:
manager: dansimp
ms.custom: nextgen
+ms.date: 08/26/2020
---
-# Enable block at first sight
+# Turn on block at first sight
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Microsoft Defender Antivirus
Block at first sight provides a way to detect and block new malware within seconds. This protection is enabled by default when certain prerequisite settings are also enabled. In most cases, these prerequisite settings are also enabled by default, so the feature is running without any intervention.
@@ -31,12 +30,12 @@ You can [specify how long the file should be prevented from running](configure-c
## How it works
-When Microsoft Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or clean.
+When Microsoft Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or not a threat.
-Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
+Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, intelligent, and real-time protection. To learn more, see this blog: [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
-In Windows 10, version 1803, block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
+In Windows 10, version 1803 or later, block at first sight can block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
Block at first sight only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or that originate from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
@@ -44,11 +43,11 @@ If the cloud backend is unable to make a determination, Microsoft Defender Antiv
In many cases, this process can reduce the response time for new malware from hours to seconds.
-## Confirm and validate that block at first sight is enabled
+## Confirm and validate that block at first sight is turned on
Block at first sight requires a number of settings to be configured correctly or it will not work. These settings are enabled by default in most enterprise Microsoft Defender Antivirus deployments.
-### Confirm block at first sight is enabled with Intune
+### Confirm block at first sight is turned on with Intune
1. In Intune, navigate to **Device configuration - Profiles** > *Profile name* > **Device restrictions** > **Microsoft Defender Antivirus**.
@@ -71,7 +70,7 @@ For more information about configuring Microsoft Defender Antivirus device restr
For a list of Microsoft Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus).
-### Enable block at first sight with Microsoft Endpoint Configuration Manager
+### Turn on block at first sight with Microsoft Endpoint Configuration Manager
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **AntiMalware Policies**.
@@ -88,13 +87,12 @@ For a list of Microsoft Defender Antivirus device restrictions in Intune, see [D
5. Click **Advanced**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
-6. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking malicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds.
+6. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking suspicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds.
7. Click **OK** to create the policy.
-
-### Confirm block at first sight is enabled with Group Policy
+### Confirm block at first sight is turned on with Group Policy
1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@@ -102,9 +100,9 @@ For a list of Microsoft Defender Antivirus device restrictions in Intune, see [D
3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **MAPS**, configure the following Group Policies, and then click **OK**:
- - Double-click **Join Microsoft MAPS** and ensure the option is set to **Enabled**. Click **OK**.
+ 1. Double-click **Join Microsoft MAPS** and ensure the option is set to **Enabled**. Click **OK**.
- - Double-click **Send file samples when further analysis is required** and ensure the option is set to **Enabled** and the additional options are either **Send safe samples (1)** or **Send all samples (3)**.
+ 2. Double-click **Send file samples when further analysis is required** and ensure the option is set to **Enabled** and the additional options are either **Send safe samples (1)** or **Send all samples (3)**.
> [!WARNING]
> Setting to **Always prompt (0)** will lower the protection state of the device. Setting to **Never send (2)** means block at first sight will not function.
@@ -115,24 +113,32 @@ For a list of Microsoft Defender Antivirus device restrictions in Intune, see [D
2. Double-click **Turn off real-time protection** and ensure the option is set to **Disabled**, and then click **OK**.
-If you had to change any of the settings, you should re-deploy the Group Policy Object across your network to ensure all endpoints are covered.
+5. In the **Group Policy Management Editor**, expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **MpEngine**:
-### Confirm block at first sight is enabled with Registry editor
+ 1. Double-click **Select cloud protection level** and ensure the option is set to **Enabled**.
+
+ 2. Ensure that **Select cloud blocking level** section on the same page is set to **High blocking level**, and then click **OK**.
+
+If you had to change any of the settings, you should redeploy the Group Policy Object across your network to ensure all endpoints are covered.
+
+### Confirm block at first sight is turned on with Registry editor
1. Start Registry Editor.
-2. Go to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet**, and make sure that
+2. Go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet`, and make sure that
1. **SpynetReporting** key is set to **1**
2. **SubmitSamplesConsent** key is set to either **1** (Send safe samples) or **3** (Send all samples)
-3. Go to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection**, and make sure that
+3. Go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection`, and make sure that
1. **DisableIOAVProtection** key is set to **0**
2. **DisableRealtimeMonitoring** key is set to **0**
-
+
+4. Go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\MpEngine`, and make sure that the **MpCloudBlockLevel** key is set to **2**
+
### Confirm Block at First Sight is enabled on individual clients
You can confirm that block at first sight is enabled on individual clients using Windows security settings.
@@ -154,14 +160,14 @@ Block at first sight is automatically enabled as long as **Cloud-delivered prote
You can validate that the feature is working by following the steps outlined in [Validate connections between your network and the cloud](configure-network-connections-microsoft-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud).
-## Disable block at first sight
+## Turn off block at first sight
> [!WARNING]
-> Disabling block at first sight will lower the protection state of the endpoint and your network.
+> Turning off block at first sight will lower the protection state of the endpoint and your network.
You may choose to disable block at first sight if you want to retain the prerequisite settings without using block at first sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network.
-### Disable block at first sight with Group Policy
+### Turn off block at first sight with Group Policy
1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure, and then click **Edit**.
@@ -172,9 +178,10 @@ You may choose to disable block at first sight if you want to retain the prerequ
4. Double-click **Configure the 'Block at First Sight' feature** and set the option to **Disabled**.
> [!NOTE]
- > Disabling block at first sight will not disable or alter the prerequisite group policies.
+ > Disabling block at first sight does not disable or alter the prerequisite group policies.
-## Related topics
+## See also
- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
+
- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md
index 7840be58fc..9ef91f163b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Configure the Microsoft Defender AV cloud block timeout period
description: You can configure how long Microsoft Defender Antivirus will block a file from running while waiting for a cloud determination.
keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, timeout, block, period, seconds
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -15,14 +14,13 @@ ms.custom: nextgen
ms.date: 09/03/2018
ms.reviewer:
manager: dansimp
-ms.custom: nextgen
---
# Configure the cloud block timeout period
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Microsoft Defender Antivirus
When Microsoft Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Microsoft Defender Antivirus cloud service](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md).
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md
index b7af3e0452..0c3ce33cac 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Configure how users can interact with Microsoft Defender AV
description: Configure how end-users interact with Microsoft Defender AV, what notifications they see, and if they can override settings.
keywords: endpoint, user, interaction, notifications, ui lockdown mode, headless mode, hide interface
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -12,7 +11,6 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
-ms.date: 09/03/2018
ms.reviewer:
manager: dansimp
---
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
index 0e81659418..e7d0bb0417 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Set up exclusions for Microsoft Defender AV scans
description: You can exclude files (including files modified by specified processes) and folders from being scanned by Microsoft Defender AV. Validate your exclusions with PowerShell.
keywords:
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index bbbbe12908..d9e2707453 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Configure and validate exclusions based on extension, name, or location
description: Exclude files from Microsoft Defender Antivirus scans based on their file extension, file name, or location.
keywords: exclusions, files, extension, file type, folder name, file name, scans
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md
index 16fc08a832..e77c12eda2 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Configure local overrides for Microsoft Defender AV settings
description: Enable or disable users from locally changing settings in Microsoft Defender AV.
keywords: local override, local policy, group policy, gpo, lockdown,merge, lists
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
index 3f6f29e47b..c705e4b465 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
@@ -3,7 +3,6 @@ title: Configure Microsoft Defender Antivirus features
description: You can configure Microsoft Defender Antivirus features with Intune, Microsoft Endpoint Configuration Manager, Group Policy, and PowerShell.
keywords: Microsoft Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Endpoint Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
index 3f3d1f0b07..53f708d925 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Configure and validate Microsoft Defender Antivirus network connections
description: Configure and test your connection to the Microsoft Defender Antivirus cloud protection service.
keywords: antivirus, Microsoft Defender Antivirus, antimalware, security, defender, cloud, aggressiveness, protection level
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -21,7 +20,7 @@ manager: dansimp
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Microsoft Defender Antivirus
To ensure Microsoft Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md
index 57a0ea6f0e..db3e3a162e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md
@@ -1,9 +1,8 @@
---
title: Configure Microsoft Defender Antivirus notifications
-description: Configure and customize Microsoft Defender Antivirus notifications.
+description: Learn how to configure and customize both standard and additional Microsoft Defender Antivirus notifications on endpoints.
keywords: notifications, defender, antivirus, endpoint, management, admin
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 9fb92406dc..31d62322c4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Configure exclusions for files opened by specific processes
description: You can exclude files from scans if they have been opened by a specific process.
keywords: Microsoft Defender Antivirus, process, exclusion, files, scans
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md
index 2f09169a15..20f94ac46b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Enable and configure Microsoft Defender Antivirus protection features
description: Enable behavior-based, heuristic, and real-time protection in Microsoft Defender AV.
keywords: heuristic, machine-learning, behavior monitor, real-time protection, always-on, Microsoft Defender Antivirus, antimalware, security, defender
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md
index 727463b3d6..6bcef11259 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Enable and configure Microsoft Defender Antivirus protection capabilities
description: Enable and configure Microsoft Defender Antivirus real-time protection features such as behavior monitoring, heuristics, and machine-learning
keywords: antivirus, real-time protection, rtp, machine-learning, behavior monitoring, heuristics
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md
index 65400ddb8c..8b66efba75 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Remediate and resolve infections detected by Microsoft Defender Antivirus
description: Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder
keywords: remediation, fix, remove, threats, quarantine, scan, restore
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
index 756e4191f5..ab7fa39e3c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
@@ -5,7 +5,6 @@ manager: dansimp
description: Windows Servers 2016 and 2019 include automatic exclusions, based on server role. You can also add custom exclusions.
keywords: exclusions, server, auto-exclusions, automatic, custom, scans, Microsoft Defender Antivirus
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -18,10 +17,6 @@ ms.custom: nextgen
# Configure Microsoft Defender Antivirus exclusions on Windows Server
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
Microsoft Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
> [!NOTE]
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md
index 0a108f47da..440b53b85c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Run and customize scheduled and on-demand scans
description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network.
keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Microsoft Defender Antivirus
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
index 0a108f47da..440b53b85c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Run and customize scheduled and on-demand scans
description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network.
keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Microsoft Defender Antivirus
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
index b9406da6f4..0036dd3c81 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Deploy, manage, and report on Microsoft Defender Antivirus
description: You can deploy and manage Microsoft Defender Antivirus with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, or WMI
keywords: deploy, manage, update, protection, Microsoft Defender Antivirus
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md
index 6e0bb71ecc..56d1a243c9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Deploy and enable Microsoft Defender Antivirus
description: Deploy Microsoft Defender Antivirus for protection of your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or WMI.
keywords: deploy, enable, Microsoft Defender Antivirus
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
index a906762b9a..c2f2824510 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Microsoft Defender Antivirus Virtual Desktop Infrastructure deployment gu
description: Learn how to deploy Microsoft Defender Antivirus in a virtual desktop environment for the best balance between protection and performance.
keywords: vdi, hyper-v, vm, virtual machine, windows defender, antivirus, av, virtual desktop, rds, remote desktop
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 40994831c4..70611a2a36 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Block potentially unwanted applications with Microsoft Defender Antivirus
description: Enable the potentially unwanted application (PUA) antivirus feature to block unwanted software such as adware.
keywords: pua, enable, unwanted software, unwanted apps, adware, browser toolbar, detect, block, Microsoft Defender Antivirus
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: detect
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
@@ -26,7 +24,7 @@ manager: dansimp
- [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge)
> [!NOTE]
-> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might not be be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices.
+> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices.
Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
index 84f310871d..b7bbdb27fb 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Enable cloud-delivered protection in Microsoft Defender Antivirus
description: Enable cloud-delivered protection to benefit from fast and advanced protection features.
keywords: Microsoft Defender Antivirus, antimalware, security, cloud, block at first sight
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
@@ -20,12 +18,12 @@ ms.custom: nextgen
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Microsoft Defender Antivirus
> [!NOTE]
> The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
-Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
+Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
You can enable or disable Microsoft Defender Antivirus cloud-delivered protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
index 1c2dec92b5..f6fcbbbeda 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Evaluate Microsoft Defender Antivirus
description: Businesses of all sizes can use this guide to evaluate and test the protection offered by Microsoft Defender Antivirus in Windows 10.
keywords: Microsoft Defender Antivirus, cloud protection, cloud, antimalware, security, defender, evaluate, test, protection, compare, real-time protection
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
@@ -31,7 +29,7 @@ Use this guide to determine how well Microsoft Defender Antivirus protects you f
>- Fast learning (including Block at first sight)
>- Potentially unwanted application blocking
-It explains the important next generation protection features of Microsoft Defender Antivirus available for both small and large enterprises, and how they increase malware detection and protection across your network.
+It explains the important next-generation protection features of Microsoft Defender Antivirus available for both small and large enterprises, and how they increase malware detection and protection across your network.
You can choose to configure and evaluate each setting independently, or all at once. We have grouped similar settings based upon typical evaluation scenarios, and include instructions for using PowerShell to enable the settings.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-MEM.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-MEM.png
new file mode 100644
index 0000000000..0b0516183a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-antivirus/images/turnontamperprotect-MEM.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md
index 545f77a114..75c974ae9b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Enable the limited periodic Microsoft Defender Antivirus scanning feature
description: Limited periodic scanning lets you use Microsoft Defender Antivirus in addition to your other installed AV providers
keywords: lps, limited, periodic, scan, scanning, compatibility, 3rd party, other av, disable
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
index c29455e452..8b91ba2fde 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Apply Microsoft Defender Antivirus updates after certain events
description: Manage how Microsoft Defender Antivirus applies security intelligence updates after startup or receiving cloud-delivered detection reports.
keywords: updates, protection, force updates, events, startup, check for latest, notifications
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md
index 8956c31df7..690a9eee6a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Apply Microsoft Defender AV protection updates to out of date endpoints
description: Define when and how updates should be applied for endpoints that have not updated in a while.
keywords: updates, protection, out-of-date, outdated, old, catch-up
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md
index 5ba75a3387..b626c962ef 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Schedule Microsoft Defender Antivirus protection updates
description: Schedule the day, time, and interval for when protection updates should be downloaded
keywords: updates, security baselines, schedule updates
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
search.appverid: met150
ms.mktglfcycl: manage
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
index 58e3fd0a6f..38a6d28737 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Manage how and where Microsoft Defender AV receives updates
description: Manage the fallback order for how Microsoft Defender Antivirus receives protection updates.
keywords: updates, security baselines, protection, fallback order, ADL, MMPC, UNC, file path, share, wsus
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index f730a9670c..6f73b79b2b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Manage Microsoft Defender Antivirus updates and apply baselines
description: Manage how Microsoft Defender Antivirus receives protection and product updates.
keywords: updates, security baselines, protection, schedule updates, force updates, mobile updates, wsus
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md
index fb9cbcf454..86217f98d9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Define how mobile devices are updated by Microsoft Defender AV
description: Manage how mobile devices, such as laptops, should be updated with Microsoft Defender AV protection updates.
keywords: updates, protection, schedule updates, battery, mobile device, laptop, notebook, opt-in, microsoft update, wsus, override
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index cdb56d3bf7..200a5cd47a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -7,13 +7,13 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.reviewer:
manager: dansimp
+ms.date: 08/26/2020
---
# Microsoft Defender Antivirus compatibility
@@ -27,7 +27,7 @@ manager: dansimp
Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection.
- If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode.
- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.)
-- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in private preview) enabled, then Microsoft Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack.
+- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in preview) enabled, then whenever a malicious artifact is detected, Microsoft Defender ATP takes action to block and remediate the artifact.
## Antivirus and Microsoft Defender ATP
@@ -97,3 +97,5 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir
- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
- [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md)
- [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md)
+- [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure)
+- [Configure Endpoint Protection on a standalone client](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure-standalone-client)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
index 4be2a05301..a8686a586b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
@@ -3,7 +3,6 @@ title: Next-generation protection in Windows 10, Windows Server 2016, and Window
description: Learn how to manage, configure, and use Microsoft Defender AV, the built-in antimalware and antivirus product available in Windows 10 and Windows Server 2016
keywords: Microsoft Defender Antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -21,7 +20,7 @@ ms.custom: nextgen
**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
## Microsoft Defender Antivirus: Your next-generation protection
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
index 2108fffbab..a4a959b83d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
@@ -1,13 +1,12 @@
---
title: Microsoft Defender Antivirus on Windows Server 2016 and 2019
-description: Enable and configure Microsoft Defender AV on Windows Server 2016 and 2019
+description: Learn how to enable and configure Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019.
keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
@@ -20,7 +19,8 @@ manager: dansimp
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Windows Server 2016
+- Windows Server 2019
Microsoft Defender Antivirus is available on Windows Server 2016 and Windows Server 2019. In some instances, Microsoft Defender Antivirus is referred to as Endpoint Protection; however, the protection engine is the same.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md
index 0a396c5667..e824427101 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md
@@ -3,7 +3,6 @@ title: Microsoft Defender Offline in Windows 10
description: You can use Microsoft Defender Offline straight from the Windows Defender Antivirus app. You can also manage how it is deployed in your network.
keywords: scan, defender, offline
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
index 1bb6d1137c..d32346b285 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
@@ -3,7 +3,6 @@ title: Microsoft Defender Antivirus in the Windows Security app
description: With Microsoft Defender AV now included in the Windows Security app, you can review, compare, and perform common tasks.
keywords: wdav, antivirus, firewall, security, windows
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
index 58f370b7dd..55931f992b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: "Better together - Microsoft Defender Antivirus and Office 365 (including
description: "Office 365, which includes OneDrive, goes together wonderfully with Microsoft Defender Antivirus. Read this article to learn more."
keywords: windows defender, antivirus, office 365, onedrive, restore, ransomware
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 3d058b3d8f..3b5daf6c6c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -9,12 +9,12 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
+ms.date: 08/31/2020
---
# Protect security settings with tamper protection
@@ -28,6 +28,7 @@ ms.custom: nextgen
During some kinds of cyber attacks, bad actors try to disable security features, such as anti-virus protection, on your machines. They do this to get easier access to your data, to install malware, or to otherwise exploit your data, identity, and devices. Tamper protection helps prevent this from occurring.
With tamper protection, malicious apps are prevented from taking actions such as:
+
- Disabling virus and threat protection
- Disabling real-time protection
- Turning off behavior monitoring
@@ -38,7 +39,8 @@ With tamper protection, malicious apps are prevented from taking actions such as
### How it works
Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods such as:
-- Configuring settings in Registry Editor on your Windows machine
+
+- Configuring settings in Registry Editor on your Windows machine
- Changing settings through PowerShell cmdlets
- Editing or removing security settings through group policies
@@ -60,9 +62,9 @@ Tamper protection doesn't prevent you from viewing your security settings. And,
> [!NOTE]
> Tamper protection blocks attempts to modify Microsoft Defender Antivirus settings through the registry.
->
+>
> To help ensure that tamper protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later. (See [Security intelligence updates](https://www.microsoft.com/wdsi/definitions).)
->
+>
> Once you’ve made this update, tamper protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors.
If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do this.
@@ -79,24 +81,20 @@ If you are a home user, or you are not subject to settings managed by a security
## Turn tamper protection on (or off) for your organization using Intune
-If you are part of your organization's security team, and your subscription includes [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the Microsoft 365 Device Management portal ([https://aka.ms/intuneportal](https://aka.ms/intuneportal)).
-
-> [!NOTE]
-> The ability to manage tamper protection in Intune is rolling out now; if you don't have it yet, you should very soon, assuming your organization has [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) (Microsoft Defender ATP) and that you meet the prerequisites listed below.
+If you are part of your organization's security team, and your subscription includes [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) portal.
You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations, to perform the following task.
1. Make sure your organization meets all of the following requirements to manage tamper protection using Intune:
- - Your organization must have [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (this is included in [Microsoft 365 E5](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview)).
- Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; this is included in Microsoft 365 E5.)
- Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) for more details about releases.)
- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
- Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
-2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account.
+2. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) and sign in with your work or school account.
-3. Select **Device configuration** > **Profiles**.
+3. Select **Devices** > **Configuration Profiles**.
4. Create a profile as follows:
@@ -108,7 +106,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-
- Tamper Protection: **Enabled**
- 
+ 
5. Assign the profile to one or more groups.
@@ -172,23 +170,23 @@ If you are an organization using [Microsoft Defender ATP E5](https://www.microso
### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus through my group policy?
-Your regular group policy doesn’t apply to tamper protection, and changes to Microsoft Defender Antivirus settings are ignored when tamper protection is on.
+Your regular group policy doesn’t apply to tamper protection, and changes to Microsoft Defender Antivirus settings are ignored when tamper protection is on.
->[!NOTE]
->A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Microsoft Defender Antivirus features protected by tamper protection. To avoid any potential delays, we recommend that you remove settings that control Microsoft Defender Antivirus related behavior from GPO and simply allow tamper protection to protect Microsoft Defender Antivirus settings.
-> Sample Microsoft Defender Antivirus settings:
-> Turn off Microsoft Defender Antivirus
-> Computer Configuration\Administrative Templates\Windows Components\Windows Defender\
-Value DisableAntiSpyware = 0
->Turn off real-time protection
-Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\
-Value DisableRealtimeMonitoring = 0
+> [!NOTE]
+> A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Microsoft Defender Antivirus features protected by tamper protection.
+
+To avoid any potential delays, we recommend that you remove settings that control Microsoft Defender Antivirus related behavior from GPO and simply allow tamper protection to protect Microsoft Defender Antivirus settings.
+
+Some sample Microsoft Defender Antivirus settings:
+
+- *Turn off real-time protection*
+ Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\
+ Value `DisableRealtimeMonitoring` = 0
### For Microsoft Defender ATP E5, is configuring tamper protection in Intune targeted to the entire organization only?
Configuring tamper protection in Intune can be targeted to your entire organization as well as to specific devices and user groups.
-
### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager?
Currently we do not have support to manage Tamper Protection through Microsoft Endpoint Configuration Manager.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
index 18c0fdfc15..a2c6bdee36 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Hide the Microsoft Defender Antivirus interface
description: You can hide virus and threat protection tile in the Windows Security app.
keywords: ui lockdown, headless mode, hide app, hide settings, hide interface
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md
index aa0b387ceb..da205310f1 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Monitor and report on Microsoft Defender Antivirus protection
description: Use Configuration Manager or security information and event management (SIEM) tools to consume reports, and monitor Microsoft Defender AV with PowerShell and WMI.
keywords: siem, monitor, report, Microsoft Defender AV
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md
index 325b0800ee..434a02f941 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Restore quarantined files in Microsoft Defender AV
description: You can restore files and folders that were quarantined by Microsoft Defender AV.
keywords:
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
index 1e4a2b7142..d23aa3b802 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Review the results of Microsoft Defender AV scans
description: Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app
keywords: scan results, remediation, full scan, quick scan
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md
index a0fc81be46..5266967e27 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Run and customize on-demand scans in Microsoft Defender AV
description: Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app
keywords: scan, on-demand, dos, intune, instant scan
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index ce7ad86555..7c297d11d4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Schedule regular quick and full scans with Microsoft Defender AV
description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans
keywords: quick scan, full scan, quick vs full, schedule scan, daily, weekly, time, scheduled, recurring, regular
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md
index c6a20d3a13..28e47fe3f3 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md
@@ -7,11 +7,10 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
-ms.date: 09/03/2018
+ms.date: 08/12/2020
ms.reviewer:
manager: dansimp
ms.custom: nextgen
@@ -21,7 +20,7 @@ ms.custom: nextgen
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Microsoft Defender Antivirus
You can specify the level of cloud-protection offered by Microsoft Defender Antivirus with Group Policy and Microsoft Endpoint Configuration Manager.
@@ -62,7 +61,8 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht
5. Expand the tree to **Windows components > Microsoft Defender Antivirus > MpEngine**.
6. Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:
- - **Default Microsoft Defender Antivirus blocking level** provides strong detection without increasing the risk of detecting legitimate files.
+ - **Default blocking level** provides strong detection without increasing the risk of detecting legitimate files.
+ - **Moderate blocking level** provides moderate only for high confidence detections
- **High blocking level** applies a strong level of detection while optimizing client performance (greater chance of false positives).
- **High + blocking level** applies additional protection measures (may impact client performance and increase risk of false positives).
- **Zero tolerance blocking level** blocks all unknown executables.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
index 75665404c2..d800c3bebb 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Microsoft Defender AV event IDs and error codes
description: Look up the causes and solutions for Microsoft Defender Antivirus event IDs and errors
keywords: event, error code, siem, logging, troubleshooting, wef, windows event forwarding
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
@@ -50,7 +48,7 @@ The table in this section lists the main Microsoft Defender Antivirus event IDs
## To view a Microsoft Defender Antivirus event
1. Open **Event Viewer**.
-2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Microsoft Defender Antivirus**.
+2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender**.
3. Double-click on **Operational**.
4. In the details pane, view the list of individual events to find your event.
5. Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
index 43310f4b21..a2747a705d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
@@ -3,7 +3,6 @@ title: Troubleshoot problems with reporting tools for Microsoft Defender AV
description: Identify and solve common problems when attempting to report in Microsoft Defender AV protection status in Update Compliance
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
index 266e82be31..97fb2041b9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
@@ -1,13 +1,11 @@
---
title: Configure Microsoft Defender Antivirus with Group Policy
-description: Configure Microsoft Defender Antivirus settings with Group Policy
+description: Learn how to use a Group Policy to configure and manage Microsoft Defender Antivirus on your endpoints in Microsoft Defender ATP.
keywords: group policy, GPO, configuration, settings
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md
index 37d31d6dc7..71edcfc785 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Configure Microsoft Defender Antivirus with Configuration Manager and Int
description: Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure Microsoft Defender AV and Endpoint Protection
keywords: scep, intune, endpoint protection, configuration
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md
index 6c5cb6074b..2bfad82a62 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md
@@ -3,7 +3,6 @@ title: Use PowerShell cmdlets to configure and run Microsoft Defender AV
description: In Windows 10, you can use PowerShell cmdlets to run scans, update Security intelligence, and change settings in Microsoft Defender Antivirus.
keywords: scan, command line, mpcmdrun, defender
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
index 5a54bd4546..5247002bbc 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
@@ -1,9 +1,8 @@
---
title: Configure Microsoft Defender Antivirus with WMI
-description: Use WMI scripts to configure Microsoft Defender AV.
+description: Learn how to configure and manage Microsoft Defender Antivirus by using WMI scripts to retrieve, modify, and update settings in Microsoft Defender ATP.
keywords: wmi, scripts, windows management instrumentation, configuration
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
index e998e86722..82c32b2956 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: Use next-generation technologies in Microsoft Defender Antivirus through
description: next-generation technologies in cloud-delivered protection provide an advanced level of fast, robust antivirus detection.
keywords: Microsoft Defender Antivirus, next-generation technologies, next-generation av, machine learning, antimalware, security, defender, cloud, cloud-delivered protection
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
@@ -20,11 +18,11 @@ ms.custom: nextgen
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Microsoft Defender Antivirus
Microsoft next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.
-Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
+Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
To take advantage of the power and speed of these next-generation technologies, Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
index 51cc0fbe72..91d3f43edb 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
@@ -3,11 +3,9 @@ title: "Why you should use Microsoft Defender Antivirus together with Microsoft
description: "For best results, use Microsoft Defender Antivirus together with your other Microsoft offerings."
keywords: windows defender, antivirus, third party av
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
ms.topic: article
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index ad435fd8ad..4dcd95abef 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
-ms.date: 06/02/2020
+ms.date: 08/17/2020
ms.reviewer:
manager: dansimp
ms.custom: asr
@@ -43,16 +43,20 @@ Depending on your organization's settings, employees can copy and paste images (
### Why don't employees see their Favorites in the Application Guard Edge session?
-To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device.
+To help keep the Application Guard Edge session secure and isolated from the host device, favorites that are stored in an Application Guard Edge session are not copied to the host device.
-### Why aren’t employees able to see their Extensions in the Application Guard Edge session?
+### Are extensions supported in the Application Guard?
-Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this.
+Extension installs in the container are supported from Microsoft Edge version 81. For more details, see [Extension support inside the container](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard#extension-support-inside-the-container).
### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)?
Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune.
+If Application Guard is used with network proxies, they need to be specified by fully qualified domain name (FQDN) in the system proxy settings (likewise in a PAC script if that is the type of proxy configuration used). Additionally these proxies need to be marked as *neutral* in the **Application trust** list. The FQDNs for the PAC file and the proxy servers the PAC file redirects to must be added as neutral resources in the network isolation policies that are used by Application Guard. You can verify this by going to `edge://application-guard-internals/#utilities` and entering the FQDN for the pac/proxy in the **check url trust** field. Verify that it says *Neutral.*
+
+Optionally, if possible, the IP addresses associated with the server hosting the above should be removed from the enterprise IP ranges in the network isolation policies that are used by Application Guard. Additionally, go to `edge://application-guard-internals/#utilities` to view the Application Guard proxy configuration. This step can be done in both the host and within Application Guard to verify that each side is using the proxy setup you expect.
+
### Which Input Method Editors (IME) in 19H1 are not supported?
The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard.
@@ -83,31 +87,88 @@ To trust a subdomain, you must precede your domain with two dots, for example: `
### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise?
-When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard).
+When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's standalone mode. However, when using Windows Enterprise you will have access to Application Guard's enterprise-managed mode. This mode has some extra features that the standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard).
### Is there a size limit to the domain lists that I need to configure?
-Yes, both the Enterprise Resource domains hosted in the cloud and the Domains categorized as both work and personal have a 16383B limit.
+Yes, both the enterprise resource domains hosted in the cloud and the domains categorized as both work and personal have a 16383B limit.
### Why does my encryption driver break Microsoft Defender Application Guard?
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT").
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Microsoft Defender Application Guard will not work, and will result in an error message (*0x80070013 ERROR_WRITE_PROTECT*).
-### Why do the Network Isolation policies in Group Policy and CSP look different?
+### Why do the network isolation policies in Group Policy and CSP look different?
-There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy WDAG are different between CSP and GP.
+There is not a one-to-one mapping among all the network isolation policies between CSP and GP. Mandatory network isolation policies to deploy WDAG are different between CSP and GP.
Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources"
Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
-Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`).
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (*0x80070013 ERROR_WRITE_PROTECT*).
### Why did Application Guard stop working after I turned off hyperthreading?
-If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements.
+If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility that Microsoft Defender Application Guard no longer meets the minimum requirements.
### Why am I getting the error message ("ERROR_VIRTUAL_DISK_LIMITATION")?
Application Guard may not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume.
+### Why am I getting the error message ("ERR_NAME_NOT_RESOLVED") after not being able to reach PAC file?
+
+This is a known issue. To mitigate this you need to create two firewall rules.
+For guidance on how to create a firewall rule by using group policy, see:
+- [Create an inbound icmp rule](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule)
+- [Open Group Policy management console for Microsoft Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security)
+
+First rule (DHCP Server):
+1. Program path: `%SystemRoot%\System32\svchost.exe`
+2. Local Service: Sid: `S-1-5-80-2009329905-444645132-2728249442-922493431-93864177` (Internet Connection Service (SharedAccess))
+3. Protocol UDP
+4. Port 67
+
+Second rule (DHCP Client)
+This is the same as the first rule, but scoped to local port 68.
+In the Microsoft Defender Firewall user interface go through the following steps:
+1. Right click on inbound rules, create a new rule.
+2. Choose **custom rule**.
+3. Program path: **%SystemRoot%\System32\svchost.exe**.
+4. Protocol Type: UDP, Specific ports: 67, Remote port: any.
+5. Any IP addresses.
+6. Allow the connection.
+7. All profiles.
+8. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
+9. In the **Programs and services** tab, Under the **Services** section click on **settings**. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
+
+### Why can I not launch Application Guard when Exploit Guard is enabled?
+
+There is a known issue where if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to the **use default**.
+
+
+### How can I have ICS in enabled state yet still use Application Guard?
+
+This is a two step process.
+
+Step 1:
+
+Enable Internet Connection sharing by changing the Group Policy setting **Prohibit use of Internet Connection Sharing on your DNS domain network.** This setting is part of the Microsoft security baseline. Change it from **Enabled** to **Disabled**.
+
+Step 2:
+
+1. Disable IpNat.sys from ICS load:
+`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`.
+2. Configure ICS (SharedAccess) to enabled:
+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3`.
+3. Disable IPNAT (Optional):
+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4`.
+4. Restart the device.
+
+### Why doesn't Application Guard work, even though it's enabled through Group Policy?
+
+Application Guard must meet all these prerequisites to be enabled in Enterprise mode: [System requirements for Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard).
+To understand why it is not enabled in Enterprise mode, check the status of the evaluation to understand what's missing.
+
+For CSP (Intune) you can query the status node by using **Get**. This is described in the [Application Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/windowsdefenderapplicationguard-csp). On this page, you will see the **status** node as well as the meaning of each bit. If the status is not 63, you are missing a prerequisite.
+
+For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HVSIGP** Status. The meaning of each bit is the same as the CSP.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
index 07fcff8c6f..85b5514ca3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@@ -1,6 +1,6 @@
---
title: Add or Remove Machine Tags API
-description: Use this API to Add or Remove machine tags.
+description: Learn how to use the Add or Remove machine tags API to adds or remove a tag for a machine in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, tags, machine tags
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
index d568ae26bb..cad9c6214b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
@@ -43,6 +43,7 @@ For information on other tables in the advanced hunting schema, see [the advance
| `SHA1` | string | SHA-1 of the file that the recorded action was applied to |
| `RemoteUrl` | string | URL or fully qualified domain name (FQDN) that was being connected to |
| `RemoteIP` | string | IP address that was being connected to |
+| `AttackTechniques` | string | MITRE ATT&CK techniques associated with the activity that triggered the alert |
| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the `DeviceName` and `Timestamp` columns |
| `Table` | string | Table that contains the details of the event |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
index f48045b11f..1f7e4db8a1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
@@ -27,6 +27,10 @@ ms.topic: article
The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
+> [!NOTE]
+> Collection of DeviceLogonEvents is not supported on Windows 7 or Windows Server 2008 R2.
+> We recommend upgrading to Windows 10 or Windows Server 2019 for optimal visibility into user logon activity.
+
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
@@ -68,4 +72,4 @@ For information on other tables in the advanced hunting schema, see [the advance
## Related topics
- [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting-query-language.md)
-- [Understand the schema](advanced-hunting-schema-reference.md)
\ No newline at end of file
+- [Understand the schema](advanced-hunting-schema-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
index 5cd3f15a09..e6feab4594 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
@@ -1,7 +1,7 @@
---
title: Overview of advanced hunting in Microsoft Defender ATP
description: Use threat hunting capabilities in Microsoft Defender ATP to build queries that find threats and weaknesses in your network
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp, search, query, telemetry, custom detections, schema, kusto
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp, search, query, telemetry, custom detections, schema, kusto, time zone, UTC
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -41,12 +41,16 @@ You can also go through each of the following steps to ramp up your advanced hun
| **Learn how to use the query results** | Learn about charts and various ways you can view or export your results. Explore how you can quickly tweak queries and drill down to get richer information. | [Work with query results](advanced-hunting-query-results.md) |
| **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. This will help you determine where to look for data and how to construct your queries. | [Schema reference](advanced-hunting-schema-reference.md) |
| **Use predefined queries** | Explore collections of predefined queries covering different threat hunting scenarios. | [Shared queries](advanced-hunting-shared-queries.md) |
-| **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | - [Custom detections overview](overview-custom-detections.md) - [Custom detection rules](custom-detection-rules.md) |
+| **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | - [Custom detections overview](overview-custom-detections.md) - [Custom detection rules](custom-detection-rules.md) |
-## Get help as you write queries
-Take advantage of the following functionality to write queries faster:
-- **Autosuggest** — as you write queries, advanced hunting provides suggestions from IntelliSense.
-- **Schema reference** — a schema reference that includes the list of tables and their columns is provided next to your working area. For more information, hover over an item. Double-click an item to insert it to the query editor.
+## Data freshness and update frequency
+Advanced hunting data can be categorized into two distinct types, each consolidated differently:
+
+- **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to Microsoft Defender ATP.
+- **Entity data**—populates tables with consolidated information about users and devices. To provide fresh data, tables are updated every 15 minutes with any new information, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity.
+
+## Time zone
+All time information in advanced hunting is currently in the UTC time zone.
## Related topics
- [Learn the query language](advanced-hunting-query-language.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
index 947c3638f3..1b1ce276f6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
@@ -144,11 +144,28 @@ Data in advanced hunting tables are generally classified into the following data
| `int` | 32-bit numeric value |
| `long` | 64-bit numeric value |
+## Get help as you write queries
+Take advantage of the following functionality to write queries faster:
+
+- **Autosuggest**—as you write queries, advanced hunting provides suggestions from IntelliSense.
+- **Schema tree**—a schema representation that includes the list of tables and their columns is provided next to your working area. For more information, hover over an item. Double-click an item to insert it to the query editor.
+- **[Schema reference](advanced-hunting-schema-reference.md#get-schema-information-in-the-security-center)**—in-portal reference with table and column descriptions as well as supported event types (`ActionType` values) and sample queries
+
+## Work with multiple queries in the editor
+The query editor can serve as your scratch pad for experimenting with multiple queries. To use multiple queries:
+
+- Separate each query with an empty line.
+- Place the cursor on any part of a query to select that query before running it. This will run only the selected query. To run another query, move the cursor accordingly and select **Run query**.
+
+
+_Query editor with multiple queries_
+
+
## Use sample queries
The **Get started** section provides a few simple queries using commonly used operators. Try running these queries and making small modifications to them.
-
+
> [!NOTE]
> Apart from the basic query samples, you can also access [shared queries](advanced-hunting-shared-queries.md) for specific threat hunting scenarios. Explore the shared queries on the left side of the page or the GitHub query repository.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
index 34716e8296..f036dd4418 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
@@ -24,8 +24,6 @@ ms.topic: article
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
-[!INCLUDE [Prerelease information](../../includes/prerelease.md)]
-
While you can construct your [advanced hunting](advanced-hunting-overview.md) queries to return very precise information, you can also work with the query results to gain further insight and investigate specific activities and indicators. You can take the following actions on your query results:
- View results as a table or chart
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
index 94c74051a1..0e2f6811ad 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
@@ -1,6 +1,6 @@
---
title: Advanced hunting schema reference
-description: Learn about the tables in the advanced hunting schema to understand the data you can run threat hunting queries on
+description: Learn about the tables in the advanced hunting schema to understand the data you can run threat hunting queries on.
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, data
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -29,7 +29,20 @@ ms.date: 01/14/2020
The [advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about devices and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the advanced hunting schema.
-## Schema tables
+## Get schema information in the security center
+While constructing queries, use the built-in schema reference to quickly get the following information about each table in the schema:
+
+- **Tables description**—type of data contained in the table and the source of that data.
+- **Columns**—all the columns in the table.
+- **Action types**—possible values in the `ActionType` column representing the event types supported by the table. This is provided only for tables that contain event information.
+- **Sample query**—example queries that feature how the table can be utilized.
+
+### Access the schema reference
+To quickly access the schema reference, select the **View reference** action next to the table name in the schema representation. You can also select **Schema reference** to search for a table.
+
+
+
+## Learn the schema tables
The following reference lists all the tables in the advanced hunting schema. Each table name links to a page describing the column names for that table.
@@ -57,3 +70,4 @@ Table and column names are also listed within the Microsoft Defender Security Ce
- [Advanced hunting overview](advanced-hunting-overview.md)
- [Work with query results](advanced-hunting-query-results.md)
- [Learn the query language](advanced-hunting-query-language.md)
+- [Advanced hunting data schema changes](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
index 820026e626..34ba31d9cb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -1,6 +1,6 @@
---
title: Get alerts API
-description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts.
+description: Learn about the methods and properties of the Alert resource type in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, alerts, recent
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
index dc28afd7dc..9022d913df 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
@@ -43,8 +43,11 @@ Microsoft Defender ATP for Android enables admins to configure custom indicators
## Configure web protection
Microsoft Defender ATP for Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.
+>[!NOTE]
+> Microsoft Defender ATP for Android would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
For more information, see [Configure web protection on devices that run Android](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-manage-android).
+
## Related topics
- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
- [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index 42d75ed3b8..20ef58ffa1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -26,74 +26,53 @@ ms.topic: conceptual
This topic describes deploying Microsoft Defender ATP for Android on Intune
Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll your
-device](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/aka.ms/enrollAndroid).
+device](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-company-portal).
> [!NOTE]
-> During public preview, instructions to deploy Microsoft Defender ATP for Android on Intune enrolled Android devices are different across Device Administrator and Android Enterprise entrollment modes.
-> **When Microsoft Defender ATP for Android reaches General Availability (GA), the app will be available on Google Play.**
+> **Microsoft Defender ATP for Android is now available on Google Play.**
+> You can connect to Google Play from Intune to deploy Microsoft Defender ATP app across Device Administrator and Android Enterprise entrollment modes.
+ Updates to the app are automatic via Google Play.
## Deploy on Device Administrator enrolled devices
**Deploy Microsoft Defender ATP for Android on Intune Company Portal - Device
Administrator enrolled devices**
-This topic describes how to deploy Microsoft Defender ATP for Android on Intune Company Portal - Device Administrator enrolled devices. Upgrade from the Preview APK to the GA version on Google Play would be supported.
+This topic describes how to deploy Microsoft Defender ATP for Android on Intune Company Portal - Device Administrator enrolled devices.
-### Download the onboarding package
-
-Download the onboarding package from Microsoft Defender Security Center.
-
-1. In [Microsoft Defender Security
-Center](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/securitycenter.microsoft.com), go to **Settings** \> **Machine Management** \> **Onboarding**.
-
-2. In the first drop-down, select **Android** as the Operating system.
-
-3. Select **Download Onboarding package** and save the downloaded .APK file.
-
- 
-
-### Add as Line of Business (LOB) App
-
-The downloaded Microsoft Defender ATP for Android onboarding package. It is a
-.APK file can be deployed to user groups as a Line of Business app during the
-preview from Microsoft Endpoint Manager Admin Center.
+### Add as Android store app
1. In [Microsoft Endpoint Manager admin
center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
-**Android Apps** \> **Add \> Line-of-business app** and click **Select**.
+**Android Apps** \> **Add \> Android store app** and click **Select**.
- 
+ 
-2. On the **Add app** page and in the *App Information* section, click **Select
-add package file** and then click the  icon and select the MDATP Universal APK file that was downloaded from the *Download Onboarding package* step.
+2. On the **Add app** page and in the *App Information* section enter:
- 
+ - **Name**
+ - **Description**
+ - **Publisher** as Microsoft.
+ - **Appstore URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Microsoft Defender ATP Preview app Google Play Store URL)
+ Other fields are optional. Select **Next**.
-3. Select **OK**.
+ 
-4. In the *App Information* section that comes up, enter the **Publisher** as
-Microsoft. Other fields are optional and then select **Next**.
-
- 
-
-5. In the *Assignments* section, go to the **Required** section and select **Add
-group.** You can then choose the user group(s) that you would like to target
-Microsoft Defender ATP for Android app. Click **Select** and then **Next**.
+3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Microsoft Defender ATP for Android app. Click **Select** and then **Next**.
>[!NOTE]
>The selected user group should consist of Intune enrolled users.
- 
+ > [!div class="mx-imgBorder"]
+ > 
-6. In the **Review+Create** section, verify that all the information entered is
-correct and then select **Create**.
+6. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
- In a few moments, the Microsoft Defender ATP app would be created successfully,
-and a notification would show up at the top-right corner of the page.
+ In a few moments, the Microsoft Defender ATP app would be created successfully, and a notification would show up at the top-right corner of the page.
@@ -102,15 +81,10 @@ and a notification would show up at the top-right corner of the page.
select **Device install status** to verify that the device installation has
completed successfully.
- 
+ > [!div class="mx-imgBorder"]
+ > 
-During Public Preview, to **update** Microsoft Defender ATP for Android deployed
-as a Line of Business app, download the latest APK. Following the steps in
-*Download the onboarding package* section and follow instructions on how to [update
-a Line of Business
-App](https://docs.microsoft.com/mem/intune/apps/lob-apps-android#step-5-update-a-line-of-business-app).
-
### Complete onboarding and check status
1. Once Microsoft Defender ATP for Android has been installed on the device, you'll see the app icon.
@@ -133,27 +107,21 @@ For more information on the enrollment options supported by Intune, see
[Enrollment
Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) .
-As Microsoft Defender ATP for Android is deployed via managed Google Play,
-updates to the app are automatic via Google Play.
-
Currently only Personal devices with Work Profile enrolled are supported for deployment.
->[!NOTE]
->During Public Preview, to access Microsoft Defender ATP in your managed Google Play, contact [atpm@microsoft.com](mailto:atpm@microsoft.com) with the organization ID of your managed Google Play for next steps. This can be found under the **Admin Settings** of [managed Google Play](https://play.google.com/work/).
-> At General Availability (GA), Microsoft Defender ATP for Android will be available as a public app. Upgrades from preview to GA version will be supported.
-## Add Microsoft Defender ATP for Android as a managed Google Play app
+## Add Microsoft Defender ATP for Android as a Managed Google Play app
-After receiving a confirmation e-mail from Microsoft that your managed Google
-Play organization ID has been approved, follow the steps below to add Microsoft
+Follow the steps below to add Microsoft
Defender ATP app into your managed Google Play.
1. In [Microsoft Endpoint Manager admin
center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
-**Android Apps** \> **Add** and select **managed Google Play app**.
+**Android Apps** \> **Add** and select **Managed Google Play app**.
- 
+ > [!div class="mx-imgBorder"]
+ > 
2. On your managed Google Play page that loads subsequently, go to the search
@@ -167,7 +135,8 @@ ATP app from the Apps search result.
details on Microsoft Defender ATP. Review the information on the page and then
select **Approve**.
- 
+ > [!div class="mx-imgBorder"]
+ > 
4. You should now be presented with the permissions that Microsoft Defender ATP
@@ -184,13 +153,15 @@ Android might ask. Review the choices and select your preferred option. Select
By default, managed Google Play selects *Keep approved when app requests new
permissions*
- 
+ > [!div class="mx-imgBorder"]
+ > 
6. After the permissions handling selection is made, select **Sync** to sync
Microsoft Defender ATP to your apps list.
- 
+ > [!div class="mx-imgBorder"]
+ > 
7. The sync will complete in a few minutes.
@@ -200,54 +171,61 @@ Microsoft Defender ATP to your apps list.
8. Select the **Refresh** button in the Android apps screen and Microsoft
Defender ATP should be visible in the apps list.
- 
+ > [!div class="mx-imgBorder"]
+ > 
9. Microsoft Defender ATP supports App configuration policies for managed devices via Intune. This capability can be leveraged to autogrant applicable Android permission(s), so the end user does not need to accept these permission(s).
- a. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
+ 1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
- 
+ 
- b. In the **Create app configuration policy** page, enter the following details:
+ 1. In the **Create app configuration policy** page, enter the following details:
+
- Name: Microsoft Defender ATP.
- Choose **Android Enterprise** as platform.
- Choose **Work Profile only** as Profile Type.
- Click **Select App**, choose **Microsoft Defender ATP**, select **OK** and then **Next**.
- 
+ > [!div class="mx-imgBorder"]
+ > 
- c. In the **Settings** page, go to the Permissions section click on Add to view the list of supported permissions. In the Add Permissions section, select the following permissions
- - External storage (read)
- - External storage (write)
+ 1. In the **Settings** page, go to the Permissions section click on Add to view the list of supported permissions. In the Add Permissions section, select the following permissions:
- Then select **OK**.
+ - External storage (read)
+ - External storage (write)
- 
+ Then select **OK**.
+
+ > [!div class="mx-imgBorder"]
+ > 
- d. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**.
+ 1. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**.
- 
+ > [!div class="mx-imgBorder"]
+ > 
- e. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender ATP Android app.
+ 1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender ATP Android app.
- 
+ > [!div class="mx-imgBorder"]
+ > 
- f. In the **Review + Create** page that comes up next, review all the information and then select **Create**.
+ 1. In the **Review + Create** page that comes up next, review all the information and then select **Create**.
- The app configuration policy for Microsoft Defender ATP auto-granting the storage permission is now assigned to the selected user group.
-
- 
+ The app configuration policy for Microsoft Defender ATP auto-granting the storage permission is now assigned to the selected user group.
+ > [!div class="mx-imgBorder"]
+ > 
10. Select **Microsoft Defender ATP** app in the list \> **Properties** \>
**Assignments** \> **Edit**.
- 
+ 
11. Assign the app as a *Required* app to a user group. It is automatically installed in the *work profile* during the next sync of
@@ -255,7 +233,8 @@ the device via Company Portal app. This assignment can be done by navigating to
the *Required* section \> **Add group,** selecting the user group and click
**Select**.
- 
+ > [!div class="mx-imgBorder"]
+ > 
12. In the **Edit Application** page, review all the information that was entered
@@ -268,7 +247,8 @@ assignment.
clicking on the **Device Install Status**. Verify that the device is
displayed here.
- 
+ > [!div class="mx-imgBorder"]
+ > 
2. On the device, you can confirm the same by going to the **work profile** and
@@ -279,11 +259,11 @@ confirm that Microsoft Defender ATP is available.
3. When the app is installed, open the app and accept the permissions
and then your onboarding should be successful.
- 
+ 
4. At this stage the device is successfully onboarded onto Microsoft Defender
ATP for Android. You can verify this on the [Microsoft Defender Security
-Center](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/securitycenter.microsoft.com)
+Center](https://securitycenter.microsoft.com)
by navigating to the **Devices** page.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
index ffa10fbfc2..992ba51235 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
@@ -7,7 +7,6 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: martyav
@@ -51,7 +50,7 @@ ASR currently supports all of the rules below:
* [Block all Office applications from creating child processes](attack-surface-reduction.md#block-all-office-applications-from-creating-child-processes)
* [Block Office applications from creating executable content](attack-surface-reduction.md#block-office-applications-from-creating-executable-content)
* [Block Office applications from injecting code into other processes](attack-surface-reduction.md#block-office-applications-from-injecting-code-into-other-processes)
-* [Block JavaScript or VBScript from launching downloaded executable content](attack-surface-reduction.md##block-javascript-or-vbscript-from-launching-downloaded-executable-content)
+* [Block JavaScript or VBScript from launching downloaded executable content](attack-surface-reduction.md#block-javascript-or-vbscript-from-launching-downloaded-executable-content)
* [Block execution of potentially obfuscated scripts](attack-surface-reduction.md#block-execution-of-potentially-obfuscated-scripts)
* [Block Win32 API calls from Office macro](attack-surface-reduction.md#block-win32-api-calls-from-office-macros)
* [Use advanced protection against ransomware](attack-surface-reduction.md#use-advanced-protection-against-ransomware)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index dde4d8932b..320472ce86 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -3,7 +3,6 @@ title: Use attack surface reduction rules to prevent malware infection
description: Attack surface reduction rules can help prevent exploits from using apps and scripts to infect devices with malware.
keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -290,7 +289,7 @@ This rule helps prevent credential stealing, by locking down Local Security Auth
LSASS authenticates users who log in to a Windows computer. Microsoft Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use hack tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS.
> [!NOTE]
-> In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that overly enumerates LSASS, you need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat.
+> In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that simply enumerates LSASS, but has no real impact in functionality, there is NO need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat.
This rule was introduced in:
- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
index db8dec5ba9..093a2013f5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
@@ -1,9 +1,8 @@
---
-title: Test how Microsoft Defender ATP features work
-description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it were enabled
+title: Test how Microsoft Defender ATP features work in audit mode
+description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it was enabled.
keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -12,28 +11,27 @@ ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 04/02/2019
ms.reviewer:
manager: dansimp
---
-# Use audit mode
+# Test how Microsoft Defender ATP features work in audit mode
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature.
+You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. Audit mode lets you see a record of what *would* have happened if you had enabled the feature.
-You might want to do this when testing how the features will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period.
+You may want to enable audit mode when testing how the features will work in your organization. Ensure it doesn't affect your line-of-business apps, and get an idea of how many suspicious file modification attempts generally occur over a certain period of time.
-While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled.
+The features won't block or prevent apps, scripts, or files from being modified. However, the Windows Event Log will record events as if the features were fully enabled. With audit mode, you can review the event log to see what impact the feature would have had if it was enabled.
To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**.
You can use Microsoft Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
-This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.
+This article provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.
You can use Group Policy, PowerShell, and configuration service providers (CSPs) to enable audit mode.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index f0292e125f..bd94cf5240 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -21,16 +21,16 @@ ms.topic: conceptual
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bOeh]
-Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) offers a wide breadth of visibility on multiple devices. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address. To address this challenge, Microsoft Defender ATP uses automated investigation and remediation capabilities to significantly reduce the volume of alerts that must be investigated individually.
+Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) offers a wide breadth of visibility on multiple devices. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address. To address this challenge, and to reduce the volume of alerts that must be investigated individually, Microsoft Defender ATP includes automated investigation and remediation capabilities.
-The automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. The **Automated investigations** list shows all the investigations that were initiated automatically, and includes details, such as status, detection source, and when the investigation was initiated.
+Automated investigation leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. Automated investigation and remediation capabilities significantly reduce alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. The **Automated investigations** list shows all the investigations that were initiated automatically, and includes details, such as status, detection source, and when each investigation was initiated.
> [!TIP]
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
## How the automated investigation starts
-When an alert is triggered, a security playbook goes into effect. Depending on the security playbook, an automated investigation can start. For example, suppose a malicious file resides on a device. When that file is detected, an alert is triggered. The automated investigation process begins. Microsoft Defender ATP checks to see if the malicious file is present on any other devices in the organization. Details from the investigation, including verdicts (*Malicious*, *Suspicious*, and *No threats found*) are available during and after the automated investigation.
+When an alert is triggered, a security playbook goes into effect. Depending on the security playbook, an automated investigation can start. For example, suppose a malicious file resides on a device. When that file is detected, an alert is triggered, and the automated investigation process begins. Microsoft Defender ATP checks to see if the malicious file is present on any other devices in the organization. Details from the investigation, including verdicts (*Malicious*, *Suspicious*, and *No threats found*) are available during and after the automated investigation.
>[!NOTE]
>Currently, automated investigation only supports the following OS versions:
@@ -41,7 +41,7 @@ When an alert is triggered, a security playbook goes into effect. Depending on t
## Details of an automated investigation
-During and after an automated investigation, you can view details about the investigation. Selecting a triggering alert brings you to the investigation details view where you can pivot from the **Investigation graph**, **Alerts**, **Devices**, **Evidence**, **Entities**, and **Log** tabs.
+During and after an automated investigation, you can view details about the investigation. Select a triggering alert to view the investigation details. From there, you can go to the **Investigation graph**, **Alerts**, **Devices**, **Evidence**, **Entities**, and **Log** tabs.
|Tab |Description |
|--|--|
@@ -50,7 +50,7 @@ During and after an automated investigation, you can view details about the inve
|**Evidence** |Shows the entities that were found to be malicious during the investigation.|
|**Entities** |Provides details about each analyzed entity, including a determination for each entity type (*Malicious*, *Suspicious*, or *No threats found*). |
|**Log** |Shows the chronological detailed view of all the investigation actions taken on the alert.|
-|**Pending actions** |If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions. |
+|**Pending actions** |If there are any actions awaiting approval as a result of the investigation, the **Pending actions** tab is displayed. On the **Pending actions** tab, you can approve or reject each action. |
> [!IMPORTANT]
> Go to the **Action center** to get an aggregated view all pending actions and manage remediation actions. The **Action center** also acts as an audit trail for all automated investigation actions.
@@ -59,28 +59,41 @@ During and after an automated investigation, you can view details about the inve
While an investigation is running, any other alerts generated from the device are added to an ongoing automated investigation until that investigation is completed. In addition, if the same threat is seen on other devices, those devices are added to the investigation.
-If an incriminated entity is seen in another device, the automated investigation process will expand its scope to include that device, and a general security playbook will start on that device. If 10 or more devices are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
+If an incriminated entity is seen in another device, the automated investigation process expands its scope to include that device, and a general security playbook starts on that device. If 10 or more devices are found during this expansion process from the same entity, then that expansion action requires an approval, and is visible on the **Pending actions** tab.
## How threats are remediated
-Depending on how you set up the device groups and their level of automation, the automated investigation will either require user approval (default) or automatically remediate threats.
+Depending on how you set up the device groups and their level of automation, each automated investigation either requires user approval (default) or automatically remediates threats.
+
+> [!NOTE]
+> Microsoft Defender ATP tenants created on or after August 16, 2020 have **Full - remediate threats automatically** selected by default. You can keep the default setting, or change it according to your organizational needs. To change your settings, [adjust your device group settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups).
You can configure the following levels of automation:
|Automation level | Description|
|---|---|
-|No automated response | Devices do not get any automated investigations run on them. |
-|Semi - require approval for any remediation | This is the default automation level.
An approval is needed for any remediation action. |
-|Semi - require approval for non-temp folders remediation | An approval is required on files or executables that are not in temporary folders.
Files or executables in temporary folders, such as the user's download folder or the user's temp folder, will automatically be remediated if needed.|
-|Semi - require approval for core folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder.
Files or executables in all other folders will automatically be remediated if needed.|
-|Full - remediate threats automatically | All remediation actions will be performed automatically.|
+|**Full - remediate threats automatically** | All remediation actions are performed automatically.
*This option is selected by default for Microsoft Defender ATP tenants created on or after August 16, 2020.*|
+|**Semi - require approval for core folders remediation** | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder.
Files or executables in all other folders are automatically remediated, if needed.|
+|**Semi - require approval for non-temp folders remediation** | An approval is required on files or executables that are not in temporary folders.
Files or executables in temporary folders, such as the user's download folder or the user's temp folder, are automatically be remediated (if needed).|
+|**Semi - require approval for any remediation** | An approval is needed for any remediation action.
*This option is selected by default for Microsoft Defender ATP tenants created before August 16, 2020.*|
+|**No automated response** | Devices do not get any automated investigations run on them.
*This option is not recommended, because it fully disables automated investigation and remediation capabilities, and reduces the security posture of your organization's devices.* |
-> [!TIP]
-> For more information on how to configure these automation levels, see [Create and manage device groups](machine-groups.md).
-The default device group is configured for semi-automatic remediation. This means that any malicious entity that calls for remediation requires an approval and the investigation is added to the **Pending actions** section. This can be changed to fully automatic so that no user approval is needed.
+> [!IMPORTANT]
+> A few points of clarification regarding automation levels and default settings:
+> - If your tenant already has device groups defined, the automation level settings are not changed.
+> - If your tenant was onboarded to Microsoft Defender ATP before August 16, 2020, your organization's first device group is set to **Semi - require approval for any remediation** by default.
+> - If your tenant is onboarded on or after August 16, 2020, when your organization's first device group is set to **Full - remediate threats automatically**.
+> - To change an automation level, edit your [device groups](configure-automated-investigations-remediation.md#set-up-device-groups).
-When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
+
+### A few points to keep in mind
+
+- Your level of automation is determined by your device group settings. See [Set up device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups).
+
+- If your Microsoft Defender ATP tenant was created before August 16, 2020, you have a default device group that is configured for semi-automatic remediation. Any malicious entity that calls for remediation requires an approval and the investigation is added to the **Pending actions** tab in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center). You can configure your device groups to use full automation so that no user approval is needed.
+
+- If your Microsoft Defender ATP tenant was created on or after August 16, 2020, you have a default device group that is configured for full automation. Remediation actions are taken automatically for entities that are considered to be malicious. Remediation actions that were taken can be viewed on the **History** tab in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center).
## Next steps
diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
index 04569f6785..4fc887a605 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
@@ -90,7 +90,7 @@ While the attack was detected and stopped, alerts, such as an "initial access al
This example shows how behavior-based device learning models in the cloud add new layers of protection against attacks, even after they have started running.
-### Example 2: NTML relay - Juicy Potato malware variant
+### Example 2: NTLM relay - Juicy Potato malware variant
As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Microsoft Defender ATP detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
index cf9bede7a1..07e42ab409 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
@@ -39,18 +39,27 @@ The following OS versions are supported:
>[!NOTE]
>A patch must be deployed before device onboarding in order to configure Microsoft Defender ATP to the correct environment.
-The following OS versions are not supported:
+The following OS versions are supported via Azure Security Center:
- Windows Server 2008 R2 SP1
- Windows Server 2012 R2
- Windows Server 2016
+
+The following OS versions are not supported:
+- Windows Server 2008 R2 SP1 (standalone, not via ASC)
+- Windows Server 2012 R2 (standalone, not via ASC)
+- Windows Server 2016 (standalone, not via ASC)
- Windows Server, version 1803
- Windows 7 SP1 Enterprise
- Windows 7 SP1 Pro
- Windows 8 Pro
- Windows 8.1 Enterprise
- macOS
+- Linux
-The initial release of Microsoft Defender ATP will not have immediate parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government (GCC High) customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of August 2019:
+The initial release of Microsoft Defender ATP will not have immediate parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government (GCC High) customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of August 2020:
+
+## Threat Analytics
+Not currently available.
## Threat & Vulnerability Management
Not currently available.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md
deleted file mode 100644
index 83e2b43c79..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: Configure Threat & Vulnerability Management in Microsoft Defender ATP
-ms.reviewer:
-description: Configure your Threat & Vulnerability Management to allow security administrators and IT administrators to collaborate seamlessly to remediate issues via Microsoft intune and Microsoft Endpoint Configuration Manager integrations.
-keywords: RBAC, Threat & Vulnerability Management configuration, Threat & Vulnerability Management integrations, Microsft Intune integration with TVM, SCCM integration with TVM
-search.product: Windows 10
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-# Configure Threat & Vulnerability Management
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-This section guides you through the steps you need to take to configure Threat & Vulnerability Management's integration with Microsoft Intune or Microsoft Endpoint Configuration Manager for a seamless collaboration of issue remediation.
-
-### Before you begin
-> [!IMPORTANT]
-> Threat & Vulnerability Management data currently supports Windows 10 devices. Upgrade to Windows 10 to account for the rest of your devices’ threat and vulnerability exposure data.
-
-Ensure that you have the right RBAC permissions to configure your Threat & Vulnerability Management integration with Microsoft Intune or Microsoft Endpoint Configuration Manager.
-
->[!WARNING]
->Only Intune and Microsoft Endpoint Configuration Manager enrolled devices are supported in this scenario.
->Use any of the following options to enroll devices in Intune:
->- IT Admin: For more information on how to enabling auto-enrollment, see [Windows Enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment)
->- End-user: For more information on how to enroll your Windows 10 device in Intune, see [Enroll your Windows 10 device in Intune](https://docs.microsoft.com/intune-user-help/enroll-your-w10-device-access-work-or-school)
->- End-user alternative: For more information on joining an Azure AD domain, see [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup).
-
-## Related topics
-
-- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
-- [Supported operating systems and platforms](tvm-supported-os.md)
-- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
-- [Exposure score](tvm-exposure-score.md)
-- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
-- [Security recommendations](tvm-security-recommendation.md)
-- [Remediation and exception](tvm-remediation.md)
-- [Software inventory](tvm-software-inventory.md)
-- [Weaknesses](tvm-weaknesses.md)
-- [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
index 2dc93956ba..ef4053bac6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
@@ -103,8 +103,8 @@ The following steps assume that you have completed all the required steps in [Be
For example, if the configuration file in "flexagent" directory is named "WDATP-Connector.jsonparser.properties", you must type "WDATP-Connector" as the name of the client property file.
Events URL
-
Depending on the location of your datacenter, select either the EU or the US URL: For EU: https://wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
- For US: https://wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
For UK: https://wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
+
Depending on the location of your datacenter, select either the EU or the US URL: For EU: https://wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
+ For US: https://wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
For UK: https://wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
Authentication Type
OAuth 2
@@ -113,7 +113,7 @@ The following steps assume that you have completed all the required steps in [Be
Browse to the location of the wdatp-connector.properties file. The name must match the file provided in the .zip that you downloaded.
Refresh Token
-
You can obtain a refresh token in two ways: by generating a refresh token from the SIEM settings page or using the restutil tool.
For more information on generating a refresh token from the Preferences setup , see Enable SIEM integration in Microsoft Defender ATP. Get your refresh token using the restutil tool: a. Open a command prompt. Navigate to C:\folder_location\current\bin where folder_location represents the location where you installed the tool. b. Type: arcsight restutil token -config from the bin directory.For example: arcsight restutil boxtoken -proxy proxy.location.hp.com:8080 A Web browser window will open. c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is shown in the command prompt. e. Copy and paste it into the Refresh Token field.
+
You can obtain a refresh token in two ways: by generating a refresh token from the SIEM settings page or using the restutil tool.
For more information on generating a refresh token from the Preferences setup , see Enable SIEM integration in Microsoft Defender ATP. Get your refresh token using the restutil tool: a. Open a command prompt. Navigate to C:\folder_location\current\bin where folder_location represents the location where you installed the tool. b. Type: arcsight restutil token -config from the bin directory.For example: arcsight restutil boxtoken -proxy proxy.location.hp.com:8080 A Web browser window will open. c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is shown in the command prompt. e. Copy and paste it into the Refresh Token field.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
index 3f0a7dcdd7..413259ce26 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
@@ -101,6 +101,75 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
> If you don't set a value, the default value is to enable sample collection.
+## Other recommended configuration settings
+
+### Update endpoint protection configuration
+
+After configuring the onboarding script, continue editing the same group policy to add endpoint protection configurations. Perform group policy edits from a system running Windows 10 or Server 2019 to ensure you have all of the required Microsoft Defender Antivirus capabilities. You may need to close and reopen the group policy object to register the Defender ATP configuration settings.
+
+All policies are located under `Computer Configuration\Policies\Administrative Templates`.
+
+**Policy location:** \Windows Components\Windows Defender ATP
+
+Policy | Setting
+:---|:---
+Enable\Disable Sample collection| Enabled - "Enable sample collection on machines" checked
+
+
+**Policy location:** \Windows Components\Windows Defender Antivirus
+
+Policy | Setting
+:---|:---
+Configure detection for potentially unwanted applications | Enabled, Block
+
+**Policy location:** \Windows Components\Windows Defender Antivirus\MAPS
+
+Policy | Setting
+:---|:---
+Join Microsoft MAPS | Enabled, Advanced MAPS
+Send file samples when further analysis is required | Enabled, Send safe samples
+
+**Policy location:** \Windows Components\Windows Defender Antivirus\Real-time Protection
+
+Policy | Setting
+:---|:---
+Turn off real-time protection|Disabled
+Turn on behavior monitoring|Enabled
+Scan all downloaded files and attachments|Enabled
+Monitor file and program activity on your computer|Enabled
+
+
+**Policy location:** \Windows Components\Windows Defender Antivirus\Scan
+
+These settings configure periodic scans of the endpoint. We recommend performing a weekly quick scan, performance permitting.
+
+Policy | Setting
+:---|:---
+Check for the latest virus and spyware security intelligence before running a scheduled scan |Enabled
+
+
+
+**Policy location:** \Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction
+
+Get the current list of attack surface reduction GUIDs from [Customize attack surface reduction rules](customize-attack-surface-reduction.md)
+
+1. Open the **Configure Attack Surface Reduction** policy.
+2. Select **Enabled**.
+3. Select the **Show…** button.
+4. Add each GUID in the **Value Name** field with a Value of 2.
+
+This will set each up for audit only.
+
+
+
+
+
+Policy | Setting
+:---|:---
+Configure Controlled folder access| Enabled, Audit Mode
+
+
+
## Offboard devices using Group Policy
For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a device will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
index b06ae2ef0e..50e1369d5f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 12/06/2018
---
# Onboard Windows 10 devices using Mobile Device Management tools
@@ -51,6 +50,8 @@ For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedTh
>[!TIP]
> After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
+
+
## Offboard and monitor devices using Mobile Device Management tools
For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a device will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
index 5ad42ec668..4536ced3cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
@@ -28,17 +28,24 @@ ms.date: 02/07/2020
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
-
+## Supported client operating systems
-## Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager current branch
+Based on the version of Configuration Manager you're running, the following client operating systems can be onboarded:
-Configuration Manager current branch has integrated support to configure and manage Microsoft Defender ATP on managed devices. For more information, see [Microsoft Defender Advanced Threat Protection in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection).
+#### Configuration Manager version 1910 and prior
-
+- Clients computers running Windows 10, version 1607 and later
-## Onboard Windows 10 devices using earlier versions of System Center Configuration Manager
+#### Configuration Manager version 2002 and later
-You can use existing Configuration Manager functionality to create a policy to configure your devices. This action is supported in System Center 2012 R2 Configuration Manager.
+Starting in Configuration Manager version 2002, you can onboard the following operating systems:
+
+- Windows 8.1
+- Windows 10, version 1607 or later
+- Windows Server 2012 R2
+- Windows Server 2016
+- Windows Server 2016, version 1803 or later
+- Windows Server 2019
### Onboard devices using System Center Configuration Manager
@@ -50,7 +57,7 @@ You can use existing Configuration Manager functionality to create a policy to c
c. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
- d. Click **Download package**, and save the .zip file.
+ d. Select **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
@@ -75,7 +82,11 @@ For more information, see [Configure Detection Methods in System Center 2012 R2
For each device, you can set a configuration value to state whether samples can be collected from the device when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
-You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on a device.
+>[!NOTE]
+>These configuration settings are typically done through Configuration Manager.
+
+You can set a compliance rule for configuration item in Configuration Manager to change the sample share setting on a device.
+
This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted devices to make sure they’re complaint.
The configuration is set through the following registry key entry:
@@ -93,13 +104,49 @@ Possible values are:
The default value in case the registry key doesn’t exist is 1.
-For more information about System Center Configuration Manager Compliance see [Introduction to compliance settings in System Center 2012 R2 Configuration Manager](https://docs.microsoft.com/previous-versions/system-center/system-center-2012-R2/gg682139\(v=technet.10\)).
+For more information about System Center Configuration Manager Compliance, see [Introduction to compliance settings in System Center 2012 R2 Configuration Manager](https://docs.microsoft.com/previous-versions/system-center/system-center-2012-R2/gg682139\(v=technet.10\)).
+## Other recommended configuration settings
+After onboarding devices to the service, it's important to take advantage of the included threat protection capabilities by enabling them with the following recommended configuration settings.
+
+### Device collection configuration
+If you're using Endpoint Configuration Manager, version 2002 or later, you can choose to broaden the deployment to include servers or down-level clients.
+
+
+### Next generation protection configuration
+The following configuration settings are recommended:
+
+**Scan**
+- Scan removable storage devices such as USB drives: Yes
+
+**Real-time Protection**
+- Enable Behavioral Monitoring: Yes
+- Enable protection against Potentially Unwanted Applications at download and prior to installation: Yes
+
+**Cloud Protection Service**
+- Cloud Protection Service membership type: Advanced membership
+
+**Attack surface reduction**
+Configure all available rules to Audit.
+
+>[!NOTE]
+> Blocking these activities may interrupt legitimate business processes. The best approach is setting everything to audit, identifying which ones are safe to turn on, and then enabling those settings on endpoints which do not have false positive detections.
+
+
+**Network protection**
+Prior to enabling network protection in audit or block mode, ensure that you've installed the antimalware platform update, which can be obtained from the [support page](https://support.microsoft.com/en-us/help/4560203/windows-defender-anti-malware-platform-binaries-are-missing).
+
+
+**Controlled folder access**
+Enable the feature in audit mode for at least 30 days. After this period, review detections and create a list of applications that are allowed to write to protected directories.
+
+For more information, see [Evaluate controlled folder access](evaluate-controlled-folder-access.md).
+
## Offboard devices using Configuration Manager
-For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an device will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a device will be rejected. When downloading an offboarding package, you will be notified of the packages expiry date and it will also be included in the package name.
> [!NOTE]
> Onboarding and offboarding policies must not be deployed on the same device at the same time, otherwise this will cause unpredictable collisions.
@@ -118,7 +165,7 @@ If you use Microsoft Endpoint Configuration Manager current branch, see [Create
c. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
- d. Click **Download package**, and save the .zip file.
+ d. Select **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
@@ -144,13 +191,13 @@ If you're using System Center 2012 R2 Configuration Manager, monitoring consists
1. In the Configuration Manager console, click **Monitoring** at the bottom of the navigation pane.
-2. Click **Overview** and then **Deployments**.
+2. Select **Overview** and then **Deployments**.
-3. Click on the deployment with the package name.
+3. Select on the deployment with the package name.
4. Review the status indicators under **Completion Statistics** and **Content Status**.
- If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the devices. For more information see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
+ If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
index ebc09038ff..de35e7ec30 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
@@ -31,30 +31,32 @@ ms.topic: article
You can also manually onboard individual devices to Microsoft Defender ATP. You might want to do this first when testing the service before you commit to onboarding all devices in your network.
-> [!NOTE]
-> The script has been optimized to be used on a limited number of devices (1-10 devices). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 devices](configure-endpoints.md).
+> [!IMPORTANT]
+> This script has been optimized for use on up to 10 devices.
+>
+> To deploy at scale, use [other deployment options](configure-endpoints.md). For example, you can deploy an onboarding script to more than 10 devices in production with the script available in [Onboard Windows 10 devices using Group Policy](configure-endpoints-gp.md).
## Onboard devices
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
- a. In the navigation pane, select **Settings** > **Onboarding**.
+ 1. In the navigation pane, select **Settings** > **Onboarding**.
- b. Select Windows 10 as the operating system.
+ 1. Select Windows 10 as the operating system.
- c. In the **Deployment method** field, select **Local Script**.
+ 1. In the **Deployment method** field, select **Local Script**.
- d. Click **Download package** and save the .zip file.
+ 1. Click **Download package** and save the .zip file.
2. Extract the contents of the configuration package to a location on the device you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
3. Open an elevated command-line prompt on the device and run the script:
- a. Go to **Start** and type **cmd**.
+ 1. Go to **Start** and type **cmd**.
- b. Right-click **Command prompt** and select **Run as administrator**.
+ 1. Right-click **Command prompt** and select **Run as administrator**.
- 
+ 
4. Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.cmd*
@@ -73,7 +75,7 @@ You can manually configure the sample sharing setting on the device by using *re
The configuration is set through the following registry key entry:
-```
+```console
Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection”
Name: "AllowSampleCollection"
Value: 0 or 1
@@ -95,23 +97,23 @@ For security reasons, the package used to Offboard devices will expire 30 days a
1. Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
- a. In the navigation pane, select **Settings** > **Offboarding**.
+ 1. In the navigation pane, select **Settings** > **Offboarding**.
- b. Select Windows 10 as the operating system.
+ 1. Select Windows 10 as the operating system.
- c. In the **Deployment method** field, select **Local Script**.
+ 1. In the **Deployment method** field, select **Local Script**.
- d. Click **Download package** and save the .zip file.
+ 1. Click **Download package** and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the devices. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
3. Open an elevated command-line prompt on the device and run the script:
- a. Go to **Start** and type **cmd**.
+ 1. Go to **Start** and type **cmd**.
- b. Right-click **Command prompt** and select **Run as administrator**.
+ 1. Right-click **Command prompt** and select **Run as administrator**.
- 
+ 
4. Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 0d005b607d..771c2b866b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -55,49 +55,53 @@ The following steps will guide you through onboarding VDI devices and will highl
1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
- a. In the navigation pane, select **Settings** > **Onboarding**.
+ 1. In the navigation pane, select **Settings** > **Onboarding**.
- b. Select Windows 10 as the operating system.
+ 1. Select Windows 10 as the operating system.
- c. In the **Deployment method** field, select **VDI onboarding scripts for non-persistent endpoints**.
+ 1. In the **Deployment method** field, select **VDI onboarding scripts for non-persistent endpoints**.
- d. Click **Download package** and save the .zip file.
+ 1. Click **Download package** and save the .zip file.
-2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
+2. Copy all the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
>[!NOTE]
>If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
3. The following step is only applicable if you're implementing a single entry for each device:
- **For single entry for each device**:
- a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`.
+ **For single entry for each device**:
+
+ 1. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` and `WindowsDefenderATPOnboardingScript.cmd` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`.
- >[!NOTE]
- >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
+ > [!NOTE]
+ > If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
- >[!NOTE]
- >Domain Group Policy may also be used for onboarding non-persistent VDI devices.
+ > [!NOTE]
+ > Domain Group Policy may also be used for onboarding non-persistent VDI devices.
5. Depending on the method you'd like to implement, follow the appropriate steps:
- **For single entry for each device**:
- Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`.
- **For multiple entries for each device**:
- Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
+ **For single entry for each device**:
+
+ Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`.
+
+ **For multiple entries for each device**:
+
+ Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
6. Test your solution:
- a. Create a pool with one device.
+ 1. Create a pool with one device.
- b. Logon to device.
+ 1. Logon to device.
- c. Logoff from device.
+ 1. Logoff from device.
- d. Logon to device with another user.
+ 1. Logon to device with another user.
- e. **For single entry for each device**: Check only one entry in Microsoft Defender Security Center.
- **For multiple entries for each device**: Check multiple entries in Microsoft Defender Security Center.
+ 1. **For single entry for each device**: Check only one entry in Microsoft Defender Security Center.
+ **For multiple entries for each device**: Check multiple entries in Microsoft Defender Security Center.
7. Click **Devices list** on the Navigation pane.
@@ -107,7 +111,7 @@ The following steps will guide you through onboarding VDI devices and will highl
As a best practice, we recommend using offline servicing tools to patch golden/master images.
For example, you can use the below commands to install an update while the image remains offline:
-```
+```console
DISM /Mount-image /ImageFile:"D:\Win10-1909.vhdx" /index:1 /MountDir:"C:\Temp\OfflineServicing"
DISM /Image:"C:\Temp\OfflineServicing" /Add-Package /Packagepath:"C:\temp\patch\windows10.0-kb4541338-x64.msu"
DISM /Unmount-Image /MountDir:"C:\Temp\OfflineServicing" /commit
@@ -124,15 +128,15 @@ If offline servicing is not a viable option for your non-persistent VDI environm
2. Ensure the sensor is stopped by running the command below in a CMD window:
- ```
- sc query sense
- ```
+ ```console
+ sc query sense
+ ```
3. Service the image as needed.
4. Run the below commands using PsExec.exe (which can be downloaded from https://download.sysinternals.com/files/PSTools.zip) to cleanup the cyber folder contents that the sensor may have accumulated since boot:
- ```
+ ```console
PsExec.exe -s cmd.exe
cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
del *.* /f /s /q
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
index bde1047764..867e457571 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
@@ -23,8 +23,7 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
+- [Microsoft 365 Endpoint data loss prevention (DLP)](/microsoft-365/compliance/endpoint-dlp-learn-about)
Devices in your organization must be configured so that the Microsoft Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index 892be434e6..9469ec674f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -111,10 +111,13 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec
|[](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) [Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS.
-If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed below from HTTPS scanning.
+If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed in the above table from HTTPS scanning.
> [!NOTE]
> settings-win.data.microsoft.com is only needed if you have Windows 10 devices running version 1803 or earlier.
+
+
+> [!NOTE]
> URLs that include v20 in them are only needed if you have Windows 10 devices running version 1803 or later. For example, ```us-v20.events.data.microsoft.com``` is needed for a Windows 10 device running version 1803 or later and onboarded to US Data Storage region.
@@ -147,7 +150,7 @@ Microsoft Defender ATP is built on Azure cloud, deployed in the following region
- \+\
- \+\
-You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/en-us/download/details.aspx?id=41653).
+You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/download/details.aspx?id=56519).
> [!NOTE]
> As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting.
@@ -198,6 +201,9 @@ However, if the connectivity check results indicate a failure, an HTTP error is
> [!NOTE]
> The Connectivity Analyzer tool is not compatible with ASR rule [Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction#attack-surface-reduction-rules). You will need to temporarily disable this rule to run the connectivity tool.
+
+
+> [!NOTE]
> When the TelemetryProxyServer is set, in Registry or via Group Policy, Microsoft Defender ATP will fall back to direct if it can't access the defined proxy.
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 30e5949a3b..ed06fd8042 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -140,8 +140,8 @@ You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windo
- [Local script](configure-endpoints-script.md)
- [Group Policy](configure-endpoints-gp.md)
-- [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md#onboard-windows-10-devices-using-microsoft-endpoint-configuration-manager-current-branch)
-- [System Center Configuration Manager 2012 / 2012 R2 1511 / 1602](configure-endpoints-sccm.md#onboard-windows-10-devices-using-earlier-versions-of-system-center-configuration-manager)
+- [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
+- [System Center Configuration Manager 2012 / 2012 R2 1511 / 1602](configure-endpoints-sccm.md#onboard-devices-using-system-center-configuration-manager)
- [VDI onboarding scripts for non-persistent devices](configure-endpoints-vdi.md)
> [!NOTE]
@@ -191,9 +191,12 @@ The following capabilities are included in this integration:
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach.
> [!IMPORTANT]
-> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created (in the US for US users, in the EU for European and UK users).
+> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created (in the US for US users, in the EU for European and UK users).
+Data collected by Microsoft Defender ATP is stored in the geo-location of the tenant as identified during provisioning.
> - If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
-> - When you use Azure Security Center to monitor Windows servers, a Microsoft Defender ATP tenant is automatically created and the Microsoft Defender ATP data is stored in Europe by default. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant. Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
+> - Once configured, you cannot change the location where your data is stored. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant.
+Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
+
## Offboard Windows servers
You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client devices.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index 6efcb63fd5..74f0ab9e28 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -1,19 +1,17 @@
---
title: Prevent ransomware and threats from encrypting and changing files
-description: Files in default folders can be protected from being changed by malicious apps. This can help prevent ransomware from encrypting your files.
+description: Files in default folders can be protected from being changed by malicious apps. Prevent ransomware from encrypting your files.
keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-audience: ITPro
author: denisebmsft
ms.author: deniseb
audience: ITPro
-ms.date: 08/05/2019
+ms.date: 08/25/2020
ms.reviewer: v-maave
manager: dansimp
ms.custom: asr
@@ -25,21 +23,25 @@ ms.custom: asr
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the Microsoft Endpoint Configuration Manager and Intune, for managed devices. Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+## What is controlled folder access?
-Controlled folder access works by only allowing apps to access protected folders if the app is included on a list of trusted software. If an app isn't on the list, Controlled folder access will block it from making changes to files inside protected folders.
+Controlled folder access helps you protect your valuable data from malicious apps and threats, like ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019 and Windows 10 clients, controlled folder access can be turned on using the Windows Security App or in Microsoft Endpoint Configuration Manager and Intune (for managed devices).
-Apps are added to the trusted list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization, and that have never displayed any malicious behavior, are deemed trustworthy and automatically added to the list.
+Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+
+## How does controlled folder access work?
+
+Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.
+
+Controlled folder access works with a list of trusted software. If an app is included in the list of trusted software, the app works as expected. If not, the app is blocked from making any changes to files that are inside protected folders. Apps are added to the trusted list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization, and that have never displayed any malicious behavior, are deemed trustworthy and automatically added to the list.
Apps can also be manually added to the trusted list via Configuration Manager and Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for the app, can be performed from the Security Center Console.
-Controlled folder access is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
-
-With Controlled folder access in place, a notification will appear on the computer where the app attempted to make changes to a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
+Controlled folder access is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware). In a ransomware attack, your files can get encrypted and held hostage. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
The protected folders include common system folders, and you can [add additional folders](customize-controlled-folders.md#protect-additional-folders). You can also [allow apps](customize-controlled-folders.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders.
-You can use [audit mode](audit-windows-defender.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+You can use [audit mode](audit-windows-defender.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
Controlled folder access is supported on Windows 10, version 1709 and later and Windows Server 2019.
@@ -47,13 +49,13 @@ Controlled folder access is supported on Windows 10, version 1709 and later and
Controlled folder access requires enabling [Microsoft Defender Antivirus real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md).
-## Review controlled folder access events in the Microsoft Defender ATP Security Center
+## Review controlled folder access events in the Microsoft Defender Security Center
Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
-Here is an example query
+Example query:
```PowerShell
DeviceEvents
@@ -68,24 +70,42 @@ You can review the Windows event log to see events that are created when control
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
-3. On the left panel, under **Actions**, click **Import custom view...**.
+3. On the left panel, under **Actions**, select **Import custom view...**.
4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views.md).
5. Click **OK**.
-This will create a custom view that filters to only show the following events related to controlled folder access:
+After following the procedure, you have created a custom view that shows events related to controlled folder access, as listed in the following table:
-Event ID | Description
--|-
-5007 | Event when settings are changed
-1124 | Audited controlled folder access event
-1123 | Blocked controlled folder access event
+|Event ID | Description |
+|---|---|
+|5007 | Event when settings are changed |
+|1124 | Audited controlled folder access event |
+|1123 | Blocked controlled folder access event |
-## In this section
+## View or change the list of protected folders
-Topic | Description
--|-
-[Evaluate controlled folder access](evaluate-controlled-folder-access.md) | Use a dedicated demo tool to see how controlled folder access works, and what events would typically be created.
-[Enable controlled folder access](enable-controlled-folders.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage controlled folder access in your network
-[Customize controlled folder access](customize-controlled-folders.md) | Add additional protected folders, and allow specified apps to access protected folders.
+### Windows 10 security app
+
+1. On your Windows 10 device, open the Windows Security app.
+
+2. Select **Virus & threat protection**.
+
+3. Under **Ransomware protection**, select **Manage ransomware protection**.
+
+4. If controlled folder access is turned off, you'll need to turn it on. Select **protected folders**.
+
+5. Do one of the following steps:
+
+ - To add a folder, select **+ Add a protected folder**.
+
+ - To remove a folder, select it, and then select **Remove**.
+
+## See also
+
+- [Evaluate controlled folder access](evaluate-controlled-folder-access.md). Use a dedicated demo tool to see how controlled folder access works, and what events would typically be created.
+
+- [Enable controlled folder access](enable-controlled-folders.md). Use Group Policy, PowerShell, or mobile device management CSPs to enable and manage controlled folder access in your network
+
+- [Customize controlled folder access](customize-controlled-folders.md). Add additional protected folders, and allow specified apps to access protected folders.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
index d08c4e2bba..fc2674e848 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@@ -1,6 +1,6 @@
---
title: Create alert from event API
-description: Creates an alert using event details
+description: Learn how to use the Create alert API to create a new Alert on top of Event in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, alert, information, id
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 7481a4362e..6021933e52 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -1,7 +1,7 @@
---
-title: Create and manage custom detection rules in Microsoft Defender ATP
+title: Create custom detection rules in Microsoft Defender ATP
ms.reviewer:
-description: Learn how to create and manage custom detection rules based on advanced hunting queries
+description: Learn how to create custom detection rules based on advanced hunting queries
keywords: custom detections, create, manage, alerts, edit, run on demand, frequency, interval, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -18,22 +18,27 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-
-# Create and manage custom detection rules
+# Create custom detection rules
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Custom detection rules built from [Advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
+Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
-> [!NOTE]
-> To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
+Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md).
-## Create a custom detection rule
-### 1. Prepare the query.
+## 1. Check required permissions
-In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results.
+To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
-#### Required columns in the query results
+## 2. Prepare the query
+
+In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using a new query, run the query to identify errors and understand possible results.
+
+>[!IMPORTANT]
+>To prevent the service from returning too many alerts, each rule is limited to generating only 100 alerts whenever it runs. Before creating a rule, tweak your query to avoid alerting for normal, day-to-day activity.
+
+
+### Required columns in the query results
To use a query for a custom detection rule, the query must return the `Timestamp`, `DeviceId`, and `ReportId` columns in the results. Simple queries, such as those that don't use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns.
There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each device.
@@ -48,83 +53,60 @@ DeviceEvents
| where count_ > 5
```
-### 2. Create new rule and provide alert details.
+## 3. Create new rule and provide alert details
With the query in the query editor, select **Create detection rule** and specify the following alert details:
-- **Detection name** — name of the detection rule
-- **Frequency** — interval for running the query and taking action. [See additional guidance below](#rule-frequency)
-- **Alert title** — title displayed with alerts triggered by the rule
-- **Severity** — potential risk of the component or activity identified by the rule. [Read about alert severities](alerts-queue.md#severity)
-- **Category** — type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories)
-- **Description** — more information about the component or activity identified by the rule
-- **Recommended actions** — additional actions that responders might take in response to an alert
+- **Detection name**—name of the detection rule
+- **Frequency**—interval for running the query and taking action. [See additional guidance below](#rule-frequency)
+- **Alert title**—title displayed with alerts triggered by the rule
+- **Severity**—potential risk of the component or activity identified by the rule. [Read about alert severities](alerts-queue.md#severity)
+- **Category**—type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories)
+- **MITRE ATT&CK techniques**—one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section is not available with certain alert categories, such as malware, ransomware, suspicious activity, and unwanted software
+- **Description**—more information about the component or activity identified by the rule
+- **Recommended actions**—additional actions that responders might take in response to an alert
For more information about how alert details are displayed, [read about the alert queue](alerts-queue.md).
-#### Rule frequency
+### Rule frequency
When saved, a new or edited custom detection rule immediately runs and checks for matches from the past 30 days of data. The rule then runs again at fixed intervals and lookback durations based on the frequency you choose:
-- **Every 24 hours** — runs every 24 hours, checking data from the past 30 days
-- **Every 12 hours** — runs every 12 hours, checking data from the past 24 hours
-- **Every 3 hours** — runs every 3 hours, checking data from the past 6 hours
-- **Every hour** — runs hourly, checking data from the past 2 hours
+- **Every 24 hours**—runs every 24 hours, checking data from the past 30 days
+- **Every 12 hours**—runs every 12 hours, checking data from the past 24 hours
+- **Every 3 hours**—runs every 3 hours, checking data from the past 6 hours
+- **Every hour**—runs hourly, checking data from the past 2 hours
Select the frequency that matches how closely you want to monitor detections, and consider your organization's capacity to respond to the alerts.
-### 3. Specify actions on files or devices.
+## 4. Specify actions on files or devices
Your custom detection rule can automatically take actions on files or devices that are returned by the query.
-#### Actions on devices
+### Actions on devices
These actions are applied to devices in the `DeviceId` column of the query results:
-- **Isolate device** — applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
-- **Collect investigation package** — collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
-- **Run antivirus scan** — performs a full Microsoft Defender Antivirus scan on the device
-- **Initiate investigation** — initiates an [automated investigation](automated-investigations.md) on the device
+- **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
+- **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
+- **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device
+- **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device
-#### Actions on files
+### Actions on files
These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` column of the query results:
-- **Allow/Block** — automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule.
-- **Quarantine file** — deletes the file from its current location and places a copy in quarantine
+- **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule.
+- **Quarantine file**—deletes the file from its current location and places a copy in quarantine
-### 4. Click **Create** to save and turn on the rule.
-After reviewing the rule, click **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions.
+## 5. Set the rule scope
+Set the scope to specify which devices are covered by the rule:
-## Manage existing custom detection rules
-In **Settings** > **Custom detections**, you can view the list of existing custom detection rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it.
+- All devices
+- Specific device groups
-### View existing rules
+Only data from devices in scope will be queried. Also, actions will be taken only on those devices.
-To view all existing custom detection rules, navigate to **Settings** > **Custom detections**. The page lists all the rules with the following run information:
+## 6. Review and turn on the rule
+After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions.
-- **Last run** — when a rule was last run to check for query matches and generate alerts
-- **Last run status** — whether a rule ran successfully
-- **Next run** — the next scheduled run
-- **Status** — whether a rule has been turned on or off
-### View rule details, modify rule, and run rule
-
-To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. This opens a page about the custom detection rule with the following information:
-
-- General information about the rule, including the details of the alert, run status, and scope
-- List of triggered alerts
-- List of triggered actions
-
-
-*Custom detection rule page*
-
-You can also take the following actions on the rule from this page:
-
-- **Run** — run the rule immediately. This also resets the interval for the next run.
-- **Edit** — modify the rule without changing the query
-- **Modify query** — edit the query in advanced hunting
-- **Turn on** / **Turn off** — enable the rule or stop it from running
-- **Delete** — turn off the rule and remove it
-
->[!TIP]
->To quickly view information and take action on an item in a table, use the selection column [✓] at the left of the table.
-
-## Related topic
+## Related topics
+- [View and manage detection rules](custom-detections-manage.md)
- [Custom detections overview](overview-custom-detections.md)
- [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the advanced hunting query language](advanced-hunting-query-language.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
new file mode 100644
index 0000000000..bae067bcec
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
@@ -0,0 +1,67 @@
+---
+title: View and manage custom detection rules in Microsoft Defender ATP
+ms.reviewer:
+description: Learn how to view and manage custom detection rules
+keywords: custom detections, view, manage, alerts, edit, run on demand, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: lomayor
+author: lomayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+
+# View and manage custom detection rules
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it.
+
+## Required permissions
+
+To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
+
+## View existing rules
+
+To view all existing custom detection rules, navigate to **Settings** > **Custom detections**. The page lists all the rules with the following run information:
+
+- **Last run**—when a rule was last run to check for query matches and generate alerts
+- **Last run status**—whether a rule ran successfully
+- **Next run**—the next scheduled run
+- **Status**—whether a rule has been turned on or off
+
+## View rule details, modify rule, and run rule
+
+To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. A page about the selected rule displays the following information:
+
+- General information about the rule, including the details of the alert, run status, and scope
+- List of triggered alerts
+- List of triggered actions
+
+
+*Custom detection rule page*
+
+You can also take the following actions on the rule from this page:
+
+- **Run**—run the rule immediately. This action also resets the interval for the next run.
+- **Edit**—modify the rule without changing the query
+- **Modify query**—edit the query in advanced hunting
+- **Turn on** / **Turn off**—enable the rule or stop it from running
+- **Delete**—turn off the rule and remove it
+
+>[!TIP]
+>To quickly view information and take action on an item in a table, use the selection column [✓] at the left of the table.
+
+## Related topics
+- [Custom detections overview](overview-custom-detections.md)
+- [Create detection rules](custom-detection-rules.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [View and organize alerts](alerts-queue.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
index a7c6223e18..8a8bf44962 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
@@ -1,18 +1,15 @@
---
-title: Configure how attack surface reduction rules work to fine-tune protection in your network
-description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR
+title: Customize attack surface reduction rules
+description: Individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from attack surface reduction rules
keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 05/20/2020
ms.reviewer:
manager: dansimp
---
@@ -35,21 +32,21 @@ You can set attack surface reduction rules for devices running any of the follow
- Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
- Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
-You can use Group Policy, PowerShell, and MDM CSPs to configure these settings.
+You can use Group Policy, PowerShell, and Mobile Device Management (MDM) configuration service providers (CSP) to configure these settings.
## Exclude files and folders
-You can exclude files and folders from being evaluated by attack surface reduction rules. This means that even if an attack surface reduction rule detects that the file contains malicious behavior, the file will not be blocked from running.
+You can choose to exclude files and folders from being evaluated by attack surface reduction rules. Once excluded, the file won't be blocked from running even if an attack surface reduction rule detects that the file contains malicious behavior.
> [!WARNING]
> This could potentially allow unsafe files to run and infect your devices. Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded.
-An exclusion applies to all rules that allow exclusions. You can specify an individual file, folder path, or the fully qualified domain name for a resource, but you cannot limit an exclusion to a specific rule.
+An exclusion applies to all rules that allow exclusions. You can specify an individual file, folder path, or the fully qualified domain name for a resource. However, you cannot limit an exclusion to a specific rule.
An exclusion is applied only when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted.
-Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists).
-If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode to test the rule](evaluate-attack-surface-reduction.md).
+Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists).
+If you are encountering problems with rules detecting files that you believe should not be detected, [use audit mode to test the rule](evaluate-attack-surface-reduction.md).
Rule description | GUID
-|-|-
@@ -73,20 +70,20 @@ See the [attack surface reduction](attack-surface-reduction.md) topic for detail
### Use Group Policy to exclude files and folders
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**.
-4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
+4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Select **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
> [!WARNING]
> Do not use quotes as they are not supported for either the **Value name** column or the **Value** column.
### Use PowerShell to exclude files and folders
-1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
2. Enter the following cmdlet:
```PowerShell
@@ -104,7 +101,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusio
## Customize the notification
-See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
+You can customize the notification for when a rule is triggered and blocks an app or file. See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) article.
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
index 6a0da83f4f..0659908d5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
@@ -1,18 +1,15 @@
---
-title: Add additional folders and apps to be protected
-description: Add additional folders that should be protected by Controlled folder access, or allow apps that are incorrectly blocking changes to important files.
+title: Customize controlled folder access
+description: Add additional folders that should be protected by controlled folder access, or allow apps that are incorrectly blocking changes to important files.
keywords: Controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, customize, add folder, add app, allow, add executable
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 05/13/2019
ms.reviewer:
manager: dansimp
---
@@ -23,9 +20,9 @@ manager: dansimp
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
+Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.
-This topic describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs):
+This article describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs).
* [Add additional folders to be protected](#protect-additional-folders)
* [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders)
@@ -37,11 +34,9 @@ This topic describes how to customize the following settings of the controlled f
## Protect additional folders
-Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop.
+Controlled folder access applies to a number of system folders and default locations, such as Documents, Pictures, Movies, and Desktop. You can add additional folders to be protected, but you can't remove the default folders in the default list.
-You can add additional folders to be protected, but you cannot remove the default folders in the default list.
-
-Adding other folders to controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults.
+Adding other folders to controlled folder access can be useful. Some use-cases include if you don't store files in the default Windows libraries, or you've changed the location of the libraries away from the defaults.
You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists).
@@ -49,27 +44,27 @@ You can use the Windows Security app or Group Policy to add and remove additiona
### Use the Windows Security app to protect additional folders
-1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Defender**.
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**:
+2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then select **Ransomware protection**.
-3. Under the **Controlled folder access** section, click **Protected folders**
+3. Under the **Controlled folder access** section, select **Protected folders**.
-4. Click **Add a protected folder** and follow the prompts to add apps.
+4. Select **Add a protected folder** and follow the prompts to add apps.
### Use Group Policy to protect additional folders
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**.
-4. Double-click **Configured protected folders** and set the option to **Enabled**. Click **Show** and enter each folder.
+4. Double-click **Configured protected folders** and set the option to **Enabled**. Select **Show** and enter each folder.
### Use PowerShell to protect additional folders
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
2. Enter the following cmdlet:
```PowerShell
@@ -89,41 +84,41 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.m
## Allow specific apps to make changes to controlled folders
-You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the controlled folder access feature.
+You can specify if certain apps are always considered safe and give write access to files in protected folders. Allowing apps can be useful if a particular app you know and trust is being blocked by the controlled folder access feature.
> [!IMPORTANT]
> By default, Windows adds apps that it considers friendly to the allowed list—apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets.
> You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.
-When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access.
+When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders. If the app (with the same name) is in a different location, it will not be added to the allow list and may be blocked by controlled folder access.
-An allowed application or service only has write access to a controlled folder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted.
+An allowed application or service only has write access to a controlled folder after it starts. For example, an update service will continue to trigger events after it's allowed until it is stopped and restarted.
### Use the Windows Defender Security app to allow specific apps
-1. Open the Windows Security by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open the Windows Security by selecting the shield icon in the task bar or searching the start menu for **Defender**.
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**.
+2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then select **Ransomware protection**.
-3. Under the **Controlled folder access** section, click **Allow an app through Controlled folder access**
+3. Under the **Controlled folder access** section, select **Allow an app through Controlled folder access**
-4. Click **Add an allowed app** and follow the prompts to add apps.
+4. Select **Add an allowed app** and follow the prompts to add apps.
### Use Group Policy to allow specific apps
-1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**.
-4. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Click **Show** and enter each app.
+4. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Select **Show** and enter each app.
### Use PowerShell to allow specific apps
-1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
2. Enter the following cmdlet:
```PowerShell
@@ -149,7 +144,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications]
## Customize the notification
-See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
+For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center).
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
index 13358eb288..644ad754c1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
@@ -1,18 +1,15 @@
---
-title: Enable or disable specific mitigations used by Exploit protection
+title: Customize exploit protection
keywords: Exploit protection, mitigations, enable, powershell, dep, cfg, emet, aslr
-description: You can enable individual mitigations using the Windows Security app or PowerShell. You can also audit mitigations and export configurations.
+description: You can enable or disable specific mitigations used by exploit protection using the Windows Security app or PowerShell. You can also audit mitigations and export configurations.
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 03/26/2019
ms.reviewer:
manager: dansimp
---
@@ -25,11 +22,11 @@ manager: dansimp
Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
-You configure these settings using the Windows Security app on an individual device, and then export the configuration as an XML file that you can deploy to other devices. You can use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
+Configure these settings using the Windows Security app on an individual device. Then, export the configuration as an XML file so you can deploy to other devices. Use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
-This topic lists each of the mitigations available in exploit protection, indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works.
+This article lists each of the mitigations available in exploit protection. It indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works.
-It also describes how to enable or configure the mitigations using Windows Security, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
+It also describes how to enable or configure the mitigations using Windows Security, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating, exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
> [!WARNING]
> Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](evaluate-exploit-protection.md) before deploying the configuration across a production environment or the rest of your network.
@@ -38,20 +35,20 @@ It also describes how to enable or configure the mitigations using Windows Secur
All mitigations can be configured for individual apps. Some mitigations can also be applied at the operating system level.
-You can set each of the mitigations to on, off, or to their default value. Some mitigations have additional options, these are indicated in the description in the table.
+You can set each of the mitigations on, off, or to their default value. Some mitigations have additional options that are indicated in the description in the table.
Default values are always specified in brackets at the **Use default** option for each mitigation. In the following example, the default for Data Execution Prevention is "On".
The **Use default** configuration for each of the mitigation settings indicates our recommendation for a base level of protection for everyday usage for home users. Enterprise deployments should consider the protection required for their individual needs and may need to modify configuration away from the defaults.
-For the associated PowerShell cmdlets for each mitigation, see the [PowerShell reference table](#cmdlets-table) at the bottom of this topic.
+For the associated PowerShell cmdlets for each mitigation, see the [PowerShell reference table](#cmdlets-table) at the bottom of this article.
Mitigation | Description | Can be applied to | Audit mode available
-|-|-|-
Control flow guard (CFG) | Ensures control flow integrity for indirect calls. Can optionally suppress exports and use strict CFG. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)]
Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)]
Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)]
-Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations including those for system structures heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)]
+Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations. It includes system structure heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)]
Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)]
Validate heap integrity | Terminates a process when heap corruption is detected. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)]
Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell). | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)]
@@ -61,14 +58,14 @@ Block untrusted fonts | Prevents loading any GDI-based fonts not installed in th
Code integrity guard | Restricts loading of images signed by Microsoft, WHQL, or higher. Can optionally allow Microsoft Store signed images. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)]
Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
Disable Win32k system calls | Prevents an app from using the Win32k system call table. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Do not allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)]
+Don't allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)]
Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
Validate handle usage | Causes an exception to be raised on any invalid handle references. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
-Validate stack integrity (StackPivot) | Ensures that the stack has not been redirected for sensitive APIs. Not compatible with ACG | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
+Validate stack integrity (StackPivot) | Ensures that the stack hasn't been redirected for sensitive APIs. Not compatible with ACG | App-level only | [!include[Check mark no](../images/svg/check-no.svg)]
> [!IMPORTANT]
> If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
@@ -107,9 +104,9 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
### Configure system-level mitigations with the Windows Security app
-1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Defender**.
-2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
+2. Select the **App & browser control** tile (or the app icon on the left menu bar) and then select **Exploit protection**.
3. Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here:
* **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
@@ -125,14 +122,14 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
5. Go to the **Program settings** section and choose the app you want to apply mitigations to:
- 1. If the app you want to configure is already listed, click it and then click **Edit**
- 2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app:
+ 1. If the app you want to configure is already listed, select it and then select **Edit**
+ 2. If the app isn't listed, at the top of the list select **Add program to customize** and then choose how you want to add the app:
* Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
* Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
-6. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, click the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
+6. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, select the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
-7. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
+7. Repeat these steps for all the apps and mitigations you want to configure. Select **Apply** when you're done setting up your configuration.
You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or continue on to configure app-specific mitigations.
@@ -204,7 +201,7 @@ Where:
You can also set some mitigations to audit mode. Instead of using the PowerShell cmdlet for the mitigation, use the **Audit mode** cmdlet as specified in the [mitigation cmdlets table](#cmdlets-table) below.
- For example, to enable Arbitrary Code Guard (ACG) in audit mode for the *testing.exe* used in the example above, you'd use the following command:
+ For example, to enable Arbitrary Code Guard (ACG) in audit mode for the *testing.exe* used previously, you'd use the following command:
```PowerShell
Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode
@@ -250,12 +247,11 @@ Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlu
## Customize the notification
-See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
+For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center).
-## Related topics
+## See also
* [Protect devices from exploits](exploit-protection.md)
-* [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection.md)
* [Evaluate exploit protection](evaluate-exploit-protection.md)
* [Enable exploit protection](enable-exploit-protection.md)
* [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
index 1c03a39e93..068f605c89 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@@ -1,6 +1,6 @@
---
title: Delete Indicator API.
-description: Deletes Indicator entity by ID.
+description: Learn how to use the Delete Indicator API to delete an Indicator entity by ID in Microsoft Defender Advanced Threat Protection.
keywords: apis, public api, supported apis, delete, ti indicator, entity, id
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 5daf2b2aa2..3a379ea946 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -12,7 +12,10 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-endpointprotect
+- m365solution-overview
ms.topic: article
---
@@ -38,13 +41,15 @@ There are several methods you can use to onboard to the service. For information
## In Scope
The following is in scope for this deployment guide:
+
- Use of Microsoft Endpoint Configuration Manager to onboard endpoints into the service
+
- Enabling Microsoft Defender ATP endpoint protection platform (EPP)
capabilities
- - Next Generation Protection
+ - Next-generation protection
- - Attack Surface Reduction
+ - Attack surface reduction
- Enabling Microsoft Defender ATP endpoint detection and response (EDR)
capabilities including automatic investigation and remediation
diff --git a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
new file mode 100644
index 0000000000..f972394dc4
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
@@ -0,0 +1,45 @@
+---
+title: Microsoft Defender ATP device timeline event flags
+description: Use Microsoft Defender ATP device timeline event flags to
+keywords: Defender ATP device timeline, event flags
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Microsoft Defender ATP device timeline event flags
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Event flags in the Microsoft Defender ATP device timeline help you filter and organize specific events when you're investigate potential attacks.
+
+The Microsoft Defender ATP device timeline provides a chronological view of the events and associated alerts observed on a device. This list of events provides full visibility into any events, files, and IP addresses observed on the device. The list can sometimes be lengthy. Device timeline event flags help you track events that could be related.
+
+After you've gone through a device timeline, you can sort, filter, and export the specific events that you flagged.
+
+While navigating the device timeline, you can search and filter for specific events. You can set event flags by:
+
+- Highlighting the most important events
+- Marking events that requires deep dive
+- Building a clean breach timeline
+
+
+
+## Flag an event
+1. Find the event that you want to flag
+2. Click the flag icon in the Flag column.
+
+
+## View flagged events
+1. In the timeline **Filters** section, enable **Flagged events**.
+2. Click **Apply**. Only flagged events are displayed.
+You can apply additional filters by clicking on the time bar. This will only show events prior to the flagged event.
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx b/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx
index b1a3741609..84b5f2a664 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx and b/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index 12436534f1..29b20bcf7f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -15,7 +15,7 @@ ms.localizationpriority: medium
ms.custom:
- next-gen
- edr
-ms.collection:
+ms.date: 08/21/2020
---
# Endpoint detection and response (EDR) in block mode
@@ -26,10 +26,14 @@ ms.collection:
## What is EDR in block mode?
-When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is enabled, Microsoft Defender ATP leverages behavioral blocking and containment capabilities by blocking malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.
+When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is turned on, Microsoft Defender ATP blocks malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected, post breach.
+
+EDR in block mode is also integrated with [threat & vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). Your organization's security team will get a [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) to turn EDR in block mode on if it isn't already enabled.
+
+:::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode":::
> [!NOTE]
-> EDR in block mode is currently in private preview. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
+> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
## What happens when something is detected?
@@ -37,7 +41,7 @@ When EDR in block mode is turned on, and a malicious artifact is detected, block
The following image shows an instance of unwanted software that was detected and blocked through EDR in block mode:
-:::image type="content" source="images/edr-in-block-mode.jpg" alt-text="EDR in block mode detected something":::
+:::image type="content" source="images/edr-in-block-mode-detection.png" alt-text="EDR in block mode detected something":::
## Enable EDR in block mode
@@ -83,7 +87,9 @@ Because Microsoft Defender Antivirus detects and remediates malicious items, it'
Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
-## Related articles
+## See also
+
+[Tech Community blog: Introducing EDR in block mode: Stopping attacks in their tracks](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/introducing-edr-in-block-mode-stopping-attacks-in-their-tracks/ba-p/1596617)
[Behavioral blocking and containment](behavioral-blocking-containment.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md
deleted file mode 100644
index 040f644860..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md
+++ /dev/null
@@ -1,87 +0,0 @@
----
-title: Compare the features in Exploit protection with EMET
-keywords: emet, enhanced mitigation experience toolkit, configuration, exploit, compare, difference between, versus, upgrade, convert
-description: Exploit protection in Microsoft Defender ATP is our successor to Enhanced Mitigation Experience Toolkit (EMET) and provides stronger protection, more customization, an easier user interface, and better configuration and management options.
-search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-audience: ITPro
-author: levinec
-ms.author: ellevin
-ms.date: 08/08/2018
-ms.reviewer:
-manager: dansimp
----
-
-# Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender
-
-**Applies to:**
-
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-> [!IMPORTANT]
-> If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Microsoft Defender ATP.
->
-> You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
-
-This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Microsoft Defender ATP.
-
-Exploit protection in Microsoft Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options.
-
-EMET is a standalone product for earlier versions of Windows and provides some mitigation against older, known exploit techniques.
-
-After July 31, 2018, it will not be supported.
-
-For more information about the individual features and mitigations available in Microsoft Defender ATP, as well as how to enable, configure, and deploy them to better protect your network, see the following topics:
-
-* [Protect devices from exploits](exploit-protection.md)
-* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
-
-## Mitigation comparison
-
-The mitigations available in EMET are included in Windows Defender, under the [exploit protection feature](exploit-protection.md).
-
-The table in this section indicates the availability and support of native mitigations between EMET and Exploit protection.
-
-Mitigation | Available in Windows Defender | Available in EMET
--|-|-
-Arbitrary code guard (ACG) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] As "Memory Protection Check"
-Block remote images | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] As "Load Library Check"
-Block untrusted fonts | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Data Execution Prevention (DEP) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Export address filtering (EAF) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Force randomization for images (Mandatory ASLR) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-NullPage Security Mitigation | [!include[Check mark yes](../images/svg/check-yes.svg)] Included natively in Windows 10 See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Randomize memory allocations (Bottom-Up ASLR) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Simulate execution (SimExec) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Validate API invocation (CallerCheck) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Validate exception chains (SEHOP) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Validate stack integrity (StackPivot) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Certificate trust (configurable certificate pinning) | Windows 10 provides enterprise certificate pinning | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Heap spray allocation | Ineffective against newer browser-based exploits; newer mitigations provide better protection See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Block low integrity images | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Code integrity guard | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Disable extension points | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Disable Win32k system calls | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Do not allow child processes | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Import address filtering (IAF) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Validate handle usage | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Validate heap integrity | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Validate image dependency integrity | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-
-> [!NOTE]
-> The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default in Windows Defender as part of enabling the anti-ROP mitigations for a process.
->
-> See the [Mitigation threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information on how Windows 10 employs existing EMET technology.
-
-## Related topics
-
-* [Protect devices from exploits with Windows Defender](exploit-protection.md)
-* [Evaluate exploit protection](evaluate-exploit-protection.md)
-* [Enable exploit protection](enable-exploit-protection.md)
-* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
-* [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index 2506f2934b..a9f51e70aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -1,9 +1,8 @@
---
-title: Enable attack surface reduction rules individually to protect your organization
+title: Enable attack surface reduction rules
description: Enable attack surface reduction (ASR) rules to protect your devices from attacks that use macros, scripts, and common injection techniques.
keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, enable, turn on
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -12,7 +11,6 @@ ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 06/04/2020
ms.reviewer:
manager: dansimp
---
@@ -69,11 +67,11 @@ The following procedures for enabling ASR rules include instructions for how to
2. In the **Endpoint protection** pane, select **Windows Defender Exploit Guard**, then select **Attack Surface Reduction**. Select the desired setting for each ASR rule.
-3. Under **Attack Surface Reduction exceptions**, you can enter individual files and folders, or you can select **Import** to import a CSV file that contains files and folders to exclude from ASR rules. Each line in the CSV file should be formatted as follows:
+3. Under **Attack Surface Reduction exceptions**, enter individual files and folders. You can also select **Import** to import a CSV file that contains files and folders to exclude from ASR rules. Each line in the CSV file should be formatted as follows:
`C:\folder`, `%ProgramFiles%\folder\file`, `C:\path`
-4. Select **OK** on the three configuration panes and then select **Create** if you're creating a new endpoint protection file or **Save** if you're editing an existing one.
+4. Select **OK** on the three configuration panes. Then select **Create** if you're creating a new endpoint protection file or **Save** if you're editing an existing one.
## MDM
@@ -104,32 +102,32 @@ Example:
## Microsoft Endpoint Configuration Manager
-1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-2. Click **Home** > **Create Exploit Guard Policy**.
+2. Select **Home** > **Create Exploit Guard Policy**.
-3. Enter a name and a description, click **Attack Surface Reduction**, and click **Next**.
+3. Enter a name and a description, select **Attack Surface Reduction**, and select **Next**.
-4. Choose which rules will block or audit actions and click **Next**.
+4. Choose which rules will block or audit actions and select **Next**.
-5. Review the settings and click **Next** to create the policy.
+5. Review the settings and select **Next** to create the policy.
-6. After the policy is created, click **Close**.
+6. After the policy is created, **Close**.
## Group Policy
> [!WARNING]
> If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting Group Policy settings on startup.
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**.
4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section.
- Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows:
+ Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows:
- Disable = 0
- Block (enable ASR rule) = 1
@@ -137,7 +135,7 @@ Example:
-5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
+5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Select **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
> [!WARNING]
> Do not use quotes as they are not supported for either the **Value name** column or the **Value** column.
@@ -145,9 +143,9 @@ Example:
## PowerShell
> [!WARNING]
-> If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup.
+> If you manage your computers and devices with Intune, Configuration Manager, or another enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. To allow users to define the value using PowerShell, use the "User Defined" option for the rule in the management platform.
-1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**.
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**.
2. Enter the following cmdlet:
@@ -200,4 +198,3 @@ Example:
- [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md)
- [Attack surface reduction FAQ](attack-surface-reduction.md)
-
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
index 4fa6b49fc9..8c811f809d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
@@ -1,9 +1,8 @@
---
-title: Turn on the protected folders feature in Windows 10
+title: Enable controlled folder access
keywords: Controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, enable, turn on, use
description: Learn how to protect your important files by enabling Controlled folder access
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -12,7 +11,6 @@ ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 05/13/2019
ms.reviewer:
manager: dansimp
---
@@ -29,7 +27,7 @@ You can enable controlled folder access by using any of these methods:
* [Windows Security app](#windows-security-app)
* [Microsoft Intune](#intune)
-* [Mobile Device Management (MDM)](#mdm)
+* [Mobile Device Management (MDM)](#mobile-device-management-mdm)
* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
* [Group Policy](#group-policy)
* [PowerShell](#powershell)
@@ -45,71 +43,70 @@ For more information about disabling local list merging, see [Prevent or allow u
## Windows Security app
-1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open the Windows Security app by selecting the shield icon in the task bar. You can also search the start menu for **Defender**.
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**.
+2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then select **Ransomware protection**.
3. Set the switch for **Controlled folder access** to **On**.
> [!NOTE]
> If controlled folder access is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Security app after a restart of the device.
> If the feature is set to **Audit mode** with any of those tools, the Windows Security app will show the state as **Off**.
-
> If you are protecting user profile data, we recommend that the user profile should be on the default Windows installation drive.
## Intune
1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune.
-2. Click **Device configuration** > **Profiles** > **Create profile**.
+2. Go to **Device configuration** > **Profiles** > **Create profile**.
3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. 
-4. Click **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**.
+4. Go to **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**.
-5. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**. 
+5. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection. Select **Add**. 
> [!NOTE]
> Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted.
-6. Click **OK** to save each open blade and click **Create**.
+6. Select **OK** to save each open blade and **Create**.
-7. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
+7. Select the profile **Assignments**, assign to **All Users & All Devices**, and **Save**.
-## MDM
+## Mobile Device Management (MDM)
Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-controlledfolderaccessprotectedfolders) configuration service provider (CSP) to allow apps to make changes to protected folders.
## Microsoft Endpoint Configuration Manager
-1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-2. Click **Home** > **Create Exploit Guard Policy**.
+2. Select **Home** > **Create Exploit Guard Policy**.
-3. Enter a name and a description, click **Controlled folder access**, and click **Next**.
+3. Enter a name and a description, select **Controlled folder access**, and select **Next**.
-4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**.
+4. Choose whether block or audit changes, allow other apps, or add other folders, and select **Next**.
> [!NOTE]
> Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted.
-5. Review the settings and click **Next** to create the policy.
+5. Review the settings and select **Next** to create the policy.
-6. After the policy is created, click **Close**.
+6. After the policy is created, **Close**.
## Group Policy
-1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access**.
-4. Double-click the **Configure Controlled folder access** setting and set the option to **Enabled**. In the options section you must specify one of the following:
- * **Enable** - Malicious and suspicious apps will not be allowed to make changes to files in protected folders. A notification will be provided in the Windows event log.
- * **Disable (Default)** - The Controlled folder access feature will not work. All apps can make changes to files in protected folders.
- * **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization.
+4. Double-click the **Configure Controlled folder access** setting and set the option to **Enabled**. In the options section you must specify one of the following options:
+ * **Enable** - Malicious and suspicious apps won't be allowed to make changes to files in protected folders. A notification will be provided in the Windows event log.
+ * **Disable (Default)** - The Controlled folder access feature won't work. All apps can make changes to files in protected folders.
+ * **Audit Mode** - Changes will be allowed if a malicious or suspicious app attempts to make a change to a file in a protected folder. However, it will be recorded in the Windows event log where you can assess the impact on your organization.
* **Block disk modification only** - Attempts by untrusted apps to write to disk sectors will be logged in Windows Event log. These logs can be found in **Applications and Services Logs** > Microsoft > Windows > Windows Defender > Operational > ID 1123.
- * **Audit disk modification only** - Only attempts to write to protected disk sectors will be recorded in the Windows event log (under **Applications and Services Logs** > **Microsoft** > **Windows** > **Windows Defender** > **Operational** > **ID 1124**). Attempts to modify or delete files in protected folders will not be recorded.
+ * **Audit disk modification only** - Only attempts to write to protected disk sectors will be recorded in the Windows event log (under **Applications and Services Logs** > **Microsoft** > **Windows** > **Windows Defender** > **Operational** > **ID 1124**). Attempts to modify or delete files in protected folders won't be recorded.
@@ -118,7 +115,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
## PowerShell
-1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**.
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**.
2. Enter the following cmdlet:
@@ -128,9 +125,9 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
You can enable the feature in audit mode by specifying `AuditMode` instead of `Enabled`.
-Use `Disabled` to turn the feature off.
+Use `Disabled` to turn off the feature.
-## Related topics
+## See also
* [Protect important folders with controlled folder access](controlled-folders.md)
* [Customize controlled folder access](customize-controlled-folders.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index 2251cef5dc..74c12b3f99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -3,16 +3,13 @@ title: Turn on exploit protection to help mitigate against attacks
keywords: exploit, mitigation, attacks, vulnerability
description: Learn how to enable exploit protection in Windows 10. Exploit protection helps protect your device against malware.
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: denisebmsft
ms.author: deniseb
-ms.date: 01/08/2020
ms.reviewer:
manager: dansimp
---
@@ -245,7 +242,6 @@ See the [Windows Security](../windows-defender-security-center/windows-defender-
## Related topics
-* [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection.md)
* [Evaluate exploit protection](evaluate-exploit-protection.md)
* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
* [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
index 298ace459d..bb2325ee28 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
@@ -1,19 +1,16 @@
---
-title: Turn on network protection
-description: Enable Network protection with Group Policy, PowerShell, or MDM CSPs
+title: Turning on network protection
+description: Enable Network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager.
keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-audience: ITPro
author: levinec
ms.author: ellevin
ms.reviewer:
-audience: ITPro
manager: dansimp
---
@@ -23,16 +20,15 @@ manager: dansimp
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
-You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it.
+[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to view which apps would be blocked before you enable it.
## Check if network protection is enabled
-You can see if network protection has been enabled on a local device by using Registry editor.
+Check if network protection has been enabled on a local device by using Registry editor.
1. Select the **Start** button in the task bar and type **regedit** to open Registry editor
1. Choose **HKEY_LOCAL_MACHINE** from the side menu
-1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** **Windows Defender** > **Policy Manager**
+1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Policy Manager**
1. Select **EnableNetworkProtection** to see the current state of network protection on the device
* 0, or **Off**
@@ -41,87 +37,101 @@ You can see if network protection has been enabled on a local device by using Re
## Enable network protection
-You can enable network protection by using any of these methods:
+Enable network protection by using any of these methods:
* [PowerShell](#powershell)
* [Microsoft Intune](#intune)
-* [Mobile Device Management (MDM)](#mdm)
+* [Mobile Device Management (MDM)](#mobile-device-management-mmd)
* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
* [Group Policy](#group-policy)
### PowerShell
-1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
2. Enter the following cmdlet:
```PowerShell
Set-MpPreference -EnableNetworkProtection Enabled
```
-You can enable the feature in audit mode using the following cmdlet:
+3. Optional: Enable the feature in audit mode using the following cmdlet:
-```PowerShell
-Set-MpPreference -EnableNetworkProtection AuditMode
-```
+ ```PowerShell
+ Set-MpPreference -EnableNetworkProtection AuditMode
+ ```
-Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off.
+ Use `Disabled` instead of `AuditMode` or `Enabled` to turn off the feature.
### Intune
1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune.
-1. Click **Device configuration** > **Profiles** > **Create profile**.
-1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
- 
-1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**.
- 
-1. Click **OK** to save each open blade and click **Create**.
-1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
-### MDM
+2. Go to **Device configuration** > **Profiles** > **Create profile**.
+
+3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
+
+ 
+
+4. Select **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**.
+
+ 
+
+5. Select **OK** to save each open section and **Create**.
+
+6. Select the profile called **Assignments**, assign to **All Users & All Devices**, and **Save**.
+
+### Mobile Device Management (MMD)
Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode.
## Microsoft Endpoint Configuration Manager
-1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-1. Click **Home** > **Create Exploit Guard Policy**.
-1. Enter a name and a description, click **Network protection**, and click **Next**.
-1. Choose whether to block or audit access to suspicious domains and click **Next**.
-1. Review the settings and click **Next** to create the policy.
-1. After the policy is created, click **Close**.
+1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+
+2. Then go to **Home** > **Create Exploit Guard Policy**.
+
+3. Enter a name and a description, select **Network protection**, and then **Next**.
+
+4. Choose whether to block or audit access to suspicious domains and select **Next**.
+
+5. Review the settings and select **Next** to create the policy.
+
+6. After the policy is created, **Close**.
### Group Policy
-You can use the following procedure to enable network protection on domain-joined computers or on a standalone computer.
+Use the following procedure to enable network protection on domain-joined computers or on a standalone computer.
-1. On a standalone computer, click **Start**, type and then click **Edit group policy**.
+1. On a standalone computer, go to **Start** and then type and select **Edit group policy**.
*-Or-*
- On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+ On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Network protection**.
-4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following:
- * **Block** - Users will not be able to access malicious IP addresses and domains
- * **Disable (Default)** - The Network protection feature will not work. Users will not be blocked from accessing malicious domains
- * **Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log but the user will not be blocked from visiting the address.
+4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following options:
+ * **Block** - Users can't access malicious IP addresses and domains
+ * **Disable (Default)** - The Network protection feature won't work. Users won't be blocked from accessing malicious domains
+ * **Audit Mode** - If a user visits a malicious IP address or domain, an event won't be recorded in the Windows event log. However, the user won't be blocked from visiting the address.
> [!IMPORTANT]
> To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu.
-You can confirm network protection is enabled on a local computer by using Registry editor:
+Confirm network protection is enabled on a local computer by using Registry editor:
+
+1. Select **Start** and type **regedit** to open **Registry Editor**.
-1. Click **Start** and type **regedit** to open **Registry Editor**.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
-3. Click **EnableNetworkProtection** and confirm the value:
+
+3. Select **EnableNetworkProtection** and confirm the value:
* 0=Off
* 1=On
* 2=Audit
-## Related topics
+## See also
* [Network protection](network-protection.md)
* [Evaluate network protection](evaluate-network-protection.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
deleted file mode 100644
index 76c04110e7..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Enable Secure Score in Microsoft Defender ATP
-description: Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard.
-keywords: enable secure score, baseline, calculation, analytics, score, secure score dashboard, dashboard
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Enable Secure Score security controls
-
-**Applies to:**
-
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
-Set the baselines for calculating the score of security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
-
- >[!NOTE]
- >Changes might take up to a few hours to reflect on the dashboard.
-
-1. In the navigation pane, select **Settings** > **Secure Score**.
-
-2. Select the security control, then toggle the setting between **On** and **Off**.
-
-3. Click **Save preferences**.
-
-## Related topics
-- [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
-- [Update data retention settings for Microsoft Defender ATP](data-retention-settings.md)
-- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
-- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
-- [Configure advanced features in Microsoft Defender ATP](advanced-features.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
index bbcbd77dcc..e78e648ca5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
@@ -37,7 +37,7 @@ These capabilities help prevent attacks and exploitations from infecting your or
- [Evaluate application guard](../microsoft-defender-application-guard/test-scenarios-md-app-guard.md)
- [Evaluate network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-## Evaluate next generation protection
+## Evaluate next-generation protection
Next gen protections help detect and block the latest threats.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
index 980238995f..32432b5025 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
@@ -1,18 +1,15 @@
---
-title: Use a demo to see how ASR rules can help protect your devices
-description: The custom demo tool lets you create sample malware infection scenarios so you can see how ASR would block and prevent attacks
+title: Evaluate attack surface reduction rules
+description: See how attack surface reduction would block and prevent attacks with the custom demo tool.
keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, evaluate, test, demo
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 05/20/2020
ms.reviewer:
manager: dansimp
---
@@ -23,22 +20,21 @@ manager: dansimp
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Attack surface reduction rules help prevent actions that are typically used by malware to compromise devices or networks. You can set attack surface reduction rules for devices running any of the following editions and versions of Windows:
+Attack surface reduction rules help prevent actions typically used by malware to compromise devices or networks. Set attack surface reduction rules for devices running any of the following editions and versions of Windows:
+
- Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
- Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
- Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
-Learn how to evaluate attack surface reduction rules, by enabling audit mode to test the feature directly in your organization.
+Learn how to evaluate attack surface reduction rules by enabling audit mode to test the feature directly in your organization.
> [!TIP]
-> You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+> You can also visit the Microsoft Defender ATP demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
## Use audit mode to measure impact
-You can enable attack surface reduction rules in audit mode. This lets you see a record of what apps would have been blocked if you had enabled attack surface reduction rules.
-
-You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how often the rules will fire during normal use.
+Enable attack surface reduction rules in audit mode to view a record of apps that would have been blocked if the feature was fully enabled. Test how the feature will work in your organization to ensure it doesn't affect your line-of-business apps. You can also get an idea of how often the rules will fire during normal use.
To enable all attack surface reduction rules in audit mode, use the following PowerShell cmdlet:
@@ -49,13 +45,13 @@ Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode
> [!TIP]
> If you want to fully audit how attack surface reduction rules will work in your organization, you'll need to use a management tool to deploy this setting to devices in your network(s).
-You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the setting, as described in the main [Attack surface reduction rules topic](attack-surface-reduction.md).
+You can also use Group Policy, Intune, or mobile device management (MDM) configuration service providers (CSPs) to configure and deploy the setting. Learn more in the main [Attack surface reduction rules](attack-surface-reduction.md) article.
## Review attack surface reduction events in Windows Event Viewer
To review apps that would have been blocked, open Event Viewer and filter for Event ID 1121 in the Microsoft-Windows-Windows Defender/Operational log. The following table lists all network protection events.
- Event ID | Description
+Event ID | Description
-|-
5007 | Event when settings are changed
1121 | Event when an attack surface reduction rule fires in block mode
@@ -65,9 +61,9 @@ To review apps that would have been blocked, open Event Viewer and filter for Ev
During your evaluation, you may wish to configure each rule individually or exclude certain files and processes from being evaluated by the feature.
-See the [Customize attack surface reduction rules](customize-attack-surface-reduction.md) topic for information on configuring the feature with management tools, including Group Policy and MDM CSP policies.
+See [Customize attack surface reduction rules](customize-attack-surface-reduction.md) for information on configuring the feature with management tools, including Group Policy and MDM CSP policies.
-## Related topics
+## See also
* [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction.md)
* [Use audit mode to evaluate Windows Defender](audit-windows-defender.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
index ae0a15fe7f..1df853c6ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
@@ -1,18 +1,15 @@
---
-title: See how controlled folder access can help protect files from being changed by malicious apps
-description: Use a custom tool to see how Controlled folder access works in Windows 10.
+title: Evaluate controlled folder access
+description: See how controlled folder access can help protect files from being changed by malicious apps.
keywords: Exploit protection, windows 10, windows defender, ransomware, protect, evaluate, test, demo, try
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 11/16/2018
ms.reviewer:
manager: dansimp
---
@@ -23,20 +20,18 @@ manager: dansimp
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-[Controlled folder access](controlled-folders.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
+[Controlled folder access](controlled-folders.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.
-It is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
+It is especially useful in helping protect against [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that attempts to encrypt your files and hold them hostage.
-This topic helps you evaluate controlled folder access. It explains how to enable audit mode so you can test the feature directly in your organization.
+This article helps you evaluate controlled folder access. It explains how to enable audit mode so you can test the feature directly in your organization.
> [!TIP]
-> You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+> You can also visit the Microsoft Defender ATP demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
## Use audit mode to measure impact
-You can enable the controlled folder access feature in audit mode. This lets you see a record of what *would* have happened if you had enabled the setting.
-
-You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period.
+Enable the controlled folder access in audit mode to see a record of what *would* have happened if it was fully enabled. Test how the feature will work in your organization to ensure it doesn't affect your line-of-business apps. You can also get an idea of how many suspicious file modification attempts generally occur over a certain period of time.
To enable audit mode, use the following PowerShell cmdlet:
@@ -46,7 +41,7 @@ Set-MpPreference -EnableControlledFolderAccess AuditMode
> [!TIP]
> If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to devices in your network(s).
-You can also use Group Policy, Intune, MDM, or Microsoft Endpoint Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
+You can also use Group Policy, Intune, mobile device management (MDM), or Microsoft Endpoint Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
## Review controlled folder access events in Windows Event Viewer
@@ -65,9 +60,9 @@ Event ID | Description
During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files.
-See [Protect important folders with controlled folder access](controlled-folders.md) for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSP.
+See [Protect important folders with controlled folder access](controlled-folders.md) for configuring the feature with management tools, including Group Policy, PowerShell, and MDM configuration service providers (CSPs).
-## Related topics
+## See also
* [Protect important folders with controlled folder access](controlled-folders.md)
* [Evaluate Microsoft Defender ATP]../(microsoft-defender-atp/evaluate-atp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
index d0ad0448da..1946579864 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
@@ -3,7 +3,6 @@ title: See how exploit protection works in a demo
description: See how exploit protection can prevent suspicious behaviors from occurring on specific apps.
keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigation
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -12,7 +11,7 @@ ms.localizationpriority: medium
audience: ITPro
author: denisebmsft
ms.author: deniseb
-ms.date: 10/21/2019
+ms.date: 08/28/2020
ms.reviewer:
manager: dansimp
---
@@ -23,7 +22,7 @@ manager: dansimp
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-[Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices. Mitigation can be applied to either the operating system or to an individual app. Many of the features that were part of the [Enhanced Mitigation Experience Toolkit (EMET)](emet-exploit-protection.md) are included in exploit protection.
+[Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices. Mitigation can be applied to either the operating system or to an individual app. Many of the features that were part of the Enhanced Mitigation Experience Toolkit (EMET) are included in exploit protection. (The EMET has reached its end of support.)
This article helps you enable exploit protection in audit mode and review related events in Event Viewer. You can enable audit mode to see how mitigation works for certain apps in a test environment. By auditing exploit protection, you can see what *would* have happened if you had enabled exploit protection in your production environment. This way, you can help ensure exploit protection doesn't adversely affect your line-of-business apps, and you can see which suspicious or malicious events occur.
@@ -73,12 +72,12 @@ Where:
|Mitigation | Audit mode cmdlet |
|---|---|
- |Arbitrary code guard (ACG) | AuditDynamicCode |
- |Block low integrity images | AuditImageLoad
- |Block untrusted fonts | AuditFont, FontAuditOnly |
- |Code integrity guard | AuditMicrosoftSigned, AuditStoreSigned |
- |Disable Win32k system calls | AuditSystemCall |
- |Do not allow child processes | AuditChildProcess |
+ |Arbitrary code guard (ACG) | `AuditDynamicCode` |
+ |Block low integrity images | `AuditImageLoad`
+ |Block untrusted fonts | `AuditFont`, `FontAuditOnly` |
+ |Code integrity guard | `AuditMicrosoftSigned`, `AuditStoreSigned` |
+ |Disable Win32k system calls | `AuditSystemCall` |
+ |Do not allow child processes | `AuditChildProcess` |
For example, to enable Arbitrary Code Guard (ACG) in audit mode for an app named *testing.exe*, run the following command:
@@ -101,13 +100,9 @@ To review which apps would have been blocked, open Event Viewer and filter for t
|Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit |
|Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit |
-## Related topics
+## See also
-* [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection.md)
-* [Enable exploit protection](enable-exploit-protection.md)
-* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
-* [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
-* [Troubleshoot exploit protection](troubleshoot-exploit-protection-mitigations.md)
-* [Enable network protection](enable-network-protection.md)
-* [Enable controlled folder access](enable-controlled-folders.md)
-* [Enable attack surface reduction](enable-attack-surface-reduction.md)
+- [Enable exploit protection](enable-exploit-protection.md)
+- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
+- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
+- [Troubleshoot exploit protection](troubleshoot-exploit-protection-mitigations.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
index 6e3840831e..1e08e42942 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
@@ -1,18 +1,15 @@
---
-title: Conduct a demo to see how network protection works
-description: Quickly see how Network protection works by performing common scenarios that it protects against
+title: Evaluate network protection
+description: See how network protection works by testing common scenarios that it protects against.
keywords: Network protection, exploits, malicious website, ip, domain, domains, evaluate, test, demo
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 05/10/2019
ms.reviewer:
manager: dansimp
---
@@ -25,18 +22,16 @@ manager: dansimp
[Network protection](network-protection.md) helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
-This topic helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The site in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visited a malicious site or domain.
+This article helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The sites in this evaluation article aren't malicious. They're specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visited a malicious site or domain.
> [!TIP]
> You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how other protection features work.
## Enable network protection in audit mode
-You can enable network protection in audit mode to see which IP addresses and domains would have been blocked if it was enabled.
+Enable network protection in audit mode to see which IP addresses and domains would have been blocked. You can make sure it doesn't affect line-of-business apps, or get an idea of how often blocks occur.
-You might want to do this to make sure it doesn't affect line-of-business apps or to get an idea of how often blocks occur.
-
-1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
2. Enter the following cmdlet:
```PowerShell
@@ -63,7 +58,7 @@ To review apps that would have been blocked, open Event Viewer and filter for Ev
|1125 | Windows Defender (Operational) | Event when a network connection is audited |
|1126 | Windows Defender (Operational) | Event when a network connection is blocked |
-## Related topics
+## See also
* [Network protection](network-protection.md)
* [Enable network protection](enable-network-protection.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
index f85dc02558..dd21e36602 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
@@ -12,7 +12,9 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-evalutatemtp
ms.topic: article
---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
index 7f19406d2e..a856668804 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
@@ -108,15 +108,15 @@ See Onboard Windows 10 devices.
9
Microsoft Defender Advanced Threat Protection service failed to change its start type. Failure code: variable.
-
During onboarding: The device did not onboard correctly and will not be reporting to the portal.
During offboarding: Failed to change the service start type. The offboarding process continues.
+
During onboarding: The device did not onboard correctly and will not be reporting to the portal.
During offboarding: Failed to change the service start type. The offboarding process continues.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See Onboard Windows 10 devices.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-views.md b/windows/security/threat-protection/microsoft-defender-atp/event-views.md
index 2fe08915a1..d373f292ac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/event-views.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-views.md
@@ -1,20 +1,16 @@
---
-ms.reviewer:
-title: Import custom views to see attack surface reduction events
-description: Use Windows Event Viewer to import individual views for each of the features.
+title: View attack surface reduction events
+description: Import custom views to see attack surface reduction events.
keywords: event view, exploit guard, audit, review, events
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
-ms.date: 04/16/2018
ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 03/26/2019
+ms.reviewer:
manager: dansimp
---
@@ -24,19 +20,17 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-You can review attack surface reduction events in Event Viewer. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow.
+Review attack surface reduction events in Event Viewer to monitor what rules or settings are working. You can also determine if any settings are too "noisy" or impacting your day to day workflow.
-Reviewing the events is also handy when you are evaluating the features, as you can enable audit mode for the features or settings, and then review what would have happened if they were fully enabled.
+Reviewing events is handy when you're evaluating the features. You can enable audit mode for features or settings, and then review what would have happened if they were fully enabled.
-This topic lists all the events, their associated feature or setting, and describes how to create custom views to filter to specific events.
+This article lists all the events, their associated feature or setting, and describes how to create custom views to filter to specific events.
-You can also get detailed reporting into events and blocks as part of Windows Security, which you access if you have an E5 subscription and use [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md).
+Get detailed reporting into events and blocks as part of Windows Security if you have an E5 subscription and use [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md).
## Use custom views to review attack surface reduction capabilities
-You can create custom views in the Windows Event Viewer to only see events for specific capabilities and settings.
-
-The easiest way to do this is to import a custom view as an XML file. You can copy the XML directly from this page.
+Create custom views in the Windows Event Viewer to only see events for specific capabilities and settings. The easiest way is to import a custom view as an XML file. You can copy the XML directly from this page.
You can also manually navigate to the event area that corresponds to the feature.
@@ -48,33 +42,33 @@ You can also manually navigate to the event area that corresponds to the feature
- Attack surface reduction events custom view: *asr-events.xml*
- Network/ protection events custom view: *np-events.xml*
-1. Type **event viewer** in the Start menu and open **Event Viewer**.
+2. Type **event viewer** in the Start menu and open **Event Viewer**.
-1. Click **Action** > **Import Custom View...**
+3. Select **Action** > **Import Custom View...**
-1. Navigate to where you extracted XML file for the custom view you want and select it.
+4. Navigate to where you extracted XML file for the custom view you want and select it.
-1. Click **Open**.
+5. Select **Open**.
-1. This will create a custom view that filters to only show the events related to that feature.
+6. It will create a custom view that filters to only show the events related to that feature.
### Copy the XML directly
1. Type **event viewer** in the Start menu and open the Windows **Event Viewer**.
-1. On the left panel, under **Actions**, click **Create Custom View...**
+2. On the left panel, under **Actions**, select **Create Custom View...**
-1. Go to the XML tab and click **Edit query manually**. You'll see a warning that you won't be able to edit the query using the **Filter** tab if you use the XML option. Click **Yes**.
+3. Go to the XML tab and select **Edit query manually**. You'll see a warning that you can't edit the query using the **Filter** tab if you use the XML option. Select **Yes**.
-1. Paste the XML code for the feature you want to filter events from into the XML section.
+4. Paste the XML code for the feature you want to filter events from into the XML section.
-1. Click **OK**. Specify a name for your filter.
+5. Select **OK**. Specify a name for your filter.
-1. This will create a custom view that filters to only show the events related to that feature.
+6. It will create a custom view that filters to only show the events related to that feature.
### XML for attack surface reduction rule events
@@ -131,13 +125,13 @@ You can also manually navigate to the event area that corresponds to the feature
## List of attack surface reduction events
-All attack surface reductiond events are located under **Applications and Services Logs > Microsoft > Windows** and then the folder or provider as listed in the following table.
+All attack surface reduction events are located under **Applications and Services Logs > Microsoft > Windows** and then the folder or provider as listed in the following table.
You can access these events in Windows Event viewer:
-1. Open the **Start** menu and type **event viewer**, and then click on the **Event Viewer** result.
+1. Open the **Start** menu and type **event viewer**, and then select the **Event Viewer** result.
2. Expand **Applications and Services Logs > Microsoft > Windows** and then go to the folder listed under **Provider/source** in the table below.
-3. Double-click on the sub item to see events. Scroll through the events to find the one you are looking.
+3. Double-click on the sub item to see events. Scroll through the events to find the one you're looking.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
index bab625f913..b330f4798b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
@@ -3,7 +3,6 @@ title: Apply mitigations to help prevent attacks through vulnerabilities
keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
description: Protect devices against exploits with Windows 10. Windows 10 has advanced exploit protection capabilities, building upon and improving the settings available in Enhanced Mitigation Experience Toolkit (EMET).
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -37,10 +36,10 @@ When a mitigation is encountered on the device, a notification will be displayed
You can also use [audit mode](evaluate-exploit-protection.md) to evaluate how exploit protection would impact your organization if it were enabled.
-Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) have been included in Exploit protection, and you can convert and import existing EMET configuration profiles into Exploit protection. See [Comparison between Enhanced Mitigation Experience Toolkit and Exploit protection](emet-exploit-protection.md) for more information on how Exploit protection supersedes EMET and what the benefits are when considering moving to exploit protection on Windows 10.
+Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection. In fact, you can convert and import existing your EMET configuration profiles into exploit protection. To learn more, see [Import, export, and deploy exploit protection configurations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml).
> [!IMPORTANT]
-> If you are currently using EMET you should be aware that [EMET reached end of support on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows 10. You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
+> If you are currently using EMET you should be aware that [EMET reached end of support on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). Consider replacing EMET with exploit protection in Windows 10.
> [!WARNING]
> Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](audit-windows-defender.md) before deploying the configuration across a production environment or the rest of your network.
@@ -62,34 +61,34 @@ DeviceEvents
You can review the Windows event log to see events that are created when exploit protection blocks (or audits) an app:
-Provider/source | Event ID | Description
--|-|-
-Security-Mitigations | 1 | ACG audit
-Security-Mitigations | 2 | ACG enforce
-Security-Mitigations | 3 | Do not allow child processes audit
-Security-Mitigations | 4 | Do not allow child processes block
-Security-Mitigations | 5 | Block low integrity images audit
-Security-Mitigations | 6 | Block low integrity images block
-Security-Mitigations | 7 | Block remote images audit
-Security-Mitigations | 8 | Block remote images block
-Security-Mitigations | 9 | Disable win32k system calls audit
-Security-Mitigations | 10 | Disable win32k system calls block
-Security-Mitigations | 11 | Code integrity guard audit
-Security-Mitigations | 12 | Code integrity guard block
-Security-Mitigations | 13 | EAF audit
-Security-Mitigations | 14 | EAF enforce
-Security-Mitigations | 15 | EAF+ audit
-Security-Mitigations | 16 | EAF+ enforce
-Security-Mitigations | 17 | IAF audit
-Security-Mitigations | 18 | IAF enforce
-Security-Mitigations | 19 | ROP StackPivot audit
-Security-Mitigations | 20 | ROP StackPivot enforce
-Security-Mitigations | 21 | ROP CallerCheck audit
-Security-Mitigations | 22 | ROP CallerCheck enforce
-Security-Mitigations | 23 | ROP SimExec audit
-Security-Mitigations | 24 | ROP SimExec enforce
-WER-Diagnostics | 5 | CFG Block
-Win32K | 260 | Untrusted Font
+|Provider/source | Event ID | Description|
+|---|---|---|
+|Security-Mitigations | 1 | ACG audit |
+|Security-Mitigations | 2 | ACG enforce |
+|Security-Mitigations | 3 | Do not allow child processes audit |
+|Security-Mitigations | 4 | Do not allow child processes block |
+|Security-Mitigations | 5 | Block low integrity images audit |
+|Security-Mitigations | 6 | Block low integrity images block |
+|Security-Mitigations | 7 | Block remote images audit |
+|Security-Mitigations | 8 | Block remote images block |
+|Security-Mitigations | 9 | Disable win32k system calls audit |
+|Security-Mitigations | 10 | Disable win32k system calls block |
+|Security-Mitigations | 11 | Code integrity guard audit |
+|Security-Mitigations | 12 | Code integrity guard block |
+|Security-Mitigations | 13 | EAF audit |
+|Security-Mitigations | 14 | EAF enforce |
+|Security-Mitigations | 15 | EAF+ audit |
+|Security-Mitigations | 16 | EAF+ enforce |
+|Security-Mitigations | 17 | IAF audit |
+|Security-Mitigations | 18 | IAF enforce |
+|Security-Mitigations | 19 | ROP StackPivot audit |
+|Security-Mitigations | 20 | ROP StackPivot enforce |
+|Security-Mitigations | 21 | ROP CallerCheck audit |
+|Security-Mitigations | 22 | ROP CallerCheck enforce |
+|Security-Mitigations | 23 | ROP SimExec audit |
+|Security-Mitigations | 24 | ROP SimExec enforce |
+|WER-Diagnostics | 5 | CFG Block |
+|Win32K | 260 | Untrusted Font |
## Mitigation comparison
@@ -97,38 +96,36 @@ The mitigations available in EMET are included natively in Windows 10 (starting
The table in this section indicates the availability and support of native mitigations between EMET and exploit protection.
-Mitigation | Available under Exploit protection | Available in EMET
--|-|-
-Arbitrary code guard (ACG) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] As "Memory Protection Check"
-Block remote images | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] As "Load Library Check"
-Block untrusted fonts | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Data Execution Prevention (DEP) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Export address filtering (EAF) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Force randomization for images (Mandatory ASLR) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-NullPage Security Mitigation | [!include[Check mark yes](../images/svg/check-yes.svg)] Included natively in Windows 10 See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Randomize memory allocations (Bottom-Up ASLR) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Simulate execution (SimExec) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Validate API invocation (CallerCheck) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Validate exception chains (SEHOP) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Validate stack integrity (StackPivot) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Certificate trust (configurable certificate pinning) | Windows 10 provides enterprise certificate pinning | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Heap spray allocation | Ineffective against newer browser-based exploits; newer mitigations provide better protection See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](../images/svg/check-yes.svg)]
-Block low integrity images | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Code integrity guard | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Disable extension points | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Disable Win32k system calls | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Do not allow child processes | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Import address filtering (IAF) | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Validate handle usage | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Validate heap integrity | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
-Validate image dependency integrity | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)]
+|Mitigation | Available under exploit protection | Available in EMET |
+|---|---|---|
+|Arbitrary code guard (ACG) | yes | yes As "Memory Protection Check" |
+|Block remote images | yes | yes As "Load Library Check" |
+|Block untrusted fonts | yes | yes |
+|Data Execution Prevention (DEP) | yes | yes |
+|Export address filtering (EAF) | yes | yes |
+|Force randomization for images (Mandatory ASLR) | yes | yes |
+|NullPage Security Mitigation | yes Included natively in Windows 10 See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | yes |
+|Randomize memory allocations (Bottom-Up ASLR) | yes | yes |
+|Simulate execution (SimExec) | yes | yes |
+|Validate API invocation (CallerCheck) | yes | yes |
+|Validate exception chains (SEHOP) | yes | yes |
+|Validate stack integrity (StackPivot) | yes | yes |
+|Certificate trust (configurable certificate pinning) | Windows 10 provides enterprise certificate pinning | yes |
+|Heap spray allocation | Ineffective against newer browser-based exploits; newer mitigations provide better protection See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | yes |
+|Block low integrity images | yes | no |
+|Code integrity guard | yes | no |
+|Disable extension points | yes | no |
+|Disable Win32k system calls | yes | no |
+|Do not allow child processes | yes | no |
+|Import address filtering (IAF) | yes | no |
+|Validate handle usage | yes | no |
+|Validate heap integrity | yes | no |
+|Validate image dependency integrity | yes | no |
> [!NOTE]
-> The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default, as part of enabling the anti-ROP mitigations for a process.
->
-> See the [Mitigation threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information on how Windows 10 employs existing EMET technology.
+> The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default, as part of enabling the anti-ROP mitigations for a process. See the [Mitigation threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information on how Windows 10 employs existing EMET technology.
-## Related articles
+## See also
- [Protect devices from exploits](exploit-protection.md)
- [Evaluate exploit protection](evaluate-exploit-protection.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index 37e873ced5..c820d3d69e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -1,7 +1,7 @@
---
title: OData queries with Microsoft Defender ATP
ms.reviewer:
-description: Use these examples of Open Data Protocol (OData) queries to help with data access protocols in Microsoft Defender ATP
+description: Use these examples of Open Data Protocol (OData) queries to help with data access protocols in Microsoft Defender ATP.
keywords: apis, supported apis, odata, query
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
index e4ecad3ffa..00887c1ccb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
@@ -1,6 +1,6 @@
---
title: Get alert information by ID API
-description: Retrieve a Microsoft Defender ATP alert by its ID.
+description: Learn how to use the Get alert information by ID API to retrieve a specific alert by its ID in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, alert, information, id
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
index 982e2a2585..e5d037ad94 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@@ -1,6 +1,6 @@
---
title: Get alert related user information
-description: Retrieves the user associated to a specific alert.
+description: Learn how to use the Get alert related user information API to retrieve the user related to a specific alert in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, alert, information, related, user
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
index f13f6270fd..16e865448e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@@ -1,6 +1,6 @@
---
title: List alerts API
-description: Retrieve a collection of recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts.
+description: Learn how to use the List alerts API to retrieve a collection of alerts in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, alerts, recent
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
index 5f0bb3386d..94487dd4ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
@@ -1,108 +1,108 @@
----
-title: List all recommendations
-description: Retrieves a list of all security recommendations affecting the organization.
-keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List all recommendations
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a list of all security recommendations affecting the organization.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
-Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
-
-## HTTP request
-```
-GET /api/recommendations
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the list of security recommendations in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/recommendations
-```
-
-**Response**
-
-Here is an example of the response.
-
-
-```json
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
- "value": [
- {
- "id": "va-_-microsoft-_-windows_10",
- "productName": "windows_10",
- "recommendationName": "Update Windows 10",
- "weaknesses": 397,
- "vendor": "microsoft",
- "recommendedVersion": "",
- "recommendationCategory": "Application",
- "subCategory": "",
- "severityScore": 0,
- "publicExploit": true,
- "activeAlert": false,
- "associatedThreats": [
- "3098b8ef-23b1-46b3-aed4-499e1928f9ed",
- "40c189d5-0330-4654-a816-e48c2b7f9c4b",
- "4b0c9702-9b6c-4ca2-9d02-1556869f56f8",
- "e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d",
- "94b6e94b-0c1d-4817-ac06-c3b8639be3ab"
- ],
- "remediationType": "Update",
- "status": "Active",
- "configScoreImpact": 0,
- "exposureImpact": 7.674418604651163,
- "totalMachineCount": 37,
- "exposedMachinesCount": 7,
- "nonProductivityImpactedAssets": 0,
- "relatedComponent": "Windows 10"
- }
- ...
- ]
-}
-```
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
-
+---
+title: List all recommendations
+description: Retrieves a list of all security recommendations affecting the organization.
+keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List all recommendations
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of all security recommendations affecting the organization.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the list of security recommendations in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```json
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
+ "value": [
+ {
+ "id": "va-_-microsoft-_-windows_10",
+ "productName": "windows_10",
+ "recommendationName": "Update Windows 10",
+ "weaknesses": 397,
+ "vendor": "microsoft",
+ "recommendedVersion": "",
+ "recommendationCategory": "Application",
+ "subCategory": "",
+ "severityScore": 0,
+ "publicExploit": true,
+ "activeAlert": false,
+ "associatedThreats": [
+ "3098b8ef-23b1-46b3-aed4-499e1928f9ed",
+ "40c189d5-0330-4654-a816-e48c2b7f9c4b",
+ "4b0c9702-9b6c-4ca2-9d02-1556869f56f8",
+ "e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d",
+ "94b6e94b-0c1d-4817-ac06-c3b8639be3ab"
+ ],
+ "remediationType": "Update",
+ "status": "Active",
+ "configScoreImpact": 0,
+ "exposureImpact": 7.674418604651163,
+ "totalMachineCount": 37,
+ "exposedMachinesCount": 7,
+ "nonProductivityImpactedAssets": 0,
+ "relatedComponent": "Windows 10"
+ }
+ ...
+ ]
+}
+```
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
index 4114015c39..8b61f18cfc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
@@ -1,96 +1,96 @@
----
-title: Get all vulnerabilities
-description: Retrieves a list of all the vulnerabilities affecting the organization
-keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List vulnerabilities
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a list of all the vulnerabilities affecting the organization.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
-Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
-
-## HTTP request
-```
-GET /api/vulnerabilities
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the list of vulnerabilities in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/Vulnerabilities
-```
-
-**Response**
-
-Here is an example of the response.
-
-
-```json
-{
- "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities",
- "value": [
- {
- "id": "CVE-2019-0608",
- "name": "CVE-2019-0608",
- "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
- "severity": "Medium",
- "cvssV3": 4.3,
- "exposedMachines": 4,
- "publishedOn": "2019-10-08T00:00:00Z",
- "updatedOn": "2019-12-16T16:20:00Z",
- "publicExploit": false,
- "exploitVerified": false,
- "exploitInKit": false,
- "exploitTypes": [],
- "exploitUris": []
- }
- ...
- ]
-
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
+---
+title: Get all vulnerabilities
+description: Retrieves a list of all the vulnerabilities affecting the organization
+keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List vulnerabilities
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of all the vulnerabilities affecting the organization.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
+Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
+
+## HTTP request
+```
+GET /api/vulnerabilities
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the list of vulnerabilities in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Vulnerabilities
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```json
+{
+ "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities",
+ "value": [
+ {
+ "id": "CVE-2019-0608",
+ "name": "CVE-2019-0608",
+ "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
+ "severity": "Medium",
+ "cvssV3": 4.3,
+ "exposedMachines": 4,
+ "publishedOn": "2019-10-08T00:00:00Z",
+ "updatedOn": "2019-12-16T16:20:00Z",
+ "publicExploit": false,
+ "exploitVerified": false,
+ "exploitInKit": false,
+ "exploitTypes": [],
+ "exploitUris": []
+ }
+ ...
+ ]
+
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
index 4207a4cc3b..1bb48a3550 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
@@ -1,6 +1,6 @@
---
title: Get CVE-KB map API
-description: Retrieves a map of CVE's to KB's.
+description: Learn how to use the Get CVE-KB map API to retrieve a map of CVE's to KB's and CVE details in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, cve, kb
search.product: eADQiWindows 10XVcnh
search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
index 6eb1d7d80c..b33b579f20 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
@@ -1,83 +1,83 @@
----
-title: Get Machine Secure score
-description: Retrieves the organizational device secure score.
-keywords: apis, graph api, supported apis, get, alerts, recent
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get Machine Secure score
-
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves the organizational device secure score.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Score.Read.Alll | 'Read Threat and Vulnerability Management score'
-Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
-
-## HTTP request
-```
-GET /api/configurationScore
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK, with the with device secure score data in the response body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/configurationScore
-```
-
-**Response**
-
-Here is an example of the response.
-
->[!NOTE]
->The response list shown here may be truncated for brevity.
-
-
-```json
-{
- "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity",
- "time": "2019-12-03T09:15:58.1665846Z",
- "score": 340
-}
-```
-
-## Related topics
-- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
+---
+title: Get device secure score
+description: Retrieves the organizational device secure score.
+keywords: apis, graph api, supported apis, get, alerts, recent
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: levinec
+ms.author: ellevin
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get device secure score
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+Retrieves your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Score.Read.Alll | 'Read Threat and Vulnerability Management score'
+Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
+
+## HTTP request
+
+```
+GET /api/configurationScore
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+## Request body
+
+Empty
+
+## Response
+
+If successful, this method returns 200 OK, with the device secure score data in the response body.
+
+## Example
+
+### Request
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/configurationScore
+```
+
+### Response
+
+Here is an example of the response.
+
+>[!NOTE]
+>The response list shown here may be truncated for brevity.
+
+```json
+{
+ "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity",
+ "time": "2019-12-03T09:15:58.1665846Z",
+ "score": 340
+}
+```
+
+## Related topics
+
+- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
index d93e999a34..333b21f72f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
@@ -1,93 +1,94 @@
----
-title: Get discovered vulnerabilities
-description: Retrieves a collection of discovered vulnerabilities related to a given device ID.
-keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get discovered vulnerabilities
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a collection of discovered vulnerabilities related to a given device ID.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
-Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
-
-## HTTP request
-```
-GET /api/machines/{machineId}/vulnerabilities
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the discovered vulnerability information in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
-```
-
-**Response**
-
-Here is an example of the response.
-
-
-```
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
- "value": [
- {
- "id": "CVE-2019-1348",
- "name": "CVE-2019-1348",
- "description": "Git could allow a remote attacker to bypass security restrictions, caused by a flaw in the --export-marks option of git fast-import. By persuading a victim to import specially-crafted content, an attacker could exploit this vulnerability to overwrite arbitrary paths.",
- "severity": "Medium",
- "cvssV3": 4.3,
- "exposedMachines": 1,
- "publishedOn": "2019-12-13T00:00:00Z",
- "updatedOn": "2019-12-13T00:00:00Z",
- "publicExploit": false,
- "exploitVerified": false,
- "exploitInKit": false,
- "exploitTypes": [],
- "exploitUris": []
- }
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
+---
+title: Get discovered vulnerabilities
+description: Retrieves a collection of discovered vulnerabilities related to a given device ID.
+keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: levinec
+ms.author: ellevin
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get discovered vulnerabilities
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Retrieves a collection of discovered vulnerabilities related to a given device ID.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
+Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
+
+## HTTP request
+
+```
+GET /api/machines/{machineId}/vulnerabilities
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+## Request body
+
+Empty
+
+## Response
+
+If successful, this method returns 200 OK with the discovered vulnerability information in the body.
+
+## Example
+
+### Request
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
+```
+
+### Response
+
+Here is an example of the response.
+
+```
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
+ "value": [
+ {
+ "id": "CVE-2019-1348",
+ "name": "CVE-2019-1348",
+ "description": "Git could allow a remote attacker to bypass security restrictions, caused by a flaw in the --export-marks option of git fast-import. By persuading a victim to import specially-crafted content, an attacker could exploit this vulnerability to overwrite arbitrary paths.",
+ "severity": "Medium",
+ "cvssV3": 4.3,
+ "exposedMachines": 1,
+ "publishedOn": "2019-12-13T00:00:00Z",
+ "updatedOn": "2019-12-13T00:00:00Z",
+ "publicExploit": false,
+ "exploitVerified": false,
+ "exploitInKit": false,
+ "exploitTypes": [],
+ "exploitUris": []
+ }
+}
+```
+
+## Related topics
+
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
index 0aa06444da..d3a4e5bc56 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
@@ -1,6 +1,6 @@
---
title: Get domain related alerts API
-description: Retrieves a collection of alerts related to a given domain address.
+description: Learn how to use the Get domain related alerts API to retrieve alerts related to a given domain address in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, domain, related, alerts
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
index 6b4dee50f5..da65275c62 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
@@ -1,6 +1,6 @@
---
title: Get domain related machines API
-description: Retrieves a collection of devices related to a given domain address.
+description: Learn how to use the Get domain related machines API to get machines that communicated to or from a domain in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, domain, related, devices
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
index 4cab7c52be..2da9aa6675 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@@ -1,6 +1,6 @@
---
title: Get domain statistics API
-description: Retrieves the prevalence for the given domain.
+description: Learn how to use the Get domain statistics API to retrieve the statistics on the given domain in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, domain, domain related devices
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
index 794272d101..c31cd33d28 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
@@ -1,88 +1,87 @@
----
-title: Get exposure score
-description: Retrieves the organizational exposure score.
-keywords: apis, graph api, supported apis, get, exposure score, organizational exposure score
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get exposure score
-
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves the organizational exposure score.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Score.Read.All | 'Read Threat and Vulnerability Management score'
-Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
-
-
-## HTTP request
-```
-GET /api/exposureScore
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK, with the exposure data in the response body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/exposureScore
-```
-
-**Response**
-
-Here is an example of the response.
-
->[!NOTE]
->The response list shown here may be truncated for brevity.
-
-
-```json
-{
- "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity",
- "time": "2019-12-03T07:23:53.280499Z",
- "score": 33.491554051195706
-}
-
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)
-
-
+---
+title: Get exposure score
+description: Retrieves the organizational exposure score.
+keywords: apis, graph api, supported apis, get, exposure score, organizational exposure score
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: levinec
+ms.author: ellevin
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get exposure score
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves the organizational exposure score.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Score.Read.All | 'Read Threat and Vulnerability Management score'
+Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
+
+## HTTP request
+
+```
+GET /api/exposureScore
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+## Request body
+
+Empty
+
+## Response
+
+If successful, this method returns 200 OK, with the exposure data in the response body.
+
+## Example
+
+### Request
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/exposureScore
+```
+
+### Response
+
+Here is an example of the response.
+
+>[!NOTE]
+>The response list shown here may be truncated for brevity.
+
+```json
+{
+ "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity",
+ "time": "2019-12-03T07:23:53.280499Z",
+ "score": 33.491554051195706
+}
+
+```
+
+## Related topics
+
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
index db2c9f018f..12b129b43f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@@ -1,6 +1,6 @@
---
title: Get file information API
-description: Retrieves a file by identifier Sha1, Sha256, or MD5.
+description: Learn how to use the Get file information API to get a file by Sha1, Sha256, or MD5 identifier in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
index 5ea61a7554..446e50982d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
@@ -1,6 +1,6 @@
---
title: Get file related alerts API
-description: Retrieves a collection of alerts related to a given file hash.
+description: Learn how to use the Get file related alerts API to get a collection of alerts related to a given file hash in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, file, hash
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
index 480f952df9..029c7fc1d5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
@@ -1,6 +1,6 @@
---
title: Get file related machines API
-description: Retrieves a collection of devices related to a given file hash.
+description: Learn how to use the Get file related machines API to get a collection of machines related to a file hash in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, devices, hash
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
index b6abc23c5f..6f35b59012 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@@ -1,6 +1,6 @@
---
title: Get file statistics API
-description: Retrieves the prevalence for the given file.
+description: Learn how to use the Get file statistics API to retrieve the statistics for the given file in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, file, statistics
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
index 2521e0a16b..4ae4475d50 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
@@ -1,89 +1,89 @@
----
-title: Get installed software
-description: Retrieves a collection of installed software related to a given device ID.
-keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per device, threat & vulnerability management api, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get installed software
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a collection of installed software related to a given device ID.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information'
-Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
-
-## HTTP request
-```
-GET /api/machines/{machineId}/software
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the installed software information in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
-```
-
-**Response**
-
-Here is an example of the response.
-
-
-```
-{
-"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software",
-"value": [
- {
-"id": "microsoft-_-internet_explorer",
-"name": "internet_explorer",
-"vendor": "microsoft",
-"weaknesses": 67,
-"publicExploit": true,
-"activeAlert": false,
-"exposedMachines": 42115,
-"impactScore": 46.2037163
- }
- ]
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
+---
+title: Get installed software
+description: Retrieves a collection of installed software related to a given device ID.
+keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per device, threat & vulnerability management api, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get installed software
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a collection of installed software related to a given device ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+```
+GET /api/machines/{machineId}/software
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the installed software information in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+{
+"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software",
+"value": [
+ {
+"id": "microsoft-_-internet_explorer",
+"name": "internet_explorer",
+"vendor": "microsoft",
+"weaknesses": 67,
+"publicExploit": true,
+"activeAlert": false,
+"exposedMachines": 42115,
+"impactScore": 46.2037163
+ }
+ ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
index 91b44caf50..832b6cd185 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@@ -1,6 +1,6 @@
---
title: Get machine by ID API
-description: Retrieves a device entity by ID.
+description: Learn how to use the Get machine by ID API to retrieve a machine by its device ID or computer name in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, devices, entity, id
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
index 10f886e0d1..05b0cbef9d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
@@ -7,8 +7,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
+author: levinec
+ms.author: ellevin
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
@@ -27,6 +27,7 @@ ms.topic: article
Retrieves a collection of alerts related to a given domain address.
## Permissions
+
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
@@ -35,6 +36,7 @@ Application | Score.Read.All | 'Read Threat and Vulnerability Management score'
Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
## HTTP request
+
```
GET /api/exposureScore/ByMachineGroups
```
@@ -46,15 +48,16 @@ GET /api/exposureScore/ByMachineGroups
| Authorization | String | Bearer {token}.**Required**.
## Request body
+
Empty
## Response
-If successful, this method returns 200 OK, with a list of exposure score per device group data in the response body.
+If successful, this method returns 200 OK, with a list of exposure score per device group data in the response body.
## Example
-**Request**
+### Request
Here is an example of the request.
@@ -62,7 +65,7 @@ Here is an example of the request.
GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups
```
-**Response**
+### Response
Here is an example of the response.
@@ -87,5 +90,6 @@ Here is an example of the response.
```
## Related topics
+
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
index fc56069b04..9856c6c603 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@@ -1,6 +1,6 @@
---
title: Get machine log on users API
-description: Retrieve a collection of logged on users on a specific device using Microsoft Defender ATP APIs.
+description: Learn how to use the Get machine log on users API to retrieve a collection of logged on users on a device in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, device, log on, users
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
index e8fb105671..2aa5a05832 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
@@ -1,6 +1,6 @@
---
title: Get machine related alerts API
-description: Retrieves a collection of alerts related to a given device ID.
+description: Learn how to use the Get machine related alerts API to retrieve all alerts related to a specific device in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, devices, related, alerts
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
index dbcaf5b6fb..abd2981676 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
@@ -1,6 +1,6 @@
---
title: Get MachineAction object API
-description: Use this API to create calls related to get machineaction object
+description: Learn how to use the Get MachineAction API to retrieve a specific Machine Action by its ID in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, machineaction object
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
index 08f5fff7d0..c8a2ee671c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
@@ -1,6 +1,6 @@
---
title: List machineActions API
-description: Use the Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) API to create calls related to get machineactions collection.
+description: Learn how to use the List MachineActions API to retrieve a collection of Machine Actions in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, machineaction collection
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
index 8dca334083..b3de168061 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
@@ -1,6 +1,6 @@
---
title: Get RBAC machine groups collection API
-description: Retrieves a collection of RBAC device groups.
+description: Learn how to use the Get KB collection API to retrieve a collection of RBAC device groups in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, RBAC, group
search.product: eADQiWindows 10XVcnh
search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
index ebf471edee..e066fab80a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
@@ -1,93 +1,93 @@
----
-title: List devices by software
-description: Retrieve a list of devices that has this software installed.
-keywords: apis, graph api, supported apis, get, list devices, devices list, list devices by software, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List devices by software
-
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieve a list of device references that has this software installed.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
-Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
-
-## HTTP request
-```
-GET /api/Software/{Id}/machineReferences
-```
-
-## Request headers
-
-| Name | Type | Description
-|:--------------|:-------|:--------------|
-| Authorization | String | Bearer {token}.**Required**.
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK and a list of devices with the software installed in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-
-{
- "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences",
- "value": [
- {
- "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762",
- "computerDnsName": "dave_desktop",
- "osPlatform": "Windows10",
- "rbacGroupName": "GroupTwo"
- },
- {
- "id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d",
- "computerDnsName": "jane_PC",
- "osPlatform": "Windows10",
- "rbacGroupName": "GroupTwo"
- }
- ...
- ]
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
+---
+title: List devices by software
+description: Retrieve a list of devices that has this software installed.
+keywords: apis, graph api, supported apis, get, list devices, devices list, list devices by software, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List devices by software
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieve a list of device references that has this software installed.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+```
+GET /api/Software/{Id}/machineReferences
+```
+
+## Request headers
+
+| Name | Type | Description
+|:--------------|:-------|:--------------|
+| Authorization | String | Bearer {token}.**Required**.
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK and a list of devices with the software installed in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+
+{
+ "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences",
+ "value": [
+ {
+ "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762",
+ "computerDnsName": "dave_desktop",
+ "osPlatform": "Windows10",
+ "rbacGroupName": "GroupTwo"
+ },
+ {
+ "id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d",
+ "computerDnsName": "jane_PC",
+ "osPlatform": "Windows10",
+ "rbacGroupName": "GroupTwo"
+ }
+ ...
+ ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
index fddc82d5dd..71597be89f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
@@ -1,92 +1,92 @@
----
-title: List devices by vulnerability
-description: Retrieves a list of devices affected by a vulnerability.
-keywords: apis, graph api, supported apis, get, devices list, vulnerable devices, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List devices by vulnerability
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a list of devices affected by a vulnerability.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
-Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
-
-## HTTP request
-```
-GET /api/vulnerabilities/{cveId}/machineReferences
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the vulnerability information in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences
-```
-
-**Response**
-
-Here is an example of the response.
-
-
-```json
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
- "value": [
- {
- "id": "235a2e6278c63fcf85bab9c370396972c58843de",
- "computerDnsName": "h1mkn_PC",
- "osPlatform": "Windows10",
- "rbacGroupName": "GroupTwo"
- },
- {
- "id": "afb3f807d1a185ac66668f493af028385bfca184",
- "computerDnsName": "chat_Desk ",
- "osPlatform": "Windows10",
- "rbacGroupName": "GroupTwo"
- }
- ...
- ]
- }
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
+---
+title: List devices by vulnerability
+description: Retrieves a list of devices affected by a vulnerability.
+keywords: apis, graph api, supported apis, get, devices list, vulnerable devices, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List devices by vulnerability
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of devices affected by a vulnerability.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
+Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
+
+## HTTP request
+```
+GET /api/vulnerabilities/{cveId}/machineReferences
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the vulnerability information in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```json
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
+ "value": [
+ {
+ "id": "235a2e6278c63fcf85bab9c370396972c58843de",
+ "computerDnsName": "h1mkn_PC",
+ "osPlatform": "Windows10",
+ "rbacGroupName": "GroupTwo"
+ },
+ {
+ "id": "afb3f807d1a185ac66668f493af028385bfca184",
+ "computerDnsName": "chat_Desk ",
+ "osPlatform": "Windows10",
+ "rbacGroupName": "GroupTwo"
+ }
+ ...
+ ]
+ }
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
index 93303b75fa..5c24fe2ff9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@@ -1,6 +1,6 @@
---
title: List machines API
-description: Retrieves a collection of recently seen devices.
+description: Learn how to use the List machines API to retrieve a collection of machines that have communicated with Microsoft Defender ATP cloud.
keywords: apis, graph api, supported apis, get, devices
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
index 5fed8ccf11..9c22b88199 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
@@ -1,6 +1,6 @@
---
title: Get machines security states collection API
-description: Retrieve a collection of device security states using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP.
+description: Retrieve a collection of device security states using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
keywords: apis, graph api, supported apis, get, device, security, state
search.product: eADQiWindows 10XVcnh
search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
index 3b41ca66ef..1fa1040fdc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
@@ -1,6 +1,6 @@
---
title: Get missing KBs by device ID
-description: Retrieves missing KBs by device Id
+description: Retrieves missing security updates by device ID
keywords: apis, graph api, supported apis, get, list, file, information, device id, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -22,7 +22,7 @@ ms.topic: article
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-Retrieves missing KBs by device Id
+Retrieves missing KBs (security updates) by device ID
## HTTP request
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
index e91d137857..a14e6588c5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
@@ -1,6 +1,6 @@
---
title: Get missing KBs by software ID
-description: Retrieves missing KBs by software ID
+description: Retrieves missing security updates by software ID
keywords: apis, graph api, supported apis, get, list, file, information, software id, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -22,7 +22,7 @@ ms.topic: article
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-Retrieves missing KBs by software ID
+Retrieves missing KBs (security updates) by software ID
## Permissions
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
index 9254f80562..5b5ce91ff1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
@@ -1,96 +1,96 @@
----
-title: Get recommendation by Id
-description: Retrieves a security recommendation by its ID.
-keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get recommendation by ID
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a security recommendation by its ID.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
-Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
-
-## HTTP request
-```
-GET /api/recommendations/{id}
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the security recommendations in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity",
- "id": "va-_-google-_-chrome",
- "productName": "chrome",
- "recommendationName": "Update Chrome",
- "weaknesses": 38,
- "vendor": "google",
- "recommendedVersion": "",
- "recommendationCategory": "Application",
- "subCategory": "",
- "severityScore": 0,
- "publicExploit": false,
- "activeAlert": false,
- "associatedThreats": [],
- "remediationType": "Update",
- "status": "Active",
- "configScoreImpact": 0,
- "exposureImpact": 3.9441860465116285,
- "totalMachineCount": 6,
- "exposedMachinesCount": 5,
- "nonProductivityImpactedAssets": 0,
- "relatedComponent": "Chrome"
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
+---
+title: Get recommendation by Id
+description: Retrieves a security recommendation by its ID.
+keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get recommendation by ID
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a security recommendation by its ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations/{id}
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the security recommendations in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity",
+ "id": "va-_-google-_-chrome",
+ "productName": "chrome",
+ "recommendationName": "Update Chrome",
+ "weaknesses": 38,
+ "vendor": "google",
+ "recommendedVersion": "",
+ "recommendationCategory": "Application",
+ "subCategory": "",
+ "severityScore": 0,
+ "publicExploit": false,
+ "activeAlert": false,
+ "associatedThreats": [],
+ "remediationType": "Update",
+ "status": "Active",
+ "configScoreImpact": 0,
+ "exposureImpact": 3.9441860465116285,
+ "totalMachineCount": 6,
+ "exposedMachinesCount": 5,
+ "nonProductivityImpactedAssets": 0,
+ "relatedComponent": "Chrome"
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
index 9c2965fd9c..fd557b7129 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
@@ -1,85 +1,85 @@
----
-title: List devices by recommendation
-description: Retrieves a list of devices associated with the security recommendation.
-keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List devices by recommendation
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a list of devices associated with the security recommendation.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
-Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
-
-## HTTP request
-```
-GET /api/recommendations/{id}/machineReferences
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the list of devices associated with the security recommendation.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
- "value": [
- {
- "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee",
- "computerDnsName": "niw_pc",
- "osPlatform": "Windows10",
- "rbacGroupName": "GroupTwo"
- }
- ...
- ]
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
+---
+title: List devices by recommendation
+description: Retrieves a list of devices associated with the security recommendation.
+keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List devices by recommendation
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of devices associated with the security recommendation.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations/{id}/machineReferences
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the list of devices associated with the security recommendation.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
+ "value": [
+ {
+ "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee",
+ "computerDnsName": "niw_pc",
+ "osPlatform": "Windows10",
+ "rbacGroupName": "GroupTwo"
+ }
+ ...
+ ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
index d4e5a895ef..c4654ccd11 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
@@ -1,84 +1,84 @@
----
-title: Get recommendation by software
-description: Retrieves a security recommendation related to a specific software.
-keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get recommendation by software
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a security recommendation related to a specific software.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
-Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
-
-## HTTP request
-```
-GET /api/recommendations/{id}/software
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the software associated with the security recommendations in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto",
- "id": "google-_-chrome",
- "name": "chrome",
- "vendor": "google",
- "weaknesses": 38,
- "publicExploit": false,
- "activeAlert": false,
- "exposedMachines": 5,
- "impactScore": 3.94418621
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
+---
+title: Get recommendation by software
+description: Retrieves a security recommendation related to a specific software.
+keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get recommendation by software
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a security recommendation related to a specific software.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations/{id}/software
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the software associated with the security recommendations in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto",
+ "id": "google-_-chrome",
+ "name": "chrome",
+ "vendor": "google",
+ "weaknesses": 38,
+ "publicExploit": false,
+ "activeAlert": false,
+ "exposedMachines": 5,
+ "impactScore": 3.94418621
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
index e7e5725b8a..a7218907c7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
@@ -1,94 +1,94 @@
----
-title: List vulnerabilities by recommendation
-description: Retrieves a list of vulnerabilities associated with the security recommendation.
-keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List vulnerabilities by recommendation
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a list of vulnerabilities associated with the security recommendation.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
-Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
-
-## HTTP request
-```
-GET /api/recommendations/{id}/vulnerabilities
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK, with the list of vulnerabilities associated with the security recommendation.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
- "value": [
- {
- "id": "CVE-2019-13748",
- "name": "CVE-2019-13748",
- "description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
- "severity": "Medium",
- "cvssV3": 6.5,
- "exposedMachines": 0,
- "publishedOn": "2019-12-10T00:00:00Z",
- "updatedOn": "2019-12-16T12:15:00Z",
- "publicExploit": false,
- "exploitVerified": false,
- "exploitInKit": false,
- "exploitTypes": [],
- "exploitUris": []
- }
- ...
- ]
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
+---
+title: List vulnerabilities by recommendation
+description: Retrieves a list of vulnerabilities associated with the security recommendation.
+keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List vulnerabilities by recommendation
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of vulnerabilities associated with the security recommendation.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations/{id}/vulnerabilities
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK, with the list of vulnerabilities associated with the security recommendation.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
+ "value": [
+ {
+ "id": "CVE-2019-13748",
+ "name": "CVE-2019-13748",
+ "description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
+ "severity": "Medium",
+ "cvssV3": 6.5,
+ "exposedMachines": 0,
+ "publishedOn": "2019-12-10T00:00:00Z",
+ "updatedOn": "2019-12-16T12:15:00Z",
+ "publicExploit": false,
+ "exploitVerified": false,
+ "exploitInKit": false,
+ "exploitTypes": [],
+ "exploitUris": []
+ }
+ ...
+ ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
index 67e29e0532..e071070fba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
@@ -1,101 +1,101 @@
----
-title: Get security recommendations
-description: Retrieves a collection of security recommendations related to a given device ID.
-keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per device, threat & vulnerability management api, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get security recommendations
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a collection of security recommendations related to a given device ID.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
-Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
-
-## HTTP request
-```
-GET /api/machines/{machineId}/recommendations
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the security recommendations in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
-```
-
-**Response**
-
-Here is an example of the response.
-
-
-```
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
- "value": [
- {
- "id": "va-_-git-scm-_-git",
- "productName": "git",
- "recommendationName": "Update Git to version 2.24.1.2",
- "weaknesses": 3,
- "vendor": "git-scm",
- "recommendedVersion": "2.24.1.2",
- "recommendationCategory": "Application",
- "subCategory": "",
- "severityScore": 0,
- "publicExploit": false,
- "activeAlert": false,
- "associatedThreats": [],
- "remediationType": "Update",
- "status": "Active",
- "configScoreImpact": 0,
- "exposureImpact": 0,
- "totalMachineCount": 0,
- "exposedMachinesCount": 1,
- "nonProductivityImpactedAssets": 0,
- "relatedComponent": "Git"
- },
-…
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
+---
+title: Get security recommendations
+description: Retrieves a collection of security recommendations related to a given device ID.
+keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per device, threat & vulnerability management api, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get security recommendations
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a collection of security recommendations related to a given device ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/machines/{machineId}/recommendations
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the security recommendations in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
+ "value": [
+ {
+ "id": "va-_-git-scm-_-git",
+ "productName": "git",
+ "recommendationName": "Update Git to version 2.24.1.2",
+ "weaknesses": 3,
+ "vendor": "git-scm",
+ "recommendedVersion": "2.24.1.2",
+ "recommendationCategory": "Application",
+ "subCategory": "",
+ "severityScore": 0,
+ "publicExploit": false,
+ "activeAlert": false,
+ "associatedThreats": [],
+ "remediationType": "Update",
+ "status": "Active",
+ "configScoreImpact": 0,
+ "exposureImpact": 0,
+ "totalMachineCount": 0,
+ "exposedMachinesCount": 1,
+ "nonProductivityImpactedAssets": 0,
+ "relatedComponent": "Git"
+ },
+…
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
index 2276c784bf..a596b5e16e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
@@ -1,86 +1,86 @@
----
-title: Get software by Id
-description: Retrieves a list of exposure scores by device group.
-keywords: apis, graph api, supported apis, get, software, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get software by Id
-
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves software details by ID.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
-Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
-
-## HTTP request
-```
-GET /api/Software/{Id}
-```
-
-## Request headers
-
-| Name | Type | Description
-|:--------------|:-------|:--------------|
-| Authorization | String | Bearer {token}.**Required**.
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the specified software data in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity",
- "id": "microsoft-_-edge",
- "name": "edge",
- "vendor": "microsoft",
- "weaknesses": 467,
- "publicExploit": true,
- "activeAlert": false,
- "exposedMachines": 172,
- "impactScore": 2.39947438
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
+---
+title: Get software by Id
+description: Retrieves a list of exposure scores by device group.
+keywords: apis, graph api, supported apis, get, software, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get software by Id
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves software details by ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+```
+GET /api/Software/{Id}
+```
+
+## Request headers
+
+| Name | Type | Description
+|:--------------|:-------|:--------------|
+| Authorization | String | Bearer {token}.**Required**.
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the specified software data in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity",
+ "id": "microsoft-_-edge",
+ "name": "edge",
+ "vendor": "microsoft",
+ "weaknesses": 467,
+ "publicExploit": true,
+ "activeAlert": false,
+ "exposedMachines": 172,
+ "impactScore": 2.39947438
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
index 159f48e08e..8263dd34d3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
@@ -1,91 +1,91 @@
----
-title: List software version distribution
-description: Retrieves a list of your organization's software version distribution
-keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List software version distribution
-
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves a list of your organization's software version distribution.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
-Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
-
-## HTTP request
-```
-GET /api/Software/{Id}/distributions
-```
-
-## Request headers
-
-| Name | Type | Description
-|:--------------|:-------|:--------------|
-| Authorization | String | Bearer {token}.**Required**.
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with a list of software distributions data in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-
-{
- "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions",
- "value": [
- {
- "version": "11.0.17134.1039",
- "installations": 1,
- "vulnerabilities": 11
- },
- {
- "version": "11.0.18363.535",
- "installations": 750,
- "vulnerabilities": 0
- }
- ...
- ]
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
+---
+title: List software version distribution
+description: Retrieves a list of your organization's software version distribution
+keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List software version distribution
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of your organization's software version distribution.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+```
+GET /api/Software/{Id}/distributions
+```
+
+## Request headers
+
+| Name | Type | Description
+|:--------------|:-------|:--------------|
+| Authorization | String | Bearer {token}.**Required**.
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with a list of software distributions data in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+
+{
+ "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions",
+ "value": [
+ {
+ "version": "11.0.17134.1039",
+ "installations": 1,
+ "vulnerabilities": 11
+ },
+ {
+ "version": "11.0.18363.535",
+ "installations": 750,
+ "vulnerabilities": 0
+ }
+ ...
+ ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md
index 883c240d11..5e97985a54 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md
@@ -1,90 +1,90 @@
----
-title: List software
-description: Retrieves a list of software inventory
-keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List software inventory API
-
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-
-Retrieves the organization software inventory.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information'
-Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
-
-## HTTP request
-```
-GET /api/Software
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the software inventory in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/Software
-```
-
-**Response**
-
-Here is an example of the response.
-
-
-```json
-{
- "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software",
- "value": [
- {
- "id": "microsoft-_-edge",
- "name": "edge",
- "vendor": "microsoft",
- "weaknesses": 467,
- "publicExploit": true,
- "activeAlert": false,
- "exposedMachines": 172,
- "impactScore": 2.39947438
- }
- ...
- ]
-}
-```
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
+---
+title: List software
+description: Retrieves a list of software inventory
+keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List software inventory API
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+Retrieves the organization software inventory.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+```
+GET /api/Software
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the software inventory in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Software
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```json
+{
+ "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software",
+ "value": [
+ {
+ "id": "microsoft-_-edge",
+ "name": "edge",
+ "vendor": "microsoft",
+ "weaknesses": 467,
+ "publicExploit": true,
+ "activeAlert": false,
+ "exposedMachines": 172,
+ "impactScore": 2.39947438
+ }
+ ...
+ ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
index 7ac3ed480b..88927d6912 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
@@ -1,6 +1,6 @@
---
title: List Indicators API
-description: Use this API to create calls related to get Indicators collection
+description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender Advanced Threat Protection.
keywords: apis, public api, supported apis, Indicators collection
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
index 026cdb7ca3..a5efe702fe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
@@ -1,6 +1,6 @@
---
title: Get user information API
-description: Retrieve a User entity by key such as user name or domain.
+description: Learn how to use the Get user information API to retrieve a User entity by key, or user name, in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, user, user information
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
index e55f0b9188..7116b8080d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
@@ -1,6 +1,6 @@
---
title: Get user related machines API
-description: Retrieves a collection of devices related to a given user ID.
+description: Learn how to use the Get user related machines API to retrieve a collection of devices related to a user ID in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, get, user, user related alerts
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
index 42147bc353..056f883007 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
@@ -1,93 +1,93 @@
----
-title: List vulnerabilities by software
-description: Retrieve a list of vulnerabilities in the installed software.
-keywords: apis, graph api, supported apis, get, vulnerabilities list, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# List vulnerabilities by software
-
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieve a list of vulnerabilities in the installed software.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
-Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
-
-## HTTP request
-```
-GET /api/Software/{Id}/vulnerabilities
-```
-
-## Request headers
-
-| Name | Type | Description
-|:--------------|:-------|:--------------|
-| Authorization | String | Bearer {token}.**Required**.
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with a a list of vulnerabilities exposed by the specified software.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-
-{
- "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
- "value": [
- {
- "id": "CVE-2017-0140",
- "name": "CVE-2017-0140",
- "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.",
- "severity": "Medium",
- "cvssV3": 4.2,
- "exposedMachines": 1,
- "publishedOn": "2017-03-14T00:00:00Z",
- "updatedOn": "2019-10-03T00:03:00Z",
- "publicExploit": false,
- "exploitVerified": false,
- "exploitInKit": false,
- "exploitTypes": [],
- "exploitUris": []
- }
- ...
- ]
-}
-```
-
+---
+title: List vulnerabilities by software
+description: Retrieve a list of vulnerabilities in the installed software.
+keywords: apis, graph api, supported apis, get, vulnerabilities list, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# List vulnerabilities by software
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieve a list of vulnerabilities in the installed software.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+```
+GET /api/Software/{Id}/vulnerabilities
+```
+
+## Request headers
+
+| Name | Type | Description
+|:--------------|:-------|:--------------|
+| Authorization | String | Bearer {token}.**Required**.
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with a a list of vulnerabilities exposed by the specified software.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+
+{
+ "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
+ "value": [
+ {
+ "id": "CVE-2017-0140",
+ "name": "CVE-2017-0140",
+ "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.",
+ "severity": "Medium",
+ "cvssV3": 4.2,
+ "exposedMachines": 1,
+ "publishedOn": "2017-03-14T00:00:00Z",
+ "updatedOn": "2019-10-03T00:03:00Z",
+ "publicExploit": false,
+ "exploitVerified": false,
+ "exploitInKit": false,
+ "exploitTypes": [],
+ "exploitUris": []
+ }
+ ...
+ ]
+}
+```
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
index a7ec42d80f..4dd3118f79 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
@@ -1,88 +1,88 @@
----
-title: Get vulnerability by Id
-description: Retrieves vulnerability information by its ID.
-keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Get vulnerability by ID
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Retrieves vulnerability information by its ID.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
-Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
-
-## HTTP request
-```
-GET /api/vulnerabilities/{cveId}
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful, this method returns 200 OK with the vulnerability information in the body.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608
-```
-
-**Response**
-
-Here is an example of the response.
-
-```json
-{
- "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity",
- "id": "CVE-2019-0608",
- "name": "CVE-2019-0608",
- "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
- "severity": "Medium",
- "cvssV3": 4.3,
- "exposedMachines": 4,
- "publishedOn": "2019-10-08T00:00:00Z",
- "updatedOn": "2019-12-16T16:20:00Z",
- "publicExploit": false,
- "exploitVerified": false,
- "exploitInKit": false,
- "exploitTypes": [],
- "exploitUris": []
-}
-```
-## Related topics
-- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
+---
+title: Get vulnerability by Id
+description: Retrieves vulnerability information by its ID.
+keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Get vulnerability by ID
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves vulnerability information by its ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
+Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
+
+## HTTP request
+```
+GET /api/vulnerabilities/{cveId}
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the vulnerability information in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+{
+ "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity",
+ "id": "CVE-2019-0608",
+ "name": "CVE-2019-0608",
+ "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
+ "severity": "Medium",
+ "cvssV3": 4.3,
+ "exposedMachines": 4,
+ "publishedOn": "2019-10-08T00:00:00Z",
+ "updatedOn": "2019-12-16T16:20:00Z",
+ "publicExploit": false,
+ "exploitVerified": false,
+ "exploitInKit": false,
+ "exploitTypes": [],
+ "exploitUris": []
+}
+```
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/513cf5d59eaaef5d2b5bc122715b5844.png b/windows/security/threat-protection/microsoft-defender-atp/images/513cf5d59eaaef5d2b5bc122715b5844.png
index 74de422642..46c2427055 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/513cf5d59eaaef5d2b5bc122715b5844.png and b/windows/security/threat-protection/microsoft-defender-atp/images/513cf5d59eaaef5d2b5bc122715b5844.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/86cbe56f88bb6e93e9c63303397fc24f.png b/windows/security/threat-protection/microsoft-defender-atp/images/86cbe56f88bb6e93e9c63303397fc24f.png
index 9c2f6b242e..62e3dfceac 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/86cbe56f88bb6e93e9c63303397fc24f.png and b/windows/security/threat-protection/microsoft-defender-atp/images/86cbe56f88bb6e93e9c63303397fc24f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ah-multi-query.png b/windows/security/threat-protection/microsoft-defender-atp/images/ah-multi-query.png
new file mode 100644
index 0000000000..ccf1f87727
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ah-multi-query.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ah-reference.png b/windows/security/threat-protection/microsoft-defender-atp/images/ah-reference.png
new file mode 100644
index 0000000000..1139fe232a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ah-reference.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/asr-guid.png b/windows/security/threat-protection/microsoft-defender-atp/images/asr-guid.png
new file mode 100644
index 0000000000..d8a8570fb0
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/asr-guid.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/device-flag-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/device-flag-filter.png
new file mode 100644
index 0000000000..d2a5e26ce4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/device-flag-filter.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/device-flags.png b/windows/security/threat-protection/microsoft-defender-atp/images/device-flags.png
new file mode 100644
index 0000000000..082b367ad7
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/device-flags.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ea06643280075f16265a596fb9a96042.png b/windows/security/threat-protection/microsoft-defender-atp/images/ea06643280075f16265a596fb9a96042.png
index 5fd6b06a58..89da77d866 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/ea06643280075f16265a596fb9a96042.png and b/windows/security/threat-protection/microsoft-defender-atp/images/ea06643280075f16265a596fb9a96042.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/edr-in-block-mode-detection.png b/windows/security/threat-protection/microsoft-defender-atp/images/edr-in-block-mode-detection.png
new file mode 100644
index 0000000000..2a5104b582
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/edr-in-block-mode-detection.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/edrblockmode-TVMrecommendation.png b/windows/security/threat-protection/microsoft-defender-atp/images/edrblockmode-TVMrecommendation.png
new file mode 100644
index 0000000000..42273cd0d4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/edrblockmode-TVMrecommendation.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/fa4ac18a6333335db3775630b8e6b353.png b/windows/security/threat-protection/microsoft-defender-atp/images/fa4ac18a6333335db3775630b8e6b353.png
index d1f02b93a7..101020a8fb 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/fa4ac18a6333335db3775630b8e6b353.png and b/windows/security/threat-protection/microsoft-defender-atp/images/fa4ac18a6333335db3775630b8e6b353.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-approval.png b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-approval.png
new file mode 100644
index 0000000000..e82a6f0dce
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-approval.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-fda.png b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-fda.png
new file mode 100644
index 0000000000..fe52985647
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-fda.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-filter.png
new file mode 100644
index 0000000000..d2f1c35a83
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-filter.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-pref.png b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-pref.png
new file mode 100644
index 0000000000..1b8a3df4ca
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-pref.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mda-addandroidstoreapp.png b/windows/security/threat-protection/microsoft-defender-atp/images/mda-addandroidstoreapp.png
new file mode 100644
index 0000000000..898b158eb2
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mda-addandroidstoreapp.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mda-addappinfo.png b/windows/security/threat-protection/microsoft-defender-atp/images/mda-addappinfo.png
new file mode 100644
index 0000000000..8ce56b5bd0
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mda-addappinfo.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mda-devicesafe.png b/windows/security/threat-protection/microsoft-defender-atp/images/mda-devicesafe.png
new file mode 100644
index 0000000000..3b8e7507b6
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mda-devicesafe.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mda-properties.png b/windows/security/threat-protection/microsoft-defender-atp/images/mda-properties.png
new file mode 100644
index 0000000000..9c0ce1f98b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mda-properties.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png
new file mode 100644
index 0000000000..8106b9e665
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta-mitigations.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta-mitigations.png
new file mode 100644
index 0000000000..4aea3eea5a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ta-mitigations.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta-overview.png
new file mode 100644
index 0000000000..e246a0d3da
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ta-overview.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta.png
deleted file mode 100644
index 42a386d71f..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/ta.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/threat-analytics-report.png b/windows/security/threat-protection/microsoft-defender-atp/images/threat-analytics-report.png
deleted file mode 100644
index 374a1e58b2..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/threat-analytics-report.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-cve-detection-logic.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-cve-detection-logic.png
new file mode 100644
index 0000000000..6701a4521b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-cve-detection-logic.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software.png
new file mode 100644
index 0000000000..9f360f0b7e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software2.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software2.png
new file mode 100644
index 0000000000..cb98b850f9
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weakness-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weakness-flyout.png
new file mode 100644
index 0000000000..0e81640cb2
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weakness-flyout.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weakness-flyout400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weakness-flyout400.png
new file mode 100644
index 0000000000..302b4883b3
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weakness-flyout400.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
index f5439add6d..3e4e0b9f14 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
@@ -1,18 +1,16 @@
---
title: Import, export, and deploy exploit protection configurations
-keywords: Exploit protection, mitigations, import, export, configure, emet, convert, conversion, deploy, install
-description: Use Group Policy to deploy mitigations configuration. You can also convert an existing EMET configuration and import it as an Exploit protection configuration.
+description: Use Group Policy to deploy mitigations configuration.
+keywords: Exploit protection, mitigations, import, export, configure, convert, conversion, deploy, install
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---
@@ -23,35 +21,27 @@ manager: dansimp
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](microsoft-defender-advanced-threat-protection.md)
-Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
+Exploit protection helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
-Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/help/2458544/) are now included in exploit protection.
+You use the Windows Security app or PowerShell to create a set of mitigations (known as a configuration). You can then export this configuration as an XML file and share it with multiple devices on your network. Then, they all have the same set of mitigation settings.
-You use the Windows Security app or PowerShell to create a set of mitigations (known as a configuration). You can then export this configuration as an XML file and share it with multiple devices on your network so they all have the same set of mitigation settings.
-
-You can also convert and import an existing EMET configuration XML file into an exploit protection configuration XML.
-
-This topic describes how to create a configuration file and deploy it across your network, and how to convert an EMET configuration.
-
-The [Evaluation Package](https://demo.wd.microsoft.com/Page/EP) contains a sample configuration file (name *ProcessMitigation.xml* (Selfhost v4) that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into exploit protection and then review the settings in the Windows Security app, as described further in this topic.
+The [Evaluation Package](https://demo.wd.microsoft.com/Page/EP) contains a sample configuration file (name *ProcessMitigation.xml* (Selfhost v4) you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an [Enhanced Mitigation Experience Toolkit (no longer supported)](https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit) configuration. You can open the file in a text editor (such as Notepad) or import it directly into exploit protection and review the settings in the Windows Security app.
## Create and export a configuration file
-Before you export a configuration file, you need to ensure you have the correct settings.
+Before you export a configuration file, you need to ensure you have the correct settings. First, configure exploit protection on a single, dedicated device. See [Customize exploit protection](customize-exploit-protection.md) for more information about configuring mitigations.
-You should first configure exploit protection on a single, dedicated device. See [Customize exploit protection](customize-exploit-protection.md) for descriptions about and instructions for configuring mitigations.
-
-When you have configured exploit protection to your desired state (including both system-level and app-level mitigations), you can export the file using either the Windows Security app or PowerShell.
+When you've configured exploit protection to your desired state (including both system-level and app-level mitigations), you can export the file using either the Windows Security app or PowerShell.
### Use the Windows Security app to export a configuration file
-1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open the Windows Security app by selecting the shield icon in the task bar. Or, search the start menu for **Defender**.
-2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings**:
+2. Select the **App & browser control** tile (or the app icon on the left menu bar) and then select **Exploit protection settings**:
-3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved.
+3. At the bottom of the **Exploit protection** section, select **Export settings**. Choose the location and name of the XML file where you want the configuration to be saved.
> [!IMPORTANT]
> If you want to use Default configuration, use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file.
@@ -63,7 +53,7 @@ When you have configured exploit protection to your desired state (including bot
### Use PowerShell to export a configuration file
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**.
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**.
2. Enter the following cmdlet:
```PowerShell
@@ -74,7 +64,7 @@ When you have configured exploit protection to your desired state (including bot
Example command:
- **Get-ProcessMitigation -RegistryConfigFilePath C:\ExploitConfigfile.xml**
+ `Get-ProcessMitigation -RegistryConfigFilePath C:\ExploitConfigfile.xml`
> [!IMPORTANT]
> When you deploy the configuration using Group Policy, all devices that will use the configuration must be able to access the configuration file. Ensure you place the file in a shared location.
@@ -87,7 +77,7 @@ After importing, the settings will be instantly applied and can be reviewed in t
### Use PowerShell to import a configuration file
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**.
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**.
2. Enter the following cmdlet:
```PowerShell
@@ -98,41 +88,11 @@ After importing, the settings will be instantly applied and can be reviewed in t
Example command:
- **Set-ProcessMitigation -PolicyFilePath C:\ExploitConfigfile.xml**
+ `Set-ProcessMitigation -PolicyFilePath C:\ExploitConfigfile.xml`
> [!IMPORTANT]
>
-> Ensure you import a configuration file that is created specifically for exploit protection. You cannot directly import an EMET configuration file, you must convert it first.
-
-## Convert an EMET configuration file to an exploit protection configuration file
-
-You can convert an existing EMET configuration file to the new format used by exploit protection. You must do this if you want to import an EMET configuration into exploit protection in Windows 10.
-
-You can only do this conversion in PowerShell.
-
-> [!WARNING]
->
-> You cannot directly convert the default EMET configuration files that are distributed with EMET. These files are intended to help set up EMET for a first-time user. Attempting to directly convert these files into an Exploit protection configuration file will not work.
->
-> However, if you want to apply the same settings as in the default EMET configuration files, you must first import the default configuration file into EMET, then export the settings to a new file.
->
-> You can then convert that file using the PowerShell cmdlet described here before importing the settings into Exploit protection.
-
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**.
-2. Enter the following cmdlet:
-
- ```PowerShell
- ConvertTo-ProcessMitigationPolicy -EMETFilePath emetFile.xml -OutputFilePath filename.xml
- ```
-
- Change `emetFile` to the name and location of the EMET configuration file, and change `filename` to whichever location and file name you want to use.
-
-> [!IMPORTANT]
->
-> If you have enabled Mandatory ASLR for any apps in EMET, export the EMET settings to an XML file, and then convert the XML file into an Exploit protection configuration file, you will need to manually edit the converted XML file to ensure the Mandatory ASLR mitigation setting is correctly configured:
->
-> 1. Open the PowerShell-converted XML file in a text editor.
-> 2. Search for `ASLR ForceRelocateImages="false"` and change it to `ASLR ForceRelocateImages="true"` for each app that you want Mandatory ASLR to be enabled.
+> Ensure you import a configuration file that is created specifically for exploit protection.
## Manage or deploy a configuration
@@ -143,29 +103,28 @@ You can use Group Policy to deploy the configuration you've created to multiple
### Use Group Policy to distribute the configuration
-1. On your Group Policy management device, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management device, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components** > **Windows Defender Exploit Guard** > **Exploit protection**.
-4. Double-click the **Use a common set of Exploit protection settings** setting and set the option to **Enabled**.
+4. Double-click **Use a common set of Exploit protection settings** and set the option to **Enabled**.
-5. In the **Options::** section, enter the location and file name of the Exploit protection configuration file that you want to use, such as in the following examples:
+5. In the **Options:** section, enter the location and file name of the Exploit protection configuration file that you want to use, such as in the following examples:
- * C:\MitigationSettings\Config.XML
- * \\\Server\Share\Config.xml
- * https://localhost:8080/Config.xml
- * C:\ExploitConfigfile.xml
+ * `C:\MitigationSettings\Config.XML`
+ * `\\Server\Share\Config.xml`
+ * `https://localhost:8080/Config.xml`
+ * `C:\ExploitConfigfile.xml`
-6. Click **OK** and [Deploy the updated GPO as you normally do](https://docs.microsoft.com/windows/win32/srvnodes/group-policy).
+6. Select **OK** and [Deploy the updated GPO as you normally do](https://docs.microsoft.com/windows/win32/srvnodes/group-policy).
-## Related topics
+## See also
-* [Protect devices from exploits](exploit-protection.md)
-* [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection.md)
-* [Evaluate exploit protection](evaluate-exploit-protection.md)
-* [Enable exploit protection](enable-exploit-protection.md)
-* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
+- [Protect devices from exploits](exploit-protection.md)
+- [Evaluate exploit protection](evaluate-exploit-protection.md)
+- [Enable exploit protection](enable-exploit-protection.md)
+- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
index 4bace3c6df..424ed0cb61 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
@@ -1,6 +1,6 @@
---
title: Investigate connection events that occur behind forward proxies
-description: Investigate connection events that occur behind forward proxies
+description: Learn how to use advanced HTTP level monitoring through network protection in Microsoft Defender ATP, which surfaces a real target, instead of a proxy.
keywords: proxy, network protection, forward proxy, network events, audit, block, domain names, domain
search.product: eADQiWindows 10XVcnh
search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
index ca9dbdfdd3..a74c4a0187 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@@ -1,6 +1,6 @@
---
title: Isolate machine API
-description: Use this API to create calls related isolating a device.
+description: Learn how to use the Isolate machine API to isolate a device from accessing external network in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, isolate device
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -84,13 +84,13 @@ Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
-```
+```console
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
Content-type: application/json
{
"Comment": "Isolate machine due to alert 1234",
“IsolationType”: “Full”
}
-
+```
- To unisolate a device, see [Release device from isolation](unisolate-machine.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
index 3c07af2507..27d42d2a2c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
@@ -43,7 +43,7 @@ Exclusion | Definition | Examples
---|---|---
File extension | All files with the extension, anywhere on the device | `.test`
File | A specific file identified by the full path | `/var/log/test.log` `/var/log/*.log` `/var/log/install.?.log`
-Folder | All files under the specified folder | `/var/log/` `/var/*/`
+Folder | All files under the specified folder (recursively) | `/var/log/` `/var/*/`
Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat` `cat` `c?t`
File, folder, and process exclusions support the following wildcards:
@@ -64,36 +64,56 @@ For more information on how to configure exclusions from Puppet, Ansible, or ano
Run the following command to see the available switches for managing exclusions:
```bash
-$ mdatp exclusion
+mdatp exclusion
```
+> [!TIP]
+> When configuring exclusions with wildcards, enclose the parameter in double-quotes to prevent globbing.
+
Examples:
- Add an exclusion for a file extension:
```bash
- $ mdatp exclusion extension add --name .txt
+ mdatp exclusion extension add --name .txt
+ ```
+ ```Output
Extension exclusion configured successfully
```
- Add an exclusion for a file:
```bash
- $ mdatp exclusion file add --path /var/log/dummy.log
+ mdatp exclusion file add --path /var/log/dummy.log
+ ```
+ ```Output
File exclusion configured successfully
```
- Add an exclusion for a folder:
```bash
- $ mdatp exclusion folder add --path /var/log/
+ mdatp exclusion folder add --path /var/log/
+ ```
+ ```Output
+ Folder exclusion configured successfully
+ ```
+
+- Add an exclusion for a folder with a wildcard in it:
+
+ ```bash
+ mdatp exclusion folder add --path "/var/*/"
+ ```
+ ```Output
Folder exclusion configured successfully
```
- Add an exclusion for a process:
```bash
- $ mdatp exclusion process add --name cat
+ mdatp exclusion process add --name cat
+ ```
+ ```Output
Process exclusion configured successfully
```
@@ -104,7 +124,7 @@ You can validate that your exclusion lists are working by using `curl` to downlo
In the following Bash snippet, replace `test.txt` with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure that you run the command within that path.
```bash
-$ curl -o test.txt https://www.eicar.org/download/eicar.com.txt
+curl -o test.txt https://www.eicar.org/download/eicar.com.txt
```
If Microsoft Defender ATP for Linux reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html).
@@ -116,3 +136,25 @@ echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > te
```
You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
+
+## Allow threats
+
+In addition to excluding certain content from being scanned, you can also configure the product not to detect some classes of threats (identified by the threat name). You should exercise caution when using this functionality, as it can leave your device unprotected.
+
+To add a threat name to the allowed list, execute the following command:
+
+```bash
+mdatp threat allowed add --name [threat-name]
+```
+
+The threat name associated with a detection on your device can be obtained using the following command:
+
+```bash
+mdatp threat list
+```
+
+For example, to add `EICAR-Test-File (not a virus)` (the threat name associated with the EICAR detection) to the allowed list, execute the following command:
+
+```bash
+mdatp threat allowed add --name "EICAR-Test-File (not a virus)"
+```
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
index 0ac4cc8574..1746f4fcb3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@@ -71,7 +71,7 @@ In order to preview new features and provide early feedback, it is recommended t
sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc
```
-- Install `yum-utils` if it is not already installed:
+- Install `yum-utils` if it isn't installed yet:
```bash
sudo yum install yum-utils
@@ -107,13 +107,13 @@ In order to preview new features and provide early feedback, it is recommended t
### Ubuntu and Debian systems
-- Install `curl` if it is not already installed:
+- Install `curl` if it isn't installed yet:
```bash
sudo apt-get install curl
```
-- Install `libplist-utils` if it is not already installed:
+- Install `libplist-utils` if it isn't installed yet:
```bash
sudo apt-get install libplist-utils
@@ -177,14 +177,17 @@ In order to preview new features and provide early feedback, it is recommended t
```bash
# list all repositories
- $ yum repolist
+ yum repolist
+ ```
+ ```Output
...
packages-microsoft-com-prod packages-microsoft-com-prod 316
packages-microsoft-com-prod-insiders-fast packages-microsoft-com-prod-ins 2
...
-
+ ```
+ ```bash
# install the package from the production repository
- $ sudo yum --enablerepo=packages-microsoft-com-prod install mdatp
+ sudo yum --enablerepo=packages-microsoft-com-prod install mdatp
```
- SLES and variants:
@@ -196,16 +199,18 @@ In order to preview new features and provide early feedback, it is recommended t
If you have multiple Microsoft repositories configured on your device, you can be specific about which repository to install the package from. The following example shows how to install the package from the `production` channel if you also have the `insiders-fast` repository channel configured on this device. This situation can happen if you are using multiple Microsoft products on your device.
```bash
- # list all repositories
- $ zypper repos
+ zypper repos
+ ```
+
+ ```Output
...
# | Alias | Name | ...
XX | packages-microsoft-com-insiders-fast | microsoft-insiders-fast | ...
XX | packages-microsoft-com-prod | microsoft-prod | ...
...
-
- # install the package from the production repository
- $ sudo zypper install packages-microsoft-com-prod:mdatp
+ ```
+ ```bash
+ sudo zypper install packages-microsoft-com-prod:mdatp
```
- Ubuntu and Debian system:
@@ -217,13 +222,14 @@ In order to preview new features and provide early feedback, it is recommended t
If you have multiple Microsoft repositories configured on your device, you can be specific about which repository to install the package from. The following example shows how to install the package from the `production` channel if you also have the `insiders-fast` repository channel configured on this device. This situation can happen if you are using multiple Microsoft products on your device.
```bash
- # list all repositories
- $ cat /etc/apt/sources.list.d/*
+ cat /etc/apt/sources.list.d/*
+ ```
+ ```Output
deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/ubuntu/18.04/prod insiders-fast main
deb [arch=amd64] https://packages.microsoft.com/ubuntu/18.04/prod bionic main
-
- # install the package from the production repository
- $ sudo apt -t bionic install mdatp
+ ```
+ ```bash
+ sudo apt -t bionic install mdatp
```
## Download the onboarding package
@@ -243,17 +249,19 @@ Download the onboarding package from Microsoft Defender Security Center:
ls -l
```
- `total 8`
- `-rw-r--r-- 1 test staff 5752 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip`
+ ```Output
+ total 8
+ -rw-r--r-- 1 test staff 5752 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip
+ ```
```bash
unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+ ```Output
Archive: WindowsDefenderATPOnboardingPackage.zip
inflating: MicrosoftDefenderATPOnboardingLinuxServer.py
```
- `Archive: WindowsDefenderATPOnboardingPackage.zip`
- `inflating: WindowsDefenderATPOnboarding.py`
## Client configuration
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
index 709b03a5e2..52f85ffb99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
-This topic describes how to deploy Microsoft Defender ATP for Linux using Ansible. A successful deployment requires the completion of all of the following tasks:
+This article describes how to deploy Microsoft Defender ATP for Linux using Ansible. A successful deployment requires the completion of all of the following tasks:
- [Download the onboarding package](#download-the-onboarding-package)
- [Create Ansible YAML files](#create-ansible-yaml-files)
@@ -33,12 +33,12 @@ This topic describes how to deploy Microsoft Defender ATP for Linux using Ansibl
## Prerequisites and system requirements
-Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
-In addition, for Ansible deployment, you need to be familiar with Ansible administration tasks, have Ansible configured, and know how to deploy playbooks and tasks. Ansible has many ways to complete the same task. These instructions assume availability of supported Ansible modules, such as *apt* and *unarchive* to help deploy the package. Your organization might use a different workflow. Please refer to the [Ansible documentation](https://docs.ansible.com/) for details.
+In addition, for Ansible deployment, you need to be familiar with Ansible administration tasks, have Ansible configured, and know how to deploy playbooks and tasks. Ansible has many ways to complete the same task. These instructions assume availability of supported Ansible modules, such as *apt* and *unarchive* to help deploy the package. Your organization might use a different workflow. Refer to the [Ansible documentation](https://docs.ansible.com/) for details.
-- Ansible needs to be installed on at least on one computer (we will call it the master).
-- SSH must be configured for an administrator account between the master and all clients, and it is recommended be configured with public key authentication.
+- Ansible needs to be installed on at least one computer (we will call it the primary computer).
+- SSH must be configured for an administrator account between the primary computer and all clients, and it is recommended be configured with public key authentication.
- The following software must be installed on all clients:
- curl
- python-apt
@@ -54,7 +54,7 @@ In addition, for Ansible deployment, you need to be familiar with Ansible admini
- Ping test:
```bash
- $ ansible -m ping all
+ ansible -m ping all
```
## Download the onboarding package
@@ -70,10 +70,16 @@ Download the onboarding package from Microsoft Defender Security Center:
4. From a command prompt, verify that you have the file. Extract the contents of the archive:
```bash
- $ ls -l
+ ls -l
+ ```
+ ```Output
total 8
-rw-r--r-- 1 test staff 4984 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip
- $ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+ ```bash
+ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+ ```Output
Archive: WindowsDefenderATPOnboardingPackage.zip
inflating: mdatp_onboard.json
```
@@ -158,7 +164,9 @@ Create a subtask or role files that contribute to an playbook or task.
- For apt-based distributions use the following YAML file:
```bash
- $ cat install_mdatp.yml
+ cat install_mdatp.yml
+ ```
+ ```Output
- hosts: servers
tasks:
- include: ../roles/onboarding_setup.yml
@@ -170,7 +178,9 @@ Create a subtask or role files that contribute to an playbook or task.
```
```bash
- $ cat uninstall_mdatp.yml
+ cat uninstall_mdatp.yml
+ ```
+ ```Output
- hosts: servers
tasks:
- apt:
@@ -181,7 +191,9 @@ Create a subtask or role files that contribute to an playbook or task.
- For yum-based distributions use the following YAML file:
```bash
- $ cat install_mdatp_yum.yml
+ cat install_mdatp_yum.yml
+ ```
+ ```Output
- hosts: servers
tasks:
- include: ../roles/onboarding_setup.yml
@@ -193,7 +205,9 @@ Create a subtask or role files that contribute to an playbook or task.
```
```bash
- $ cat uninstall_mdatp_yum.yml
+ cat uninstall_mdatp_yum.yml
+ ```
+ ```Output
- hosts: servers
tasks:
- yum:
@@ -208,7 +222,7 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
- Installation:
```bash
- $ ansible-playbook /etc/ansible/playbooks/install_mdatp.yml -i /etc/ansible/hosts
+ ansible-playbook /etc/ansible/playbooks/install_mdatp.yml -i /etc/ansible/hosts
```
> [!IMPORTANT]
@@ -217,14 +231,16 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
- Validation/configuration:
```bash
- $ ansible -m shell -a 'mdatp connectivity test' all
- $ ansible -m shell -a 'mdatp health' all
+ ansible -m shell -a 'mdatp connectivity test' all
+ ```
+ ```bash
+ ansible -m shell -a 'mdatp health' all
```
- Uninstallation:
```bash
- $ ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts
+ ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts
```
## Log installation issues
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
index ef1aa769a6..14677aa8a3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
-This topic describes how to deploy Microsoft Defender ATP for Linux using Puppet. A successful deployment requires the completion of all of the following tasks:
+This article describes how to deploy Microsoft Defender ATP for Linux using Puppet. A successful deployment requires the completion of all of the following tasks:
- [Download the onboarding package](#download-the-onboarding-package)
- [Create Puppet manifest](#create-a-puppet-manifest)
@@ -35,7 +35,7 @@ This topic describes how to deploy Microsoft Defender ATP for Linux using Puppet
For a description of prerequisites and system requirements for the current software version, see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md).
-In addition, for Puppet deployment, you need to be familiar with Puppet administration tasks, have Puppet configured, and know how to deploy packages. Puppet has many ways to complete the same task. These instructions assume availability of supported Puppet modules, such as *apt* to help deploy the package. Your organization might use a different workflow. Please refer to the [Puppet documentation](https://puppet.com/docs) for details.
+In addition, for Puppet deployment, you need to be familiar with Puppet administration tasks, have Puppet configured, and know how to deploy packages. Puppet has many ways to complete the same task. These instructions assume availability of supported Puppet modules, such as *apt* to help deploy the package. Your organization might use a different workflow. Refer to the [Puppet documentation](https://puppet.com/docs) for details.
## Download the onboarding package
@@ -47,13 +47,20 @@ Download the onboarding package from Microsoft Defender Security Center:
-4. From a command prompt, verify that you have the file. Extract the contents of the archive:
+4. From a command prompt, verify that you have the file.
```bash
- $ ls -l
+ ls -l
+ ```
+ ```Output
total 8
-rw-r--r-- 1 test staff 4984 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip
- $ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+5. Extract the contents of the archive.
+ ```bash
+ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+ ```Output
Archive: WindowsDefenderATPOnboardingPackage.zip
inflating: mdatp_onboard.json
```
@@ -62,13 +69,19 @@ Download the onboarding package from Microsoft Defender Security Center:
You need to create a Puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by a Puppet server. This example makes use of the *apt* and *yumrepo* modules available from puppetlabs, and assumes that the modules have been installed on your Puppet server.
-Create the folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your Puppet installation. This is typically located in */etc/puppetlabs/code/environments/production/modules* on your Puppet server. Copy the mdatp_onboard.json file created above to the *install_mdatp/files* folder. Create an *init.pp* file that contains the deployment instructions:
+Create the folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your Puppet installation. This folder is typically located in */etc/puppetlabs/code/environments/production/modules* on your Puppet server. Copy the mdatp_onboard.json file created above to the *install_mdatp/files* folder. Create an *init.pp* file that contains the deployment instructions:
```bash
-$ pwd
+pwd
+```
+```Output
/etc/puppetlabs/code/environments/production/modules
+```
-$ tree install_mdatp
+```bash
+tree install_mdatp
+```
+```Output
install_mdatp
├── files
│ └── mdatp_onboard.json
@@ -161,20 +174,24 @@ $version = undef
Include the above manifest in your site.pp file:
```bash
-$ cat /etc/puppetlabs/code/environments/production/manifests/site.pp
+cat /etc/puppetlabs/code/environments/production/manifests/site.pp
+```
+```Output
node "default" {
include install_mdatp
}
```
-Enrolled agent devices periodically poll the Puppet Server, and install new configuration profiles and policies as soon as they are detected.
+Enrolled agent devices periodically poll the Puppet Server and install new configuration profiles and policies as soon as they are detected.
## Monitor Puppet deployment
On the agent device, you can also check the onboarding status by running:
```bash
-$ mdatp health
+mdatp health
+```
+```Output
...
licensed : true
org_id : "[your organization identifier]"
@@ -200,7 +217,7 @@ The above command prints `1` if the product is onboarded and functioning as expe
If the product is not healthy, the exit code (which can be checked through `echo $?`) indicates the problem:
-- 1 if the device is not yet onboarded.
+- 1 if the device isn't onboarded yet.
- 3 if the connection to the daemon cannot be established.
## Log installation issues
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
index 4e59ea8aad..bc9ddc57fc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
@@ -29,7 +29,7 @@ ms.topic: conceptual
In enterprise environments, Microsoft Defender ATP for Linux can be managed through a configuration profile. This profile is deployed from the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set locally on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile.
-This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions on how to deploy the profile.
+This article describes the structure of this profile (including a recommended profile that you can use to get started) and instructions on how to deploy the profile.
## Configuration profile structure
@@ -141,7 +141,7 @@ Used to exclude content from the scan by file extension.
**Process excluded from the scan**
-Specifies a process for which all file activity is excluded from scanning. The process can be specified either by its name (e.g. `cat`) or full path (e.g. `/bin/cat`).
+Specifies a process for which all file activity is excluded from scanning. The process can be specified either by its name (for example, `cat`) or full path (for example, `/bin/cat`).
|||
|:---|:---|
@@ -373,7 +373,7 @@ The following configuration profile contains entries for all settings described
The configuration profile must be a valid JSON-formatted file. There are a number of tools that can be used to verify this. For example, if you have `python` installed on your device:
```bash
-$ python -m json.tool mdatp_managed.json
+python -m json.tool mdatp_managed.json
```
If the JSON is well-formed, the above command outputs it back to the Terminal and returns an exit code of `0`. Otherwise, an error that describes the issue is displayed and the command returns an exit code of `1`.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
index 415341d721..50067c7547 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
@@ -53,13 +53,13 @@ You can configure how PUA files are handled from the command line or from the ma
In Terminal, execute the following command to configure PUA protection:
```bash
-$ mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]
+mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]
```
### Use the management console to configure PUA protection:
-In your enterprise, you can configure PUA protection from a management console, such as Puppet or Ansible, similarly to how other product settings are configured. For more information, see the [Threat type settings](linux-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md) topic.
+In your enterprise, you can configure PUA protection from a management console, such as Puppet or Ansible, similarly to how other product settings are configured. For more information, see the [Threat type settings](linux-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md) article.
-## Related topics
+## Related articles
- [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index a038804f65..addb17136c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -26,28 +26,35 @@ ms.topic: conceptual
## Collect diagnostic information
-If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
+If you can reproduce a problem, first increase the logging level, run the system for some time, and then restore the logging level to the default.
1. Increase logging level:
```bash
- $ mdatp log level set --level verbose
+ mdatp log level set --level verbose
+ ```
+ ```Output
Log level configured successfully
```
2. Reproduce the problem.
-3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds:
+3. Run the following command to back up Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive.
```bash
- $ sudo mdatp diagnostic create
+ sudo mdatp diagnostic create
+ ```
+ This command will also print out the file path to the backup after the operation succeeds:
+ ```Output
Diagnostic file created:
```
4. Restore logging level:
```bash
- $ mdatp log level set --level info
+ mdatp log level set --level info
+ ```
+ ```Output
Log level configured successfully
```
@@ -59,7 +66,7 @@ The detailed log will be saved to `/var/log/microsoft/mdatp_install.log`. If you
## Uninstall
-There are several ways to uninstall Microsoft Defender ATP for Linux. If you are using a configuration tool such as Puppet, please follow the package uninstallation instructions for the configuration tool.
+There are several ways to uninstall Microsoft Defender ATP for Linux. If you are using a configuration tool such as Puppet, follow the package uninstallation instructions for the configuration tool.
### Manual uninstallation
@@ -73,7 +80,7 @@ Important tasks, such as controlling product settings and triggering on-demand s
### Global options
-By default, the command-line tool outputs the result in human-readable format. In addition to this, the tool also supports outputting the result as JSON, which is useful for automation scenarios. To change the output to JSON, pass `--output json` to any of the below commands.
+By default, the command-line tool outputs the result in human-readable format. In addition, the tool also supports outputting the result as JSON, which is useful for automation scenarios. To change the output to JSON, pass `--output json` to any of the below commands.
### Supported commands
@@ -91,6 +98,9 @@ The following table lists commands for some of the most common scenarios. Run `m
|Configuration |Add/remove an antivirus exclusion for a directory |`mdatp exclusion folder [add|remove] --path [path-to-directory]` |
|Configuration |Add/remove an antivirus exclusion for a process |`mdatp exclusion process [add|remove] --path [path-to-process]` `mdatp exclusion process [add|remove] --name [process-name]` |
|Configuration |List all antivirus exclusions |`mdatp exclusion list` |
+|Configuration |Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` |
+|Configuration |Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` |
+|Configuration |List all allowed threat names |`mdatp threat allowed list` |
|Configuration |Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action block` |
|Configuration |Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action off` |
|Configuration |Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
@@ -107,8 +117,8 @@ The following table lists commands for some of the most common scenarios. Run `m
|Quarantine management |List all quarantined files |`mdatp threat quarantine list` |
|Quarantine management |Remove all files from the quarantine |`mdatp threat quarantine remove-all` |
|Quarantine management |Add a file detected as a threat to the quarantine |`mdatp threat quarantine add --id [threat-id]` |
-|Quarantine management |Remove a file detected as a threat from the quarantine |`mdatp threat quarantine add --id [threat-id]` |
-|Quarantine management |Restore a file from the quarantine |`mdatp threat quarantine add --id [threat-id]` |
+|Quarantine management |Remove a file detected as a threat from the quarantine |`mdatp threat quarantine remove --id [threat-id]` |
+|Quarantine management |Restore a file from the quarantine |`mdatp threat quarantine restore --id [threat-id]` |
## Microsoft Defender ATP portal information
@@ -138,5 +148,5 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
```bash
- $ sudo SUSEConnect --status-text
+ sudo SUSEConnect --status-text
```
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
index 0ac647a0b9..04ec1f7937 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
@@ -48,7 +48,7 @@ During installation, the ```HTTPS_PROXY``` environment variable must be passed t
- The `HTTPS_PROXY` variable is prepended to the installation or uninstallation commands. For example, with the APT package manager, prepend the variable as follows when installing Microsoft Defender ATP:
```bash
- $ HTTPS_PROXY="http://proxy.server:port/" apt install mdatp
+ HTTPS_PROXY="http://proxy.server:port/" apt install mdatp
```
> [!NOTE]
@@ -56,7 +56,7 @@ During installation, the ```HTTPS_PROXY``` environment variable must be passed t
The `HTTPS_PROXY` environment variable may similarly be defined during uninstallation.
-Note that installation and uninstallation will not necessarily fail if a proxy is required but not configured. However, telemetry will not be submitted, and the operation could take significantly longer due to network timeouts.
+Note that installation and uninstallation will not necessarily fail if a proxy is required but not configured. However, telemetry will not be submitted, and the operation could take much longer due to network timeouts.
## Post installation configuration
@@ -73,5 +73,5 @@ After installation, the `HTTPS_PROXY` environment variable must be defined in th
After modifying the `mdatp.service` file, save and close it. Restart the service so the changes can be applied. In Ubuntu, this involves two commands:
```bash
-$ systemctl daemon-reload; systemctl restart mdatp
+systemctl daemon-reload; systemctl restart mdatp
```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
index f48ac979fd..86e2b4f38e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
@@ -29,7 +29,7 @@ ms.topic: conceptual
To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line:
```bash
-$ mdatp connectivity test
+mdatp connectivity test
```
If the connectivity test fails, check if the device has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall.
@@ -44,7 +44,7 @@ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https:
The output from this command should be similar to:
-```bash
+```Output
OK https://x.cp.wd.microsoft.com/api/report
OK https://cdn.x.cp.wd.microsoft.com/ping
```
@@ -59,7 +59,7 @@ OK https://cdn.x.cp.wd.microsoft.com/ping
If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port:
```bash
-$ curl -x http://proxy_address:port -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
+curl -x http://proxy_address:port -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
```
Ensure that you use the same proxy address and port as configured in the `/lib/system/system/mdatp.service` file. Check your proxy configuration if there are errors from the above commands.
@@ -78,13 +78,13 @@ Also ensure that the correct static proxy address is filled in to replace `addre
If this file is correct, try running the following command in the terminal to reload Microsoft Defender ATP for Linux and propagate the setting:
```bash
-$ sudo systemctl daemon-reload; sudo systemctl restart mdatp
+sudo systemctl daemon-reload; sudo systemctl restart mdatp
```
Upon success, attempt another connectivity test from the command line:
```bash
-$ mdatp connectivity test
+mdatp connectivity test
```
If the problem persists, contact customer support.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
index d89a6593f9..67c96c9bdf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
@@ -26,12 +26,15 @@ ms.topic: conceptual
## Verify if installation succeeded
-An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, one can obtain and check the installation logs using:
+An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, obtain and check the installation logs using:
```bash
- $ sudo journalctl | grep 'microsoft-mdatp' > installation.log
- $ grep 'postinstall end' installation.log
-
+ sudo journalctl | grep 'microsoft-mdatp' > installation.log
+```
+```bash
+ grep 'postinstall end' installation.log
+```
+```Output
microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
```
@@ -44,8 +47,9 @@ Also check the [Client configuration](linux-install-manually.md#client-configura
Check if the mdatp service is running:
```bash
- $ systemctl status mdatp
-
+systemctl status mdatp
+```
+```Output
● mdatp.service - Microsoft Defender ATP
Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago
@@ -61,41 +65,43 @@ Check if the mdatp service is running:
1. Check if "mdatp" user exists:
```bash
- $ id "mdatp"
+ id "mdatp"
```
If there’s no output, run
```bash
- $ sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
+ sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
```
2. Try enabling and restarting the service using:
```bash
- $ sudo systemctl enable mdatp
- $ sudo systemctl restart mdatp
+ sudo systemctl enable mdatp
```
-
-3. If mdatp.service isn't found upon running the previous command, run
```bash
- $ sudo cp /opt/microsoft/mdatp/conf/mdatp.service
-
- where is
- /lib/systemd/system for Ubuntu and Debian distributions
- /usr/lib/systemd/system for Rhel, CentOS, Oracle and SLES
+ sudo systemctl restart mdatp
```
- and then rerun step 2.
+
+3. If mdatp.service isn't found upon running the previous command, run:
+ ```bash
+ sudo cp /opt/microsoft/mdatp/conf/mdatp.service
+ ```
+ where `````` is
+ ```/lib/systemd/system``` for Ubuntu and Debian distributions and
+ ```/usr/lib/systemd/system``` for Rhel, CentOS, Oracle and SLES.
+Then rerun step 2.
4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details.
Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
5. Ensure that the daemon has executable permission.
```bash
- $ ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
-
+ ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
+ ```
+ ```Output
-rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon
```
If the daemon doesn't have executable permissions, make it executable using:
```bash
- $ sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon
+ sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon
```
and retry running step 2.
@@ -105,7 +111,7 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
1. Check the file system type using:
```bash
- $ findmnt -T
+ findmnt -T
```
Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned.
@@ -113,13 +119,15 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command:
```bash
- $ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp
+ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp
```
and try again.
If none of the above steps help, collect the diagnostic logs:
```bash
- $ sudo mdatp diagnostic create
+ sudo mdatp diagnostic create
+ ```
+ ```Output
Diagnostic file created:
```
Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
index 5119c3afc3..a4c54a9aa4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
@@ -23,7 +23,7 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
-This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender ATP for Linux.
+This article provides some general steps that can be used to narrow down performance issues related to Microsoft Defender ATP for Linux.
Real-time protection (RTP) is a feature of Microsoft Defender ATP for Linux that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
@@ -36,7 +36,9 @@ The following steps can be used to troubleshoot and mitigate these issues:
If your device is not managed by your organization, real-time protection can be disabled from the command line:
```bash
- $ mdatp config real-time-protection --value disabled
+ mdatp config real-time-protection --value disabled
+ ```
+ ```Output
Configuration property updated
```
@@ -50,26 +52,28 @@ The following steps can be used to troubleshoot and mitigate these issues:
This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
```bash
- $ mdatp config real-time-protection-statistics --value enabled
+ mdatp config real-time-protection-statistics --value enabled
```
This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command:
```bash
- $ mdatp health --field real_time_protection_enabled
+ mdatp health --field real_time_protection_enabled
```
Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it:
```bash
- $ mdatp config real-time-protection --value enabled
+ mdatp config real-time-protection --value enabled
+ ```
+ ```Output
Configuration property updated
```
To collect current statistics, run:
```bash
- $ mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file
+ mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file
```
The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
index 49399fbe9f..0d734e593a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
@@ -1,6 +1,6 @@
---
title: Live response command examples
-description: Learn to run basic or advanced live response commands for Microsoft Defender Advanced Threat Protection (ATP) and see examples on how it's used
+description: Learn to run basic or advanced live response commands for Microsoft Defender Advanced Threat Protection (ATP) and see examples on how it's used.
keywords: example, command, cli, remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -155,7 +155,7 @@ registry HKEY_CURRENT_USER\Console
```
# Show information about a specific registry value
-registry HKEY_CURRENT_USER\Console\\ScreenBufferSize
+registry HKEY_CURRENT_USER\Console\ScreenBufferSize
```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
index 2a2e8465f2..56f59ba081 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
@@ -23,9 +23,9 @@ ms.topic: article
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Live response is a capability that gives your security operations team instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats — in real time.
+Live response gives security operations teams instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats—in real time.
-Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.
+Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4qLUW]
@@ -98,7 +98,7 @@ The dashboard also gives you access to:
## Initiate a live response session on a device
-1. Log in to Microsoft Defender Security Center.
+1. Sign in to Microsoft Defender Security Center.
2. Navigate to the devices list page and select a device to investigate. The devices page opens.
@@ -112,6 +112,10 @@ The dashboard also gives you access to:
Depending on the role that's been granted to you, you can run basic or advanced live response commands. User permissions are controlled by RBAC custom roles. For more information on role assignments, see [Create and manage roles](user-roles.md).
+
+>[!NOTE]
+>Live response is a cloud-based interactive shell, as such, specific command experience may vary in response time depending on network quality and system load between the end user and the target device.
+
### Basic commands
The following commands are available for user roles that are granted the ability to run **basic** live response commands. For more information on role assignments, see [Create and manage roles](user-roles.md).
@@ -137,7 +141,7 @@ drivers | Shows all drivers installed on the device. |
|`trace` | Sets the terminal's logging mode to debug. |
### Advanced commands
-The following commands are available for user roles that are granted the ability to run **advanced** live response commands. For more information on role assignments see [Create and manage roles](user-roles.md).
+The following commands are available for user roles that are granted the ability to run **advanced** live response commands. For more information on role assignments, see [Create and manage roles](user-roles.md).
| Command | Description |
|---|---|
@@ -201,7 +205,7 @@ You can have a collection of PowerShell scripts that can run on devices that you
4. Specify if you'd like to overwrite a file with the same name.
-5. If you'd like to be know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description.
+5. If you'd like to be, know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description.
6. Click **Confirm**.
@@ -220,7 +224,7 @@ Some commands have prerequisite commands to run. If you don't run the prerequisi
You can use the auto flag to automatically run prerequisite commands, for example:
-```
+```console
getfile c:\Users\user\Desktop\work.txt -auto
```
@@ -269,7 +273,7 @@ Live response supports output piping to CLI and file. CLI is the default output
Example:
-```
+```console
processes > output.txt
```
@@ -285,7 +289,7 @@ Each command is tracked with full details such as:
## Limitations
- Live response sessions are limited to 10 live response sessions at a time.
-- Large scale command execution is not supported.
+- Large-scale command execution is not supported.
- A user can only initiate one session at a time.
- A device can only be in one session at a time.
- The following file size limits apply:
@@ -295,11 +299,3 @@ Each command is tracked with full details such as:
## Related article
- [Live response command examples](live-response-command-examples.md)
-
-
-
-
-
-
-
-
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
index d96e6da0ab..4e97dc6960 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
@@ -43,7 +43,7 @@ Exclusion | Definition | Examples
---|---|---
File extension | All files with the extension, anywhere on the machine | `.test`
File | A specific file identified by the full path | `/var/log/test.log` `/var/log/*.log` `/var/log/install.?.log`
-Folder | All files under the specified folder | `/var/log/` `/var/*/`
+Folder | All files under the specified folder (recursively) | `/var/log/` `/var/*/`
Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat` `cat` `c?t`
File, folder, and process exclusions support the following wildcards:
@@ -74,7 +74,7 @@ You can validate that your exclusion lists are working by using `curl` to downlo
In the following Bash snippet, replace `test.txt` with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure that you run the command within that path.
```bash
-$ curl -o test.txt https://www.eicar.org/download/eicar.com.txt
+curl -o test.txt https://www.eicar.org/download/eicar.com.txt
```
If Microsoft Defender ATP for Mac reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html).
@@ -86,3 +86,25 @@ echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > te
```
You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
+
+## Allow threats
+
+In addition to excluding certain content from being scanned, you can also configure the product not to detect some classes of threats (identified by the threat name). You should exercise caution when using this functionality, as it can leave your device unprotected.
+
+To add a threat name to the allowed list, execute the following command:
+
+```bash
+mdatp threat allowed add --name [threat-name]
+```
+
+The threat name associated with a detection on your device can be obtained using the following command:
+
+```bash
+mdatp threat list
+```
+
+For example, to add `EICAR-Test-File (not a virus)` (the threat name associated with the EICAR detection) to the allowed list, execute the following command:
+
+```bash
+mdatp threat allowed add --name "EICAR-Test-File (not a virus)"
+```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
index ff78248097..2dd67831b1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@@ -20,10 +20,8 @@ ms.topic: conceptual
# Intune-based deployment for Microsoft Defender ATP for Mac
> [!NOTE]
-> This documentation explains the legacy method for deploying and configuring Microsoft Defender ATP on macOS devices. The native experience is now available in the MEM console. The release of the native UI in the MEM console provide admins with a much simpler way to configure and dfeploy the application and send it down to macOS devices.
-> This blog post explains the new features: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-simplifies-deployment-of-microsoft/ba-p/1322995
-> To configure the app go here: https://docs.microsoft.com/mem/intune/protect/antivirus-microsoft-defender-settings-macos
-> To deploy the app go here: https://docs.microsoft.com/mem/intune/apps/apps-advanced-threat-protection-macos
+> This documentation explains the legacy method for deploying and configuring Microsoft Defender ATP on macOS devices. The native experience is now available in the MEM console. The release of the native UI in the MEM console provide admins with a much simpler way to configure and deploy the application and send it down to macOS devices.
+>The blog post [MEM simplifies deployment of Microsoft Defender ATP for macOS](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-simplifies-deployment-of-microsoft/ba-p/1322995) explains the new features. To configure the app, go to [Settings for Microsoft Defender ATP for Mac in Microsoft InTune](https://docs.microsoft.com/mem/intune/protect/antivirus-microsoft-defender-settings-macos). To deploy the app, go to [Add Microsoft Defender ATP to macOS devices using Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/apps-advanced-threat-protection-macos).
**Applies to:**
@@ -50,7 +48,7 @@ The following table summarizes the steps you would need to take to deploy and ma
| [Approve Kernel Extension for Microsoft Defender ATP](#download-installation-and-onboarding-packages) | MDATP_KExt.xml | N/A |
| [Grant full disk access to Microsoft Defender ATP](#create-system-configuration-profiles-step-8) | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc |
| [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#intune) | MDATP_Microsoft_AutoUpdate.xml | com.microsoft.autoupdate2 |
-| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)
**Note:** If you are planning to run a 3rd party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
+| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)
**Note:** If you are planning to run a third party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-9) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
## Download installation and onboarding packages
@@ -66,15 +64,24 @@ Download the installation and onboarding packages from Microsoft Defender Securi
4. Select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
5. Download **IntuneAppUtil** from [https://docs.microsoft.com/intune/lob-apps-macos](https://docs.microsoft.com/intune/lob-apps-macos).
6. From a command prompt, verify that you have the three files.
- Extract the contents of the .zip files:
+
```bash
- $ ls -l
+ ls -l
+ ```
+
+ ```Output
total 721688
-rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil
-rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
- $ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+7. Extract the contents of the .zip files:
+
+ ```bash
+ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+ ```Output
Archive: WindowsDefenderATPOnboardingPackage.zip
warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
inflating: intune/kext.xml
@@ -82,16 +89,18 @@ Download the installation and onboarding packages from Microsoft Defender Securi
inflating: jamf/WindowsDefenderATPOnboarding.plist
```
-7. Make IntuneAppUtil an executable:
+8. Make IntuneAppUtil an executable:
```bash
- $ chmod +x IntuneAppUtil
+ chmod +x IntuneAppUtil
```
-8. Create the wdav.pkg.intunemac package from wdav.pkg:
+9. Create the wdav.pkg.intunemac package from wdav.pkg:
```bash
- $ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
+ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
+ ```
+ ```Output
Microsoft Intune Application Utility for Mac OS X
Version: 1.0.0.0
Copyright 2018 Microsoft Corporation
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
index 4cb0f6f707..efdb013295 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
@@ -1,6 +1,6 @@
---
title: JAMF-based deployment for Microsoft Defender ATP for Mac
-description: Install Microsoft Defender ATP for Mac, using JAMF.
+description: Learn about all the steps needed to deploy Microsoft Defender Advanced Threat Protection for Mac through JAMF.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -24,7 +24,7 @@ ms.date: 04/10/2020
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-This topic describes how to deploy Microsoft Defender ATP for Mac through JAMF. A successful deployment requires the completion of all of the following steps:
+This article describes how to deploy Microsoft Defender ATP for Mac through JAMF. A successful deployment requires the completion of all of the following steps:
1. [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
1. [Create JAMF policies](#create-jamf-policies)
@@ -34,7 +34,7 @@ This topic describes how to deploy Microsoft Defender ATP for Mac through JAMF.
## Prerequisites and system requirements
-Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow.
@@ -45,7 +45,7 @@ The following table summarizes the steps you would need to take to deploy and ma
| Step | Sample file names | BundleIdentifier |
|-|-|-|
| [Download installation and onboarding packages](#download-installation-and-onboarding-packages) | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp |
-| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#property-list-for-jamf-configuration-profile-1)
**Note:** If you are planning to run a 3rd party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.plist | com.microsoft.wdav |
+| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#property-list-for-jamf-configuration-profile-1)
**Note:** If you are planning to run a third party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.plist | com.microsoft.wdav |
| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#notification-settings) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.wdav.tray |
| [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#jamf) | MDATP_Microsoft_AutoUpdate.mobileconfig | com.microsoft.autoupdate2 |
| [Grant Full Disk Access to Microsoft Defender ATP](#privacy-preferences-policy-control) | Note: If there was one, MDATP_tcc_Catalina_or_newer.plist | com.microsoft.wdav.tcc |
@@ -64,17 +64,25 @@ Download the installation and onboarding packages from Microsoft Defender Securi
3. Select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
4. Select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
-5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so:
+5. From the command prompt, verify that you have the two files.
```bash
- $ ls -l
+ ls -l
+ ```
+ ```Output
total 721160
-rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
- $ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+6. Extract the contents of the .zip files like so:
+
+ ```bash
+ unzip WindowsDefenderATPOnboardingPackage.zip
+ ```
+ ```Output
Archive: WindowsDefenderATPOnboardingPackage.zip
warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
- inflating: intune/kext.xml
+ inflating: intune/kext.xml
inflating: intune/WindowsDefenderATPOnboarding.xml
inflating: jamf/WindowsDefenderATPOnboarding.plist
```
@@ -140,9 +148,83 @@ Use the **Logs** tab to monitor deployment status for each enrolled device.
Starting in macOS 10.15 (Catalina) a user must manually allow to display notifications in UI. To auto-enable notifications from Defender and Auto Update, you can import the .mobileconfig below into a separate configuration profile and assign it to all devices with Defender:
```xml
-
-
- PayloadContentNotificationSettingsAlertType2BadgesEnabledBundleIdentifiercom.microsoft.autoupdate2CriticalAlertEnabledGroupingType0NotificationsEnabledShowInLockScreenShowInNotificationCenterSoundsEnabledAlertType2BadgesEnabledBundleIdentifiercom.microsoft.wdav.trayCriticalAlertEnabledGroupingType0NotificationsEnabledShowInLockScreenShowInNotificationCenterSoundsEnabledPayloadDescriptionPayloadDisplayNamenotificationsPayloadEnabledPayloadIdentifierBB977315-E4CB-4915-90C7-8334C75A7C64PayloadOrganizationMicrosoftPayloadTypecom.apple.notificationsettingsPayloadUUIDBB977315-E4CB-4915-90C7-8334C75A7C64PayloadVersion1PayloadDescriptionPayloadDisplayNamemdatp - allow notificationsPayloadEnabledPayloadIdentifier85F6805B-0106-4D23-9101-7F1DFD5EA6D6PayloadOrganizationMicrosoftPayloadRemovalDisallowedPayloadScopeSystemPayloadTypeConfigurationPayloadUUID85F6805B-0106-4D23-9101-7F1DFD5EA6D6PayloadVersion1
+
+
+
+ PayloadContent
+
+
+ NotificationSettings
+
+
+ AlertType
+ 2
+ BadgesEnabled
+
+ BundleIdentifier
+ com.microsoft.autoupdate2
+ CriticalAlertEnabled
+ GroupingType
+ 0
+ NotificationsEnabled
+
+ ShowInLockScreen
+
+ ShowInNotificationCenter
+
+ SoundsEnabled
+
+
+
+ AlertType
+ 2BadgesEnabled
+ BundleIdentifier
+ com.microsoft.wdav.tray
+ CriticalAlertEnabled
+ GroupingType
+ 0
+ NotificationsEnabled
+ ShowInLockScreen
+ ShowInNotificationCenter
+ SoundsEnabled
+
+
+
+ PayloadDescription
+ PayloadDisplayName
+ notifications
+ PayloadEnabled
+ PayloadIdentifier
+ BB977315-E4CB-4915-90C7-8334C75A7C64
+ PayloadOrganization
+ Microsoft
+ PayloadType
+ com.apple.notificationsettings
+ PayloadUUID
+ BB977315-E4CB-4915-90C7-8334C75A7C64
+ PayloadVersion
+ 1
+
+
+ PayloadDescription
+ PayloadDisplayName
+ mdatp - allow notifications
+ PayloadEnabled
+ PayloadIdentifier
+ 85F6805B-0106-4D23-9101-7F1DFD5EA6D6
+ PayloadOrganization
+ Microsoft
+ PayloadRemovalDisallowed
+ PayloadScope
+ System
+ PayloadType
+ Configuration
+ PayloadUUID
+ 85F6805B-0106-4D23-9101-7F1DFD5EA6D6
+ PayloadVersion
+ 1
+
+
```
### Package
@@ -208,7 +290,10 @@ Once the policy is applied, you'll see the Microsoft Defender ATP icon in the ma
You can monitor policy installation on a device by following the JAMF log file:
```bash
- $ tail -f /var/log/jamf.log
+ tail -f /var/log/jamf.log
+```
+
+```Output
Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
@@ -221,7 +306,10 @@ You can monitor policy installation on a device by following the JAMF log file:
You can also check the onboarding status:
```bash
-$ mdatp --health
+mdatp --health
+```
+
+```Output
...
licensed : true
orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45"
@@ -237,7 +325,7 @@ orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45"
You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status:
```bash
-$ mdatp --health healthy
+mdatp --health healthy
```
The above command prints "1" if the product is onboarded and functioning as expected.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index 018c229b01..e2f79e5846 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -747,7 +747,9 @@ The following templates contain entries for all settings described in this docum
The property list must be a valid *.plist* file. This can be checked by executing:
```bash
-$ plutil -lint com.microsoft.wdav.plist
+plutil -lint com.microsoft.wdav.plist
+```
+```Output
com.microsoft.wdav.plist: OK
```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
index 0f63486ad1..5fbcec859f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
@@ -53,7 +53,7 @@ You can configure how PUA files are handled from the command line or from the ma
In Terminal, execute the following command to configure PUA protection:
```bash
-$ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block]
+mdatp --threat --type-handling potentially_unwanted_application [off|audit|block]
```
### Use the management console to configure PUA protection:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
index a4780aaea9..c82f6bfdb6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
@@ -25,34 +25,36 @@ ms.topic: conceptual
## Collecting diagnostic information
-If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
+If you can reproduce a problem, increase the logging level, run the system for some time, and restore the logging level to the default.
1. Increase logging level:
```bash
- $ mdatp --log-level verbose
- Creating connection to daemon
- Connection established
- Operation succeeded
+ mdatp log level set --level verbose
+ ```
+
+ ```Output
+ Log level configured successfully
```
2. Reproduce the problem
-3. Run `sudo mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
+3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
```bash
- $ sudo mdatp --diagnostic --create
- Creating connection to daemon
- Connection established
+ sudo mdatp diagnostic create
+ ```
+ ```Output
+ Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip"
```
4. Restore logging level:
```bash
- $ mdatp --log-level info
- Creating connection to daemon
- Connection established
- Operation succeeded
+ mdatp log level set --level info
+ ```
+ ```Output
+ Log level configured successfully
```
## Logging installation issues
@@ -63,7 +65,7 @@ The detailed log will be saved to `/Library/Logs/Microsoft/mdatp/install.log`. I
## Uninstalling
-There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
+There are several ways to uninstall Microsoft Defender ATP for Mac. Note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
### Interactive uninstallation
@@ -78,27 +80,63 @@ There are several ways to uninstall Microsoft Defender ATP for Mac. Please note
Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
-|Group |Scenario |Command |
-|-------------|-------------------------------------------|-----------------------------------------------------------------------|
-|Configuration|Turn on/off real-time protection |`mdatp --config realTimeProtectionEnabled [true/false]` |
-|Configuration|Turn on/off cloud protection |`mdatp --config cloudEnabled [true/false]` |
-|Configuration|Turn on/off product diagnostics |`mdatp --config cloudDiagnosticEnabled [true/false]` |
-|Configuration|Turn on/off automatic sample submission |`mdatp --config cloudAutomaticSampleSubmission [true/false]` |
-|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`|
-|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` |
-|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`|
-|Configuration|Turn on/off passiveMode |`mdatp --config passiveMode [on/off]` |
-|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` |
-|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` |
-|Health |Check the product's health |`mdatp --health` |
-|Protection |Scan a path |`mdatp --scan --path [path]` |
-|Protection |Do a quick scan |`mdatp --scan --quick` |
-|Protection |Do a full scan |`mdatp --scan --full` |
-|Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` |
-|Protection |Request a security intelligence update |`mdatp --definition-update` |
-|EDR |Turn on/off EDR preview for Mac |`mdatp --edr --early-preview [true/false]` OR `mdatp --edr --earlyPreview [true/false]` for versions earlier than 100.78.0 |
-|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp --edr --set-tag GROUP [name]` |
-|EDR |Remove group tag from device |`mdatp --edr --remove-tag [name]` |
+|Group |Scenario |Command |
+|-------------|-------------------------------------------|----------------------------------------------------------------------------------|
+|Configuration|Turn on/off real-time protection |`mdatp config real-time-protection [enabled/disabled]` |
+|Configuration|Turn on/off cloud protection |`mdatp config cloud --value [enabled/disabled]` |
+|Configuration|Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled/disabled]` |
+|Configuration|Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission --value [enabled/disabled]` |
+|Configuration|Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` |
+|Configuration|Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` |
+|Configuration|List all allowed threat names |`mdatp threat allowed list` |
+|Configuration|Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action block` |
+|Configuration|Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action off` |
+|Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` |
+|Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` |
+|Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` |
+|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` |
+|Health |Check the product's health |`mdatp health` |
+|Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` |
+|Protection |Scan a path |`mdatp scan custom --path [path]` |
+|Protection |Do a quick scan |`mdatp scan quick` |
+|Protection |Do a full scan |`mdatp scan full` |
+|Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` |
+|Protection |Request a security intelligence update |`mdatp definitions update` |
+|EDR |Turn on/off EDR preview for Mac |`mdatp edr early-preview [enabled/disabled]` |
+|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp edr tag set --name GROUP --value [name]` |
+|EDR |Remove group tag from device |`mdatp edr tag remove --tag-name [name]` |
+|EDR |Add Group Id |`mdatp edr group-ids --group-id [group]` |
+
+### How to enable autocompletion
+
+To enable autocompletion in `Bash`, run the following command and restart the Terminal session:
+
+```bash
+echo "source /Applications/Microsoft\ Defender\ ATP.app/Contents/Resources/Tools/mdatp_completion.bash" >> ~/.bash_profile
+```
+
+To enable autocompletion in `zsh`:
+
+- Check whether autocompletion is enabled on your device:
+
+ ```zsh
+ cat ~/.zshrc | grep autoload
+ ```
+
+- If the above command does not produce any output, you can enable autocompletion using the following command:
+
+ ```zsh
+ echo "autoload -Uz compinit && compinit" >> ~/.zshrc
+ ```
+
+- Run the following commands to enable autocompletion for Microsoft Defender ATP for Mac and restart the Terminal session:
+
+ ```zsh
+ sudo mkdir -p /usr/local/share/zsh/site-functions
+ ```
+ ```zsh
+ sudo ln -svf "/Applications/Microsoft Defender ATP.app/Contents/Resources/Tools/mdatp_completion.zsh" /usr/local/share/zsh/site-functions/_mdatp
+ ```
## Client Microsoft Defender ATP quarantine directory
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
index d7a913d13f..b06971e544 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
@@ -19,13 +19,17 @@ ms.topic: conceptual
# Schedule scans with Microsoft Defender ATP for Mac
-While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. Create a scanning schedule using launchd on a macOS computer.
+While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week.
-## Schedule a scan with launchd
+## Schedule a scan with *launchd*
-1. Create a new .xml file. Use the following example to create your scanning schedule file.
+You can create a scanning schedule using the *launchd* daemon on a macOS device.
- ```xml
+1. The following code shows the schema you need to use to schedule a scan. Open a text editor and use this example as a guide for your own scheduled scan file.
+
+ For more information on the *.plist* file format used here, see [About Information Property List Files](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/AboutInformationPropertyListFiles.html) at the official Apple developer website.
+
+ ```XML
@@ -36,12 +40,13 @@ While you can start a threat scan at any time with Microsoft Defender ATP, your
ProgramArgumentssh
- -c
- /usr/local/bin/mdatp --scan --quick
+ -c
+ /usr/local/bin/mdatp --scan --quickRunAtLoad
- StartCalendarInterval
+ StartCalendarInterval
+ Day3Hour
@@ -59,20 +64,30 @@ While you can start a threat scan at any time with Microsoft Defender ATP, your
```
-2. Save the file as a program configuration file (.plist) with the name com.microsoft.wdav.schedquickscan.plist.
+2. Save the file as *com.microsoft.wdav.schedquickscan.plist*.
- >[!NOTE]
- >To change a quick scan to a full scan, use /usr/local/bin/mdatp --scan –full in the array string and update your .plist filename.
+ > [!TIP]
+ > To run a full scan instead of a quick scan, change line 12, `/usr/local/bin/mdatp --scan --quick`, to use the `--full` option instead of `--quick` (i.e. `/usr/local/bin/mdatp --scan --full`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*.
-3. Search for, and then open **Terminal**.
-4. To load your file into **launchd**, enter the following commands:
+3. Open **Terminal**.
+4. Enter the following commands to load your file:
```bash
- `$ launchctl load /Library/LaunchDaemons/`
- `$ launchctl start `
+ launchctl load /Library/LaunchDaemons/
+ launchctl start
```
-5. Your scheduled scan runs at the date, time, and frequency you defined in your .plist file. In the example, the scan runs at 2:00 AM every 7 days on a Friday, with the StartInterval using 604800 seconds for one week.
+5. Your scheduled scan will run at the date, time, and frequency you defined in your p-list. In the example, the scan runs at 2:00 AM every Friday.
- > [!NOTE]
- > Agents executed with launchd will not run at the scheduled time if the computer is asleep, but will run once the computer is awake. If the computer is off, the scan will not run until the computer is on at the next scheduled time.
+ Note that the `StartInterval` value is in seconds, indicating that scans should run every 604,800 seconds (one week), while the `Weekday` value of `StartCalendarInterval` uses an integer to indicate the fifth day of the week, or Friday.
+
+ > [!IMPORTANT]
+ > Agents executed with *launchd* will not run at the scheduled time while the device is asleep. They will instead run once the device resumes from sleep mode.
+ >
+ > If the device is turned off, the scan will run at the next scheduled scan time.
+
+## Schedule a scan with Intune
+
+You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode.
+
+See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
index 4e380f4e2a..7c4e538f90 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
@@ -30,8 +30,9 @@ For manual installation, the Summary page of the installation wizard says, "An e
While we do not display an exact error to the end user, we keep a log file with installation progress in `/Library/Logs/Microsoft/mdatp/install.log`. Each installation session appends to this log file. You can use `sed` to output the last installation session only:
```bash
-$ sed -n 'H; /^preinstall com.microsoft.wdav begin/h; ${g;p;}' /Library/Logs/Microsoft/mdatp/install.log
-
+sed -n 'H; /^preinstall com.microsoft.wdav begin/h; ${g;p;}' /Library/Logs/Microsoft/mdatp/install.log
+```
+```Output
preinstall com.microsoft.wdav begin [2020-03-11 13:08:49 -0700] 804
INSTALLER_SECURE_TEMP=/Library/InstallerSandboxes/.PKInstallSandboxManager/CB509765-70FC-4679-866D-8A14AD3F13CC.activeSandbox/89FA879B-971B-42BF-B4EA-7F5BB7CB5695
correlation id=CB509765-70FC-4679-866D-8A14AD3F13CC
@@ -45,10 +46,11 @@ The installation failed because a downgrade between these versions is not suppor
## MDATP install log missing or not updated
In rare cases, installation leaves no trace in MDATP's /Library/Logs/Microsoft/mdatp/install.log file.
-You can verify that an installation happened and analyze possible errors by querying macOS logs (this is helpful in case of MDM deployment, when there is no client UI). We recommend that you use a narrow time window to run a query, and that you filter by the logging process name, as there will be a huge amount of information.
+You can verify that an installation happened and analyze possible errors by querying macOS logs (this is helpful in MDM deployment, when there is no client UI). We recommend that you use a narrow time window to run a query, and that you filter by the logging process name, as there will be a huge amount of information.
```bash
grep '^2020-03-11 13:08' /var/log/install.log
-
+```
+```Output
log show --start '2020-03-11 13:00:00' --end '2020-03-11 13:08:50' --info --debug --source --predicate 'processImagePath CONTAINS[C] "install"' --style syslog
```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
index 04021812ac..e8edd981e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
@@ -23,18 +23,20 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-This topic provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender ATP for Mac.
+This article provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender ATP for Mac.
Starting with macOS High Sierra (10.13), macOS requires all kernel extensions to be explicitly approved before they are allowed to run on the device.
-If you did not approve the kernel extension during the deployment / installation of Microsoft Defender ATP for Mac, then the application displays a banner prompting you to enable it:
+If you did not approve the kernel extension during the deployment/installation of Microsoft Defender ATP for Mac, the application displays a banner prompting you to enable it:
-You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This is an indication that the kernel extension is not approved to run on your device.
+You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This indicates that the kernel extension is not approved to run on your device.
```bash
-$ mdatp --health
+mdatp --health
+```
+```Output
...
realTimeProtectionAvailable : false
realTimeProtectionEnabled : true
@@ -60,10 +62,13 @@ If you don't see this prompt, it means that 30 or more minutes have passed, and
In this case, you need to perform the following steps to trigger the approval flow again.
-1. In Terminal, attempt to install the driver. The following operation will fail, because the kernel extension was not approved to run on the device, however it will trigger the approval flow again.
+1. In Terminal, attempt to install the driver. The following operation will fail, because the kernel extension was not approved to run on the device. However, it will trigger the approval flow again.
```bash
- $ sudo kextutil /Library/Extensions/wdavkext.kext
+ sudo kextutil /Library/Extensions/wdavkext.kext
+ ```
+
+ ```Output
Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
Diagnostics for /Library/Extensions/wdavkext.kext:
@@ -75,16 +80,19 @@ In this case, you need to perform the following steps to trigger the approval fl
4. In Terminal, install the driver again. This time the operation will succeed:
-```bash
-$ sudo kextutil /Library/Extensions/wdavkext.kext
-```
+ ```bash
+ sudo kextutil /Library/Extensions/wdavkext.kext
+ ```
-The banner should disappear from the Defender application, and ```mdatp --health``` should now report that real-time protection is both enabled and available:
+ The banner should disappear from the Defender application, and ```mdatp --health``` should now report that real-time protection is both enabled and available:
-```bash
-$ mdatp --health
-...
-realTimeProtectionAvailable : true
-realTimeProtectionEnabled : true
-...
-```
\ No newline at end of file
+ ```bash
+ mdatp --health
+ ```
+
+ ```Output
+ ...
+ realTimeProtectionAvailable : true
+ realTimeProtectionEnabled : true
+ ...
+ ```
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
index fccc1b4442..4bdc6a325d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
@@ -42,7 +42,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
- From the Terminal. For security purposes, this operation requires elevation.
```bash
- $ mdatp --config realTimeProtectionEnabled false
+ mdatp --config realTimeProtectionEnabled false
```
If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
index 40e0f40794..3cd6ef23e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@@ -51,15 +51,15 @@ Add the following JAMF payload to grant Full Disk Access to the Microsoft Defend
-### Web Content Filtering Policy
+### Network Extension Policy
-A web content filtering policy is needed to run the network extension. Add the following web content filtering policy:
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
>[!NOTE]
>JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
->As such, the following steps provide a workaround that involve signing the web content filtering configuration profile.
+>As such, the following steps provide a workaround that involve signing the configuration profile.
-1. Save the following content to your device as `com.apple.webcontent-filter.mobileconfig`
+1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig`
```xml
@@ -74,7 +74,7 @@ A web content filtering policy is needed to run the network extension. Add the f
PayloadIdentifierDA2CC794-488B-4AFF-89F7-6686A7E7B8ABPayloadDisplayName
- Microsoft Defender ATP Content Filter
+ Microsoft Defender ATP Network ExtensionPayloadDescriptionPayloadVersion
@@ -97,7 +97,7 @@ A web content filtering policy is needed to run the network extension. Add the f
PayloadIdentifierCEBF7A71-D9A1-48BD-8CCF-BD9D18EC155APayloadDisplayName
- Approved Content Filter
+ Approved Network ExtensionPayloadDescriptionPayloadVersion
@@ -107,7 +107,7 @@ A web content filtering policy is needed to run the network extension. Add the f
FilterTypePluginUserDefinedName
- Microsoft Defender ATP Content Filter
+ Microsoft Defender ATP Network ExtensionPluginBundleIDcom.microsoft.wdavFilterSockets
@@ -115,7 +115,7 @@ A web content filtering policy is needed to run the network extension. Add the f
FilterDataProviderBundleIdentifiercom.microsoft.wdav.netextFilterDataProviderDesignatedRequirement
- identifier "com.microsoft.wdav.netext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
+ identifier "com.microsoft.wdav.netext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
@@ -125,8 +125,8 @@ A web content filtering policy is needed to run the network extension. Add the f
2. Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`:
```bash
- $ plutil -lint com.apple.webcontent-filter.mobileconfig
- com.apple.webcontent-filter.mobileconfig: OK
+ $ plutil -lint com.microsoft.network-extension.mobileconfig
+ com.microsoft.network-extension.mobileconfig: OK
```
3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority
@@ -134,10 +134,10 @@ A web content filtering policy is needed to run the network extension. Add the f
4. After the certificate is created and installed to your device, run the following command from the Terminal:
```bash
- $ security cms -S -N "" -i com.apple.webcontent-filter.mobileconfig -o com.apple.webcontent-filter.signed.mobileconfig
+ $ security cms -S -N "" -i com.microsoft.network-extension.mobileconfig -o com.microsoft.network-extension.signed.mobileconfig
```
-5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.apple.webcontent-filter.signed.mobileconfig` when prompted for the file.
+5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file.
## Intune
@@ -162,7 +162,7 @@ To approve the system extensions:
### Create and deploy the Custom Configuration Profile
-The following configuration profile enables the web content filter and grants Full Disk Access to the Endpoint Security system extension.
+The following configuration profile enables the network extension and grants Full Disk Access to the Endpoint Security system extension.
Save the following content to a file named **sysext.xml**:
@@ -202,7 +202,7 @@ Save the following content to a file named **sysext.xml**:
PayloadIdentifierCEBF7A71-D9A1-48BD-8CCF-BD9D18EC155APayloadDisplayName
- Approved Content Filter
+ Approved Network ExtensionPayloadDescriptionPayloadVersion
@@ -212,7 +212,7 @@ Save the following content to a file named **sysext.xml**:
FilterTypePluginUserDefinedName
- Microsoft Defender ATP Content Filter
+ Microsoft Defender ATP Network ExtensionPluginBundleIDcom.microsoft.wdavFilterSockets
@@ -265,10 +265,10 @@ Save the following content to a file named **sysext.xml**:
Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`:
- ```bash
- $ plutil -lint sysext.xml
- sysext.xml: OK
- ```
+```bash
+$ plutil -lint sysext.xml
+sysext.xml: OK
+```
To deploy this custom configuration profile:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
new file mode 100644
index 0000000000..d480a11fb7
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
@@ -0,0 +1,147 @@
+---
+title: Microsoft Defender ATP for Mac - System Extensions (Public Preview)
+description: This article contains instructions for trying out the system extensions functionality of Microsoft Defender ATP for Mac. This functionality is currently in public preview.
+keywords: microsoft, defender, atp, mac, kernel, system, extensions, catalina
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: security
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ROBOTS: noindex,nofollow
+---
+
+# Microsoft Defender ATP for Mac - System Extensions (Public Preview)
+
+In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
+
+This functionality is currently in public preview. This article contains instructions for enabling this functionality on your device. You can choose to try out this feature locally on your own device or configure it remotely through a management tool.
+
+These steps assume you already have Microsoft Defender ATP running on your device. For more information, see [this page](microsoft-defender-atp-mac.md).
+
+## Known issues
+
+- We’ve received reports of the network extension interfering with Apple SSO Kerberos extension.
+- The current version of the product still installs a kernel extension. The kernel extension is only used as a fallback mechanism and will be removed before this feature reaches public preview.
+- We are still working on a product version that deploys and functions properly on macOS 11 Big Sur.
+
+## Deployment prerequisites
+
+- Minimum operating system version: **10.15.4**
+- Minimum product version: **101.03.73**
+- Your device must be in the **Insider Fast update channel**. You can check the update channel using the following command:
+
+```bash
+mdatp --health releaseRing
+```
+
+If your device is not already in the Insider Fast update channel, execute the following command from the Terminal. The channel update takes effect next time the product starts (when the next product update is installed or when the device is rebooted).
+
+```bash
+defaults write com.microsoft.autoupdate2 ChannelName -string InsiderFast
+```
+
+Alternatively, if you are in a managed environment (JAMF or Intune), you can configure the update channel remotely. For more information, see [this page](mac-updates.md#set-the-channel-name).
+
+## Deployment steps
+
+Select the deployment steps corresponding to your environment and your preferred method of trying out this feature.
+
+### Manual deployment
+
+#### Approve the system extensions & enable the network extension
+
+Once all deployment prerequisites are met, restart your device to start the system extension approval and activation process.
+
+You will be presented series of system prompts to approve the Microsoft Defender ATP system extensions. You must approve ALL prompts from the series, because macOS requires an explicit approval for each extension that Microsoft Defender ATP for Mac installs on the device.
+
+For each approval, click **Open Security Preferences** and then click **Allow** to allow the system extension to run.
+
+> [!IMPORTANT]
+> Between subsequent approvals, you must close and re-open the **System Preferences** > **Security & Privacy** window, otherwise macOS will not display the next approval.
+
+> [!IMPORTANT]
+> There is a one minute timeout before the product falls back to the kernel extension (to ensure that the device is protected).
+>
+> If more than one minute has elapsed, restart the daemon (by rebooting the device or using `sudo killall -9 wdavdaemon`) in order to trigger the approval flow again.
+
+
+
+
+
+Following the approval of the system extensions, macOS will prompt for an approval to allow network traffic to be filtered. Click **Allow**.
+
+
+
+#### Grant Full Disk Access to the Endpoint Security system extension
+
+Open **System Preferences** > **Security & Privacy** > **Privacy** tab and grant **Full Disk Access** to the **Microsoft Defender Endpoint Security Extension**.
+
+
+
+#### Reboot your device
+
+In order for the changes to take effect, you must reboot your device.
+
+#### Verify that the system extensions are running
+
+From the Terminal, run the following command:
+
+```bash
+mdatp health --field real_time_protection_subsystem
+```
+
+Terminal output `endpoint_security_extension` indicates the product is using the system extensions functionality.
+
+### Managed deployment
+
+Refer to [this page](mac-sysext-policies.md#jamf) for the new configuration profiles that must be deployed for this new feature.
+
+In addition to those profiles, make sure the target devices are also configured to be in the Insider Fast update channel, as described in [this section](#deployment-prerequisites).
+
+On a device where all prerequisites are met and the new configuration profiles have been deployed, run:
+
+```bash
+$ mdatp health --field real_time_protection_subsystem
+```
+
+If this command prints `endpoint_security_extension`, then the product is using the system extensions functionality.
+
+## Validate basic scenarios
+
+1. Test EICAR detection. From a Terminal window, run:
+
+```bash
+curl -o eicar.txt https://secure.eicar.org/eicar.com.txt
+```
+
+ Verify that the EICAR file is quarantined. This verification can be done from the user interface (from the Protection History page) or command line using the following command:
+
+```bash
+mdatp threat list
+```
+
+2. Test EDR DIY scenario. From a terminal window, run:
+
+```bash
+curl -o "MDATP MacOS DIY.zip" https://aka.ms/mdatpmacosdiy
+```
+
+ Validate that two alerts have popped up in the portal in the machine page for EICAR and EDR DIY scenarios.
+
+## Frequently asked questions
+
+- Q: Why am I still seeing `kernel_extension` when I run `mdatp health --field real_time_protection_subsystem`?
+
+ A: Refer back to the [Deployment prerequisites](#deployment-prerequisites) section and double-check all of them are met. If all prerequisites are met, restart your device and check again.
+
+- Q: When is macOS 11 Big Sur going to be supported?
+
+ A: We are actively working on adding support for macOS 11. We will post more information to the [What's new](mac-whatsnew.md).
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
index 782c6a98e7..16b648b1c4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
@@ -64,7 +64,7 @@ The `Production` channel contains the most stable version of the product.
>[!WARNING]
>This setting changes the channel for all applications that are updated through Microsoft AutoUpdate. To change the channel only for Microsoft Defender ATP for Mac, execute the following command after replacing `[channel-name]` with the desired channel:
> ```bash
-> $ defaults write com.microsoft.autoupdate2 Applications -dict-add "/Applications/Microsoft Defender ATP.app" " { 'Application ID' = 'WDAV00' ; 'App Domain' = 'com.microsoft.wdav' ; LCID = 1033 ; ChannelName = '[channel-name]' ; }"
+> defaults write com.microsoft.autoupdate2 Applications -dict-add "/Applications/Microsoft Defender ATP.app" " { 'Application ID' = 'WDAV00' ; 'App Domain' = 'com.microsoft.wdav' ; LCID = 1033 ; ChannelName = '[channel-name]' ; }"
> ```
### Set update check frequency
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 667852eb82..ce8693466d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -1,6 +1,6 @@
---
title: What's new in Microsoft Defender Advanced Threat Protection for Mac
-description: List of major changes for Microsoft Defender ATP for Mac.
+description: Learn about the major changes for previous versions of Microsoft Defender Advanced Threat Protection for Mac.
keywords: microsoft, defender, atp, mac, installation, macos, whatsnew
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -19,12 +19,44 @@ ms.topic: conceptual
# What's new in Microsoft Defender Advanced Threat Protection for Mac
-> [!NOTE]
-> In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions.
+> [!IMPORTANT]
+> In preparation for macOS 11 Big Sur, we are getting ready to release an update to Microsoft Defender ATP for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender ATP for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
>
-> In the meantime, starting with macOS Catalina update 10.15.4, Apple introduced a user facing *Legacy System Extension* warning to signal applications that rely on kernel extensions.
+> The update is applicable to devices running macOS version 10.15.4 or later.
>
-> If you have previously allowed the kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to allow the kernel extension, your users will be presented with the warning. To proactively silence the warning, you can still deploy a configuration to allow the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
+> To ensure that the Microsoft Defender ATP for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Microsoft Defender ATP for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
+>
+> Timing:
+> - Organizations that previously opted into Microsoft Defender ATP preview features in Microsoft Defender Security Center, must be ready for Microsoft Defender ATP for Mac agent update **by August 10, 2020**.
+> - Organizations that do not participate in public previews for Microsoft Defender ATP features, must be ready **by September 07, 2020**.
+>
+> Action is needed by IT administrator. Review the steps below and assess the impact on your organization:
+>
+> 1. Deploy the specified remote configuration to eligible macOS devices before Microsoft publishes the new agent version.
+> Even though Microsoft Defender ATP for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Microsoft Defender ATP for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
+>
+> 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
+> 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
+
+## 101.06.63
+
+- Addressed a performance regression introduced in version `101.05.17`. The regression was introduced with the fix to eliminate the kernel panics some customers have observed when accessing SMB shares. We have reverted this code change and are investigating alternative ways to eliminate the kernel panics.
+
+## 101.05.17
+
+> [!IMPORTANT]
+> We are working on a new and enhanced syntax for the `mdatp` command-line tool. The new syntax is currently the default in the Insider Fast and Insider Slow update channels. We encourage you to famliliarize yourself with this new syntax.
+>
+> We will continue supporting the old syntax in parallel with the new syntax and will provide more communication around the deprecation plan for the old syntax in the upcoming months.
+
+- Addressed a kernel panic that occurred sometimes when accessing SMB file shares
+- Performance improvements & bug fixes
+
+## 101.05.16
+
+- Improvements to quick scan logic to significantly reduce the number of scanned files
+- Added [autocompletion support](mac-resources.md#how-to-enable-autocompletion) for the command-line tool
+- Bug fixes
## 101.03.12
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index 92e5b76fd8..e0c0e5b9b1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -1,6 +1,6 @@
---
title: Machine resource type
-description: Retrieves top machines
+description: Learn about the methods and properties of the Machine resource type in Microsoft Defender Advanced Threat Protection.
keywords: apis, supported apis, get, machines
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
index 930d43341f..be98dcc681 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
@@ -1,6 +1,6 @@
---
title: machineAction resource type
-description: Quickly respond to detected attacks by isolating machines or collecting an investigation package.
+description: Learn about the methods and properties of the MachineAction resource type in Microsoft Defender Advanced Threat Protection.
keywords: apis, supported apis, get, machineaction, recent
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
new file mode 100644
index 0000000000..022658e40b
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
@@ -0,0 +1,56 @@
+---
+title: Manage Microsoft Defender ATP using Configuration Manager
+description: Learn how to manage Microsoft Defender ATP with Configuration Manager
+keywords: post-migration, manage, operations, maintenance, utilization, Configuration Manager, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Manage Microsoft Defender Advanced Threat Protection with Configuration Manager
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+We recommend using We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem), which includes [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) (Intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/understand/introduction) (Configuration Manager) to manage your organization's threat protection features for devices (also referred to as endpoints).
+- [Learn more about Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview)
+- [Co-manage Microsoft Defender ATP on Windows 10 devices with Configuration Manager and Intune](manage-atp-post-migration-intune.md)
+
+## Configure Microsoft Defender ATP with Configuration Manager
+
+|Task |Resources to learn more |
+|---------|---------|
+|**Install the Configuration Manager console** if you don't already have it
*If you don't already have the Configuration Manger console, use these resources to get the bits and install it.* |[Get the installation media](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/install/get-install-media)
[Install the Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/install/install-consoles) |
+|**Use Configuration Manager to onboard devices** to Microsoft Defender ATP
*If you have devices (or endpoints) not already onboarded to Microsoft Defender ATP, you can do that with Configuration Manager.* |[Onboard to Microsoft Defender ATP with Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#about-onboarding-to-atp-with-configuration-manager) |
+|**Manage antimalware policies and Windows Firewall security** for client computers (endpoints)
*Configure endpoint protection features, including Microsoft Defender ATP, exploit protection, application control, antimalware, firewall settings, and more.* |[Configuration Manager: Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection) |
+|**Choose methods for updating antimalware updates** on your organization's devices
*With Endpoint Protection in Configuration Manager, you can choose from several methods to keep antimalware definitions up to date on your organization's devices.* |[Configure definition updates for Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definition-updates)
[Use Configuration Manager to deliver definition updates](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-configmgr) |
+|**Enable Network Protection** to help prevent employees from using apps that malicious content on the Internet
*We recommend using [audit mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection) at first for network protection in a test environment to see which apps would be blocked before rolling out.* |[Turn on network protection with Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection#microsoft-endpoint-configuration-manager) |
+|**Configure controlled folder access** to protect against ransomware
*Controlled folder access is also referred to as antiransomware protection.* |[Endpoint protection: Controlled folder access](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#controlled-folder-access)
[Enable controlled folder access in Microsoft Endpoint Configuration Manage](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders#microsoft-endpoint-configuration-manager) |
+
+## Configure your Microsoft Defender Security Center
+
+If you haven't already done so, **configure your Microsoft Defender Security Center** ([https://securitycenter.windows.com](https://securitycenter.windows.com)) to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture.
+
+You can also configure whether and what features end users can see in the Microsoft Defender Security Center.
+
+- [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use)
+
+- [Endpoint protection: Microsoft Defender Security Center](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
+
+## Next steps
+
+- [Get an overview of threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+
+- [Visit the Microsoft Defender Security Center security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)
+
+- [Manage Microsoft Defender ATP with Intune](manage-atp-post-migration-intune.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
new file mode 100644
index 0000000000..1e7317f3e8
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
@@ -0,0 +1,62 @@
+---
+title: Manage Microsoft Defender ATP using Group Policy Objects
+description: Learn how to manage Microsoft Defender ATP with Group Policy Objects
+keywords: post-migration, manage, operations, maintenance, utilization, PowerShell, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Manage Microsoft Defender Advanced Threat Protection with Group Policy Objects
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+> [!NOTE]
+> We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem) to manage your organization's threat protection features for devices (also referred to as endpoints). Endpoint Manager includes [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/understand/introduction). **[Learn more about Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview)**.
+
+You can use Group Policy Objects in Azure Active Directory Domain Services to manage some settings in Microsoft Defender ATP.
+
+## Configure Microsoft Defender ATP with Group Policy Objects
+
+The following table lists various tasks you can perform to configure Microsoft Defender ATP with Group Policy Objects.
+
+|Task |Resources to learn more |
+|---------|---------|
+|**Manage settings for user and computer objects**
*Customize built-in Group Policy Objects, or create custom Group Policy Objects and organizational units to suit your organizational needs.* |[Administer Group Policy in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy) |
+|**Configure Microsoft Defender Antivirus**
*Configure antivirus features & capabilities, including policy settings, exclusions, remediation, and scheduled scans on your organization's devices (also referred to as endpoints).* |[Use Group Policy settings to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)
[Use Group Policy to enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus#use-group-policy-to-enable-cloud-delivered-protection) |
+|**Manage your organization's attack surface reduction rules**
*Customize your attack surface reduction rules by excluding files & folders, or by adding custom text to notification alerts that appear on users' devices.* |[Customize attack surface reduction rules with Group Policy Objects](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction#use-group-policy-to-exclude-files-and-folders) |
+|**Manage exploit protection settings**
*You can customize your exploit protection settings, import a configuration file, and then use Group Policy to deploy that configuration file.* |[Customize exploit protection settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection)
[Import, export, and deploy exploit protection configurations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml)
[Use Group Policy to distribute the configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml#use-group-policy-to-distribute-the-configuration) |
+|**Enable Network Protection** to help prevent employees from using apps that malicious content on the Internet
*We recommend using [audit mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection) at first for network protection in a test environment to see which apps would be blocked before rolling out.* |[Turn on network protection using Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection#group-policy) |
+|**Configure controlled folder access** to protect against ransomware
*[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders) is also referred to as antiransomware protection.* |[Enable controlled folder access using Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders#group-policy) |
+|**Configure Microsoft Defender SmartScreen** to protect against malicious sites and files on the internet. |[Configure Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings using Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings#group-policy-settings) |
+|**Configure encryption and BitLocker** to protect information on your organization's devices running Windows |[BitLocker Group Policy settings](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings) |
+|**Configure Microsoft Defender Credential Guard** to protect against credential theft attacks |[Enable Windows Defender Credential Guard by using Group Policy](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-manage#enable-windows-defender-credential-guard-by-using-group-policy) |
+
+## Configure your Microsoft Defender Security Center
+
+If you haven't already done so, **configure your Microsoft Defender Security Center** ([https://securitycenter.windows.com](https://securitycenter.windows.com)) to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture.
+
+You can also configure whether and what features end users can see in the Microsoft Defender Security Center.
+
+- [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use)
+
+- [Endpoint protection: Microsoft Defender Security Center](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
+
+## Next steps
+
+- [Get an overview of threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+
+- [Visit the Microsoft Defender Security Center security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)
+
+- [Manage Microsoft Defender ATP with Intune](manage-atp-post-migration-intune.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
new file mode 100644
index 0000000000..6801853a3f
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
@@ -0,0 +1,81 @@
+---
+title: Manage Microsoft Defender ATP using Intune
+description: Learn how to manage Microsoft Defender ATP with Intune
+keywords: post-migration, manage, operations, maintenance, utilization, intune, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Manage Microsoft Defender Advanced Threat Protection with Intune
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem), which includes Microsoft Intune (Intune) to manage your organization's threat protection features for devices (also referred to as endpoints). [Learn more about Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview).
+
+This article describes how to find your Microsoft Defender ATP settings in Intune, and lists various tasks you can perform.
+
+## Find your Microsoft Defender ATP settings in Intune
+
+> [!IMPORTANT]
+> You must be a global administrator or service administrator in Intune to configure the settings described in this article. To learn more, see **[Types of administrators (Intune)](https://docs.microsoft.com/mem/intune/fundamentals/users-add#types-of-administrators)**.
+
+1. Go to the Azure portal ([https://portal.azure.com](https://portal.azure.com)) and sign in.
+
+2. Under **Azure Services**, choose **Intune**.
+
+3. In the navigation pane on the left, choose **Device configuration**, and then, under **Manage**, choose **Profiles**.
+
+4. Select an existing profile, or create a new one.
+
+> [!TIP]
+> Need help? See **[Using Microsoft Defender ATP with Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection#example-of-using-microsoft-defender-atp-with-intune)**.
+
+## Configure Microsoft Defender ATP with Intune
+
+The following table lists various tasks you can perform to configure Microsoft Defender ATP with Intune. You don't have to configure everything all at once; choose a task, read the corresponding resources, and then proceed.
+
+|Task |Resources to learn more |
+|---------|---------|
+|**Manage your organization's devices using Intune** to protect those devices and data stored on them |[Protect devices with Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/device-protect) |
+|**Integrate Microsoft Defender ATP with Intune** as a Mobile Threat Defense solution *(for Android devices and devices running Windows 10 or later)* |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) |
+|**Use Conditional Access** to control the devices and apps that can connect to your email and company resources |[Configure Conditional Access in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access) |
+|**Configure Microsoft Defender Antivirus settings** using the Policy configuration service provider ([Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)) |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus)
[Policy CSP - Microsoft Defender ATP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) |
+|**If necessary, specify exclusions for Microsoft Defender Antivirus**
*Generally, you shouldn't need to apply exclusions. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios.* |[Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows](https://support.microsoft.com/help/822158/virus-scanning-recommendations-for-enterprise-computers)
[Device restrictions: Microsoft Defender Antivirus Exclusions for Windows 10 devices](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)
[Configure Microsoft Defender Antivirus exclusions on Windows Server 2016 or 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus)|
+|**Configure your attack surface reduction rules** to target software behaviors that are often abused by attackers
*Configure your attack surface reduction rules in [audit mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender) at first (for at least one week and up to two months). You can monitor status using Power BI ([get our template](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules)), and then set those rules to active mode when you're ready.* |[Audit mode in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender)
[Learn more about attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)
[Tech Community blog post: Demystifying attack surface reduction rules - Part 1](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420) |
+|**Configure your network filtering** to block outbound connections from any app to IP addresses or domains with low reputations
*Network filtering is also referred to as [network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection).*
*Make sure that Windows 10 devices have the latest [antimalware platform updates](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform) installed.*|[Endpoint protection: Network filtering](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#network-filtering)
[Review network protection events in Windows Event Viewer](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection#review-network-protection-events-in-windows-event-viewer) |
+|**Configure controlled folder access** to protect against ransomware
*[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders) is also referred to as antiransomware protection.* |[Endpoint protection: Controlled folder access](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#controlled-folder-access)
[Enable controlled folder access in Intune](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders#intune) |
+|**Configure exploit protection** to protect your organization's devices from malware that uses exploits to spread and infect other devices
*[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection) is also referred to as Exploit Guard.* |[Endpoint protection: Microsoft Defender Exploit Guard](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-exploit-guard)
[Enable exploit protection in Intune](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection#intune) |
+|**Configure Microsoft Defender SmartScreen** to protect against malicious sites and files on the internet.
*Microsoft Edge should be installed on your organization's devices. For protection on Google Chrome and FireFox browsers, configure exploit protection.* |[Microsoft Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)
[Device restrictions: Microsoft Defender SmartScreen](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-smartscreen)
[Policy settings for managing SmartScreen in Intune](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings#mdm-settings) |
+|**Configure Microsoft Defender Firewall** to block unauthorized network traffic flowing into or out of your organization's devices |[Endpoint protection: Microsoft Defender Firewall](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-firewall)
[Microsoft Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security) |
+|**Configure encryption and BitLocker** to protect information on your organization's devices running Windows |[Endpoint protection: Windows Encryption](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#windows-encryption)
[BitLocker for Windows 10 devices](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) |
+|**Configure Microsoft Defender Credential Guard** to protect against credential theft attacks |For Windows 10, Windows Server 2016, and Windows Server 2019, see [Endpoint protection: Microsoft Defender Credential Guard](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-credential-guard)
For Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, and Windows Server 2012 R2, see [Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft, Versions 1 and 2](https://www.microsoft.com/download/details.aspx?id=36036) |
+|**Configure Microsoft Defender Application Control** to choose whether to audit or trust apps on your organization's devices
*Microsoft Defender Application Control is also referred to as [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).*|[Deploy Microsoft Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune)
[Endpoint protection: Microsoft Defender Application Control](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-application-control)
[AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp)|
+|**Configure device control and USB peripherals access** to help prevent threats in unauthorized peripherals from compromising your devices |[Control USB devices and other removable media using Microsoft Defender ATP and Intune](https://docs.microsoft.com/windows/security/threat-protection/device-control/control-usb-devices-using-intune) |
+
+## Configure your Microsoft Defender Security Center
+
+If you haven't already done so, **configure your Microsoft Defender Security Center** ([https://securitycenter.windows.com](https://securitycenter.windows.com)) to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture.
+
+You can also configure whether and what features end users can see in the Microsoft Defender Security Center.
+
+- [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use)
+
+- [Endpoint protection: Microsoft Defender Security Center](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
+
+## Next steps
+
+- [Get an overview of threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+
+- [Visit the Microsoft Defender Security Center security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
new file mode 100644
index 0000000000..245b969459
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
@@ -0,0 +1,85 @@
+---
+title: Manage Microsoft Defender ATP using PowerShell, WMI, and MPCmdRun.exe
+description: Learn how to manage Microsoft Defender ATP with PowerShell, WMI, and MPCmdRun.exe
+keywords: post-migration, manage, operations, maintenance, utilization, PowerShell, WMI, MPCmdRun.exe, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Manage Microsoft Defender Advanced Threat Protection with PowerShell, WMI, and MPCmdRun.exe
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+> [!NOTE]
+> We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem) to manage your organization's threat protection features for devices (also referred to as endpoints). Endpoint Manager includes [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/understand/introduction).
+> - [Learn more about Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview)
+> - [Co-manage Microsoft Defender ATP on Windows 10 devices with Configuration Manager and Intune](manage-atp-post-migration-intune.md)
+> - [Manage Microsoft Defender ATP with Intune](manage-atp-post-migration-intune.md)
+
+You can manage some Microsoft Defender Antivirus settings on devices with [PowerShell](#configure-microsoft-defender-atp-with-powershell), [Windows Management Instrumentation](#configure-microsoft-defender-atp-with-windows-management-instrumentation-wmi) (WMI), and the [Microsoft Malware Protection Command Line Utility](#configure-microsoft-defender-atp-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe) (MPCmdRun.exe). For example, you can manage some Microsoft Defender Antivirus settings. And, in some cases, you can customize your attack surface reduction rules and exploit protection settings.
+
+> [!IMPORTANT]
+> Threat protection features that you configure by using PowerShell, WMI, or MCPmdRun.exe can be overwritten by configuration settings that are deployed with Intune or Configuration Manager.
+
+## Configure Microsoft Defender ATP with PowerShell
+
+You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules.
+
+|Task |Resources to learn more |
+|---------|---------|
+|**Manage Microsoft Defender Antivirus**
*View status of antimalware protection, configure preferences for antivirus scans & updates, and make other changes to your antivirus protection.* |[Use PowerShell cmdlets to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus)
[Use PowerShell cmdlets to enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus#use-powershell-cmdlets-to-enable-cloud-delivered-protection) |
+|**Configure exploit protection** to mitigate threats on your organization's devices
*We recommend using exploit protection in [audit mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection#powershell) at first. That way, you can see how exploit protection affects apps your organization is using.* | [Customize exploit protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection)
[PowerShell cmdlets for exploit protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection#powershell-reference) |
+|**Configure attack surface reduction rules** with PowerShell
*You can use PowerShell to exclude files and folders from attack surface reduction rules.* |[Customize attack surface reduction rules: Use PowerShell to exclude files & folders](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction#use-powershell-to-exclude-files-and-folders)
Also, see [António Vasconcelo's graphical user interface tool for setting attack surface reduction rules with PowerShell](https://github.com/anvascon/MDATP_PoSh_Scripts/tree/master/ASR%20GUI). |
+|**Enable Network Protection** with PowerShell
*You can use PowerShell to enable Network Protection.* |[Turn on Network Protection with PowerShell](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection#powershell) |
+|**Configure controlled folder access** to protect against ransomware
*[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders) is also referred to as antiransomware protection.* |[Enable controlled folder access with PowerShell](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders#powershell) |
+|**Configure Microsoft Defender Firewall** to block unauthorized network traffic flowing into or out of your organization's devices |[Microsoft Defender Firewall with Advanced Security Administration using Windows PowerShell](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell) |
+|**Configure encryption and BitLocker** to protect information on your organization's devices running Windows |[BitLocker PowerShell reference guide](https://docs.microsoft.com/powershell/module/bitlocker/?view=win10-ps) |
+
+## Configure Microsoft Defender ATP with Windows Management Instrumentation (WMI)
+
+WMI is a scripting interface that allows you to retrieve, modify, and update settings. To learn more, see [Using WMI](https://docs.microsoft.com/windows/win32/wmisdk/using-wmi).
+
+|Task |Resources to learn more |
+|---------|---------|
+|**Enable cloud-delivered protection** on a device |[Use Windows Management Instruction (WMI) to enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus#use-windows-management-instruction-wmi-to-enable-cloud-delivered-protection) |
+|**Retrieve, modify, and update settings** for Microsoft Defender Antivirus | [Use WMI to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus)
[Review the list of available WMI classes and example scripts](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal)
Also see the archived [Windows Defender WMIv2 Provider reference information](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal?redirectedfrom=MSDN) |
+
+
+## Configure Microsoft Defender ATP with Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe)
+
+On an individual device, you can run a scan, start diagnostic tracing, check for security intelligence updates, and more using the mpcmdrun.exe command-line tool. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. Run it from a command prompt.
+
+|Task |Resources to learn more |
+|---------|---------|
+|**Manage Microsoft Defender Antivirus** |[Configure and manage Microsoft Defender Antivirus with mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) |
+
+## Configure your Microsoft Defender Security Center
+
+If you haven't already done so, **configure your Microsoft Defender Security Center** ([https://securitycenter.windows.com](https://securitycenter.windows.com)) to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture.
+
+You can also configure whether and what features end users can see in the Microsoft Defender Security Center.
+
+- [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use)
+
+- [Endpoint protection: Microsoft Defender Security Center](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
+
+
+## Next steps
+
+- [Get an overview of threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+
+- [Visit the Microsoft Defender Security Center security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)
+
+- [Manage Microsoft Defender ATP with Intune](manage-atp-post-migration-intune.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
new file mode 100644
index 0000000000..f716c99579
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
@@ -0,0 +1,37 @@
+---
+title: Manage Microsoft Defender ATP post migration
+description: Now that you've made the switch to Microsoft Defender ATP, your next step is to manage your threat protection features
+keywords: post-migration, manage, operations, maintenance, utilization, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Manage Microsoft Defender Advanced Threat Protection, post migration
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+After you have moved from your previous endpoint protection and antivirus solution to Microsoft Defender ATP, your next step is to manage your features and capabilities. We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview), which includes [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/understand/introduction), to manage your organization's devices and security settings. However, you can use other tools/methods, such as [Group Policy Objects in Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy).
+
+The following table lists various tools/methods you can use, with links to learn more.
+
+
+|Tool/Method |Description |
+|---------|---------|
+|**[Threat and vulnerability management dashboard insights](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights)** in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) |The threat & vulnerability management dashboard provides actionable information that your security operations team can use to reduce exposure and improve your organization's security posture.
See [Threat & vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) and [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use). |
+|**[Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune)** (recommended) |Microsoft Intune (Intune), a component of [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview), focuses on mobile device management (MDM) and mobile application management (MAM). With Intune, you control how your organization’s devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications.
See [Manage Microsoft Defender ATP using Intune](manage-atp-post-migration-intune.md). |
+|**[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/understand/introduction)** |Microsoft Endpoint Configuration Manager (Configuration Manager), formerly known as System Center Configuration Manager, is a component of [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview). Configuration Manager is a powerful tool to manage your users, devices, and software.
See [Manage Microsoft Defender ATP with Configuration Manager](manage-atp-post-migration-configuration-manager.md). |
+|**[Group Policy Objects in Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy)** |[Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services/overview) includes built-in Group Policy Objects for users and devices. You can customize the built-in Group Policy Objects as needed for your environment, as well as create custom Group Policy Objects and organizational units (OUs).
See [Manage Microsoft Defender ATP with Group Policy Objects](manage-atp-post-migration-group-policy-objects.md). |
+|**[PowerShell, WMI, and MPCmdRun.exe](manage-atp-post-migration-other-tools.md)** |*We recommend using Microsoft Endpoint Manager (which includes Intune and Configuration Manager) to manage threat protection features on your organization's devices. However, you can configure some settings, such as Microsoft Defender Antivirus settings on individual devices (endpoints) with PowerShell, WMI, or the MPCmdRun.exe tool.*
You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules. See [Configure Microsoft Defender ATP with PowerShell](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-atp-with-powershell).
You can use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus and exclusions. See [Configure Microsoft Defender ATP with WMI](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-atp-with-windows-management-instrumentation-wmi).
You can use the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) to manage Microsoft Defender Antivirus and exclusions, as well as validate connections between your network and the cloud. See [Configure Microsoft Defender ATP with MPCmdRun.exe](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-atp-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe). |
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
index 8ee9cd8e12..9665f24c1f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
@@ -34,13 +34,13 @@ Selecting an incident from the **Incidents queue** brings up the **Incident mana
You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress.
> [!TIP]
-> For additional visibility at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. This allows you to quickly understand the scope of the incident.
+> For additional visibility at a glance, incident names are automatically generated based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. This allows you to quickly understand the scope of the incident.
>
> For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
>
-> Incidents that existed prior the rollout of automatic incident naming will not have their name changed.
+> Incidents that existed prior the rollout of automatic incident naming will retain their names.
>
-> Learn more about [turning on preview features](preview.md#turn-on-preview-features).
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index e17e4280c2..081eb65201 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -1,6 +1,6 @@
---
-title: Create indicators
-ms.reviewer:
+title: Create indicators
+ms.reviewer:
description: Create indicators for a file hash, IP address, URLs, or domains that define the detection, prevention, and exclusion of entities.
keywords: manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain
search.product: eADQiWindows 10XVcnh
@@ -14,11 +14,11 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: article
---
-# Create indicators
+# Create indicators
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@@ -40,10 +40,10 @@ The same list of indicators is honored by the prevention agent. Meaning, if Micr
**Automated investigation and remediation engine**
The automated investigation and remediation behave the same. If an indicator is set to "Allow", Automated investigation and remediation will ignore a "bad" verdict for it. If set to "Block", Automated investigation and remediation will treat it as "bad".
-
+
The current supported actions are:
-- Allow
+- Allow
- Alert only
- Alert and block
@@ -55,7 +55,7 @@ You can create an indicator for:
>[!NOTE]
->There is a limit of 15,000 indicators per tenant.
+>There is a limit of 15,000 indicators per tenant.
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
index 04bb26271d..6b4210212e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
@@ -1,6 +1,6 @@
---
title: Manage Microsoft Defender Advanced Threat Protection suppression rules
-description: Manage suppression rules
+description: You might need to prevent alerts from appearing in the portal by using suppression rules. Learn how to manage your suppression rules in Microsoft Defender ATP.
keywords: manage suppression, rules, rule name, scope, action, alerts, turn on, turn off
search.product: eADQiWindows 10XVcnh
search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index 283349edd3..d4d253fe83 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Microsoft Defender Advanced Threat Protection
description: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is an enterprise endpoint security platform that helps defend against advanced persistent threats.
-keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting
+keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next-generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -52,7 +52,7 @@ Microsoft Defender ATP uses the following combination of technology built into W
@@ -87,8 +87,8 @@ The attack surface reduction set of capabilities provide the first line of defen
-**[Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)**
-To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
+**[Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)**
+To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
index 12f56bc412..9e20ced652 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
@@ -27,8 +27,6 @@ ms.topic: conceptual
>
> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
>
-> If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Android onboarding page immediately. If you have not yet opted into previews, we encourage you to [turn on preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview) in the Microsoft Defender Security Center today.
-
This topic describes how to install, configure, update, and use Microsoft Defender ATP for Android.
> [!CAUTION]
@@ -42,7 +40,7 @@ This topic describes how to install, configure, update, and use Microsoft Defend
- **For end users**
- - Microsoft Defender ATP license assigned to the end user(s) of the app.
+ - Microsoft Defender ATP license assigned to the end user(s) of the app. See [Microsoft Defender ATP licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
- Intune Company Portal app can be downloaded from [Google
Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal)
@@ -78,15 +76,16 @@ This topic describes how to install, configure, update, and use Microsoft Defend
### Installation instructions
Microsoft Defender ATP for Android supports installation on both modes of
-enrolled devices - the legacy Device Administrator and Android Enterprise modes
+enrolled devices - the legacy Device Administrator and Android Enterprise modes.
+**Currently, only Work Profile enrolled devices are supported in Android Enterprise. Support for other Android Enterprise modes will be announced when ready.**
Deployment of Microsoft Defender ATP for Android is via Microsoft Intune (MDM).
For more information, see [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md).
> [!NOTE]
-> During public preview, instructions to deploy Microsoft Defender ATP for Android on Intune enrolled Android devices are different across Device Administrator and Android Enterprise entrollment modes.
-> **When Microsoft Defender ATP for Android reaches General Availability (GA), the app will be available on Google Play.**
+> **Microsoft Defender ATP for Android is available on Google Play now.**
+> You can connect to Google Play from Intune to deploy Microsoft Defender ATP app, across Device Administrator and Android Enterprise entrollment modes.
## How to Configure Microsoft Defender ATP for Android
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
index fda5e2b14b..b2b4bdcfae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@@ -65,7 +65,7 @@ If you experience any installation failures, refer to [Troubleshooting installat
> [!CAUTION]
> Running Microsoft Defender ATP for Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system.
-- Disk space: 650 MB
+- Disk space: 1GB
- The solution currently provides real-time protection for the following file system types:
- `btrfs`
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index ae6569fd45..bfad87ca3d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -1,7 +1,7 @@
---
title: Microsoft Defender ATP for Mac
ms.reviewer:
-description: Describes how to install and use Microsoft Defender ATP for Mac.
+description: Learn how to install, configure, update, and use Microsoft Defender Advanced Threat Protection for Mac.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -61,7 +61,7 @@ There are several methods and deployment tools that you can use to install and c
The three most recent major releases of macOS are supported.
- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
-- Disk space: 650 MB
+- Disk space: 1GB
Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index c3372148b8..b3d3eb3ef8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -103,8 +103,9 @@ The hardware requirements for Microsoft Defender ATP on devices are the same for
### Other supported operating systems
-- macOS
+- Android
- Linux (currently, Microsoft Defender ATP is only available in the Public Preview Edition for Linux)
+- macOS
> [!NOTE]
> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Microsoft Defender ATP for the integration to work.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index eb56826c55..9453feda1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -3,7 +3,6 @@ title: Use network protection to help prevent connections to bad sites
description: Protect your network by preventing users from accessing known malicious and suspicious network addresses
keywords: Network protection, exploits, malicious website, ip, domain, domains
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
index 0f1e02ecd1..c07a143d91 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -27,19 +27,19 @@ ms.topic: conceptual
Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.
-It helps organizations discover vulnerabilities and misconfigurations in real-time, based on sensors, without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.
+Discover vulnerabilities and misconfigurations in real time with sensors, and without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.
Watch this video for a quick overview of threat and vulnerability management.
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4mLsn]
-## Next-generation capabilities
+## Bridging the workflow gaps
-Threat and vulnerability management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base.
+Threat and vulnerability management is built in, real time, and cloud powered. It's fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base.
-It is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft Microsoft Endpoint Configuration Manager.
+Vulnerability management is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. Create a security task or ticket by integrating with Microsoft Intune and Microsoft Endpoint Configuration Manager.
-It provides the following solutions to frequently-cited gaps across security operations, security administration, and IT administration workflows and communication.
+It provides the following solutions to frequently cited gaps across security operations, security administration, and IT administration workflows and communication:
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
- Linked device vulnerability and security configuration assessment data in the context of exposure discovery
@@ -47,7 +47,9 @@ It provides the following solutions to frequently-cited gaps across security ope
### Real-time discovery
-To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead, and provides:
+To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead.
+
+It also provides:
- Real-time device inventory. Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard.
- Visibility into software and vulnerabilities. Optics into the organization's software inventory, and software changes like installations, uninstalls, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
@@ -56,10 +58,10 @@ To discover endpoint vulnerabilities and misconfiguration, threat and vulnerabil
### Intelligence-driven prioritization
-Threat and vulnerability management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, threat and vulnerability management in Microsoft Defender ATP highlights the most critical weaknesses that need attention by fusing its security recommendations with dynamic threat and business context:
+Threat and vulnerability management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, threat and vulnerability management highlights the most critical weaknesses that need attention. It fuses security recommendations with dynamic threat and business context:
-- Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, threat and vulnerability management dynamically aligns the prioritization of its security recommendations to focus on vulnerabilities that are currently being exploited in the wild and emerging threats that pose the highest risk.
-- Pinpointing active breaches. Microsoft Defender ATP correlates threat and vulnerability management and EDR insights to provide the unique ability to prioritize vulnerabilities that are currently being exploited in an active breach within the organization.
+- Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, threat and vulnerability management dynamically aligns the prioritization of its security recommendations. It focuses on vulnerabilities currently being exploited in the wild and emerging threats that pose the highest risk.
+- Pinpointing active breaches. Microsoft Defender ATP correlates threat and vulnerability management and EDR insights to prioritize vulnerabilities being exploited in an active breach within the organization.
- Protecting high-value assets. Microsoft Defender ATP's integration with Azure Information Protection allows threat and vulnerability management to identify the exposed devices with business-critical applications, confidential data, or high-value users.
### Seamless remediation
@@ -95,14 +97,15 @@ Ensure that your devices:
> Windows 10 Version 1809 | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
> Windows 10 Version 1903 | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
-- Are onboarded to Microsoft Intune and Microsoft Endpoint Configuration Manager. If you are using Configuration Manager, update your console to the latest version.
+- Are onboarded to [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure). If you're using Configuration Manager, update your console to the latest version.
- Have at least one security recommendation that can be viewed in the device page
- Are tagged or marked as co-managed
## APIs
-Run threat and vulnerability management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615).
-See the following topics for related APIs:
+Run threat and vulnerability management-related API calls to automate vulnerability management workflows. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615).
+
+See the following articles for related APIs:
- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
- [Machine APIs](machine.md)
@@ -112,7 +115,7 @@ See the following topics for related APIs:
- [Vulnerability APIs](vulnerability.md)
- [List vulnerabilities by machine and software](get-all-vulnerabilities-by-machines.md)
-## Related topics
+## See also
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
index 2c94a9c19e..d51165a30f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@@ -1,6 +1,6 @@
---
title: Offboard machine API
-description: Use this API to offboard a device from WDATP.
+description: Learn how to use an API to offboard a device from Windows Defender Advanced Threat Protection (WDATP).
keywords: apis, graph api, supported apis, collect investigation package
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt
deleted file mode 100644
index b1e6285e7e..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt
+++ /dev/null
@@ -1,528 +0,0 @@
-# [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md)
-
-## [Overview]()
-### [Overview of Microsoft Defender ATP capabilities](overview.md)
-### [Threat & Vulnerability Management]()
-#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md)
-#### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md)
-#### [Exposure score](tvm-exposure-score.md)
-#### [Configuration score](configuration-score.md)
-#### [Security recommendation](tvm-security-recommendation.md)
-#### [Remediation](tvm-remediation.md)
-#### [Software inventory](tvm-software-inventory.md)
-#### [Weaknesses](tvm-weaknesses.md)
-#### [Scenarios](threat-and-vuln-mgt-scenarios.md)
-
-
-### [Attack surface reduction]()
-#### [Hardware-based isolation]()
-##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md)
-
-##### [Application isolation]()
-###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md)
-###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md)
-
-##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
-
-#### [Application control]()
-##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md)
-
-#### [Exploit protection](../windows-defender-exploit-guard/exploit-protection.md)
-#### [Network protection](../windows-defender-exploit-guard/network-protection.md)
-#### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders.md)
-#### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction.md)
-#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
-
-
-### [Next generation protection](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)
-
-
-### [Endpoint detection and response]()
-#### [Endpoint detection and response overview](overview-endpoint-detection-response.md)
-#### [Security operations dashboard](security-operations-dashboard.md)
-
-#### [Incidents queue]()
-##### [View and organize the Incidents queue](view-incidents-queue.md)
-##### [Manage incidents](manage-incidents.md)
-##### [Investigate incidents](investigate-incidents.md)
-
-#### [Alerts queue]()
-##### [View and organize the Alerts queue](alerts-queue.md)
-##### [Manage alerts](manage-alerts.md)
-##### [Investigate alerts](investigate-alerts.md)
-##### [Investigate files](investigate-files.md)
-##### [Investigate machines](investigate-machines.md)
-##### [Investigate an IP address](investigate-ip.md)
-##### [Investigate a domain](investigate-domain.md)
-##### [Investigate a user account](investigate-user.md)
-
-#### [Machines list]()
-##### [View and organize the Machines list](machines-view-overview.md)
-
-##### [Investigate machines]()
-###### [Machine details](investigate-machines.md#machine-details)
-###### [Response actions](investigate-machines.md#response-actions)
-###### [Cards](investigate-machines.md#cards)
-###### [Tabs](investigate-machines.md#tabs)
-
-#### [Take response actions]()
-##### [Take response actions on a machine]()
-###### [Understand response actions](respond-machine-alerts.md)
-###### [Manage tags](respond-machine-alerts.md#manage-tags)
-###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation)
-###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session)
-###### [Collect investigation package from machines](respond-machine-alerts.md#collect-investigation-package-from-machines)
-###### [Run Microsoft Defender Antivirus scan on machines](respond-machine-alerts.md#run-microsoft-defender-antivirus-scan-on-machines)
-###### [Restrict app execution](respond-machine-alerts.md#restrict-app-execution)
-###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network)
-###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center)
-
-##### [Take response actions on a file]()
-###### [Understand response actions](respond-file-alerts.md)
-###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
-###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine)
-###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
-###### [Deep analysis](respond-file-alerts.md#deep-analysis)
-
-##### [Live response]()
-###### [Investigate entities on machines](live-response.md)
-###### [Live response command examples](live-response-command-examples.md)
-
-
-### [Automated investigation and remediation]()
-#### [Understand Automated investigations](automated-investigations.md)
-#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
-#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
-
-
-### [Threat analytics](threat-analytics.md)
-
-
-### [Microsoft Threat Experts](microsoft-threat-experts.md)
-
-
-### [Advanced hunting]()
-#### [Advanced hunting overview](advanced-hunting-overview.md)
-
-#### [Query data using Advanced hunting]()
-##### [Data querying basics](advanced-hunting-query-language.md)
-##### [Advanced hunting reference](advanced-hunting-schema-reference.md)
-##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
-
-#### [Custom detections]()
-##### [Understand custom detection rules](overview-custom-detections.md)
-##### [Create custom detections rules](custom-detection-rules.md)
-
-### [Management and APIs]()
-#### [Overview of management and APIs](management-apis.md)
-#### [Understand threat intelligence concepts](threat-indicator-concepts.md)
-#### [Microsoft Defender ATP APIs](apis-intro.md)
-#### [Managed security service provider support](mssp-support.md)
-
-
-### [Integrations]()
-#### [Microsoft Defender ATP integrations](threat-protection-integration.md)
-#### [Conditional Access integration overview](conditional-access.md)
-#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
-
-#### [Information protection in Windows overview]()
-##### [Windows integration](information-protection-in-windows-overview.md)
-##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
-
-
-### [Microsoft Threat Experts](microsoft-threat-experts.md)
-
-
-### [Portal overview](portal-overview.md)
-
-
-
-## [Get started]()
-### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
-### [Preview features](preview.md)
-### [Evaluation lab](evaluation-lab.md)
-### [Minimum requirements](minimum-requirements.md)
-### [Validate licensing and complete setup](licensing.md)
-
-### [Data storage and privacy](data-storage-privacy.md)
-### [Assign user access to the portal](assign-portal-access.md)
-
-### [Evaluate Microsoft Defender ATP capabilities]()
-#### [Evaluate attack surface reduction]()
-
-##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md)
-###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
-###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
-###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
-###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
-###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
-###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-##### [Evaluate next generation protection](../microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md)
-
-### [Access the Microsoft Defender Security Center Community Center](community.md)
-
-## [Configure and manage capabilities]()
-
-### [Configure attack surface reduction](configure-attack-surface-reduction.md)
-
-### [Hardware-based isolation]()
-#### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
-
-#### [Application isolation]()
-##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md)
-##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md)
-
-#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
-
-#### [Device control]()
-##### [Control USB devices](../device-control/control-usb-devices-using-intune.md)
-
-##### [Device Guard]()
-###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-
-###### [Memory integrity]()
-####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
-####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
-####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
-
-#### [Exploit protection]()
-##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
-##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
-
-#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
-
-#### [Controlled folder access]()
-##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders.md)
-##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders.md)
-
-#### [Attack surface reduction controls]()
-##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
-##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md)
-
-#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
-
-
-### [Configure next generation protection]()
-#### [Configure Microsoft Defender Antivirus features](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md)
-#### [Utilize Microsoft cloud-delivered protection]()
-##### [Understand cloud-delivered protection](../microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)
-##### [Enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md)
-##### [Specify the cloud-delivered protection level](../microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md)
-##### [Configure and validate network connections](../microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md)
-##### [Enable Block at first sight](../microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md)
-##### [Configure the cloud block timeout period](../microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)
-
-#### [Configure behavioral, heuristic, and real-time protection]()
-##### [Configuration overview](../microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md)
-##### [Detect and block potentially unwanted applications](../microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md)
-##### [Enable and configure always-on protection and monitoring](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md)
-
-#### [Antivirus on Windows Server 2016](../microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md)
-
-#### [Antivirus compatibility]()
-##### [Compatibility charts](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md)
-##### [Use limited periodic antivirus scanning](../microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md)
-
-#### [Deploy, manage updates, and report on antivirus]()
-##### [Using Microsoft Defender Antivirus](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md)
-
-##### [Deploy and enable antivirus]()
-###### [Preparing to deploy](../microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md)
-###### [Deployment guide for VDI environments](../microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md)
-
-##### [Report on antivirus protection]()
-###### [Review protection status and aqlerts](../microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md)
-###### [Troubleshoot antivirus reporting in Update Compliance](../microsoft-defender-antivirus/troubleshoot-reporting.md)
-
-##### [Manage updates and apply baselines]()
-###### [Learn about the different kinds of updates](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md)
-###### [Manage protection and Security intelligence updates](../microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md)
-###### [Manage when protection updates should be downloaded and applied](../microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md)
-###### [Manage updates for endpoints that are out of date](../microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md)
-###### [Manage event-based forced updates](../microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md)
-###### [Manage updates for mobile devices and VMs](../microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)
-
-#### [Customize, initiate, and review the results of scans and remediation]()
-##### [Configuration overview](../microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
-
-##### [Configure and validate exclusions in antivirus scans]()
-###### [Exclusions overview](../microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
-###### [Configure and validate exclusions based on file name, extension, and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md)
-###### [Configure and validate exclusions for files opened by processes](../microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
-###### [Configure antivirus exclusions Windows Server 2016](../microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md)
-
-##### [Configure antivirus scanning options](../microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md)
-##### [Configure remediation for scans](../microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md)
-##### [Configure scheduled scans](../microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md)
-##### [Configure and run scans](../microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md)
-##### [Review scan results](../microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md)
-##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md)
-
-#### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
-
-#### [Manage antivirus in your business]()
-##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
-##### [Use Group Policy settings to configure and manage antivirus](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
-##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
-##### [Use PowerShell cmdlets to configure and manage antivirus](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
-##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
-##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
-
-#### [Manage scans and remediation]()
-##### [Management overview](../microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
-
-##### [Configure and validate exclusions in antivirus scans]()
-###### [Exclusions overview](../microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
-###### [Configure and validate exclusions based on file name, extension, and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md)
-###### [Configure and validate exclusions for files opened by processes](../microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
-###### [Configure antivirus exclusions on Windows Server 2016](../microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md)
-
-##### [Configure scanning options](../microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md)
-##### [Configure remediation for scans](../microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md)
-##### [Configure scheduled scans](../microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md)
-##### [Configure and run scans](../microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md)
-##### [Review scan results](../microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md)
-##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md)
-##### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
-
-#### [Manage next generation protection in your business]()
-##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
-##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
-##### [Use Group Policy settings to manage next generation protection](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
-##### [Use PowerShell cmdlets to manage next generation protection](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
-##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
-##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
-
-
-
-### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
-
-
-### [Endpoint detection and response management and API support]()
-
-#### [Onboard machines]()
-##### [Onboarding overview](onboard-configure.md)
-##### [Onboard previous versions of Windows](onboard-downlevel.md)
-
-##### [Onboard Windows 10 machines]()
-###### [Ways to onboard](configure-endpoints.md)
-###### [Onboard machines using Group Policy](configure-endpoints-gp.md)
-###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md)
-
-###### [Onboard machines using Mobile Device Management tools]()
-####### [Overview](configure-endpoints-mdm.md)
-####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
-###### [Onboard machines using a local script](configure-endpoints-script.md)
-###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
-
-##### [Onboard servers](configure-server-endpoints.md)
-##### [Onboard non-Windows machines](configure-endpoints-non-windows.md)
-##### [Onboard machines without Internet access](onboard-offline-machines.md)
-##### [Run a detection test on a newly onboarded machine](run-detection-test.md)
-##### [Run simulated attacks on machines](attack-simulations.md)
-##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
-
-##### [Troubleshoot onboarding issues]()
-###### [Troubleshooting basics](troubleshoot-onboarding.md)
-###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
-
-#### [Microsoft Defender ATP API]()
-##### [Understand Microsoft Defender ATP APIs](use-apis.md)
-##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md)
-
-##### [Get started]()
-###### [Introduction](apis-intro.md)
-###### [Hello World](api-hello-world.md)
-###### [Get access with application context](exposed-apis-create-app-webapp.md)
-###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
-###### [Get partner application access](microsoft-defender-atp/exposed-apis-create-app-partners.md)
-
-##### [APIs]()
-###### [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
-###### [Common REST API error codes](common-errors.md)
-###### [Advanced Hunting](run-advanced-query-api.md)
-
-###### [Alert]()
-####### [Methods, properties, and JSON representation](alerts.md)
-####### [List alerts](get-alerts.md)
-####### [Create alert](create-alert-by-reference.md)
-####### [Update Alert](update-alert.md)
-####### [Get alert information by ID](get-alert-info-by-id.md)
-####### [Get alert related domains information](get-alert-related-domain-info.md)
-####### [Get alert related file information](get-alert-related-files-info.md)
-####### [Get alert related IPs information](get-alert-related-ip-info.md)
-####### [Get alert related machine information](get-alert-related-machine-info.md)
-####### [Get alert related user information](get-alert-related-user-info.md)
-
-###### [Machine]()
-####### [Methods and properties](machine.md)
-####### [List machines](get-machines.md)
-####### [Get machine by ID](get-machine-by-id.md)
-####### [Get machine log on users](get-machine-log-on-users.md)
-####### [Get machine related alerts](get-machine-related-alerts.md)
-####### [Add or Remove machine tags](add-or-remove-machine-tags.md)
-####### [Find machines by IP](find-machines-by-ip.md)
-
-###### [Machine Action]()
-####### [Methods and properties](machineaction.md)
-####### [List Machine Actions](get-machineactions-collection.md)
-####### [Get Machine Action](get-machineaction-object.md)
-####### [Collect investigation package](collect-investigation-package.md)
-####### [Get investigation package SAS URI](get-package-sas-uri.md)
-####### [Isolate machine](isolate-machine.md)
-####### [Release machine from isolation](unisolate-machine.md)
-####### [Restrict app execution](restrict-code-execution.md)
-####### [Remove app restriction](unrestrict-code-execution.md)
-####### [Run antivirus scan](run-av-scan.md)
-####### [Offboard machine](offboard-machine-api.md)
-####### [Stop and quarantine file](stop-and-quarantine-file.md)
-
-###### [Automated Investigation]()
-####### [Investigation methods and properties](microsoft-defender-atp/investigation.md)
-####### [List Investigation](microsoft-defender-atp/get-investigation-collection.md)
-####### [Get Investigation](microsoft-defender-atp/get-investigation-object.md)
-####### [Start Investigation](microsoft-defender-atp/initiate-autoir-investigation.md)
-
-###### [Indicators]()
-####### [Methods and properties](ti-indicator.md)
-####### [Submit Indicator](post-ti-indicator.md)
-####### [List Indicators](get-ti-indicators-collection.md)
-####### [Delete Indicator](delete-ti-indicator-by-id.md)
-
-###### [Domain]()
-####### [Get domain related alerts](get-domain-related-alerts.md)
-####### [Get domain related machines](get-domain-related-machines.md)
-####### [Get domain statistics](get-domain-statistics.md)
-
-###### [File]()
-####### [Methods and properties](files.md)
-####### [Get file information](get-file-information.md)
-####### [Get file related alerts](get-file-related-alerts.md)
-####### [Get file related machines](get-file-related-machines.md)
-####### [Get file statistics](get-file-statistics.md)
-
-###### [IP]()
-####### [Get IP related alerts](get-ip-related-alerts.md)
-####### [Get IP statistics](get-ip-statistics.md)
-
-###### [User]()
-####### [Methods](user.md)
-####### [Get user related alerts](get-user-related-alerts.md)
-####### [Get user related machines](get-user-related-machines.md)
-
-##### [How to use APIs - Samples]()
-###### [Microsoft Flow](api-microsoft-flow.md)
-###### [Power BI](api-power-bi.md)
-###### [Advanced Hunting using Python](run-advanced-query-sample-python.md)
-###### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
-###### [Using OData Queries](exposed-apis-odata-samples.md)
-
-#### [API for custom alerts]()
-##### [Enable the custom threat intelligence application](enable-custom-ti.md)
-##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md)
-##### [Create custom threat intelligence alerts](custom-ti-api.md)
-##### [PowerShell code examples](powershell-example-code.md)
-##### [Python code examples](python-example-code.md)
-##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
-##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
-
-#### [Pull Detections to your SIEM tools]()
-##### [Learn about different ways to pull Detections](configure-siem.md)
-##### [Enable SIEM integration](enable-siem-integration.md)
-##### [Configure Splunk to pull Detections](configure-splunk.md)
-##### [Configure HP ArcSight to pull Detections](configure-arcsight.md)
-##### [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
-##### [Pull Detections using SIEM REST API](pull-alerts-using-rest-api.md)
-##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
-
-#### [Reporting]()
-##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
-##### [Threat protection reports](threat-protection-reports.md)
-##### [Machine health and compliance reports](machine-reports.md)
-
-#### [Interoperability]()
-##### [Partner applications](partner-applications.md)
-
-#### [Manage machine configuration]()
-##### [Ensure your machines are configured properly](configure-machines.md)
-##### [Monitor and increase machine onboarding](configure-machines-onboarding.md)
-##### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
-##### [Optimize ASR rule deployment and detections](configure-machines-asr.md)
-
-#### [Role-based access control]()
-
-##### [Manage portal access using RBAC]()
-###### [Using RBAC](rbac.md)
-###### [Create and manage roles](user-roles.md)
-
-###### [Create and manage machine groups]()
-####### [Using machine groups](machine-groups.md)
-####### [Create and manage machine tags](machine-tags.md)
-
-#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
-
-
-### [Configure Microsoft threat protection integration]()
-#### [Configure Conditional Access](configure-conditional-access.md)
-#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
-#### [Configure information protection in Windows](information-protection-in-windows-config.md)
-
-
-### [Configure portal settings]()
-#### [Set up preferences](preferences-setup.md)
-
-#### [General]()
-##### [Update data retention settings](data-retention-settings.md)
-##### [Configure alert notifications](configure-email-notifications.md)
-##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
-##### [Configure advanced features](advanced-features.md)
-
-#### [Permissions]()
-##### [Use basic permissions to access the portal](basic-permissions.md)
-##### [Manage portal access using RBAC](rbac.md)
-###### [Create and manage roles](user-roles.md)
-###### [Create and manage machine groups](machine-groups.md)
-####### [Create and manage machine tags](machine-tags.md)
-
-#### [APIs]()
-##### [Enable Threat intel](enable-custom-ti.md)
-##### [Enable SIEM integration](enable-siem-integration.md)
-
-#### [Rules]()
-##### [Manage suppression rules](manage-suppression-rules.md)
-##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
-##### [Manage indicators](manage-indicators.md)
-##### [Manage automation file uploads](manage-automation-file-uploads.md)
-##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
-
-#### [Machine management]()
-##### [Onboarding machines](onboard-configure.md)
-##### [Offboarding machines](offboard-machines.md)
-
-#### [Configure time zone settings](time-settings.md)
-
-
-
-## [Troubleshoot Microsoft Defender ATP]()
-
-### [Troubleshoot sensor state]()
-#### [Check sensor state](check-sensor-status.md)
-#### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
-#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
-#### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines)
-#### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md)
-
-
-### [Troubleshoot service issues]()
-#### [Troubleshooting issues](troubleshoot-mdatp.md)
-#### [Check service health](service-status.md)
-
-
-### [Troubleshoot attack surface reduction issues]()
-#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
-#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
-#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md)
-
-
-### [Troubleshoot next generation protection issues](../microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
index ca0ae8b595..22a6d8de5e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
@@ -54,8 +54,8 @@ For more information about onboarding methods, see the following articles:
## Azure virtual machines
- Configure and enable [Azure Log Analytics workspace](https://docs.microsoft.com/azure/azure-monitor/platform/gateway)
- - Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
- - [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
+ - Setup Azure Log Analytics Gateway (formerly known as OMS Gateway) to act as proxy or hub:
+ - [Azure Log Analytics Gateway](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
- [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp) point to Microsoft Defender ATP Workspace key & ID
- Offline Azure VMs in the same network of OMS Gateway
- Configure Azure Log Analytics IP as a proxy
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
index 37c447d3fc..64b2b3236f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
@@ -1,8 +1,8 @@
---
title: Configure and manage Microsoft Defender ATP capabilities
ms.reviewer:
-description: Configure and manage Microsoft Defender ATP capabilities such as attack surface reduction, next generation protection, and security controls
-keywords: configure, manage, capabilities, attack surface reduction, next generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls
+description: Configure and manage Microsoft Defender ATP capabilities such as attack surface reduction, next-generation protection, and security controls
+keywords: configure, manage, capabilities, attack surface reduction, next-generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -30,7 +30,7 @@ Configure and manage all the Microsoft Defender ATP capabilities to get the best
Topic | Description
:---|:---
[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
-[Configure next generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
+[Configure next-generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next-generation protection to catch all types of emerging threats.
[Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP.
[Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
index c73e519c52..79394ceaf0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
@@ -12,7 +12,9 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-endpointprotect
ms.topic: article
---
@@ -217,8 +219,8 @@ Follow the steps below to identify the Microsoft Defender ATP Workspace ID and W
Once completed, you should see onboarded endpoints in the portal within an hour.
-## Next generation protection
-Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
+## next-generation protection
+Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers.
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
@@ -226,7 +228,7 @@ Microsoft Defender Antivirus is a built-in antimalware solution that provides ne
2. Select **Scheduled scans**, **Scan settings**, **Default actions**, **Real-time protection**, **Exclusion settings**, **Advanced**, **Threat overrides**, **Cloud Protection Service** and **Security intelligence updates** and choose **OK**.
- 
+ 
In certain industries or some select enterprise customers might have specific
needs on how Antivirus is configured.
@@ -237,29 +239,29 @@ needs on how Antivirus is configured.
For more details, see [Windows Security configuration framework](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework)
- 
+ 
- 
+ 
- 
+ 
- 
+ 
- 
+ 
- 
+ 
- 
+ 
- 
+ 
3. Right-click on the newly created antimalware policy and select **Deploy**.
- 
+ 
4. Target the new antimalware policy to your Windows 10 collection and click **OK**.
- 
+ 
After completing this task, you now have successfully configured Windows
Defender Antivirus.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
index c98c0a6c38..fd8438a07e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
@@ -18,22 +18,19 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-
# Custom detections overview
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions.
+With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions.
-Custom detections work with [Advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
+Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
Custom detections provide:
- Alerts for rule-based detections built from advanced hunting queries
- Automatic response actions that apply to files and devices
->[!NOTE]
->To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
-
-## Related topic
-- [Create and manage custom detection rules](custom-detection-rules.md)
+## Related topics
+- [Create detection rules](custom-detection-rules.md)
+- [View and manage detection rules](custom-detections-manage.md)
- [Advanced hunting overview](advanced-hunting-overview.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
index 5e1fd0cad0..63ca10ace1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@@ -1,6 +1,6 @@
---
title: Submit or Update Indicator API
-description: Use this API to submit or Update Indicator.
+description: Learn how to use the Submit or Update Indicator API to submit or update a new Indicator entity in Microsoft Defender Advanced Threat Protection.
keywords: apis, graph api, supported apis, submit, ti, indicator, update
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
index e1d07ae2e0..56d83bd553 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -13,7 +13,9 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-endpointprotect
ms.topic: article
---
@@ -172,7 +174,7 @@ how the endpoint security suite should be enabled.
|-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
| Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 |
|Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities - Invaluable device vulnerability context during incident investigations - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 |
-| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes: -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus. - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection"). - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research. [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 |
+| Next-generation protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes: -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus. - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection"). - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research. [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 |
| Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 |
| Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable |
| Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
index 33a1b59c0a..dd1f0dfe6b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -13,7 +13,9 @@ author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-endpointprotect
ms.topic: article
---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index fce90c63c2..4c7de91e8a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -1,6 +1,6 @@
---
title: Pull Microsoft Defender ATP detections using REST API
-description: Pull detections from Microsoft Defender ATP REST API.
+description: Learn how call an Microsoft Defender ATP endpoint to pull detections in JSON format using the SIEM REST API.
keywords: detections, pull detections, rest api, request, response
search.product: eADQiWindows 10XVcnh
search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
index 11d05369ee..4435b74d94 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
@@ -1,59 +1,59 @@
----
-title: Recommendation methods and properties
-description: Retrieves top recent alerts.
-keywords: apis, graph api, supported apis, get, alerts, recent
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Recommendation resource type
-
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-## Methods
-Method |Return Type |Description
-:---|:---|:---
-[List all recommendations](get-all-recommendations.md) | Recommendation collection | Retrieves a list of all security recommendations affecting the organization
-[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | Retrieves a security recommendation by its ID
-[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | Retrieves a security recommendation related to a specific software
-[Get recommendation devices](get-recommendation-machines.md)|MachineRef collection | Retrieves a list of devices associated with the security recommendation
-[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of vulnerabilities associated with the security recommendation
-
-
-## Properties
-Property | Type | Description
-:---|:---|:---
-id | String | Recommendation ID
-productName | String | Related software name
-recommendationName | String | Recommendation name
-Weaknesses | Long | Number of discovered vulnerabilities
-Vendor | String | Related vendor name
-recommendedVersion | String | Recommended version
-recommendationCategory | String | Recommendation category. Possible values are: "Accounts", "Application", "Network", "OS", "SecurityStack
-subCategory | String | Recommendation sub-category
-severityScore | Double | Potential impact of the configuration to the organization's Microsoft Secure Score for Devices (1-10)
-publicExploit | Boolean | Public exploit is available
-activeAlert | Boolean | Active alert is associated with this recommendation
-associatedThreats | String collection | Threat analytics report is associated with this recommendation
-remediationType | String | Remediation type. Possible values are: "ConfigurationChange","Update","Upgrade","Uninstall"
-Status | Enum | Recommendation exception status. Possible values are: "Active" and "Exception"
-configScoreImpact | Double | Microsoft Secure Score for Devices impact
-exposureImpacte | Double | Exposure score impact
-totalMachineCount | Long | Number of installed devices
-exposedMachinesCount | Long | Number of installed devices that are exposed to vulnerabilities
-nonProductivityImpactedAssets | Long | Number of devices which are not affected
-relatedComponent | String | Related software component
+---
+title: Recommendation methods and properties
+description: Retrieves top recent alerts.
+keywords: apis, graph api, supported apis, get, alerts, recent
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Recommendation resource type
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+## Methods
+Method |Return Type |Description
+:---|:---|:---
+[List all recommendations](get-all-recommendations.md) | Recommendation collection | Retrieves a list of all security recommendations affecting the organization
+[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | Retrieves a security recommendation by its ID
+[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | Retrieves a security recommendation related to a specific software
+[Get recommendation devices](get-recommendation-machines.md)|MachineRef collection | Retrieves a list of devices associated with the security recommendation
+[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of vulnerabilities associated with the security recommendation
+
+
+## Properties
+Property | Type | Description
+:---|:---|:---
+id | String | Recommendation ID
+productName | String | Related software name
+recommendationName | String | Recommendation name
+Weaknesses | Long | Number of discovered vulnerabilities
+Vendor | String | Related vendor name
+recommendedVersion | String | Recommended version
+recommendationCategory | String | Recommendation category. Possible values are: "Accounts", "Application", "Network", "OS", "SecurityStack
+subCategory | String | Recommendation sub-category
+severityScore | Double | Potential impact of the configuration to the organization's Microsoft Secure Score for Devices (1-10)
+publicExploit | Boolean | Public exploit is available
+activeAlert | Boolean | Active alert is associated with this recommendation
+associatedThreats | String collection | Threat analytics report is associated with this recommendation
+remediationType | String | Remediation type. Possible values are: "ConfigurationChange","Update","Upgrade","Uninstall"
+Status | Enum | Recommendation exception status. Possible values are: "Active" and "Exception"
+configScoreImpact | Double | Microsoft Secure Score for Devices impact
+exposureImpacte | Double | Exposure score impact
+totalMachineCount | Long | Number of installed devices
+exposedMachinesCount | Long | Number of installed devices that are exposed to vulnerabilities
+nonProductivityImpactedAssets | Long | Number of devices which are not affected
+relatedComponent | String | Related software component
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 00040ec11f..2625952949 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -1,7 +1,7 @@
---
title: Advanced Hunting API
ms.reviewer:
-description: Use the Advanced hunting API to run advanced queries on Microsoft Defender Advanced Threat Protection
+description: Learn to use the advanced hunting API to run advanced queries on Microsoft Defender Advanced Threat Protection. Find out about limitations and see an example.
keywords: apis, supported apis, advanced hunting, query
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
index deacdfd079..9163a45a52 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
@@ -1,7 +1,7 @@
---
title: Advanced Hunting with Python API Guide
ms.reviewer:
-description: Learn the basics of querying the Microsoft Defender Advanced Threat Protection API, using Python.
+description: Learn how to query using the Microsoft Defender Advanced Threat Protection API, by using Python, with examples.
keywords: apis, supported apis, advanced hunting, query
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
index 0d98b91181..d87232b04b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
@@ -50,3 +50,4 @@ The Command Prompt window will close automatically. If successful, the detection
## Related topics
- [Onboard Windows 10 devices](configure-endpoints.md)
- [Onboard servers](configure-server-endpoints.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md
index bc8b673887..40615f1991 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/score.md
@@ -1,40 +1,41 @@
----
-title: Score methods and properties
-description: Retrieves your organization's exposure score, device secure score, and exposure score by device group
-keywords: apis, graph api, supported apis, score, exposure score, device secure score, exposure score by device group
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Score resource type
-
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-## Methods
-Method |Return Type |Description
-:---|:---|:---
-[Get exposure score](get-exposure-score.md) | [Score](score.md) | Get the organizational exposure score.
-[Get device secure score](get-device-secure-score.md) | [Score](score.md) | Get the organizational device secure score.
-[List exposure score by device group](get-machine-group-exposure-score.md)| [Score](score.md) | List scores by device group.
-
-
-## Properties
-Property | Type | Description
-:---|:---|:---
-Score | Double | The current score.
-Time | DateTime | The date and time in which the call for this API was made.
-RbacGroupName | String | The device group name.
+---
+title: Score methods and properties
+description: Retrieves your organization's exposure score, device secure score, and exposure score by device group
+keywords: apis, graph api, supported apis, score, exposure score, device secure score, exposure score by device group
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: ellevin
+author: levinec
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Score resource type
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+## Methods
+
+Method |Return Type |Description
+:---|:---|:---
+[Get exposure score](get-exposure-score.md) | [Score](score.md) | Get the organizational exposure score.
+[Get device secure score](get-device-secure-score.md) | [Score](score.md) | Get the organizational device secure score.
+[List exposure score by device group](get-machine-group-exposure-score.md)| [Score](score.md) | List scores by device group.
+
+## Properties
+
+Property | Type | Description
+:---|:---|:---
+Score | Double | The current score.
+Time | DateTime | The date and time in which the call for this API was made.
+RbacGroupName | String | The device group name.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md
index 0853d1f0d8..bacc9d839f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/software.md
@@ -1,49 +1,49 @@
----
-title: Software methods and properties
-description: Retrieves top recent alerts.
-keywords: apis, graph api, supported apis, get, alerts, recent
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Software resource type
-
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-## Methods
-
-Method |Return Type |Description
-:---|:---|:---
-[List software](get-software.md) | Software collection | List the organizational software inventory.
-[Get software by Id](get-software-by-id.md) | Software | Get a specific software by its software ID.
-[List software version distribution](get-software-ver-distribution.md)| Distribution collection | List software version distribution by software ID.
-[List machines by software](get-machines-by-software.md)| MachineRef collection | Retrieve a list of devices that are associated with the software ID.
-[List vulnerabilities by software](get-vuln-by-software.md) | [Vulnerability](vulnerability.md) collection | Retrieve a list of vulnerabilities associated with the software ID.
-[Get missing KBs](get-missing-kbs-software.md) | KB collection | Get a list of missing KBs associated with the software ID
-
-## Properties
-
-Property | Type | Description
-:---|:---|:---
-id | String | Software ID
-Name | String | Software name
-Vendor | String | Software vendor name
-Weaknesses | Long | Number of discovered vulnerabilities
-publicExploit | Boolean | Public exploit exists for some of the vulnerabilities
-activeAlert | Boolean | Active alert is associated with this software
-exposedMachines | Long | Number of exposed devices
-impactScore | Double | Exposure score impact of this software
+---
+title: Software methods and properties
+description: Retrieves top recent alerts.
+keywords: apis, graph api, supported apis, get, alerts, recent
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Software resource type
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+## Methods
+
+Method |Return Type |Description
+:---|:---|:---
+[List software](get-software.md) | Software collection | List the organizational software inventory.
+[Get software by Id](get-software-by-id.md) | Software | Get a specific software by its software ID.
+[List software version distribution](get-software-ver-distribution.md)| Distribution collection | List software version distribution by software ID.
+[List machines by software](get-machines-by-software.md)| MachineRef collection | Retrieve a list of devices that are associated with the software ID.
+[List vulnerabilities by software](get-vuln-by-software.md) | [Vulnerability](vulnerability.md) collection | Retrieve a list of vulnerabilities associated with the software ID.
+[Get missing KBs](get-missing-kbs-software.md) | KB collection | Get a list of missing KBs associated with the software ID
+
+## Properties
+
+Property | Type | Description
+:---|:---|:---
+id | String | Software ID
+Name | String | Software name
+Vendor | String | Software vendor name
+Weaknesses | Long | Number of discovered vulnerabilities
+publicExploit | Boolean | Public exploit exists for some of the vulnerabilities
+activeAlert | Boolean | Active alert is associated with this software
+exposedMachines | Long | Number of exposed devices
+impactScore | Double | Exposure score impact of this software
diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
index 2bdc3f389c..1a065cce0b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
@@ -1,6 +1,6 @@
---
title: Stop and quarantine file API
-description: Use this API to stop and quarantine file.
+description: Learn how to stop running a file on a device and delete the file in Microsoft Defender Advanced Threat Protection. See an example.
keywords: apis, graph api, supported apis, stop and quarantine file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 0261393243..9e26a9fef5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -13,7 +13,10 @@ author: denisebmsft
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-symantecmigrate
+- m365solution-overview
ms.topic: article
---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index d00f9c4634..6c7c329a2e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -13,7 +13,9 @@ author: denisebmsft
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-symantecmigrate
ms.topic: article
---
@@ -95,5 +97,4 @@ To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.
**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
-
-- To learn more about Microsoft Defender ATP and how to configure or adjust various features and capabilities, see [Microsoft Defender ATP documentation](https://docs.microsoft.com/windows/security/threat-protection).
+- [Manage Microsoft Defender Advanced Threat Protection, post migration](manage-atp-post-migration.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 5f7918273a..2a678e94e4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -13,7 +13,9 @@ author: denisebmsft
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-symantecmigrate
ms.topic: article
---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index eef8e48d51..a3c0638d1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -13,7 +13,9 @@ author: denisebmsft
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection:
+- M365-security-compliance
+- m365solution-symantecmigrate
ms.topic: article
---
@@ -118,6 +120,9 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender Antivirus exclusion list.
+> [!NOTE]
+> To get an idea of which processes and services to exclude, see Broadcom's [Processes and services used by Endpoint Protection 14](https://knowledge.broadcom.com/external/article/170706/processes-and-services-used-by-endpoint.html).
+
When you add [exclusions to Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
- Path exclusions exclude specific files and whatever those files access.
- Process exclusions exclude whatever a process touches, but does not exclude the process itself.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
index 421805849d..7612d8d24a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
@@ -22,49 +22,84 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to quickly assess their security posture, covering the impact of emerging threats and their organizational resilience.
+With more sophisticated adversaries and new threats emerging frequently and prevalently, it's critical to be able to quickly:
-Threat analytics is a set of reports published by Microsoft security researchers as soon as emerging threats and outbreaks are identified. The reports help you assess the impact of threats to your environment and identify actions that can contain them.
+- Assess the impact of new threats
+- Review your resilience against or exposure to the threats
+- Identify the actions you can take to stop or contain the threats
-Watch this short video to quickly understand how threat analytics can help you track the latest threats and stop them.
+Threat analytics is a set of reports from expert Microsoft security researchers covering the most relevant threats, including:
+
+- Active threat actors and their campaigns
+- Popular and new attack techniques
+- Critical vulnerabilities
+- Common attack surfaces
+- Prevalent malware
+
+Each report provides a detailed analysis of a threat and extensive guidance on how to defend against the threat. It also incorporates data from your network, indicating whether the threat is active and if you have applicable security updates and recommended settings in place.
+
+Watch this short video to learn more about how threat analytics can help you track the latest threats and stop them.
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bw1f]
## View the threat analytics dashboard
-The threat analytics dashboard is a great jump off point for getting to the reports that are most relevant to your organization. It provides several overviews about the threats covered in the reports:
+The threat analytics dashboard is a great jump off point for getting to the reports that are most relevant to your organization. It summarizes the threats in the following sections:
-- **Latest threats** — lists the most recently published threat reports, along with the number of devices with resolved and unresolved alerts.
-- **High-impact threats** — lists the threats that have had the highest impact on the organization in terms of the number of devices that have had related alerts, along with the number of devices with resolved and unresolved alerts.
-- **Threat summary** — shows the number of threats among the threats reported in threat analytics with actual alerts.
+- **Latest threats**—lists the most recently published threat reports, along with the number of devices with active and resolved alerts.
+- **High-impact threats**—lists the threats that have had the highest impact to the organization. This section ranks threats by the number of devices that have active alerts.
+- **Threat summary**—shows the overall impact of all the threats reported in threat analytics by showing the number of threats with active and resolved alerts.
+
+Select a threat from the dashboard to view the report for that threat.
-Select a threat from any of the overviews or from the table to view the report for that threat.
-
## View a threat analytics report
-Each threat report generally provides an overview of the threat and an analysis of the techniques and tools used by the threat. It also provides mitigation recommendations and detection information. It includes several cards that show dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat.
+Each threat analytics report provides information in three sections: **Overview**, **Analyst report**, and **Mitigations**.
-
+### Quickly understand a threat and assess its impact to your network in the overview
-### Organizational impact
-Each report includes cards designed to provide information about the organizational impact of a threat:
-- **Devices with alerts** — shows the current number of distinct devices that have been impacted by the threat. A device is categorized as **Active** if there is at least one alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved.
-- **Devices with alerts over time** — shows the number of distinct devices with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
+The **Overview** section provides a preview of the detailed analyst report. It also provides charts that highlight the impact of the threat to your organization and your exposure through misconfigured and unpatched devices.
-### Organizational resilience
-Each report also includes cards that provide an overview of how resilient your organization can be against a given threat:
-- **Security configuration status** — shows the number of devices that have applied the recommended security settings that can help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings.
-- **Vulnerability patching status** — shows the number of devices that have applied security updates or patches that address vulnerabilities exploited by the threat.
-- **Mitigation details** — lists specific actionable recommendations that can help you increase your organizational resilience. This card lists tracked mitigations, including recommended settings and vulnerability patches, along with the number of devices that don't have the mitigations in place.
+
+_Overview section of a threat analytics report_
-### Additional report details and limitations
+#### Organizational impact
+Each report includes charts designed to provide information about the organizational impact of a threat:
+- **Devices with alerts**—shows the current number of distinct devices that have been impacted by the threat. A device is categorized as **Active** if there is at least one alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved.
+- **Devices with alerts over time**—shows the number of distinct devices with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
+
+#### Organizational resilience and exposure
+Each report includes charts that provide an overview of how resilient your organization is against a given threat:
+- **Security configuration status**—shows the number of devices that have applied the recommended security settings that can help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings.
+- **Vulnerability patching status**—shows the number of devices that have applied security updates or patches that address vulnerabilities exploited by the threat.
+
+### Get expert insight from the analyst report
+Go to the **Analyst report** section to read through the detailed expert write-up. Most reports provide detailed descriptions of attack chains, including tactics and techniques mapped to the MITRE ATT&CK framework, exhaustive lists of recommendations, and powerful [threat hunting](advanced-hunting-overview.md) guidance.
+
+
+_Analyst report section of a threat analytics report_
+
+### Review list of mitigations and the status of your devices
+In the **Mitigations** section, review the list of specific actionable recommendations that can help you increase your organizational resilience against the threat. The list of tracked mitigations includes recommended settings and vulnerability patches. It also shows the number of devices that don't have these mitigations in place.
+
+Mitigation information in this section incorporates data from [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md), which also provides detailed drill-down information from various links in the report.
+
+
+_Mitigations section of a threat analytics report_
+
+
+## Additional report details and limitations
When using the reports, keep the following in mind:
-- Data is scoped based on your RBAC permissions. You will only see the status of devices that you have been granted access to on the RBAC.
-- Charts reflect only mitigations that are tracked. Check the report overview for additional mitigations that are not reflected in the charts.
+- Data is scoped based on your role-based access control (RBAC) scope. You will see the status of devices in [groups that you can access](machine-groups.md).
+- Charts reflect only mitigations that are tracked. Check the report overview for additional mitigations that are not shown in the charts.
- Mitigations don't guarantee complete resilience. The provided mitigations reflect the best possible actions needed to improve resiliency.
-- Devices are counted as "unavailable" if they have been unable to transmit data to the service.
-- Antivirus related statistics are based on Microsoft Defender Antivirus settings. Devices with third-party antivirus solutions can appear as "exposed".
+- Devices are counted as "unavailable" if they have not transmitted data to the service.
+- Antivirus-related statistics are based on Microsoft Defender Antivirus settings. Devices with third-party antivirus solutions can appear as "exposed".
+
+## Related topics
+- [Proactively find threats with advanced hunting](advanced-hunting-overview.md)
+- [Assess and resolve security weaknesses and exposures](next-gen-threat-and-vuln-mgt.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
index e2d4158d0d..c470a3566b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
@@ -1,6 +1,6 @@
---
title: Event timeline in threat and vulnerability management
-description: Event timeline is a "risk news feed" which will help you interpret how risk is introduced into the organization and which mitigations happened to reduce it.
+description: Event timeline is a "risk news feed" that helps you interpret how risk is introduced into the organization, and which mitigations happened to reduce it.
keywords: event timeline, mdatp event timeline, mdatp tvm event timeline, threat and vulnerability management, Microsoft Defender Advanced Threat Protection
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -23,9 +23,7 @@ ms.topic: conceptual
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-Event timeline is a risk news feed which helps you interpret how risk, through new vulnerabilities or exploits, is introduced into the organization. You can view events which may impact your organization's risk. For example, you can find new vulnerabilities that were introduced, vulnerabilities that became exploitable, exploit that was addd to an exploit kit, and more.
+Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization through new vulnerabilities or exploits. You can view events that may impact your organization's risk. For example, you can find new vulnerabilities that were introduced, vulnerabilities that became exploitable, exploit that was added to an exploit kit, and more.
Event timeline also tells the story of your [exposure score](tvm-exposure-score.md) so you can determine the cause of large changes. Reduce you exposure score by addressing what needs to be remediated based on the prioritized [security recommendations](tvm-security-recommendation.md).
@@ -34,7 +32,7 @@ Event timeline also tells the story of your [exposure score](tvm-exposure-score.
You can access Event timeline mainly through three ways:
- In the threat and vulnerability management navigation menu in the Microsoft Defender Security Center
-- Top events card in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md). The highest impact events (for example, affect the most machines or critical vulnerabilities)
+- Top events card in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md). The highest impact events (for example, affect the most devices or critical vulnerabilities)
- Hovering over the Exposure Score graph in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md)
### Navigation menu
@@ -43,17 +41,17 @@ Go to the threat and vulnerability management navigation menu and select **Event
### Top events card
-In the Tthreat and vulnerability management dashboard, the "Top events" card displays the three most impactful events in the last 7 days. Select **Show more** to go to the Event timeline page.
+In the threat and vulnerability management dashboard, the "Top events" card displays the three most impactful events in the last 7 days. Select **Show more** to go to the Event timeline page.
### Exposure score graph
-In the threat and vulnerability management dashboard, hover over the Exposure score graph to view top events from that day that impacted your machines. If there are no events, then none will be shown.
+In the threat and vulnerability management dashboard, hover over the Exposure score graph to view top events from that day that impacted your devices. If there are no events, then none will be shown.
-Selecting **Show all events from this day** will lead you to the Event timeline page with a pre-populated custom date range for that day.
+Selecting **Show all events from this day** takes you to the Event timeline page with a custom date range for that day.
@@ -63,25 +61,28 @@ Select **Custom range** to change the date range to another custom one, or a pre
## Event timeline overview
-On the Event timeline page, you can view the all the necesssary info related to an event.
+On the Event timeline page, you can view the all the necessary info related to an event.
Features:
- Customize columns
-- Filter by event type or percent of impacted machines
+- Filter by event type or percent of impacted devices
- View 30, 50, or 100 items per page
The two large numbers at the top of the page show the number of new vulnerabilities and exploitable vulnerabilities, not events. Some events can have multiple vulnerabilities, and some vulnerabilities can have multiple events.
+>[!NOTE]
+>Event type called "New configuration assessment" coming soon.
+
### Columns
- **Date**: month, day, year
-- **Event**: impactful event, including component, type, and number of impacted machines
+- **Event**: impactful event, including component, type, and number of impacted devices
- **Related component**: software
-- **Originally impacted machines**: the number, and percentage, of impacted machines when this event originally occurred. You can also filter by the percent of originally impacted machines, out of your total number of machines.
-- **Currently impacted machines**: the current number, and percentage, of machines that this event currently impacts. You can find this field by selecting **Customize columns**.
+- **Originally impacted devices**: the number, and percentage, of impacted devices when this event originally occurred. You can also filter by the percent of originally impacted devices, out of your total number of devices.
+- **Currently impacted devices**: the current number, and percentage, of devices that this event currently impacts. You can find this field by selecting **Customize columns**.
- **Types**: reflect time-stamped events that impact the score. They can be filtered.
- Exploit added to an exploit kit
- Exploit was verified
@@ -100,19 +101,23 @@ The following icons show up next to events:
### Drill down to a specific event
-Once you select an event, a flyout will appear listing the details and current CVEs that affect your machines. You can show more CVEs or view the related recommendation.
+Once you select an event, a flyout will appear with a list of the details and current CVEs that affect your devices. You can show more CVEs or view the related recommendation.
-The arrow below "score trend" helps you determine whether this event potentially raised or lowered your organizational exposure score. Higher exposure score means machines are more vulnerable to exploitation.
+The arrow below "score trend" helps you determine whether this event potentially raised or lowered your organizational exposure score. Higher exposure score means devices are more vulnerable to exploitation.
-From there, select **Go to related security recommendation** to go to the [security recommendations page](tvm-security-recommendation.md) and the recommendation that will address the new software vulnerability. After reading the description and vulnerability details in the security recommendation, you can [submit a remediation request](tvm-security-recommendation.md#request-remediation), and track the request in the [remediation page](tvm-remediation.md).
+From there, select **Go to related security recommendation** view the recommendation that addresses the new software vulnerability in the [security recommendations page](tvm-security-recommendation.md). After reading the description and vulnerability details in the security recommendation, you can [submit a remediation request](tvm-security-recommendation.md#request-remediation), and track the request in the [remediation page](tvm-remediation.md).
## View Event timelines in software pages
To open a software page, select an event > select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout. [Learn more about software pages](tvm-software-inventory.md#software-pages)
-A full page will appear with all the details of a specific software, including an event timeline tab. From there you can view all the events related to that software, along with security recommendations, discovered vulnerabilities, installed machines, and version distribution.
+A full page will appear with all the details of a specific software. Mouse over the graph to see the timeline of events for that specific software.
+
+
+
+Navigate to the event timeline tab to view all the events related to that software. You can also see security recommendations, discovered vulnerabilities, installed devices, and version distribution.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 7ab41a7658..87bf456ec8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -1,6 +1,6 @@
---
title: Scenarios - threat and vulnerability management
-description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate in defending against security threats.
+description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate.
keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -52,7 +52,7 @@ DeviceName=any(DeviceName) by DeviceId, AlertId
## Define a device's value to the organization
-Defining a device’s value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation, so devices marked as “high value” will receive more weight.
+Defining a device’s value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation. Devices marked as “high value” will receive more weight.
Device value options:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
index 47a3571c4e..7df606ba66 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
@@ -1,7 +1,7 @@
---
title: Integrate Microsoft Defender ATP with other Microsoft solutions
ms.reviewer:
-description: Learn how Microsoft Defender ATP integrations with other Microsoft solutions
+description: Learn how Microsoft Defender ATP integrates with other Microsoft solutions, including Azure Advanced Threat Protection and Azure Security Center.
keywords: microsoft threat protection, conditional access, office, advanced threat protection, azure atp, azure security center, microsoft cloud app security
search.product: eADQiWindows 10XVcnh
search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
index 8f87ff3707..be0e27f27a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
@@ -7,7 +7,6 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: denisebmsft
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
index 882df03a74..05cd741da3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
@@ -1,9 +1,8 @@
---
title: Troubleshoot exploit protection mitigations
keywords: Exploit protection, mitigations, troubleshoot, import, export, configure, emet, convert, conversion, deploy, install
-description: Remove unwanted Exploit protection mitigations.
+description: Learn how to deal with unwanted mitigations in Windows Security, including a process to remove all mitigations and import a baseline configuration file instead.
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -197,7 +196,6 @@ If you haven’t already, it's a good idea to download and use the [Windows Secu
## Related topics
* [Protect devices from exploits](exploit-protection.md)
-* [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection.md)
* [Evaluate exploit protection](evaluate-exploit-protection.md)
* [Enable exploit protection](enable-exploit-protection.md)
* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
index b435c4b723..1118d17529 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
@@ -3,7 +3,6 @@ title: Troubleshoot problems with Network protection
description: Resources and sample code to troubleshoot issues with Network protection in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
index 445718afae..2e1d1f2adb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
@@ -28,12 +28,10 @@ ms.topic: troubleshooting
You might need to troubleshoot the Microsoft Defender ATP onboarding process if you encounter issues.
This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the devices.
-
## Troubleshoot issues with onboarding tools
If you have completed the onboarding process and don't see devices in the [Devices list](investigate-machines.md) after an hour, it might indicate an onboarding or connectivity problem.
-
### Troubleshoot onboarding when deploying with Group Policy
Deployment with Group Policy is done by running the onboarding script on the devices. The Group Policy console does not indicate if the deployment has succeeded or not.
@@ -42,7 +40,6 @@ If you have completed the onboarding process and don't see devices in the [Devic
If the script completes successfully, see [Troubleshoot onboarding issues on the devices](#troubleshoot-onboarding-issues-on-the-device) for additional errors that might occur.
-
### Troubleshoot onboarding issues when deploying with Microsoft Endpoint Configuration Manager
When onboarding devices using the following versions of Configuration Manager:
@@ -57,10 +54,10 @@ If the deployment fails, you can check the output of the script on the devices.
If the onboarding completed successfully but the devices are not showing up in the **Devices list** after an hour, see [Troubleshoot onboarding issues on the device](#troubleshoot-onboarding-issues-on-the-device) for additional errors that might occur.
-
### Troubleshoot onboarding when deploying with a script
**Check the result of the script on the device:**
+
1. Click **Start**, type **Event Viewer**, and press **Enter**.
2. Go to **Windows Logs** > **Application**.
@@ -68,6 +65,7 @@ If the onboarding completed successfully but the devices are not showing up in t
3. Look for an event from **WDATPOnboarding** event source.
If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue.
+
> [!NOTE]
> The following event IDs are specific to the onboarding script only.
@@ -82,7 +80,6 @@ Event ID | Error Type | Resolution steps
`40` | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md).
`65` | Insufficient privileges| Run the script again with administrator privileges.
-
### Troubleshoot onboarding issues using Microsoft Intune
You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
@@ -97,7 +94,7 @@ Use the following tables to understand the possible causes of issues while onboa
If none of the event logs and troubleshooting steps work, download the Local script from the **Device management** section of the portal, and run it in an elevated command prompt.
-**Microsoft Intune error codes and OMA-URIs**:
+#### Microsoft Intune error codes and OMA-URIs
Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
:---:|:---|:---|:---|:---
@@ -107,8 +104,7 @@ Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause a
| | | | All | **Possible cause:** Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently supported platforms: Enterprise, Education, and Professional. Server is not supported.
0x87D101A9 | -2016345687 |SyncML(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently supported platforms: Enterprise, Education, and Professional.
-
-**Known issues with non-compliance**
+#### Known issues with non-compliance
The following table provides information on issues with non-compliance and how you can address the issues.
@@ -118,8 +114,7 @@ Case | Symptoms | Possible cause and troubleshooting steps
`2` | Device is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. | **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the device as non-compliant by SenseIsRunning when DM session occurs on system start.
**Troubleshooting steps:** The issue should automatically be fixed within 24 hours.
`3` | Device is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same device at same time.
-
-**Mobile Device Management (MDM) event logs**
+#### Mobile Device Management (MDM) event logs
View the MDM event logs to troubleshoot issues that might arise during onboarding:
@@ -131,17 +126,16 @@ ID | Severity | Event description | Troubleshooting steps
:---|:---|:---|:---
1819 | Error | Microsoft Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760).
-
## Troubleshoot onboarding issues on the device
-If the deployment tools used does not indicate an error in the onboarding process, but devices are still not appearing in the devices list in an hour, go through the following verification topics to check if an error occurred with the Microsoft Defender ATP agent:
+If the deployment tools used does not indicate an error in the onboarding process, but devices are still not appearing in the devices list in an hour, go through the following verification topics to check if an error occurred with the Microsoft Defender ATP agent.
+
- [View agent onboarding errors in the device event log](#view-agent-onboarding-errors-in-the-device-event-log)
- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled)
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
- [Ensure the device has an Internet connection](#ensure-the-device-has-an-internet-connection)
- [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy)
-
### View agent onboarding errors in the device event log
1. Click **Start**, type **Event Viewer**, and press **Enter**.
@@ -176,24 +170,23 @@ Event ID | Message | Resolution steps
`30` | Failed to disable $(build.sense.productDisplayName) mode in Microsoft Defender Advanced Threat Protection. Failure code: %1 | Contact support.
`32` | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the device.
`55` | Failed to create the Secure ETW autologger. Failure code: %1 | Reboot the device.
-`63` | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 | Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type.
+`63` | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 | Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type.
`64` | Starting stopped external service. Name: %1, exit code: %2 | Contact support if the event keeps re-appearing.
`68` | The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3 | Identify what is causing changes in start type. Fix mentioned service start type.
-`69` | The service is stopped. Service name: %1 | Start the mentioned service. Contact support if persists.
+`69` | The service is stopped. Service name: %1 | Start the mentioned service. Contact support if persists.
+
+
-
There are additional components on the device that the Microsoft Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Microsoft Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
-
### Ensure the diagnostic data service is enabled
If the devices aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the device. The service might have been disabled by other programs or user configuration changes.
First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
-
### Ensure the service is set to start
**Use the command line to check the Windows 10 diagnostic data service startup type**:
@@ -216,7 +209,6 @@ First, you should check that the service is set to start automatically when Wind
If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start.
-
**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
1. Open an elevated command-line prompt on the device:
@@ -255,14 +247,18 @@ To ensure that sensor has service connectivity, follow the steps described in th
If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) topic.
-
### Ensure that Microsoft Defender Antivirus is not disabled by a policy
+> [!IMPORTANT]
+> The following only applies to devices that have **not** yet received the August 2020 (version 4.18.2007.8) update to Microsoft Defender Antivirus.
+>
+> The update ensures that Microsoft Defender Antivirus cannot be turned off on client devices via system policy.
+
**Problem**: The Microsoft Defender ATP service does not start after onboarding.
**Symptom**: Onboarding successfully completes, but you see error 577 or error 1058 when trying to start the service.
-**Solution**: If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
+**Solution**: If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not turned off by a system policy.
- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
@@ -273,19 +269,21 @@ If the verification fails and your environment is using a proxy to connect to th
- ``
- ``
+
+> [!IMPORTANT]
+> The `disableAntiSpyware` setting is discontinued and will be ignored on all client devices, as of the August 2020 (version 4.18.2007.8) update to Microsoft Defender Antivirus.
+
- After clearing the policy, run the onboarding steps again.
-- You can also check the following registry key values to verify that the policy is disabled:
-
- 1. Open the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.
- 2. Ensure that the value `DisableAntiSpyware` is not present.
+- You can also check the previous registry key values to verify that the policy is disabled, by opening the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.
> [!NOTE]
> In addition, you must ensure that wdfilter.sys and wdboot.sys are set to their default start values of "0".
- > - ``
- > - ``
+ >
+ > - ``
+ > - ``
## Troubleshoot onboarding issues on a server
@@ -295,6 +293,7 @@ If you encounter issues while onboarding a server, go through the following veri
- [Ensure that the server proxy and Internet connectivity settings are configured properly](configure-server-endpoints.md#server-proxy)
You might also need to check the following:
+
- Check that there is a Microsoft Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example:
@@ -311,12 +310,12 @@ You might also need to check the following:
- Check to see that devices are reflected in the **Devices list** in the portal.
-
## Confirming onboarding of newly built devices
There may be instances when onboarding is deployed on a newly built device but not completed.
The steps below provide guidance for the following scenario:
+
- Onboarding package is deployed to newly built devices
- Sensor does not start because the Out-of-box experience (OOBE) or first user logon has not been completed
- Device is turned off or restarted before the end user performs a first logon
@@ -325,7 +324,6 @@ The steps below provide guidance for the following scenario:
> [!NOTE]
> The following steps are only relevant when using Microsoft Endpoint Configuration Manager. For more details about onboarding using Microsoft Endpoint Configuration Manager, see [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection).
-
1. Create an application in Microsoft Endpoint Configuration Manager.
@@ -444,8 +442,8 @@ The steps below provide guidance for the following scenario:
-
## Related topics
+
- [Troubleshoot Microsoft Defender ATP](troubleshoot-mdatp.md)
- [Onboard devices](onboard-configure.md)
- [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index 02edd24998..11aa392b29 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -32,9 +32,9 @@ Threat and vulnerability management is a component of Microsoft Defender ATP, an
You can use the threat and vulnerability management capability in [Microsoft Defender Security Center](https://securitycenter.windows.com/) to:
-- View exposure and Microsoft Secure Score for Devices side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices
+- View you exposure score and Microsoft Secure Score for Devices, along with top security recommendations, software vulnerability, remediation activities, and exposed devices
- Correlate EDR insights with endpoint vulnerabilities and process them
-- Select remediation options, triage and track the remediation tasks
+- Select remediation options to triage and track the remediation tasks
- Select exception options and track active exceptions
> [!NOTE]
@@ -55,9 +55,9 @@ You can navigate through the portal using the menu options available in all sect
Area | Description
:---|:---
**Dashboard** | Get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
-[**Security recommendations**](tvm-remediation.md) | See the list of security recommendations, their related components, whether software or software versions in your network have reached end-of-support, insights, number or exposed devices, impact, and request for remediation. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you have enabled your Intune connections in Microsoft Defender ATP.
+[**Security recommendations**](tvm-remediation.md) | See the list of security recommendations, their related components, whether software or software versions in your network have reached end-of-support, insights, number or exposed devices, impact, and request for remediation. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you've enabled your Intune connections in Microsoft Defender ATP.
[**Remediation**](tvm-remediation.md) | See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV, and active exceptions.
-[**Software inventory**](tvm-software-inventory.md) | See the list of software, versions, weaknesses, whether there's an exploit found on the software, whether the software or software version has reached end-of-support, prevalence in the organization, how many were installed, how many exposed devices there are, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the associated vulnerabilities, misconfigurations, affected device, version distribution details, and missing KBs or security updates.
+[**Software inventory**](tvm-software-inventory.md) | See the list of software, versions, weaknesses, whether there's an exploit found on the software, whether the software or software version has reached end-of-support, prevalence in the organization, how many were installed, how many exposed devices there are, and the numerical value of the impact. You can select each item in the list and opt to open the software page that shows the associated vulnerabilities, misconfigurations, affected device, version distribution details, and missing KBs (security updates).
[**Weaknesses**](tvm-weaknesses.md) | See the list of common vulnerabilities and exposures, the severity, the common vulnerability scoring system (CVSS) V3 score, related software, age, when it was published, related threat alerts, and how many exposed devices there are. You can select each item in the list to see a flyout panel with the vulnerability description and other details.
## Threat and vulnerability management dashboard
@@ -66,14 +66,14 @@ Area | Description
:---|:---
**Selected device groups (#/#)** | Filter the threat and vulnerability management data you want to see in the dashboard and cards by device groups. What you select in the filter applies throughout the threat and vulnerability management pages.
[**Exposure score**](tvm-exposure-score.md) | See the current state of your organization's device exposure to threats and vulnerabilities. Several factors affect your organization's exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower the exposure score of your organization to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations.
-[**Microsoft Secure Score for Devices**](tvm-microsoft-secure-score-devices.md) | See the security posture of the operating system, applications, network, accounts and security controls of your organization. The goal is to remediate the related security configuration issues to increase your score for devices. Selecting the bars will take you to the **Security recommendation** page.
+[**Microsoft Secure Score for Devices**](tvm-microsoft-secure-score-devices.md) | See the security posture of the operating system, applications, network, accounts, and security controls of your organization. The goal is to remediate the related security configuration issues to increase your score for devices. Selecting the bars will take you to the **Security recommendation** page.
**Device exposure distribution** | See how many devices are exposed based on their exposure level. Select a section in the doughnut chart to go to the **Devices list** page and view the affected device names, exposure level, risk level, and other details such as domain, operating system platform, its health state, when it was last seen, and its tags.
-**Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organization's risk exposure and the urgency that it requires. Select **Show more** to see the rest of the security recommendations in the list or **Show exceptions** for the list of recommendations that have an exception.
+**Top security recommendations** | See the collated security recommendations that are sorted and prioritized based on your organization's risk exposure and the urgency that it requires. Select **Show more** to see the rest of the security recommendations in the list. Select **Show exceptions** for the list of recommendations that have an exception.
**Top vulnerable software** | Get real-time visibility into your organization's software inventory with a stack-ranked list of vulnerable software installed on your network's devices and how they impact your organizational exposure score. Select an item for details or **Show more** to see the rest of the vulnerable software list in the **Software inventory** page.
**Top remediation activities** | Track the remediation activities generated from the security recommendations. You can select each item on the list to see the details in the **Remediation** page or select **Show more** to view the rest of the remediation activities, and active exceptions.
**Top exposed devices** | View exposed device names and their exposure level. Select a device name from the list to go to the device page where you can view the alerts, risks, incidents, security recommendations, installed software, and discovered vulnerabilities associated with the exposed devices. Select **Show more** to see the rest of the exposed devices list. From the devices list, you can manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate device.
-See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-icons) for more information on the icons used throughout the portal.
+For more information on the icons used throughout the portal, see [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-icons).
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
index 19805c1e0b..2cfd0bfeb9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
@@ -30,7 +30,7 @@ Your exposure score is visible in the [Threat and vulnerability management dashb
- Detect and respond to areas that require investigation or action to improve the current state.
- Communicate with peers and management about the impact of security efforts.
-The card gives you a high-level view of your exposure score trend over time. Any spikes in the chart gives you a visual indication of a high cybersecurity threat exposure that you can investigate further.
+The card gives you a high-level view of your exposure score trend over time. Any spikes in the chart give you a visual indication of a high cybersecurity threat exposure that you can investigate further.
@@ -38,7 +38,7 @@ The card gives you a high-level view of your exposure score trend over time. Any
Threat and vulnerability management introduces a new exposure score metric, which visually represents how exposed your devices are to imminent threats.
-The exposure score is continuously calculated on each device in the organization and influenced by the following factors:
+The exposure score is continuously calculated on each device in the organization. It is influenced by the following factors:
- Weaknesses, such as vulnerabilities discovered on the device
- External and internal threats such as public exploit code and security alerts
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
index 83e5537bff..0823575cb9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
@@ -1,6 +1,6 @@
---
title: Overview of Microsoft Secure Score for Devices in Microsoft Defender Security Center
-description: Your score for devices shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls
+description: Your score for devices shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls.
keywords: Microsoft Secure Score for Devices, mdatp Microsoft Secure Score for Devices, secure score, configuration score, threat and vulnerability management, security controls, improvement opportunities, security configuration score over time, security posture, baseline
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -35,12 +35,24 @@ Your score for devices is visible in the [threat and vulnerability management da
Select a category to go to the [**Security recommendations**](tvm-security-recommendation.md) page and view the relevant recommendations.
+## Turn on the Microsoft Secure Score connector
+
+Forward Microsoft Defender ATP signals, giving Microsoft Secure Score visibility into the device security posture. Forwarded data is stored and processed in the same location as your Microsoft Secure Score data.
+
+Changes might take up to a few hours to reflect in the dashboard.
+
+1. In the navigation pane, go to **Settings** > **Advanced features**
+
+2. Scroll down to **Microsoft Secure Score** and toggle the setting to **On**.
+
+3. Select **Save preferences**.
+
## How it works
>[!NOTE]
> Microsoft Secure Score for Devices currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
-The data in the Microsoft Secure Score for Devices card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
+The data in the Microsoft Secure Score for Devices card is the product of meticulous and ongoing vulnerability discovery process. It is aggregated with configuration discovery assessments that continuously:
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)
@@ -49,9 +61,9 @@ The data in the Microsoft Secure Score for Devices card is the product of meticu
## Improve your security configuration
-You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
+Improve your security configuration by remediating issues from the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities.
-1. From the Microsoft Secure Score for Devices card in the threat and vulnerability management dashboard, select the one of the categories to view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
+1. From the Microsoft Secure Score for Devices card in the threat and vulnerability management dashboard, select the one of the categories. You'll view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Remediation options**.
@@ -59,15 +71,15 @@ You can improve your security configuration when you remediate issues from the s
3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up.
-4. **Submit request**. You will see a confirmation message that the remediation task has been created.
+4. **Submit request**. You'll see a confirmation message that the remediation task has been created.
5. Save your CSV file.
-6. Send a follow-up email to your IT Administrator and allow the time that you have allotted for the remediation to propagate in the system.
+6. Send a follow-up email to your IT Administrator and allow the time that you've allotted for the remediation to propagate in the system.
-7. Review the **Microsoft Secure Score for Devices** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your Microsoft Secure Score for Devices should increase.
+7. Review the **Microsoft Secure Score for Devices** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you've addressed won't be listed there anymore. Your Microsoft Secure Score for Devices should increase.
>[!IMPORTANT]
>To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
index a94e2b07c4..6673d476df 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
>[!NOTE]
>To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
-After your organization's cybersecurity weaknesses are identified and mapped to actionable [security recommendations](tvm-security-recommendation.md), start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
+After your organization's cybersecurity weaknesses are identified and mapped to actionable [security recommendations](tvm-security-recommendation.md), start creating security tasks. You can create tasks through the integration with Microsoft Intune where remediation tickets are created.
Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
@@ -39,7 +39,7 @@ You can access the Remediation page a few different ways:
### Navigation menu
-Go to the threat and vulnerability management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization.
+Go to the threat and vulnerability management navigation menu and select **Remediation**. It will open the list of remediation activities and exceptions found in your organization.
### Top remediation activities in the dashboard
@@ -49,7 +49,7 @@ View **Top remediation activities** in the [threat and vulnerability management
## Remediation activities
-When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the threat and vulnerability management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
+When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created that can be tracked in the threat and vulnerability management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete.
@@ -66,8 +66,8 @@ The exceptions you've filed will show up in the **Remediation** page, in the **E
You can take the following actions on an exception:
-- Cancel - You can cancel the exceptions you've filed any time
-- Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change, which adversely affect the exposure impact associated with a recommendation that had previously been excluded
+- Cancel - You can cancel the exceptions you've filed anytime
+- Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change. It adversely affects the exposure impact associated with a recommendation that had previously been excluded.
The following statuses will be a part of an exception:
@@ -89,7 +89,7 @@ The exception impact shows on both the Security recommendations page column and
### View exceptions in other places
-Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard to open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status.
+Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. It will open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index 3555d2490e..3b9cd84b1d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -28,13 +28,13 @@ ms.topic: conceptual
Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendations help shorten the time to mitigate or remediate vulnerabilities and drive compliance.
-Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
+Each security recommendation includes actionable remediation steps. To help with task management, the recommendation can also be sent using Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
## How it works
Each device in the organization is scored based on three important factors to help customers to focus on the right things at the right time.
-- **Threat** - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations shows the corresponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports.
+- **Threat** - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations show the corresponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports.
- **Breach likelihood** - Your organization's security posture and resilience against threats
@@ -54,15 +54,15 @@ View related security recommendations in the following places:
### Navigation menu
-Go to the threat and vulnerability management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization.
+Go to the threat and vulnerability management navigation menu and select **Security recommendations**. The page contains a list of security recommendations for the threats and vulnerabilities found in your organization.
### Top security recommendations in the threat and vulnerability management dashboard
-In a given day as a Security Administrator, you can take a look at the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
+In a given day as a Security Administrator, you can take a look at the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side by side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
-The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation.
+The top security recommendations list the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details.
## Security recommendations overview
@@ -74,7 +74,7 @@ The color of the **Exposed devices** graph changes as the trend changes. If the
### Icons
-Useful icons also quickly calls your attention to:
+Useful icons also quickly call your attention to:
-  possible active alerts
-  associated public exploits
-  recommendation insights
@@ -85,13 +85,13 @@ Select the security recommendation that you want to investigate or process.
-From the flyout, you can do any of the following:
+From the flyout, you can choose any of the following options:
-- **Open software page** - Open the software page to get more context on the software and how it is distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution.
+- **Open software page** - Open the software page to get more context on the software and how it's distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution.
- [**Remediation options**](tvm-security-recommendation.md#request-remediation) - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
-- [**Exception options**](tvm-security-recommendation.md#file-for-exception) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet.
+- [**Exception options**](tvm-security-recommendation.md#file-for-exception) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet.
>[!NOTE]
>When a change is made on a device, it typically takes two hours for the data to be reflected in the Microsoft Defender Security Center. However, it may sometimes take longer.
@@ -137,7 +137,7 @@ There are many reasons why organizations create exceptions for a recommendation.
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
-1. Select a security recommendation you would like create an exception for, and then **Exception options**.
+1. Select a security recommendation you would like to create an exception for, and then **Exception options**.
2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
@@ -171,30 +171,30 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
## Find and remediate software or software versions which have reached end-of-support (EOS)
-End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions which have reached end-of-support, you're exposing your organization to security vulnerabilities, legal, and financial risks.
+End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions with ended support, you're exposing your organization to security vulnerabilities, legal, and financial risks.
-It is crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end of support, and update versions that have reached end of support. It is best to create and implement a plan **before** the end of support dates.
+It's crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end-of-support and update versions that are no longer supported. It's best to create and implement a plan **before** the end of support dates.
-To find software or software versions which have reached end-of-support:
+To find software or software versions that are no longer supported:
1. From the threat and vulnerability management menu, navigate to **Security recommendations**.
2. Go to the **Filters** panel and look for the tags section. Select one or more of the EOS tag options. Then **Apply**.
-3. You will see a list recommendations related to software that is end of support, software versions that are end of support, or upcoming end of support versions. These tags are also visible in the [software inventory](tvm-software-inventory.md) page.
+3. You'll see a list of recommendations related to software with ended support, software versions that are end of support, or versions with upcoming end of support. These tags are also visible in the [software inventory](tvm-software-inventory.md) page.
### List of versions and dates
-To view a list of version that have reached end of support, or end or support soon, and those dates, follow the below steps:
+To view a list of versions that have reached end of support, or end or support soon, and those dates, follow the below steps:
-1. For software that has versions which have reached end of support, or will reach end of support soon, a message will appear in the flyout once the security recommendation is selected.
+1. A message will appear in the security recommendation flyout for software with versions that have reached end of support, or will reach end of support soon.
-2. Select the **version distribution** link to go to the software drill down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support.
+2. Select the **version distribution** link to go to the software drill-down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support.
@@ -202,7 +202,7 @@ To view a list of version that have reached end of support, or end or support so
-After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats.
+Once you identify which software and software versions are vulnerable due to their end-of-support status, you must decide whether to update or remove them from your organization. Doing so will lower your organizations exposure to vulnerabilities and advanced persistent threats.
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
index d0e00649f5..d157c8610f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
@@ -1,6 +1,6 @@
---
title: Software inventory in threat and vulnerability management
-description: Microsoft Defender ATP threat and vulnerability management's software inventory page shows how many weaknesses and vulnerabilities have been detected in software.
+description: The software inventory page for Microsoft Defender ATP's threat and vulnerability management shows how many weaknesses and vulnerabilities have been detected in software.
keywords: threat and vulnerability management, microsoft defender atp, microsoft defender atp software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -23,26 +23,26 @@ ms.topic: conceptual
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
-The software inventory in threat and vulnerability management is a list of all the software in your organization, including details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices.
+The software inventory in threat and vulnerability management is a list of all the software in your organization. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices.
## How it works
-In the field of discovery, we are leveraging the same set of signals that is responsible for detection and vulnerability assessment in [Microsoft Defender ATP endpoint detection and response capabilities](overview-endpoint-detection-response.md).
+In the field of discovery, we're leveraging the same set of signals that is responsible for detection and vulnerability assessment in [Microsoft Defender ATP endpoint detection and response capabilities](overview-endpoint-detection-response.md).
-Since it is real-time, in a matter of minutes, you will see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll will see if a particular software is connected to a live threat campaign. It also provides a link to a Threat Analytics report soon as it's available.
+Since it's real time, in a matter of minutes, you'll see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll see if a particular software is connected to a live threat campaign. It also provides a link to a Threat Analytics report soon as it's available.
## Navigate to the Software inventory page
-You can access the Software inventory page by selecting **Software inventory** from the threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md).
+Access the Software inventory page by selecting **Software inventory** from the threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md).
View software on specific devices in the individual devices pages from the [devices list](machines-view-overview.md).
## Software inventory overview
-The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed devices, impact to exposure score, and tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support.
+The **Software inventory** page opens with a list of software installed in your network, including the vendor name, weaknesses found, threats associated with them, exposed devices, impact to exposure score, and tags. You can filter the list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support.
-Select the software that you want to investigate and a flyout panel opens up with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**.
+Select the software that you want to investigate. A flyout panel will open with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**.
@@ -56,8 +56,8 @@ You can view software pages a few different ways:
A full page will appear with all the details of a specific software and the following information:
-- Side panel with vendor information, prevalence of the software in the organization (including number of devices it is installed on, and exposed devices that are not patched), whether and exploit is available, and impact to your exposure score
-- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs of the number of exposed devices
+- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to your exposure score
+- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices
- Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the devices that the software is installed on, and the specific versions of the software with the number of devices that have each version installed and number of vulnerabilities.
@@ -67,17 +67,17 @@ You can view software pages a few different ways:
We now show evidence of where we detected a specific software on a device from the registry, disk or both.
You can find it on any devices found in the [devices list](machines-view-overview.md) in a section called "Software Evidence."
-From the Microsoft Defender Security Center navigation panel, go to **Devices list** > select the name of a device to open the device page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence.
+From the Microsoft Defender Security Center navigation panel, go to the **Devices list**. Select the name of a device to open the device page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence.
## Report inaccuracy
-You can report a false positive when you see any vague, inaccurate version, incomplete, or already remediated software inventory information.
+Report a false positive when you see any vague, inaccurate, or incomplete information. You can also report on security recommendations that have already been remediated.
1. Open the software flyout on the Software inventory page.
2. Select **Report inaccuracy**.
-3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy.
+3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details about the inaccuracy.
4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts.
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
index 3b048f904c..d29f6dfc63 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
@@ -1,57 +1,58 @@
----
-title: Supported operating systems and platforms for threat and vulnerability management
-description: Before you begin, ensure that you meet the operating system or platform requisites for threat and vulnerability management so the activities in your all devices are properly accounted for.
-keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score
-search.appverid: met150
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: ellevin
-author: levinec
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-# Supported operating systems and platforms - threat and vulnerability management
-
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
-
-Before you begin, ensure that you meet the following operating system or platform requisites for threat and vulnerability management so the activities in your devices are properly accounted for.
-
-Operating system | Security assessment support
-:---|:---
-Windows 7 | Operating System (OS) vulnerabilities
-Windows 8.1 | Not supported
-Windows 10 1607-1703 | Operating System (OS) vulnerabilities
-Windows 10 1709+ |Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
-Windows Server 2008 R2 | Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
-Windows Server 2012 R2 | Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
-Windows Server 2016 | Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
-Windows Server 2019 | Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
-MacOS | Not supported (planned)
-Linux | Not supported (planned)
-
-Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](minimum-requirements.md) list.
-
-## Related topics
-
-- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
-- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md)
-- [Exposure score](tvm-exposure-score.md)
-- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
-- [Security recommendations](tvm-security-recommendation.md)
-- [Remediation and exception](tvm-remediation.md)
-- [Software inventory](tvm-software-inventory.md)
-- [Weaknesses](tvm-weaknesses.md)
-- [Event timeline](threat-and-vuln-mgt-event-timeline.md)
-- [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
-- [Configure data access for threat and vulnerability management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
+---
+title: Supported operating systems and platforms for threat and vulnerability management
+description: Before you begin, ensure that you meet the operating system or platform requisites for threat and vulnerability management so the activities in your all devices are properly accounted for.
+keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score
+search.appverid: met150
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: ellevin
+author: levinec
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+# Supported operating systems and platforms - threat and vulnerability management
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+
+Before you begin, ensure that you meet the following operating system or platform requisites for threat and vulnerability management so the activities in your devices are properly accounted for.
+
+>[!NOTE]
+>The supported systems and platforms for threat and vulnerability management may be different from the [Minimum requirements for Microsoft Defender ATP](minimum-requirements.md) list.
+
+Operating system | Security assessment support
+:---|:---
+Windows 7 | Operating System (OS) vulnerabilities
+Windows 8.1 | Not supported
+Windows 10 1607-1703 | Operating System (OS) vulnerabilities
+Windows 10 1709+ |Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
+Windows Server 2008 R2 | Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
+Windows Server 2012 R2 | Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
+Windows Server 2016 | Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
+Windows Server 2019 | Operating System (OS) vulnerabilities Software product vulnerabilities Operating System (OS) configuration assessment Security controls configuration assessment Software product configuration assessment
+macOS | Not supported (planned)
+Linux | Not supported (planned)
+
+## Related topics
+
+- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
+- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md)
+- [Exposure score](tvm-exposure-score.md)
+- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [Remediation and exception](tvm-remediation.md)
+- [Software inventory](tvm-software-inventory.md)
+- [Weaknesses](tvm-weaknesses.md)
+- [Event timeline](threat-and-vuln-mgt-event-timeline.md)
+- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
+- [Configure data access for threat and vulnerability management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
index aa166b9796..37a974d932 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -25,9 +25,9 @@ ms.topic: conceptual
[!include[Prerelease information](../../includes/prerelease.md)]
-Threat and vulnerability management leverages the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities.
+Threat and vulnerability management uses the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities.
-The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization by listing the Common Vulnerabilities and Exposures (CVE) ID, the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, and threat insights.
+The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization by listing the Common Vulnerabilities and Exposures (CVE) ID. You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more.
>[!IMPORTANT]
>To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network:
@@ -50,43 +50,51 @@ Go to the threat and vulnerability management navigation menu and select **Weakn
### Vulnerabilities in global search
1. Go to the global search drop-down menu.
-2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
+2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you're looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you're looking for.
-3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.
+3. Select the CVE to open a flyout panel with more information, including the vulnerability description, details, threat insights, and exposed devices.
-To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
+To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then select search.
## Weaknesses overview
-If the **Exposed Devices** column shows 0, that means you are not at risk. If exposed devices exist, the next step is to remediate the vulnerabilities in those devices to reduce the risk to your assets and organization.
+Remediate the vulnerabilities in exposed devices to reduce the risk to your assets and organization. If the **Exposed Devices** column shows 0, that means you aren't at risk.
-
+
### Breach and threat insights
-You can view the related breach and threat insights in the **Threat** column when the icons are colored red.
+View related breach and threat insights in the **Threat** column when the icons are colored red.
>[!NOTE]
> Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight icon  and breach insight icon .
-The breach insights icon is highlighted if there is a vulnerability found in your organization.
+The breach insights icon is highlighted if there's a vulnerability found in your organization.
-The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. Threat Analytics report links are provided that you can read with zero-day exploitation news, disclosures, or related security advisories.
+The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. Hovering over the icon shows whether the threat is a part of an exploit kit, or connected to specific advanced persistent campaigns or activity groups. When available, there is a link to a Threat Analytics report with zero-day exploitation news, disclosures, or related security advisories.
+### Gain vulnerability insights
+
+If you select a CVE, a flyout panel will open with more information, including the vulnerability description, details, threat insights, and exposed devices.
+
+The "OS Feature" category is shown in relevant scenarios.
+
+ 
+
## View Common Vulnerabilities and Exposures (CVE) entries in other places
### Top vulnerable software in the dashboard
-1. Go to the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
+1. Go to the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software, along with threat information and a high-level view of device exposure over time.
-2. Select the software that you want to investigate to go a drill down page.
+2. Select the software you want to investigate to go to a drilldown page.
3. Select the **Discovered vulnerabilities** tab.
-4. Select the vulnerability that you want to investigate. A flyout panel will appear with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
+4. Select the vulnerability you want to investigate for more information on vulnerability details
@@ -102,23 +110,25 @@ View related weaknesses information in the device page.
3. The device page will open with details and response options for the device you want to investigate.
4. Select **Discovered vulnerabilities**.
- [Screenshot of the device page with details and response options](images/tvm-discovered-vulnerabilities.png)
+ 
5. Select the vulnerability that you want to investigate to open up a flyout panel with the CVE details, such as: vulnerability description, threat insights, and detection logic.
#### CVE Detection logic
-Similar to the software evidence, we now show the detection logic we applied on a device in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the device page) that shows the detection logic and source.
+Similar to the software evidence, we now show the detection logic we applied on a device in order to state that it's vulnerable. The new section is called "Detection Logic" (in any discovered vulnerability in the device page) and shows the detection logic and source.
-
+The "OS Feature" category is also shown in relevant scenarios. A CVE would affect devices that run a vulnerable OS only if a specific OS component is enabled. Let's say Windows Server 2019 has vulnerability in its DNS component. With this new capability, we’ll only attach this CVE to the Windows Server 2019 devices with the DNS capability enabled in their OS.
+
+
## Report inaccuracy
-You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated security recommendation information.
+Report a false positive when you see any vague, inaccurate, or incomplete information. You can also report on security recommendations that have already been remediated.
1. Open the CVE on the Weaknesses page.
-2. Select **Report inaccuracy**.
-3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy.
+2. Select **Report inaccuracy** and a flyout pane will open.
+3. Select the inaccuracy category from the drop-down menu and fill in your email address and inaccuracy details.
4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts.
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
index 38a2c6d170..6a1a315729 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@@ -1,6 +1,6 @@
---
title: Update alert entity API
-description: Update a Microsoft Defender ATP alert via this API.
+description: Learn how to update a Microsoft Defender ATP alert by using this API. You can update the status, determination, classification, and assignedTo properties.
keywords: apis, graph api, supported apis, get, alert, information, id
search.product: eADQiWindows 10XVcnh
ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
index d58c080f49..4514bd1e98 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
@@ -30,19 +30,21 @@ ms.topic: article
The following steps guide you on how to create roles in Microsoft Defender Security Center. It assumes that you have already created Azure Active Directory user groups.
-1. In the navigation pane, select **Settings > Roles**.
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with a Security administrator or Global administrator role assigned.
-2. Select **Add item**.
+2. In the navigation pane, select **Settings > Roles**.
-3. Enter the role name, description, and permissions you'd like to assign to the role.
+3. Select **Add item**.
-4. Select **Next** to assign the role to an Azure AD Security group.
+4. Enter the role name, description, and permissions you'd like to assign to the role.
-5. Use the filter to select the Azure AD group that you'd like to add to this role to.
+5. Select **Next** to assign the role to an Azure AD Security group.
-6. **Save and close**.
+6. Use the filter to select the Azure AD group that you'd like to add to this role to.
-7. Apply the configuration settings.
+7. **Save and close**.
+
+8. Apply the configuration settings.
> [!IMPORTANT]
> After creating roles, you'll need to create a device group and provide access to the device group by assigning it to a role that you just created.
@@ -81,19 +83,27 @@ For more information on the available commands, see [Investigate devices using L
## Edit roles
-1. Select the role you'd like to edit.
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with Security administrator or Global administrator role assigned.
-2. Click **Edit**.
+2. In the navigation pane, select **Settings > Roles**.
-3. Modify the details or the groups that are assigned to the role.
+3. Select the role you'd like to edit.
-4. Click **Save and close**.
+4. Click **Edit**.
+
+5. Modify the details or the groups that are assigned to the role.
+
+6. Click **Save and close**.
## Delete roles
-1. Select the role you'd like to delete.
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with Security administrator or Global administrator role assigned.
-2. Click the drop-down button and select **Delete role**.
+2. In the navigation pane, select **Settings > Roles**.
+
+3. Select the role you'd like to delete.
+
+4. Click the drop-down button and select **Delete role**.
## Related topic
diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
index 0a72f9fa7d..73f10d1488 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
@@ -49,7 +49,7 @@ Incident severity | Description
High (Red) | Threats often associated with advanced persistent threats (APT). These incidents indicate a high risk due to the severity of damage they can inflict on devices.
Medium (Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
Low (Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
-Informational (Grey) | Informational incidents are those that might not be considered harmful to the network but might be good to keep track of.
+Informational (Grey) | Informational incidents might not be considered harmful to the network but might be good to keep track of.
## Assigned to
You can choose to filter the list by selecting assigned to anyone or ones that are assigned to you.
@@ -65,16 +65,15 @@ Use this filter to show incidents that contain sensitivity labels.
## Incident naming
-To understand the incident's scope at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories.
+To understand the incident's scope at a glance, incident names are automatically generated based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories.
For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
> [!NOTE]
-> Incidents that existed prior the rollout of automatic incident naming will not have their name changed.
+> Incidents that existed prior the rollout of automatic incident naming will retain their name.
-Learn more about [turning on preview features](preview.md#turn-on-preview-features).
-## Related topics
+## See also
- [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue)
- [Manage incidents](manage-incidents.md)
- [Investigate incidents](investigate-incidents.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
index 73aeb36a61..15ec215f1c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
@@ -1,50 +1,50 @@
----
-title: Vulnerability methods and properties
-description: Retrieves vulnerability information
-keywords: apis, graph api, supported apis, get, vulnerability
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Vulnerability resource type
-
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-
-[!include[Prerelease information](../../includes/prerelease.md)]
-
-## Methods
-Method |Return Type |Description
-:---|:---|:---
-[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | Retrieves a list of all the vulnerabilities affecting the organization
-[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | Retrieves vulnerability information by its ID
-[List devices by vulnerability](get-machines-by-vulnerability.md)| MachineRef collection | Retrieve a list of devices that are associated with the vulnerability ID
-
-
-## Properties
-Property | Type | Description
-:---|:---|:---
-id | String | Vulnerability ID
-Name | String | Vulnerability title
-Description | String | Vulnerability description
-Severity | String | Vulnerability Severity. Possible values are: “Low”, “Medium”, “High”, “Critical”
-cvssV3 | Double | CVSS v3 score
-exposedMachines | Long | Number of exposed devices
-publishedOn | DateTime | Date when vulnerability was published
-updatedOn | DateTime | Date when vulnerability was updated
-publicExploit | Boolean | Public exploit exists
-exploitVerified | Boolean | Exploit is verified to work
-exploitInKit | Boolean | Exploit is part of an exploit kit
-exploitTypes | String collection | Exploit impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service”
-exploitUris | String collection | Exploit source URLs
+---
+title: Vulnerability methods and properties
+description: Retrieves vulnerability information
+keywords: apis, graph api, supported apis, get, vulnerability
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Vulnerability resource type
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+## Methods
+Method |Return Type |Description
+:---|:---|:---
+[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | Retrieves a list of all the vulnerabilities affecting the organization
+[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | Retrieves vulnerability information by its ID
+[List devices by vulnerability](get-machines-by-vulnerability.md)| MachineRef collection | Retrieve a list of devices that are associated with the vulnerability ID
+
+
+## Properties
+Property | Type | Description
+:---|:---|:---
+id | String | Vulnerability ID
+Name | String | Vulnerability title
+Description | String | Vulnerability description
+Severity | String | Vulnerability Severity. Possible values are: “Low”, “Medium”, “High”, “Critical”
+cvssV3 | Double | CVSS v3 score
+exposedMachines | Long | Number of exposed devices
+publishedOn | DateTime | Date when vulnerability was published
+updatedOn | DateTime | Date when vulnerability was updated
+publicExploit | Boolean | Public exploit exists
+exploitVerified | Boolean | Exploit is verified to work
+exploitInKit | Boolean | Exploit is part of an exploit kit
+exploitTypes | String collection | Exploit impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service”
+exploitUris | String collection | Exploit source URLs
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
index bbcad993a7..cc9c36fae9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
@@ -24,38 +24,38 @@ ms.topic: article
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
-Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns.
+Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
-You can configure policies across your device groups to block certain categories, effectively preventing users within specified device groups from accessing URLs that are associated with the category. For any category that's not blocked, they are automatically audited i.e. your users will be able to access the URLs without disruption and you will continue to gather access statistics to help create a more custom policy decision. If an element on the page you’re viewing is making calls to a resource which is blocked, your users will see a block notification.
+You can configure policies across your device groups to block certain categories, effectively preventing users within specified device groups from accessing URLs that are associated with the category. For any category that's not blocked, they are automatically audited. That means your users will be able to access the URLs without disruption, and you will continue to gather access statistics to help create a more custom policy decision. If an element on the page you’re viewing is making calls to a resource that is blocked, your users will see a block notification.
-Web content filtering is available on the major web browsers, with blocks performed by SmartScreen (Edge) and Network Protection (Chrome and Firefox). See the prerequisites section for more information about browser support.
+Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome and Firefox). For more information about browser support, see the prerequisites section.
-To summarize the benefits:
+Summarizing the benefits:
-- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away
-- You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
-- You can access web reports in the same central location, with visibility over actual blocks and web usage
+- Users are prevented from accessing websites in blocked categories, whether they're browsing on-premises or away
+- Conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
+- Access web reports in the same central location, with visibility over actual blocks and web usage
## User experience
The blocking experience for Chrome/Firefox is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection.
-For a more user-friendly in-browser experience, consider using Edge.
+For a more user-friendly in-browser experience, consider using Microsoft Edge.
## Prerequisites
Before trying out this feature, make sure you have the following:
-- Windows 10 Enterprise E5 license
+- Windows 10 Enterprise E5 license OR Microsoft 365 E3 + Microsoft 365 E5 Security add-on.
- Access to Microsoft Defender Security Center portal
-- Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.
-Note that if SmartScreen is not turned on, Network Protection will take over the blocking.
+- Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.
+
+If Windows Defender SmartScreen is not turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device.
## Data handling
For this feature, we will follow whichever region you have elected to use as part of your [Microsoft Defender ATP data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds.
-
## Turn on web content filtering
From the left-hand navigation menu, select **Settings > General > Advanced Features**. Scroll down until you see the entry for **Web content filtering**. Switch the toggle to **On** and **Save preferences**.
@@ -79,7 +79,7 @@ To add a new policy:
>[!NOTE]
>If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment.
->ProTip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.
+>ProTip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.
## Web content filtering cards and details
@@ -119,11 +119,11 @@ You can access the **Report details** for each card by selecting a table row or
Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item.
-
## Errors and issues
### Limitations and known issues in this preview
-- Only Edge is supported if your device's OS configuraiton is Server (cmd > Systeminfo > OS Configuration). This is because Network Protection is only supported in Inspect mode on Server devices which is responsible for securing traffic across Chrome/Firefox.
+
+- Only Edge is supported if your device's OS configuration is Server (cmd > Systeminfo > OS Configuration). This is because Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across Chrome/Firefox.
- Unassigned devices will have incorrect data shown within the report. In the Report details > Device groups pivot, you may see a row with a blank Device Group field. This group contains your unassigned devices in the interim before they get put into your specified group. The report for this row may not contain an accurate count of devices or access counts.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index 906f92f4f8..5b63a7546e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -139,7 +139,7 @@ Threat Analytics is a set of interactive reports published by the Microsoft Defe
- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
- Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/).
- - Microsoft Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/microsoft-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security.
+ - Microsoft Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://www.microsoft.com/security/blog/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox) (preview), increasing its security.
- [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus) for Microsoft Defender Antivirus scans.
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 4f0891df0c..3956891c0c 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -33,29 +33,29 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
Description
-
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen
-
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen
Windows 10, Version 1607 and earlier: Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen
+
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen
+
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen
Windows 10, Version 1607 and earlier: Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen
At least Windows Server 2012, Windows 8 or Windows RT
This policy setting turns on Microsoft Defender SmartScreen.
If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).
If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.
If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.
-
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control
-
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control
-
Windows 10, version 1703
-
This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.This setting does not protect against malicious content from USB devices, network shares or other non-internet sources.
Important: Using a trustworthy browser helps ensure that these protections work as expected.
+
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control
+
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control
+
Windows 10, version 1703
+
This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.This setting does not protect against malicious content from USB devices, network shares or other non-internet sources.
Important: Using a trustworthy browser helps ensure that these protections work as expected.
-
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen
Windows 10, Version 1607 and earlier: Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen
+
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen
Windows 10, Version 1607 and earlier: Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen
Microsoft Edge on Windows 10 or later
This policy setting turns on Microsoft Defender SmartScreen.
If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.
If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.
If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.
-
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files
Windows 10, Version 1511 and 1607: Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files
+
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files
Windows 10, Version 1511 and 1607: Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files
Microsoft Edge on Windows 10, version 1511 or later
This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.
If you enable this setting, it stops employees from bypassing the warning, stopping the file download.
If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.
-
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
Windows 10, Version 1511 and 1607: Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites
+
Windows 10, version 2004: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
Windows 10, version 1703: Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
Windows 10, Version 1511 and 1607: Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites
Microsoft Edge on Windows 10, version 1511 or later
This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.
If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.
If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.
@@ -90,11 +90,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
Windows 10
-
URI full path. ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
-
Data type. Integer
-
Allowed values:
-
0 . Turns off Microsoft Defender SmartScreen in Edge.
-
1. Turns on Microsoft Defender SmartScreen in Edge.
+
URI full path. ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
+
Data type. Integer
+
Allowed values:
+
0 . Turns off Microsoft Defender SmartScreen in Edge.
+
1. Turns on Microsoft Defender SmartScreen in Edge.
@@ -102,11 +102,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
Windows 10, version 1703
-
URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl
-
Data type. Integer
-
Allowed values:
-
0 . Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.
-
1. Turns on Application Installation Control, allowing users to install apps from the Microsoft Store only.
+
URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl
+
Data type. Integer
+
Allowed values:
+
0 . Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.
+
1. Turns on Application Installation Control, allowing users to install apps from the Microsoft Store only.
@@ -114,11 +114,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
Windows 10, version 1703
-
URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
-
Data type. Integer
-
Allowed values:
-
0 . Turns off Microsoft Defender SmartScreen in Windows for app and file execution.
-
1. Turns on Microsoft Defender SmartScreen in Windows for app and file execution.
+
URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
+
Data type. Integer
+
Allowed values:
+
0 . Turns off Microsoft Defender SmartScreen in Windows for app and file execution.
+
1. Turns on Microsoft Defender SmartScreen in Windows for app and file execution.
@@ -126,11 +126,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
Windows 10, version 1703
-
URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
-
Data type. Integer
-
Allowed values:
-
0 . Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.
-
1. Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.
+
URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
+
Data type. Integer
+
Allowed values:
+
0 . Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.
+
1. Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.
@@ -138,11 +138,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
Windows 10, Version 1511 and later
-
URI full path. ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
-
Data type. Integer
-
Allowed values:
-
0 . Employees can ignore Microsoft Defender SmartScreen warnings.
-
1. Employees can't ignore Microsoft Defender SmartScreen warnings.
+
URI full path. ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
+
Data type. Integer
+
Allowed values:
+
0 . Employees can ignore Microsoft Defender SmartScreen warnings.
+
1. Employees can't ignore Microsoft Defender SmartScreen warnings.
@@ -150,11 +150,11 @@ For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy C
Windows 10, Version 1511 and later
-
URI full path. ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
-
Data type. Integer
-
Allowed values:
-
0 . Employees can ignore Microsoft Defender SmartScreen warnings for files.
-
1. Employees can't ignore Microsoft Defender SmartScreen warnings for files.
+
URI full path. ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
+
Data type. Integer
+
Allowed values:
+
0 . Employees can ignore Microsoft Defender SmartScreen warnings for files.
+
1. Employees can't ignore Microsoft Defender SmartScreen warnings for files.
@@ -170,19 +170,19 @@ To better help you protect your organization, we recommend turning on and using
Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen
-
Enable. Turns on Microsoft Defender SmartScreen.
+
Enable. Turns on Microsoft Defender SmartScreen.
Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
-
Enable. Stops employees from ignoring warning messages and continuing to a potentially malicious website.
+
Enable. Stops employees from ignoring warning messages and continuing to a potentially malicious website.
Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files
-
Enable. Stops employees from ignoring warning messages and continuing to download potentially malicious files.
+
Enable. Stops employees from ignoring warning messages and continuing to download potentially malicious files.
Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen
-
Enable with the Warn and prevent bypass option. Stops employees from ignoring warning messages about malicious files downloaded from the Internet.
+
Enable with the Warn and prevent bypass option. Stops employees from ignoring warning messages about malicious files downloaded from the Internet.
@@ -193,23 +193,23 @@ To better help you protect your organization, we recommend turning on and using
Browser/AllowSmartScreen
-
1. Turns on Microsoft Defender SmartScreen.
+
1. Turns on Microsoft Defender SmartScreen.
Browser/PreventSmartScreenPromptOverride
-
1. Stops employees from ignoring warning messages and continuing to a potentially malicious website.
+
1. Stops employees from ignoring warning messages and continuing to a potentially malicious website.
Browser/PreventSmartScreenPromptOverrideForFiles
-
1. Stops employees from ignoring warning messages and continuing to download potentially malicious files.
+
1. Stops employees from ignoring warning messages and continuing to download potentially malicious files.
SmartScreen/EnableSmartScreenInShell
-
1. Turns on Microsoft Defender SmartScreen in Windows.
Requires at least Windows 10, version 1703.
+
1. Turns on Microsoft Defender SmartScreen in Windows.
Requires at least Windows 10, version 1703.
SmartScreen/PreventOverrideForFilesInShell
-
1. Stops employees from ignoring warning messages about malicious files downloaded from the Internet.
Requires at least Windows 10, version 1703.
+
1. Stops employees from ignoring warning messages about malicious files downloaded from the Internet.
Requires at least Windows 10, version 1703.
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index f13b6bff37..b39153d62c 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -1,6 +1,6 @@
---
title: Microsoft Defender SmartScreen overview (Windows 10)
-description: Conceptual info about Microsoft Defender SmartScreen.
+description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
ms.prod: w10
ms.mktglfcycl: explore
@@ -66,6 +66,9 @@ When submitting Microsoft Defender Smartscreen products, make sure to select **M
## Viewing Microsoft Defender SmartScreen anti-phishing events
+> [!NOTE]
+> No Smartscreen events will be logged when using Microsoft Edge version 77 or later.
+
When Microsoft Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx).
## Viewing Windows event logs for Microsoft Defender SmartScreen
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 15bf8bc91c..eaef387dbf 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -311,9 +311,9 @@ The following table lists EMET features in relation to Windows 10 features.
-
Specific EMET features
-
How these EMET features map
-to Windows 10 features
+
Specific EMET features
+
How these EMET features map
+to Windows 10 features
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index d726f7ff56..905bf8c06a 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -351,7 +351,7 @@ The following table details the hardware requirements for both virtualization-ba
Virtualization extensions, such as Intel VT-x, AMD-V, and SLAT must be enabled
Required to support virtualization-based security.
-Note
Device Guard can be enabled without using virtualization-based security.
+Note
Device Guard can be enabled without using virtualization-based security.
@@ -533,7 +533,7 @@ If the TPM ownership is not known but the EK exists, the client library will pro
As part of the provisioning process, Windows 10 will create an AIK with the TPM. When this operation is performed, the resulting AIK public portion is stored in the registry at the following location: **HKLM\\SYSTEM\\CurrentControlSet\\Services\\TPM\\WMI\\WindowsAIKPub**
-> **Note:** For provisioning AIK certificates and filtering Internet access, you must authorize the following wildcard URL: https://\*.microsoftaik.azure.net
+> **Note:** For provisioning AIK certificates and filtering Internet access, you must authorize the following wildcard URL: https://\*.microsoftaik.azure.net
### Windows 10 Health Attestation CSP
diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index cea2e3c915..9e241156a8 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -27,6 +27,7 @@ The SCT enables administrators to effectively manage their enterprise’s Group
The Security Compliance Toolkit consists of:
- Windows 10 security baselines
+ - Windows 10 Version 2004 (May 2020 Update)
- Windows 10 Version 1909 (November 2019 Update)
- Windows 10 Version 1903 (May 2019 Update)
- Windows 10 Version 1809 (October 2018 Update)
@@ -80,63 +81,3 @@ It can export local policy to a GPO backup.
It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file.
Documentation for the LGPO tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/lgpo-exe-local-group-policy-object-utility-v1-0/ba-p/701045) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
-
-## List of PowerShell scripts
-
-This list of PowerShell script names, divided into categories by the name of the ZIP file containing those scripts, is based on the download page content listing of the full package download (12 files).
-
-1. **Windows 10 Version 1909 and Windows Server Version 1909 Security Baseline.zip**
-
- - Baseline-ADImport.ps1
- - Baseline-LocalInstall.ps1
- - Remove-EPBaselineSettings.ps1
- - MapGuidsToGpoNames.ps1
-
-2. **LGPO.zip**
- - (none)
-
-3. **Microsoft Edge v80.zip**
-
- - Baseline-ADImport.ps1
- - Baseline-LocalInstall.ps1
- - MapGuidsToGpoNames.ps1
-
-4. **Office365-ProPlus-Sept2019-FINAL.zip**
-
- - Baseline-ADImport.ps1
- - Baseline-LocalInstall.ps1
- - MapGuidsToGpoNames.ps1
-
-5. **PolicyAnalyzer.zip**
-
- - Merge-PolicyRules.ps1
- - Split-PolicyRules.ps1
-
-6. **Windows 10 Version 1507 Security Baseline.zip**
- - (none)
-
-7. **Windows 10 Version 1607 and Windows Server 2016 Security Baseline.zip**
-
- - MapGuidsToGpoNames.ps1
-
-8. **Windows 10 Version 1709 Security Baseline.zip**
-
- - MapGuidsToGpoNames.ps1
-
-9. **Windows 10 Version 1803 Security Baseline.zip**
-
- - MapGuidsToGpoNames.ps1
-
-10. **Windows 10 Version 1809 and Windows Server 2019 Security Baseline.zip**
-
- - BaselineLocalInstall.ps1
- - MapGuidsToGpoNames.ps1
-
-11. **Windows 10 Version 1903 and Windows Server Version 1903 Security Baseline - Sept2019Update.zip**
-
- - Baseline-ADImport.ps1
- - Baseline-LocalInstall.ps1
- - MapGuidsToGpoNames.ps1
-
-12. **Windows Server 2012 R2 Security Baseline.zip**
- - (none)
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
index 1b01a9d308..242f47b39f 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
@@ -81,16 +81,13 @@ None. Changes to this policy become effective without a device restart when they
### Safe mode considerations
-When you start a device in safe mode, the disabled administrator account is enabled only if the computer is non-domain joined and there are no other active local administrator accounts. If the computer is joined to a domain, the disabled administrator account is not enabled.
-If the administrator account is disabled, you can still access the computer by using safe mode with the current administrative credentials. For example, if a failure occurs using a secure channel with a domain-joined computer, and there is no other local administrator account, you must restart the device in safe mode to fix the failure.
+When you start a device in safe mode, the disabled administrator account is enabled only if the computer is non-domain joined and there are no other active local administrator accounts. In this case, you can access the computer by using safe mode with the current administrative credentials. If the computer is joined to a domain, the disabled administrator account is not enabled.
### How to access a disabled Administrator account
You can use the following methods to access a disabled Administrator account:
-- When there is only one local administrator account that is disabled, start the device in safe mode (locally or over a network), and sign in by using the credentials for the administrator account on that computer.
-- When there are local administrator accounts in addition to the built-in account, start the computer in safe mode (locally or over a network), and sign in by using the credentials for the administrator account on that device. An alternate method is to sign in to Windows by using another local
-Administrator account that was created.
-- When multiple domain-joined servers have a disabled local Administrator account that can be accessed in safe mode, you can remotely run psexec by using the following command: **net user administrator /active: no**.
+- For non-domain joined computers: when all the local administrator accounts are disabled, start the device in safe mode (locally or over a network), and sign in by using the credentials for the default local administrator account on that computer.
+- For domain-joined computers: remotely run the command **net user administrator /active: yes** by using psexec to enable the default local administrator account.
## Security considerations
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
index a41896c0f5..44ba58b22d 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
@@ -26,7 +26,7 @@ Describes the best practices, location, values, management, and security conside
## Reference
-This setting prevents using the **Settings** app to add a Microsoft account for single sign-on (SSO) authentication for Microsoft services and some background services, or using a Microsoft account for single sign-on to other applications or services.
+This setting prevents using the **Settings** app to add a Microsoft account for single sign-on (SSO) authentication for Microsoft services and some background services, or using a Microsoft account for single sign-on to other applications or services. For more details, see [Microsoft Accounts](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts).
There are two options if this setting is enabled:
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
index 98bcd11836..00e0451b37 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
@@ -61,7 +61,12 @@ This setting has these possible values:
This change makes this setting consistent with the functionality of the new **Privacy** setting.
To display no user information, enable the Group Policy setting **Interactive logon: Don't display last signed-in**.
-- Blank.
+- **Domain and user names only**
+
+ For a domain logon only, the domain\username is displayed.
+ The **Privacy** setting is automatically on and grayed out.
+
+- **Blank**
Default setting.
This translates to “Not defined,” but it will display the user’s full name in the same manner as the option **User display name only**.
@@ -89,7 +94,7 @@ For all versions of Windows 10, only the user display name is shown by default.
If **Block user from showing account details on sign-in** is enabled, then only the user display name is shown regardless of any other Group Policy settings.
Users will not be able to show details.
-If **Block user from showing account details on sign-in** is not enabled, then you can set **Interactive logon: Display user information when the session is locked** to **User display name, domain and user names** to show additional details such as domain\username.
+If **Block user from showing account details on sign-in** is not enabled, then you can set **Interactive logon: Display user information when the session is locked** to **User display name, domain and user names** or **Domain and user names only** to show additional details such as domain\username.
In this case, clients that run Windows 10 version 1607 need [KB 4013429](https://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429) applied.
Users will not be able to hide additional details.
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index f5a0e5c08f..c93ec93b11 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -6,7 +6,6 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-ms.localizationpriority: medium
author: dansimp
ms.date: 09/17/2018
ms.reviewer:
@@ -91,9 +90,9 @@ In other words, the hotfix in each KB article provides the necessary code and fu
| |Default SDDL |Translated SDDL| Comments
|---|---|---|---|
-|Windows Server 2016 domain controller (reading Active Directory)|“”|-|Everyone has read permissions to preserve compatibility.|
+|Windows Server 2016 (or later) domain controller (reading Active Directory)|“”|-|Everyone has read permissions to preserve compatibility.|
|Earlier domain controller |-|-|No access check is performed by default.|
-|Windows 10, version 1607 non-domain controller|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) DACL: • Revision: 0x02 • Size: 0x0020 • Ace Count: 0x001 • Ace[00]------------------------- AceType:0x00 (ACCESS\_ALLOWED_ACE_TYPE) AceSize:0x0018 InheritFlags:0x00 Access Mask:0x00020000 AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544)
SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
+|Windows 10, version 1607 (or later) non-domain controller|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) DACL: • Revision: 0x02 • Size: 0x0020 • Ace Count: 0x001 • Ace[00]------------------------- AceType:0x00 (ACCESS\_ALLOWED_ACE_TYPE) AceSize:0x0018 InheritFlags:0x00 Access Mask:0x00020000 AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544)
SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
|Earlier non-domain controller |-|-|No access check is performed by default.|
## Policy management
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index df0b38192a..b3c9f04138 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -56,7 +56,9 @@ Additionally, if a data drive is password-protected, it can be accessed by a FIP
### Best practices
-There are no best practices for this setting. Our previous guidance had recommended a setting of **Enabled**, primarily to align with US Federal government recommendations. [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend this setting be **Not Defined**, meaning that we leave the decision to customers. For a deeper explanation, see [Why We’re Not Recommending “FIPS Mode” Anymore](https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/).
+We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode.
+
+For a complete list of Microsoft-recommended configuration settings, see [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines). For more information about Windows and FIPS 140-2, see [FIPS 140 Validation](https://docs.microsoft.com/windows/security/threat-protection/fips-140-validation).
### Location
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md
index 1a4b279e16..7462b160a6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.md
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md
@@ -9,6 +9,7 @@
#### [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md)
#### [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md)
#### [Authorize apps deployed with a WDAC managed installer](use-windows-defender-application-control-with-managed-installer.md)
+##### [Configure a WDAC managed installer](configure-wdac-managed-installer.md)
#### [Authorize reputable apps with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md)
#### [Use multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md)
#### [Microsoft recommended block rules](microsoft-recommended-block-rules.md)
@@ -40,7 +41,8 @@
## [Windows Defender Application Control operational guide](windows-defender-application-control-operational-guide.md)
-### [Understanding Application Control events](event-id-explanations.md)
+### [Understanding Application Control event IDs](event-id-explanations.md)
+### [Understanding Application Control event tags](event-tag-explanations.md)
### [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md)
## [AppLocker](applocker\applocker-overview.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
index 7ac5a2faeb..1f35434f95 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
@@ -59,12 +59,12 @@ You can perform this task by using the Group Policy Management Console for an Ap
-
Use an installed packaged app as a reference
+
Use an installed packaged app as a reference
If selected, AppLocker requires you to choose an app that is already installed on which to base your new rule. AppLocker uses the publisher, package name and package version to define the rule.
You want the Sales group only to use the app named Microsoft.BingMaps for its outside sales calls. The Microsoft.BingMaps app is already installed on the device where you are creating the rule, so you choose this option, and select the app from the list of apps installed on the computer and create the rule using this app as a reference.
-
Use a packaged app installer as a reference
+
Use a packaged app installer as a reference
If selected, AppLocker requires you to choose an app installer on which to base your new rule. A packaged app installer has the .appx extension. AppLocker uses the publisher, package name and package version of the installer to define the rule.
Your company has developed a number of internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share and choose the installer for the Payroll app as a reference to create your rule.
@@ -87,30 +87,30 @@ You can perform this task by using the Group Policy Management Console for an Ap
-
Applies to Any publisher
-
This is the least restrictive scope condition for an Allow rule. It permits every packaged app to run or install.
-
Conversely, if this is a Deny rule, then this option is the most restrictive because it denies all apps from installing or running.
+
Applies to Any publisher
+
This is the least restrictive scope condition for an Allow rule. It permits every packaged app to run or install.
+
Conversely, if this is a Deny rule, then this option is the most restrictive because it denies all apps from installing or running.
You want the Sales group to use any packaged app from any signed publisher. You set the permissions to allow the Sales group to be able to run any app.
-
Applies to a specific Publisher
+
Applies to a specific Publisher
This scopes the rule to all apps published by a particular publisher.
You want to allow all your users to install apps published by the publisher of Microsoft.BingMaps. You could select Microsoft.BingMaps as a reference and choose this rule scope.
-
Applies to a Package name
+
Applies to a Package name
This scopes the rule to all packages that share the publisher name and package name as the reference file.
You want to allow your Sales group to install any version of the Microsoft.BingMaps app. You could select the Microsoft.BingMaps app as a reference and choose this rule scope.
-
Applies to a Package version
+
Applies to a Package version
This scopes the rule to a particular version of the package.
You want to be very selective in what you allow. You do not want to implicitly trust all future updates of the Microsoft.BingMaps app. You can limit the scope of your rule to the version of the app currently installed on your reference computer.
Applying custom values to the rule
-
Selecting the Use custom values check box allows you to adjust the scope fields for your particular circumstance.
-
You want to allow users to install all Microsoft.Bing* applications which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the Use custom values check box and edit the package name field by adding “Microsoft.Bing*” as the Package name.
+
Selecting the Use custom values check box allows you to adjust the scope fields for your particular circumstance.
+
You want to allow users to install all Microsoft.Bing* applications which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the Use custom values check box and edit the package name field by adding “Microsoft.Bing*” as the Package name.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
index 3cac5abbce..c43cf96fee 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
@@ -99,9 +99,9 @@ The following table provides an example of how to list applications for each bus
->Note: AppLocker only supports publisher rules for Universal Windows apps. Therefore, collecting the installation path information for Universal Windows apps is not necessary.
+>Note: AppLocker only supports publisher rules for Universal Windows apps. Therefore, collecting the installation path information for Universal Windows apps is not necessary.
-Event processing
+Event processing
As you create your list of apps, you need to consider how to manage the events that are generated by user access, or you need to deny running those apps to make your users as productive as possible. The following list is an example of what to consider and what to record:
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
index 2f56b9e1e8..3e7f0169c7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
@@ -1,6 +1,6 @@
---
title: Maintain AppLocker policies (Windows 10)
-description: This topic describes how to maintain rules within AppLocker policies.
+description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies.
ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
index 90bf198903..35e51ee350 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
@@ -277,7 +277,7 @@ The following table is an example of what to consider and record.
-Policy maintenance policy
+Policy maintenance policy
When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies.
The following table is an example of what to consider and record.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
index 5bfe8d38ed..1d132ac242 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
@@ -131,7 +131,7 @@ An AppLocker policy deployment plan is the result of investigating which applica
-Event processing policy
+Event processing policy
@@ -169,7 +169,7 @@ An AppLocker policy deployment plan is the result of investigating which applica
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
index 7baf71b5df..a8bfeff845 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
@@ -119,7 +119,7 @@ If your organization supports multiple Windows operating systems, app control po
AppLocker rules are only applied to computers running the supported versions of Windows, but SRP rules can be applied to all versions of Windows beginning with Windows XP and Windows Server 2003. For specific operating system version requirements, see Requirements to use AppLocker.
-Note
If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.
+Note
If you are using the Basic User security level as assigned in SRP, those privileges are not supported on computers running that support AppLocker.
-Application control function differences
+Application control function differences
The following table compares the application control functions of Software Restriction Policies (SRP) and AppLocker.
@@ -141,7 +141,7 @@ The following table compares the application control functions of Software Restr
SRP policies can be applied to all Windows operating systems beginning with Windows XP and Windows Server 2003.
AppLocker policies apply only to those supported operating system versions and editions listed in Requirements to use AppLocker. But these systems can also use SRP.
-Note
Use different GPOs for SRP and AppLocker rules.
+Note
Use different GPOs for SRP and AppLocker rules.
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
new file mode 100644
index 0000000000..b7f98f9949
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
@@ -0,0 +1,160 @@
+---
+title: Configure a WDAC managed installer (Windows 10)
+description: Explains how to configure a custom Manged Installer.
+keywords: security, malware
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+audience: ITPro
+ms.collection: M365-security-compliance
+author: jsuther1974
+ms.reviewer: isbrahm
+ms.author: dansimp
+manager: dansimp
+ms.date: 08/14/2020
+---
+
+# Configuring a managed installer with AppLocker and Windows Defender Application Control
+
+**Applies to:**
+
+- Windows 10
+- Windows Server 2019
+
+Setting up managed installer tracking and application execution enforcement requires applying both an AppLocker and WDAC policy with specific rules and options enabled.
+There are three primary steps to keep in mind:
+
+- Specify managed installers by using the Managed Installer rule collection in AppLocker policy.
+- Enable service enforcement in AppLocker policy.
+- Enable the managed installer option in a WDAC policy.
+
+## Specify managed installers using the Managed Installer rule collection in AppLocker policy
+
+The identity of the managed installer executable(s) is specified in an AppLocker policy in a Managed Installer rule collection.
+
+### Create Managed Installer rule collection
+
+Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerShell cmdlets allow for directly specifying rules for the Managed Installer rule collection. However, a text editor can be used to make the simple changes needed to an EXE or DLL rule collection policy to specify Type="ManagedInstaller", so that the new rule can be imported into a GPO.
+
+1. Use [New-AppLockerPolicy](https://docs.microsoft.com/powershell/module/applocker/new-applockerpolicy?view=win10-ps) to make an EXE rule for the file you are designating as a managed installer. Note that only EXE file types can be designated as managed installers. Below is an example using the rule type Publisher with a hash fallback, but other rule types can be used as well. You may need to reformat the output for readability.
+
+ ```powershell
+ Get-ChildItem | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Publisher, Hash -User Everyone -Xml > AppLocker_MI_PS_ISE.xml
+ ```
+
+2. Manually rename the rule collection to ManagedInstaller
+
+ Change
+
+ ```powershell
+
+ ```
+
+ to
+
+ ```powershell
+
+ ```
+
+An example of a valid Managed Installer rule collection using Microsoft Endpoint Config Manager (MEMCM) is shown below.
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
+
+### Enable service enforcement in AppLocker policy
+
+Since many installation processes rely on services, it is typically necessary to enable tracking of services.
+Correct tracking of services requires the presence of at least one rule in the rule collection, so a simple audit only rule will suffice. This can be added to the policy created above which specifies your managed installer rule collection.
+
+For example:
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
+
+## Enable the managed installer option in WDAC policy
+
+In order to enable trust for the binaries laid down by managed installers, the Enabled: Managed Installer option must be specified in your WDAC policy.
+This can be done by using the [Set-RuleOption cmdlet](https://docs.microsoft.com/powershell/module/configci/set-ruleoption) with Option 13.
+
+Below are steps to create a WDAC policy which allows Windows to boot and enables the managed installer option.
+
+1. Copy the DefaultWindows_Audit policy into your working folder from C:\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Audit.xml
+
+2. Reset the policy ID to ensure it is in multiple policy format and give it a different GUID from the example policies. Also give it a friendly name to help with identification.
+
+ Ex.
+
+ ```powershell
+ Set-CIPolicyIdInfo -FilePath -PolicyName "" -ResetPolicyID
+ ```
+
+3. Set Option 13 (Enabled:Managed Installer)
+
+ ```powershell
+ Set-RuleOption -FilePath -Option 13
+ ```
+
+## Set the AppLocker filter driver to autostart
+
+To enable the managed installer, you need to set the AppLocker filter driver to autostart and start it.
+
+To do so, run the following command as an Administrator:
+
+```console
+appidtel.exe start [-mionly]
+```
+
+Specify `-mionly` if you will not use the Intelligent Security Graph (ISG).
+
+## Enabling managed installer logging events
+
+Refer to [Understanding Application Control Events](event-id-explanations.md#optional-intelligent-security-graph-isg-or-managed-installer-mi-diagnostic-events) for information on enabling optional managed installer diagnostic events.
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index a7e35f839e..da15b10af4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -3,9 +3,6 @@ title: Create a code signing cert for Windows Defender Application Control (Win
description: Learn how to set up a publicly-issued code signing certificate, so you can sign catalog files or WDAC policies internally.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
index b1e6b39844..9b387d559d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
@@ -1,6 +1,6 @@
---
title: Disable Windows Defender Application Control policies (Windows 10)
-description: This topic covers how to disable unsigned or signed WDAC policies.
+description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index 965a842f19..444430a762 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -1,6 +1,6 @@
---
-title: Understanding Application Control events (Windows 10)
-description: Learn what different Windows Defender Application Control events signify.
+title: Understanding Application Control event IDs (Windows 10)
+description: Learn what different Windows Defender Application Control event IDs signify.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: w10
@@ -21,8 +21,9 @@ ms.date: 3/17/2020
A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events are generated under two locations:
-1. Event IDs beginning with 30 appear in Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
-2. Event IDs beginning with 80 appear in Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
+ - Event IDs beginning with 30 appear in Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
+
+ - Event IDs beginning with 80 appear in Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
## Microsoft Windows CodeIntegrity Operational log event IDs
@@ -30,7 +31,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 3076 | Audit executable/dll file |
| 3077 | Block executable/dll file |
-| 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is. Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the “System” portion of the event data under “Correlation ActivityID”. |
+| 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is. Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
| 3099 | Indicates that a policy has been loaded |
## Microsoft Windows Applocker MSI and Script log event IDs
@@ -39,7 +40,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 8028 | Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the scripthosts themselves. Note: there is no WDAC enforcement on 3rd party scripthosts. |
| 8029 | Block script/MSI file |
-| 8038 | Signing information event correlated with either a 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the “System” portion of the event data under “Correlation ActivityID”. | |
+| 8038 | Signing information event correlated with either a 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | |
## Optional Intelligent Security Graph (ISG) or Managed Installer (MI) diagnostic events
@@ -70,11 +71,12 @@ Below are the fields which help to diagnose what a 3090, 3091, or 3092 event ind
In order to enable 3091 audit events and 3092 block events, you must create a TestFlags regkey with a value of 0x100. You can do so using the following PowerShell command:
- ```powershell
- reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x100
- ```
-In order to enable 3090 allow events, you must create a TestFlags regkey with a value of 0x300. You can do so using the following PowerShell command:
+```powershell
+reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x100
+```
+
+In order to enable 3090 allow events as well as 3091 and 3092 events, you must instead create a TestFlags regkey with a value of 0x300. You can do so using the following PowerShell command:
- ```powershell
- reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300
- ```
+```powershell
+reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300
+```
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
new file mode 100644
index 0000000000..455177e5c9
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -0,0 +1,83 @@
+---
+title: Understanding Application Control event tags (Windows 10)
+description: Learn what different Windows Defender Application Control event tags signify.
+keywords: security, malware
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+audience: ITPro
+ms.collection: M365-security-compliance
+author: jsuther1974
+ms.reviewer: isbrahm
+ms.author: dansimp
+manager: dansimp
+ms.date: 8/27/2020
+---
+
+# Understanding Application Control event tags
+
+Windows Defender Application Control (WDAC) events include a number of fields which provide helpful troubleshooting information to figure out exactly what an event means. Below, we have documented the values and meanings for a few useful event tags.
+
+## SignatureType
+
+Represents the type of signature which verified the image.
+
+| SignatureType Value | Explanation |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 0 | Unsigned or verification has not been attempted |
+| 1 | Embedded signature |
+| 2 | Cached signature; presence of CI EA shows that file had been previously verified |
+| 4 | Un-cached catalog verified via Catalog Database or searching catalog directly |
+| 5 | Successfully verified using an EA that informs CI which catalog to try first |
+|6 | AppX / MSIX package catalog verified |
+| 7 | File was verified |
+
+## ValidatedSigningLevel
+
+Represents the signature level at which the code was verified.
+
+| ValidatedSigningLevel Value | Explanation |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 0 | Signing level has not yet been checked |
+| 1 | File is unsigned |
+| 2 | Trusted by WDAC policy |
+| 3 | Developer signed code |
+| 4 | Authenticode signed |
+| 5 | Microsoft Store signed app PPL (Protected Process Light) |
+| 6 | Microsoft Store-signed |
+| 7 | Signed by an Antimalware vendor whose product is using AMPPL |
+| 8 | Microsoft signed |
+| 11 | Only used for signing of the .NET NGEN compiler |
+| 12 | Windows signed |
+| 14 | Windows Trusted Computing Base signed |
+
+## VerificationError
+
+Represents why verification failed, or if it succeeded.
+
+| VerificationError Value | Explanation |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 0 | Successfully verified signature |
+| 2 | File contains shared writable sections |
+| 4 | Revoked signature |
+| 5 | Expired signature |
+| 7 | Invalid root certificate |
+| 8 | Signature was unable to be validated; generic error |
+| 9 | Signing time not trusted |
+| 12 | Not valid for a PPL (Protected Process Light) |
+| 13 | Not valid for a PP (Protected Process) |
+| 15 | Failed WHQL check |
+| 16 | Default policy signing level not met |
+| 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs |
+| 18 | Custom signing level not met; returned if signature fails to match CISigners in UMCI |
+| 19 | Binary is revoked by file hash |
+| 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy |
+| 21 | Failed to pass WDAC policy |
+| 22 | Not IUM (Isolated User Mode) signed; indicates trying to load a non-trustlet binary into a trustlet |
+| 23 | Invalid image hash |
+| 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS |
+| 26 | Explicitly denied by WADC policy |
+| 28 | Resource page hash mismatch |
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 443397ada3..06d6ee7d8f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -24,38 +24,55 @@ ms.date: 04/09/2019
- Windows 10
- Windows Server 2016 and above
-Members of the security community\* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.
+Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.
Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including Windows Defender Application Control:
- addinprocess.exe
- addinprocess32.exe
- addinutil.exe
+- aspnet_compiler.exe
- bash.exe
-- bginfo.exe[1]
+- bginfo.exe1
- cdb.exe
- csi.exe
- dbghost.exe
- dbgsvc.exe
- dnx.exe
+- dotnet.exe
- fsi.exe
- fsiAnyCpu.exe
+- infdefaultinstall.exe
- kd.exe
-- ntkd.exe
+- kill.exe
- lxssmanager.dll
-- msbuild.exe[2]
+- lxrun.exe
+- Microsoft.Build.dll
+- Microsoft.Build.Framework.dll
+- Microsoft.Workflow.Compiler.exe
+- msbuild.exe2
+- msbuild.dll
- mshta.exe
+- ntkd.exe
- ntsd.exe
+- powershellcustomhost.exe
- rcsi.exe
+- runscripthelper.exe
+- texttransform.exe
+- visualuiaverifynative.exe
- system.management.automation.dll
+- wfc.exe
- windbg.exe
- wmic.exe
+- wsl.exe
+- wslconfig.exe
+- wslhost.exe
-[1]A vulnerability in bginfo.exe has been fixed in the latest version 4.22. If you use BGInfo, for security, make sure to download and run the latest version here [BGInfo 4.22](https://docs.microsoft.com/sysinternals/downloads/bginfo). Note that BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
+1 A vulnerability in bginfo.exe has been fixed in the latest version 4.22. If you use BGInfo, for security, make sure to download and run the latest version here [BGInfo 4.22](https://docs.microsoft.com/sysinternals/downloads/bginfo). Note that BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
-[2]If you are using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. However, if your reference system is an end user device that is not being used in a development context, we recommend that you block msbuild.exe.
+2 If you are using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. However, if your reference system is an end user device that is not being used in a development context, we recommend that you block msbuild.exe.
-*Microsoft recognizes the efforts of those in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people:
+* Microsoft recognizes the efforts of those in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people:
@@ -121,44 +138,45 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
+
-
+
+
+
+
-
-
-
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
@@ -859,48 +877,51 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
+
+
+
+
+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
-
+
+
+
+
-
-
-
+
+
+
+
+
-
-
-
-
-
-
-
-
+
-
-
-
-
+
diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
index 9c6d253b10..61a59f78bf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
@@ -1,6 +1,6 @@
---
title: Plan for WDAC policy management (Windows 10)
-description: How to plan for Windows Defender Application Control (WDAC) policy management.
+description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index e14032719c..134df74024 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -1,6 +1,6 @@
---
title: Understand WDAC policy rules and file rules (Windows 10)
-description: Windows Defender Application Control (WDAC) provides control over a computer running Windows 10 by using policies that specify whether a driver or application is trusted and can be run. A policy includes *policy rules* that control options.
+description: Learn how Windows Defender Application Control provides control over a computer running Windows 10 by using policies that include policy rules and file rules.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index 266e60b744..ae0cd53f63 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -3,9 +3,7 @@ title: Understand Windows Defender Application Control policy design decisions
description: Understand Windows Defender Application Control policy design decisions.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.reviewer:
manager: dansimp
-ms.author: dansimp
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
@@ -16,7 +14,6 @@ ms.collection: M365-security-compliance
author: jsuther1974
ms.reviewer: isbrahm
ms.author: dansimp
-manager: dansimp
ms.date: 02/08/2018
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index 555168716a..f49176ee48 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -3,9 +3,6 @@ title: Use code signing to simplify application control for classic Windows appl
description: With embedded signing, your WDAC policies typically do not have to be updated when an app is updated. To set this up, you can choose from a variety of methods.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
index d050e42b00..766037be4b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@@ -3,8 +3,6 @@ title: Use the Device Guard Signing Portal in the Microsoft Store for Business
description: You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.reviewer:
-manager: dansimp
ms.author: dansimp
ms.prod: w10
ms.mktglfcycl: deploy
@@ -15,7 +13,6 @@ audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
ms.reviewer: isbrahm
-ms.author: dansimp
manager: dansimp
ms.date: 02/19/2019
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 5bbcb531fa..f5a09fc5c6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -3,9 +3,6 @@ title: Use signed policies to protect Windows Defender Application Control again
description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index 43cc718d71..79a167e2a1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -3,7 +3,6 @@ title: Use a Windows Defender Application Control policy to control specific plu
description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.prod: w10
@@ -15,8 +14,6 @@ audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
ms.reviewer: isbrahm
-ms.author: dansimp
-manager: dansimp
ms.date: 05/03/2018
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
index 8ad3ce6f98..d6810894b4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
@@ -14,7 +14,7 @@ author: jsuther1974
ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
-ms.date: 06/13/2018
+ms.date: 08/14/2020
---
# Authorize apps deployed with a WDAC managed installer
@@ -22,138 +22,23 @@ ms.date: 06/13/2018
**Applies to:**
- Windows 10
-- Windows Server 2016 and above
+- Windows Server 2019
-Creating and maintaining application execution control policies has always been challenging, and finding ways to address this issue has been a frequently-cited request for customers of AppLocker and Windows Defender Application Control (WDAC).
-This is especially true for enterprises with large, ever changing software catalogs.
-
-Windows 10, version 1703 (also known as the Windows 10 Creators Update) provides a new option, known as a managed installer, that allows IT administrators to automatically authorize applications deployed and installed by a designated software distribution solution, such as Microsoft Endpoint Configuration Manager.
+Windows 10, version 1703 (also known as the Windows 10 Creators Update) provides a new option, known as a managed installer, that allows IT administrators to automatically authorize applications deployed and installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager.
A managed installer helps an IT admin balance security and manageability requirements when employing application execution control policies by providing an option that does not require specifying explicit rules for software that is being managed through a software distribution solution.
## How does a managed installer work?
-A managed installer uses a new rule collection in AppLocker to specify one or more executables that are trusted by the organization as an authorized source for application deployment.
-Specifying an executable as a managed installer will cause Windows to tag files that are written from the executable’s process (or processes it launches) as having originated from a trusted installation authority. The Managed Installer rule collection is currently supported for AppLocker rules in Group Policy and in Configuration Manager, but not in the AppLocker CSP for OMA-URI policies.
+A managed installer uses a new rule collection in AppLocker to specify one or more executables that are trusted by the organization as an authorized source for application deployment.
-Once the IT administrator adds the Allow: Managed Installer option to a WDAC policy, the WDAC component will subsequently check for the presence of the origin information when evaluating other application execution control rules specified in the policy.
-If there are no deny rules present for the file, it will be authorized based on the managed installer origin information.+
+Specifying an executable as a managed installer will cause Windows to tag files that are written from the executable's process (or processes it launches) as having originated from a trusted installation authority. The Managed Installer rule collection is currently supported for AppLocker rules in Group Policy and in Configuration Manager, but not in the AppLocker CSP for OMA-URI policies.
+
+Once the IT administrator adds the Allow: Managed Installer option to a WDAC policy, the WDAC component will subsequently check for the presence of the origin information when evaluating other application execution control rules specified in the policy. If there are no deny rules present for the file, it will be authorized based on the managed installer origin information.
Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be deployed through a managed installer.
-Examples of WDAC policies available in C:\Windows\schemas\CodeIntegrity\ExamplePolicies help authorize Windows OS components, WHQL signed drivers and all Store apps.
+An example managed installer use-case can be seen in the guidance for [creating a WDAC policy for fully-managed devices](create-wdac-policy-for-fully-managed-devices.md).
-## Configuring a managed installer with AppLocker and Windows Defender Application Control
-
-Setting up managed installer tracking and application execution enforcement requires applying both an AppLocker and WDAC policy with specific rules and options enabled.
-There are three primary steps to keep in mind:
-
-- Specify managed installers using the Managed Installer rule collection in AppLocker policy
-- Enable service enforcement in AppLocker policy
-- Enable the managed installer option in a WDAC policy
-
-### Specify managed installers using the Managed Installer rule collection in AppLocker policy
-
-The identity of the managed installer executable(s) is specified in an AppLocker policy in a Managed Installer rule collection.
-Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerShell cmdlets allow for directly specifying rules for the Managed Installer rule collection. However, a text editor can be used to make the simple changes needed to an EXE or DLL rule collection policy to specify Type="ManagedInstaller", so that the new rule can be imported into a GPO.
-
-An example of a valid Managed Installer rule collection is shown below.
-For more information about creating an AppLocker policy that includes a managed installer and configuring client devices, see [Simplify application listing with Configuration Manager and Windows 10](https://cloudblogs.microsoft.com/enterprisemobility/2016/06/20/configmgr-as-a-managed-installer-with-win10/).
-As mentioned above, the AppLocker CSP for OMA-URI policies does not currently support the Managed Installer rule collection or the Service Enforcement rule extensions mentioned below.
-
-
-```code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
-
-## Enable service enforcement in AppLocker policy
-
-Since many installation processes rely on services, it is typically necessary to enable tracking of services.
-Correct tracking of services requires the presence of at least one rule in the rule collection – a simple audit only rule will suffice.
-For example:
-
-```code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
-
-### Enable the managed installer option in WDAC policy
-
-In order to enable trust for the binaries laid down by managed installers, the Enabled: Managed Installer option must be specified in your WDAC policy.
-This can be done by using the [Set-RuleOption cmdlet](https://docs.microsoft.com/powershell/module/configci/set-ruleoption).
-An example of the managed installer option being set in policy is shown below.
-
-```code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
-
-## Set the AppLocker filter driver to autostart
-
-To enable the managed installer, you need to set the AppLocker filter driver to autostart and start it.
-Run the following command as an Administrator:
-
-```code
-appidtel.exe start [-mionly]
-```
-
-Specify `-mionly` if you will not use the Intelligent Security Graph (ISG).
+Note that a WDAC policy with managed installer configured will begin to tag files which originated from that managed installer, regardless of whether the policy is in audit or enforced mode.
## Security considerations with managed installer
@@ -167,15 +52,12 @@ To avoid this, ensure that the application deployment solution being used as a m
## Known limitations with managed installer
-- Application execution control based on managed installer does not support applications that self-update.
+- Application execution control based on managed installer does not support applications that self-update/auto-update.
If an application deployed by a managed installer subsequently updates itself, the updated application files will no longer include the managed installer origin information and will not be authorized to run.
Enterprises should deploy and install all application updates using the managed installer.
In some cases, it may be possible to also designate an application binary that performs the self-updates as a managed installer.
Proper review for functionality and security should be performed for the application before using this method.
-- Although WDAC policies can be deployed in both audit and enforced mode, the managed installer option is currently only recommended for use with policies set to enforced except in lab environments.
-Using the managed installer option with WDAC policies set to audit only may result in unexpected behavior if the policy is subsequently changed to enforced mode.
-
- Modern apps deployed through a managed installer will not be tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy.
- Executables that extract files and then attempt to execute may not be allowed by the managed installer heuristic.
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
index 9ee20747b7..8a7ad0700f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
@@ -24,20 +24,22 @@ ms.date: 03/16/2020
- Windows 10
- Windows Server 2016 and above
-After designing and deploying your Windows Defender Application Control (WDAC) policies, this guide covers understanding the effects your policies are having and troubleshooting when they are not behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender Advanted Threat Protection (MDATP) Advanced Hunting feature.
+After designing and deploying your Windows Defender Application Control (WDAC) policies, this guide covers understanding the effects your policies are having and troubleshooting when they are not behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender Advanced Threat Protection (MDATP) Advanced Hunting feature.
## WDAC Events Overview
-WDAC generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable allow events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured.
+WDAC generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured.
WDAC events are generated under two locations:
-1. Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
-2. Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
+ - Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
+
+ - Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
## In this section
| Topic | Description |
| - | - |
-| [Understanding Application Control events](event-id-explanations.md) | This topic explains the meaning of different WDAC events. |
+| [Understanding Application Control event IDs](event-id-explanations.md) | This topic explains the meaning of different WDAC event IDs. |
+| [Understanding Application Control event tags](event-tag-explanations.md) | This topic explains the meaning of different WDAC event tags. |
| [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) | This topic covers how to view WDAC events centrally from all systems that are connected to Microsoft Defender ATP. |
diff --git a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
index 4ca95e5608..0533ec00f5 100644
--- a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
+++ b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
@@ -1,5 +1,10 @@
-# [The Microsoft Defender Security Center app](windows-defender-security-center.md)
+---
+ms.author: dansimp
+author: dansimp
+title: The Microsoft Defender Security Center app
+---
+# [The Microsoft Defender Security Center app](windows-defender-security-center.md)
## [Customize the Microsoft Defender Security Center app for your organization](wdsc-customize-contact-information.md)
## [Hide Microsoft Defender Security Center app notifications](wdsc-hide-notifications.md)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
index 2ab6468f1e..3179f10cb2 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
@@ -3,7 +3,6 @@ title: Account protection in the Windows Security app
description: Use the Account protection section to manage security for your account and sign in to Microsoft.
keywords: account protection, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide, Windows Defender SmartScreen, SmartScreen Filter, Windows SmartScreen
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
index 001c490193..bbfe0a7bd0 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
@@ -3,7 +3,6 @@ title: App & browser control in the Windows Security app
description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index cb2c999276..1611fdc1c9 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -3,7 +3,6 @@ title: Customize Windows Security contact information
description: Provide information to your employees on how to contact your IT department when a security issue occurs
keywords: wdsc, security center, defender, notification, customize, contact, it department, help desk, call, help site
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
index d02b829376..ca606e3a6b 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
@@ -3,7 +3,6 @@ title: Device & performance health in the Windows Security app
description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
keywords: wdsc, windows update, storage, driver, device, installation, battery, health, status
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
index 2acf81e5cf..26a2da094f 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
@@ -3,7 +3,6 @@ title: Device security in the Windows Security app
description: Use the Device security section to manage security built into your device, including virtualization-based security.
keywords: device security, device guard, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
index d785a3f420..4886c28f4d 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
@@ -1,9 +1,8 @@
---
title: Family options in the Windows Security app
-description: Hide the Family options section in enterprise environments
+description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options are not intended for business environments.
keywords: wdsc, family options, hide, suppress, remove, disable, uninstall, kids, parents, safety, parental, child, screen time
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
index 141a5c002f..4209ff2f58 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -3,11 +3,9 @@ title: Firewall and network protection in the Windows Security app
description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
keywords: wdsc, firewall, windows defender firewall, network, connections, domain, private network, publish network, allow firewall, firewall rule, block firewall
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
index 7210da90bf..e4ee0c83a3 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@@ -3,7 +3,6 @@ title: Hide notifications from the Windows Security app
description: Prevent Windows Security app notifications from appearing on user endpoints
keywords: defender, security center, app, notifications, av, alerts
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
index df2646c94e..f3c4b5e3d9 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -3,7 +3,6 @@ title: Virus and threat protection in the Windows Security app
description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
index 5431868198..b22eec75f4 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
@@ -1,9 +1,8 @@
---
title: Manage Windows Security in Windows 10 in S mode
-description: Windows Security settings are different in Windows 10 in S mode
+description: Learn how to manage Windows Security settings in Windows 10 in S mode. Windows 10 in S mode is streamlined for tighter security and superior performance.
keywords: windows 10 in s mode, windows 10 s, windows 10 s mode, wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 0f263a291a..a3bf04355b 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -3,11 +3,9 @@ title: The Windows Security app
description: The Windows Security app brings together common Windows security features into one place
keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows
search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index e3271818c1..e5edff503e 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -1,110 +1,179 @@
# [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
-## [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md)
-## [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
-## [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
-## [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
-### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
-### [Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
-#### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
-#### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
-#### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
-#### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
-### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
-#### [Basic Design](basic-firewall-policy-design.md)
-#### [Domain Isolation Design](domain-isolation-policy-design.md)
-#### [Server Isolation Design](server-isolation-policy-design.md)
-#### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
-### [Evaluating Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
-#### [Basic Design Example](firewall-policy-design-example.md)
-#### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
-#### [Server Isolation Design Example](server-isolation-policy-design-example.md)
-#### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
-### [Designing a Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
-#### [Gathering the Info You Need](gathering-the-information-you-need.md)
-##### [Network](gathering-information-about-your-current-network-infrastructure.md)
-##### [Active Directory](gathering-information-about-your-active-directory-deployment.md)
-##### [Computers](gathering-information-about-your-devices.md)
-##### [Other Relevant Information](gathering-other-relevant-information.md)
-#### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-devices.md)
-### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
-#### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
-#### [Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
-##### [Exemption List](exemption-list.md)
-##### [Isolated Domain](isolated-domain.md)
-##### [Boundary Zone](boundary-zone.md)
-##### [Encryption Zone](encryption-zone.md)
-#### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
-#### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
+
+## [Plan deployment]()
+
+### [Design guide](windows-firewall-with-advanced-security-design-guide.md)
+
+### [Design process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
+
+### [Implementation goals]()
+#### [Identify implementation goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+#### [Protect devices from unwanted network traffic](protect-devices-from-unwanted-network-traffic.md)
+#### [Restrict access to only trusted devices](restrict-access-to-only-trusted-devices.md)
+#### [Require encryption](require-encryption-when-accessing-sensitive-network-resources.md)
+#### [Restrict access](restrict-access-to-only-specified-users-or-devices.md)
+
+### [Implementation designs]()
+#### [Mapping goals to a design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+
+#### [Basic firewall design](basic-firewall-policy-design.md)
+##### [Basic firewall design example](firewall-policy-design-example.md)
+
+
+#### [Domain isolation design](domain-isolation-policy-design.md)
+##### [Domain isolation design example](domain-isolation-policy-design-example.md)
+
+
+#### [Server isolation design](server-isolation-policy-design.md)
+##### [Server Isolation design example](server-isolation-policy-design-example.md)
+
+
+#### [Certificate-based isolation design](certificate-based-isolation-policy-design.md)
+##### [Certificate-based Isolation design example](certificate-based-isolation-policy-design-example.md)
+
+### [Design planning]()
+#### [Planning your design](planning-your-windows-firewall-with-advanced-security-design.md)
+
+#### [Planning settings for a basic firewall policy](planning-settings-for-a-basic-firewall-policy.md)
+
+#### [Planning domain isolation zones]()
+##### [Domain isolation zones](planning-domain-isolation-zones.md)
+##### [Exemption list](exemption-list.md)
+##### [Isolated domain](isolated-domain.md)
+##### [Boundary zone](boundary-zone.md)
+##### [Encryption zone](encryption-zone.md)
+
+#### [Planning server isolation zones](planning-server-isolation-zones.md)
+
+#### [Planning certificate-based authentication](planning-certificate-based-authentication.md)
##### [Documenting the Zones](documenting-the-zones.md)
-##### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
-###### [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
-###### [Planning Network Access Groups](planning-network-access-groups.md)
+
+##### [Planning group policy deployment for your isolation zones](planning-group-policy-deployment-for-your-isolation-zones.md)
+###### [Planning isolation groups for the zones](planning-isolation-groups-for-the-zones.md)
+###### [Planning network access groups](planning-network-access-groups.md)
+
###### [Planning the GPOs](planning-the-gpos.md)
####### [Firewall GPOs](firewall-gpos.md)
######## [GPO_DOMISO_Firewall](gpo-domiso-firewall.md)
-####### [Isolated Domain GPOs](isolated-domain-gpos.md)
+####### [Isolated domain GPOs](isolated-domain-gpos.md)
######## [GPO_DOMISO_IsolatedDomain_Clients](gpo-domiso-isolateddomain-clients.md)
######## [GPO_DOMISO_IsolatedDomain_Servers](gpo-domiso-isolateddomain-servers.md)
-####### [Boundary Zone GPOs](boundary-zone-gpos.md)
+####### [Boundary zone GPOs](boundary-zone-gpos.md)
######## [GPO_DOMISO_Boundary](gpo-domiso-boundary.md)
-####### [Encryption Zone GPOs](encryption-zone-gpos.md)
+####### [Encryption zone GPOs](encryption-zone-gpos.md)
######## [GPO_DOMISO_Encryption](gpo-domiso-encryption.md)
-####### [Server Isolation GPOs](server-isolation-gpos.md)
-###### [Planning GPO Deployment](planning-gpo-deployment.md)
-### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
-## [Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
-### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
-### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
-### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
-### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
-### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
-### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
-### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
-### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
-#### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
-#### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
-#### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
-### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-#### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
-### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
-### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
-#### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
-#### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
-#### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
-#### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
-#### [Configure Authentication Methods](configure-authentication-methods.md)
-#### [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
-#### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-#### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
-#### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
-#### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
-#### [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
-#### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
-#### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
-#### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
-#### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
-#### [Create a Group Policy Object](create-a-group-policy-object.md)
-#### [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
-#### [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
-#### [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
-#### [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
-#### [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
-#### [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
-#### [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
-#### [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
-#### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
-#### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md)
-#### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
-#### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
-#### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
-#### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
-#### [Modify GPO Filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
-#### [Open IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
-#### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md)
-#### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
-#### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md)
-#### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
-#### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
-#### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+####### [Server isolation GPOs](server-isolation-gpos.md)
+
+###### [Planning GPO deployment](planning-gpo-deployment.md)
+
+
+### [Planning to deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
+
+
+## [Deployment guide]()
+### [Deployment overview](windows-firewall-with-advanced-security-deployment-guide.md)
+
+### [Implementing your plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+
+### [Basic firewall deployment]()
+#### [Checklist: Implementing a basic firewall policy design](checklist-implementing-a-basic-firewall-policy-design.md)
+
+
+
+### [Domain isolation deployment]()
+#### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+
+
+
+### [Server isolation deployment]()
+#### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
+
+
+
+### [Certificate-based authentication]()
+#### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
+
+
+
+## [Best practices]()
+### [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
+### [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
+### [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md)
+
+
+## [How-to]()
+### [Add Production devices to the membership group for a zone](add-production-devices-to-the-membership-group-for-a-zone.md)
+### [Add test devices to the membership group for a zone](add-test-devices-to-the-membership-group-for-a-zone.md)
+### [Assign security group filters to the GPO](assign-security-group-filters-to-the-gpo.md)
+### [Change rules from request to require mode](Change-Rules-From-Request-To-Require-Mode.Md)
+### [Configure authentication methods](Configure-authentication-methods.md)
+### [Configure data protection (Quick Mode) settings](configure-data-protection-quick-mode-settings.md)
+### [Configure Group Policy to autoenroll and deploy certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+### [Configure key exchange (main mode) settings](configure-key-exchange-main-mode-settings.md)
+### [Configure the rules to require encryption](configure-the-rules-to-require-encryption.md)
+### [Configure the Windows Firewall log](configure-the-windows-firewall-log.md)
+### [Configure the workstation authentication certificate template](configure-the-workstation-authentication-certificate-template.md)
+### [Configure Windows Firewall to suppress notifications when a program is blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+### [Confirm that certificates are deployed correctly](confirm-that-certificates-are-deployed-correctly.md)
+### [Copy a GPO to create a new GPO](copy-a-gpo-to-create-a-new-gpo.md)
+### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
+### [Create a Group Policy Object](create-a-group-policy-object.md)
+### [Create an authentication exemption list rule](create-an-authentication-exemption-list-rule.md)
+### [Create an authentication request rule](create-an-authentication-request-rule.md)
+### [Create an inbound ICMP rule](create-an-inbound-icmp-rule.md)
+### [Create an inbound port rule](create-an-inbound-port-rule.md)
+### [Create an inbound program or service rule](create-an-inbound-program-or-service-rule.md)
+### [Create an outbound port rule](create-an-outbound-port-rule.md)
+### [Create an outbound program or service rule](create-an-outbound-program-or-service-rule.md)
+### [Create inbound rules to support RPC](create-inbound-rules-to-support-rpc.md)
+### [Create WMI filters for the GPO](create-wmi-filters-for-the-gpo.md)
+### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md)
+### [Enable predefined inbound rules](enable-predefined-inbound-rules.md)
+### [Enable predefined outbound rules](enable-predefined-outbound-rules.md)
+### [Exempt ICMP from authentication](exempt-icmp-from-authentication.md)
+### [Link the GPO to the domain](link-the-gpo-to-the-domain.md)
+### [Modify GPO filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+### [Open IP security policies](open-the-group-policy-management-console-to-ip-security-policies.md)
+### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md)
+### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
+### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md)
+### [Restrict server access](restrict-server-access-to-members-of-a-group-only.md)
+### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
+### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+
+
+## [References]()
+### [Checklist: Creating Group Policy objects](checklist-creating-group-policy-objects.md)
+### [Checklist: Creating inbound firewall rules](checklist-creating-inbound-firewall-rules.md)
+### [Checklist: Creating outbound firewall rules](checklist-creating-outbound-firewall-rules.md)
+### [Checklist: Configuring basic firewall settings](checklist-configuring-basic-firewall-settings.md)
+
+
+### [Checklist: Configuring rules for the isolated domain](checklist-configuring-rules-for-the-isolated-domain.md)
+### [Checklist: Configuring rules for the boundary zone](checklist-configuring-rules-for-the-boundary-zone.md)
+### [Checklist: Configuring rules for the encryption zone](checklist-configuring-rules-for-the-encryption-zone.md)
+### [Checklist: Configuring rules for an isolated server zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
+
+### [Checklist: Configuring rules for servers in a standalone isolated server zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
+### [Checklist: Creating rules for clients of a standalone isolated server zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
+
+
+### [Appendix A: Sample GPO template files for settings used in this guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
+
+
+
+## [Troubleshooting]()
+### [Troubleshooting UWP app connectivity issues in Windows Firewall](troubleshooting-uwp-firewall.md)
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index d74524355b..32918a0147 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -1,6 +1,6 @@
---
title: Add Production Devices to the Membership Group for a Zone (Windows 10)
-description: Add Production Devices to the Membership Group for a Zone
+description: Learn how to add production devices to the membership group for a zone and refresh the group policy on the devices in the membership group.
ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
index c79ea27f4e..6bfc87a6c3 100644
--- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -1,6 +1,6 @@
---
title: Add Test Devices to the Membership Group for a Zone (Windows 10)
-description: Add Test Devices to the Membership Group for a Zone
+description: Learn how to add devices to the group for a zone to test whether your Windows Defender Firewall with Advanced Security implementation works as expected.
ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index a0422c4a14..b9c0f35fc2 100644
--- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -1,6 +1,6 @@
---
title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows 10)
-description: Appendix A Sample GPO Template Files for Settings Used in this Guide
+description: Use sample template files import an XML file containing customized registry preferences into a Group Policy Object (GPO).
ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
index b41fba1e87..663f7ba800 100644
--- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
@@ -1,6 +1,6 @@
---
title: Assign Security Group Filters to the GPO (Windows 10)
-description: Assign Security Group Filters to the GPO
+description: Learn how to use Group Policy Management MMC to assign security group filters to a GPO to make sure that the GPO is applied to the correct computers.
ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
index 0b313e0d05..81e8194d88 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
@@ -1,6 +1,6 @@
---
title: Boundary Zone GPOs (Windows 10)
-description: Boundary Zone GPOs
+description: Learn about GPOs to create that must align with the group you create for the boundary zone in Windows Defender Firewall with Advanced Security.
ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md
index 05d8ac588f..849fd51e8b 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md
@@ -1,6 +1,6 @@
---
title: Boundary Zone (Windows 10)
-description: Boundary Zone
+description: Learn how a boundary zone supports devices that must receive traffic from beyond an isolated domain in Windows Defender Firewall with Advanced Security.
ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
index efa67c42bc..45b1bdfe0f 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
@@ -1,6 +1,6 @@
---
title: Certificate-based Isolation Policy Design Example (Windows 10)
-description: Certificate-based Isolation Policy Design Example
+description: This example uses a fictitious company to illustrate certificate-based isolation policy design in Windows Defender Firewall with Advanced Security.
ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
index 71775ab476..38ec0654bb 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
@@ -17,7 +17,7 @@ ms.topic: conceptual
ms.date: 08/17/2017
---
-# Certificate-based Isolation Policy Design
+# Certificate-based isolation policy design
**Applies to**
- Windows 10
@@ -35,7 +35,7 @@ For Windows devices that are part of an Active Directory domain, you can use Gro
For more info about this design:
-- This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+- This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
- To learn more about this design, see [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md).
@@ -45,4 +45,4 @@ For more info about this design:
- For a list of tasks that you can use to deploy your certificate-based policy design, see [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md).
-**Next:** [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
+
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
index 2163ee0015..9bc976625b 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -1,6 +1,6 @@
---
title: Checklist Configuring Rules for an Isolated Server Zone (Windows 10)
-description: Checklist Configuring Rules for an Isolated Server Zone
+description: Use these tasks to configure connection security rules and IPsec settings in GPOs for servers in an isolated server zone that are part of an isolated domain.
ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
index 8d8d97e772..4a8272c0a4 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
@@ -1,6 +1,6 @@
---
title: Checklist Configuring Rules for the Boundary Zone (Windows 10)
-description: Checklist Configuring Rules for the Boundary Zone
+description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
index 5c265b66ef..b9406909c6 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
@@ -1,6 +1,6 @@
---
title: Checklist Configuring Rules for the Encryption Zone (Windows 10)
-description: Checklist Configuring Rules for the Encryption Zone
+description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
index 260980b98d..dce673dded 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
@@ -1,6 +1,6 @@
---
title: Checklist Configuring Rules for the Isolated Domain (Windows 10)
-description: Checklist Configuring Rules for the Isolated Domain
+description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
index 151e5017f4..4bea4169a2 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
@@ -1,6 +1,6 @@
---
title: Checklist Creating Group Policy Objects (Windows 10)
-description: Checklist Creating Group Policy Objects
+description: Learn to deploy firewall settings, IPsec settings, firewall rules, or connection security rules, by using Group Policy in AD DS.
ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
index 9c392608a3..4b04bec98e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
@@ -1,6 +1,6 @@
---
title: Checklist Creating Inbound Firewall Rules (Windows 10)
-description: Checklist Creating Inbound Firewall Rules
+description: Use these tasks for creating inbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security.
ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
index 10f025a062..4b03a9a468 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
@@ -1,6 +1,6 @@
---
title: Checklist Creating Outbound Firewall Rules (Windows 10)
-description: Checklist Creating Outbound Firewall Rules
+description: Use these tasks for creating outbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security.
ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 4d6b02ef58..6e7e1f12f2 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -1,6 +1,6 @@
---
title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows 10)
-description: Checklist Implementing a Certificate-based Isolation Policy Design
+description: Use these references to learn about using certificates as an authentication option and configure a certificate-based isolation policy design.
ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894
ms.reviewer:
ms.author: dansimp
@@ -25,13 +25,14 @@ ms.date: 08/17/2017
This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.
->**Note:** Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
**Checklist: Implementing certificate-based authentication**
| Task | Reference |
| - | - |
-| Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md) [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md) [Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
+| Review important concepts and examples for certificate-based authentication to determine if this design meets your implementation goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md) [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md) [Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
| Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.| |
| Configure the certificate template for workstation authentication certificates.| [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)|
| Configure Group Policy to automatically deploy certificates based on your template to workstation devices. | [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)|
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index 139618cb53..f9ac702f70 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -1,6 +1,6 @@
---
title: Checklist Implementing a Domain Isolation Policy Design (Windows 10)
-description: Checklist Implementing a Domain Isolation Policy Design
+description: Use these references to learn about the domain isolation policy design and links to other checklists to complete tasks require to implement this design.
ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20
ms.reviewer:
ms.author: dansimp
@@ -25,7 +25,8 @@ ms.date: 08/17/2017
This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
->**Note:** Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
The procedures in this section use the Group Policy MMC snap-ins to configure the GPOs, but you can also use Windows PowerShell to configure GPOs. For more info, see [Windows Defender Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md).
@@ -33,7 +34,7 @@ The procedures in this section use the Group Policy MMC snap-ins to configure th
| Task | Reference |
| - | - |
-| Review important concepts and examples for the domain isolation policy design, determine your Windows Defender Firewall with Advanced Security deployment goals, and customize this design to meet the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) [Domain Isolation Policy Design](domain-isolation-policy-design.md) [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) |
+| Review important concepts and examples for the domain isolation policy design, determine your Windows Defender Firewall with Advanced Security implementation goals, and customize this design to meet the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) [Domain Isolation Policy Design](domain-isolation-policy-design.md) [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) |
| Create the GPOs and connection security rules for the isolated domain.| [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)|
| Create the GPOs and connection security rules for the boundary zone.| [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)|
| Create the GPOs and connection security rules for the encryption zone.| [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)|
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 05aad0007e..5428613f80 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -1,6 +1,6 @@
---
title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows 10)
-description: Checklist Implementing a Standalone Server Isolation Policy Design
+description: Use these tasks to create a server isolation policy design that is not part of an isolated domain. See references to concepts and links to other checklists.
ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3
ms.reviewer:
ms.author: dansimp
@@ -27,13 +27,14 @@ This checklist contains procedures for creating a server isolation policy design
This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
->**Note:** Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
**Checklist: Implementing a standalone server isolation policy design**
| Task | Reference |
| - | - |
-| Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) [Server Isolation Policy Design](server-isolation-policy-design.md) [Server Isolation Policy Design Example](server-isolation-policy-design-example.md) [Planning Server Isolation Zones](planning-server-isolation-zones.md) |
+| Review important concepts and examples for the server isolation policy design to determine if this design meets your implementation goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) [Server Isolation Policy Design](server-isolation-policy-design.md) [Server Isolation Policy Design Example](server-isolation-policy-design-example.md) [Planning Server Isolation Zones](planning-server-isolation-zones.md) |
| Create the GPOs and connection security rules for isolated servers.| [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)|
| Create the GPOs and connection security rules for the client devices that must connect to the isolated servers. | [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)|
| Verify that the connection security rules are protecting network traffic on your test devices. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)|
diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
index 1537a9a193..547685f707 100644
--- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
+++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
@@ -1,6 +1,6 @@
---
title: Configure Authentication Methods (Windows 10)
-description: Configure Authentication Methods
+description: Learn how to configure authentication methods for devices in an isolated domain or standalone server zone in Windows Defender Firewall with Advanced Security.
ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
index 70452597e6..886c851257 100644
--- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
@@ -1,6 +1,6 @@
---
title: Configure Data Protection (Quick Mode) Settings (Windows 10)
-description: Configure Data Protection (Quick Mode) Settings
+description: Learn how to configure the data protection settings for connection security rules in an isolated domain or a standalone isolated server zone.
ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index c16f30452b..c619cda63c 100644
--- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -1,6 +1,6 @@
---
title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows 10)
-description: Configure Group Policy to Autoenroll and Deploy Certificates
+description: Learn how to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network.
ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
index b8743e2e69..7666bdc174 100644
--- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
@@ -1,6 +1,6 @@
---
title: Configure Key Exchange (Main Mode) Settings (Windows 10)
-description: Configure Key Exchange (Main Mode) Settings
+description: Learn how to configure the main mode key exchange settings used to secure the IPsec authentication traffic in Windows Defender Firewall with Advanced Security.
ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
index 7fde7baa03..ca7c77dfd2 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
@@ -1,6 +1,6 @@
---
title: Configure the Rules to Require Encryption (Windows 10)
-description: Configure the Rules to Require Encryption
+description: Learn how to configure rules to add encryption algorithms and delete the algorithm combinations that do not use encryption for zones that require encryption.
ms.assetid: 07b7760f-3225-4b4b-b418-51787b0972a0
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
index 537198bd08..8cb54165e1 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
@@ -1,6 +1,6 @@
---
title: Configure the Windows Defender Firewall Log (Windows 10)
-description: Configure the Windows Defender Firewall Log
+description: Learn how to configure Windows Defender Firewall with Advanced Security to log dropped packets or successful connections by using Group Policy Management MMC.
ms.assetid: f037113d-506b-44d3-b9c0-0b79d03e7d18
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
index 61f12fe05d..927053f40c 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
@@ -1,6 +1,6 @@
---
title: Configure the Workstation Authentication Template (Windows 10)
-description: Configure the Workstation Authentication Certificate Template
+description: Learn how to configure a workstation authentication certificate template, which is used for device certificates that are enrolled and deployed to workstations.
ms.assetid: c3ac9960-6efc-47c1-bd69-d9d4bf84f7a6
ms.reviewer:
manager: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
index 566425e4b8..65704e92f5 100644
--- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
@@ -1,6 +1,6 @@
---
title: Confirm That Certificates Are Deployed Correctly (Windows 10)
-description: Confirm That Certificates Are Deployed Correctly
+description: Learn how to confirm that a Group Policy is being applied as expected and that the certificates are being properly installed on the workstations.
ms.assetid: de0c8dfe-16b0-4d3b-8e8f-9282f6a65eee
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
index e9c8024043..51ecd3fcb2 100644
--- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
@@ -1,6 +1,6 @@
---
title: Copy a GPO to Create a New GPO (Windows 10)
-description: Copy a GPO to Create a New GPO
+description: Learn how to make a copy of a GPO by using the Active Directory Users and devices MMC snap-in to create a GPO for boundary zone devices.
ms.assetid: 7f6a23e5-4b3f-40d6-bf6d-7895558b1406
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
index 5e5b2b22d9..35f885a1ee 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
@@ -1,6 +1,6 @@
---
title: Create a Group Account in Active Directory (Windows 10)
-description: Create a Group Account in Active Directory
+description: Learn how to create a security group for the computers that are to receive Group Policy settings by using the Active Directory Users and Computers console.
ms.assetid: c3700413-e02d-4d56-96b8-7991f97ae432
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
index b790f7d1ac..b2cef93530 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
@@ -1,6 +1,6 @@
---
title: Create a Group Policy Object (Windows 10)
-description: Create a Group Policy Object
+description: Learn how to use the Active Directory Users and Computers MMC snap-in to create a GPO. You must be a member of the Domain Administrators group.
ms.assetid: 72a50dd7-5033-4d97-a5eb-0aff8a35cced
ms.reviewer:
ms.author: dansimp
@@ -39,7 +39,8 @@ To create a new GPO
4. In the **Name** text box, type the name for your new GPO.
- >**Note:** Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs.
+ > [!NOTE]
+ > Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs.
5. Leave **Source Starter GPO** set to **(none)**, and then click **OK**.
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
index 2f97c1e3a7..bdcad85769 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
@@ -1,6 +1,6 @@
---
title: Create an Authentication Exemption List Rule (Windows 10)
-description: Create an Authentication Exemption List Rule
+description: Learn how to create rules that exempt devices that cannot communicate by using IPSec from the authentication requirements of your isolation policies.
ms.assetid: 8f6493f3-8527-462a-82c0-fd91a6cb5dd8
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
index 2c0470e6c8..914c035aa9 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
@@ -1,6 +1,6 @@
---
title: Create an Inbound ICMP Rule (Windows 10)
-description: Create an Inbound ICMP Rule
+description: Learn how to allow inbound ICMP traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
ms.assetid: 267b940a-79d9-4322-b53b-81901e357344
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
index 2c3d3fccae..89db14ccae 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
@@ -1,6 +1,6 @@
---
title: Create an Inbound Port Rule (Windows 10)
-description: Create an Inbound Port Rule
+description: Learn to allow traffic on specific ports by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
index 401e8de3f6..c2d887fe0d 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
@@ -1,6 +1,6 @@
---
title: Create an Inbound Program or Service Rule (Windows 10)
-description: Create an Inbound Program or Service Rule
+description: Learn how to allow inbound traffic to a program or service by using the Group Policy Management MMC snap-in to create firewall rules.
ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
index 19ced05694..db459ab562 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
@@ -1,6 +1,6 @@
---
title: Create an Outbound Port Rule (Windows 10)
-description: Create an Outbound Port Rule
+description: Learn to block outbound traffic on a port by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
index 84b71ac1f8..e44f10923b 100644
--- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
+++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
@@ -1,6 +1,6 @@
---
title: Create Inbound Rules to Support RPC (Windows 10)
-description: Create Inbound Rules to Support RPC
+description: Learn how to allow RPC network traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
index e7201d21c3..9b88cddfe3 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -1,6 +1,6 @@
---
title: Create Windows Firewall rules in Intune (Windows 10)
-description: Explains how to create Windows Firewall rules in Intune
+description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune.
ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
index 57292a294e..ebcd8943b9 100644
--- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
@@ -1,6 +1,6 @@
---
title: Create WMI Filters for the GPO (Windows 10)
-description: Create WMI Filters for the GPO
+description: Learn how to use WMI filters on a GPO to make sure that each GPO for a group can only be applied to devices running the correct version of Windows.
ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
index d7bed686fa..b4f3c5a658 100644
--- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
@@ -1,6 +1,6 @@
---
title: Determining the Trusted State of Your Devices (Windows 10)
-description: Determining the Trusted State of Your Devices
+description: Learn how to define the trusted state of devices in your enterprise to help design your strategy for using Windows Defender Firewall with Advanced Security.
ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
index 0fa1893aa6..6ed3a0bf2a 100644
--- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
@@ -1,6 +1,6 @@
---
title: Documenting the Zones (Windows 10)
-description: Documenting the Zones
+description: Learn how to document the zone placement of devices in your design for Windows Defender Firewall with Advanced Security.
ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
index d0e345f2c5..bdc9a665db 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
@@ -1,6 +1,6 @@
---
title: Domain Isolation Policy Design Example (Windows 10)
-description: Domain Isolation Policy Design Example
+description: This example uses a fictitious company to illustrate domain isolation policy design in Windows Defender Firewall with Advanced Security.
ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index 948932fb53..ab6c8e4327 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -1,6 +1,6 @@
---
title: Domain Isolation Policy Design (Windows 10)
-description: Domain Isolation Policy Design
+description: Learn how to design a domain isolation policy, based on which devices accept only connections from authenticated members of the same isolated domain.
ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66
ms.reviewer:
ms.author: dansimp
@@ -50,8 +50,8 @@ Characteristics of this design, as shown in the diagram, include the following:
- Untrusted non-domain members (area D) - Devices that are not managed by your organization and have an unknown security configuration must have access only to those devices required for your organization to correctly conduct its business. Domain isolation exists to put a logical barrier between these untrusted Devices and your organization's devices.
After implementing this design, your administrative team will have centralized management of the firewall and connection security rules applied to the devices in your organization.
-
->**Important:** This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
+> [!IMPORTANT]
+> This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
This design can be applied to Devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
@@ -59,7 +59,7 @@ In order to expand the isolated domain to include Devices that cannot be part of
For more info about this design:
-- This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+- This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
- To learn more about this design, see the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md).
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
index 17c9f0d4ee..92491a2ab8 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
@@ -1,6 +1,6 @@
---
title: Enable Predefined Outbound Rules (Windows 10)
-description: Enable Predefined Outbound Rules
+description: Learn to deploy predefined firewall rules that block outbound network traffic for common network functions in Windows Defender Firewall with Advanced Security.
ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
index 1a2eab4b13..33338e8b52 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
@@ -1,6 +1,6 @@
---
title: Encryption Zone GPOs (Windows 10)
-description: Encryption Zone GPOs
+description: Learn how to add a device to an encryption zone by adding the device account to the encryption zone group in Windows Defender Firewall with Advanced Security.
ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md
index ced058672b..097cbdf870 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md
@@ -1,6 +1,6 @@
---
title: Encryption Zone (Windows 10)
-description: Encryption Zone
+description: Learn how to create an encryption zone to contain devices that host very sensitive data and require that the sensitive network traffic be encrypted.
ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
index 4293f9cc59..5b87eef36e 100644
--- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
@@ -1,6 +1,6 @@
---
title: Exempt ICMP from Authentication (Windows 10)
-description: Exempt ICMP from Authentication
+description: Learn how to add exemptions for any network traffic that uses the ICMP protocol in Windows Defender Firewall with Advanced Security.
ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md
index f66bc68daa..eb4909a401 100644
--- a/windows/security/threat-protection/windows-firewall/exemption-list.md
+++ b/windows/security/threat-protection/windows-firewall/exemption-list.md
@@ -1,6 +1,6 @@
---
title: Exemption List (Windows 10)
-description: Learn the ins and outs of exemption lists on a secured network using Windows 10.
+description: Learn about reasons to add devices to an exemption list in Windows Defender Firewall with Advanced Security and the trade-offs of having too many exemptions.
ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
index 1af381ba0e..e40d0eddc7 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
@@ -1,6 +1,6 @@
---
title: Firewall GPOs (Windows 10)
-description: Firewall GPOs
+description: In this example, a Group Policy Object is linked to the domain container because the domain controllers are not part of the isolated domain.
ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
index 5127569bc4..ca7bc12d6f 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
@@ -1,6 +1,6 @@
---
-title: Firewall Policy Design Example (Windows 10)
-description: Firewall Policy Design Example
+title: Basic Firewall Policy Design Example (Windows 10)
+description: This example features a fictitious company and illustrates firewall policy design for Windows Defender Firewall with Advanced Security.
ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7
ms.reviewer:
ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
ms.date: 08/17/2017
---
-# Firewall Policy Design Example
+# Basic Firewall Policy Design Example
**Applies to**
- Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
index cd4b6c6d78..56c50d121a 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
@@ -1,6 +1,6 @@
---
title: Gathering Information about Your Active Directory Deployment (Windows 10)
-description: Gathering Information about Your Active Directory Deployment
+description: Learn about gathering Active Directory information, including domain layout, organizational unit architecture, and site topology, for your firewall deployment.
ms.assetid: b591b85b-12ac-4329-a47e-bc1b03e66eb0
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
index 2feb5a2fd1..0d8532e07e 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
@@ -1,6 +1,6 @@
---
title: Gathering Information about Your Devices (Windows 10)
-description: Gathering Information about Your Devices
+description: Learn what information to gather about the devices in your enterprise to plan your Windows Defender Firewall with Advanced Security deployment.
ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
index 5d29784f77..44b471961b 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
@@ -1,6 +1,6 @@
---
title: Gathering Other Relevant Information (Windows 10)
-description: Gathering Other Relevant Information
+description: Learn about additional information you may need to gather to deploy Windows Defender Firewall with Advanced Security policies in your organization.
ms.assetid: 87ccca07-4346-496b-876d-cdde57d0ce17
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
index 89fc8ac3c0..da4b632a34 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
@@ -1,6 +1,6 @@
---
title: Gathering the Information You Need (Windows 10)
-description: Gathering the Information You Need
+description: Collect and analyze information about your network, directory services, and devices to prepare for Windows Defender Firewall with Advanced Security deployment.
ms.assetid: 545fef02-5725-4b1e-b67a-a32d94c27d15
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
index 006015b36a..ca757eeba4 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
@@ -1,6 +1,6 @@
---
title: GPO\_DOMISO\_Boundary (Windows 10)
-description: GPO\_DOMISO\_Boundary
+description: This example GPO supports devices that are not part of the isolated domain to access specific servers that must be available to those untrusted devices.
ms.assetid: ead3a510-c329-4c2a-9ad2-46a3b4975cfd
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
index e16a7ecc32..ee39cb7790 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
@@ -1,6 +1,6 @@
---
title: GPO\_DOMISO\_Encryption\_WS2008 (Windows 10)
-description: GPO\_DOMISO\_Encryption\_WS2008
+description: This example GPO supports the ability for servers that contain sensitive data to require encryption for all connection requests.
ms.assetid: 84375480-af6a-4c79-aafe-0a37115a7446
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
index e44b50dd82..3cba8b312c 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
@@ -1,6 +1,6 @@
---
title: GPO\_DOMISO\_Firewall (Windows 10)
-description: GPO\_DOMISO\_Firewall
+description: Learn about the settings and rules in this example GPO, which is authored by using the Group Policy editing tools.
ms.assetid: 318467d2-5698-4c5d-8000-7f56f5314c42
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 5e3a16c452..96725d8ff3 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -1,6 +1,6 @@
---
-title: Identify Goals for your WFAS Deployment (Windows 10)
-description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) Deployment Goals
+title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows 10)
+description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) implementation goals
ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba
ms.reviewer:
ms.author: dansimp
@@ -17,22 +17,21 @@ ms.topic: conceptual
ms.date: 08/17/2017
---
-# Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals
-
+# Identifying Windows Defender Firewall with Advanced Security implementation goals
**Applies to**
- Windows 10
- Windows Server 2016
-Correctly identifying your Windows Defender Firewall with Advanced Security deployment goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your deployment goals. Prioritize and, if possible, combine your deployment goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall deployment goals presented in this guide that are relevant to your scenarios.
+Correctly identifying your Windows Defender Firewall with Advanced Security implementation goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your implementation goals. Prioritize and, if possible, combine your implementation goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall implementation goals presented in this guide that are relevant to your scenarios.
-The following table lists the three main tasks for articulating, refining, and subsequently documenting your Windows Defender Firewall deployment goals:
+The following table lists the three main tasks for articulating, refining, and subsequently documenting your Windows Defender Firewall implementation goals:
| Deployment goal tasks | Reference links |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Evaluate predefined Windows Defender Firewall with Advanced Security deployment goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives. | Predefined deployment goals:
[Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
[Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)
|
-| Map one goal or a combination of the predefined deployment goals to an existing Windows Defender Firewall with Advanced Security design. |
[Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
|
-| Based on the status of your current infrastructure, document your deployment goals for your Windows Defender Firewall with Advanced Security design into a deployment plan. |
[Designing A Windows Defender Firewall Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
[Planning Your Windows Defender Firewall Design with Advanced Security](planning-your-windows-firewall-with-advanced-security-design.md)
|
+| Evaluate predefined Windows Defender Firewall with Advanced Security implementation goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives. | Predefined implementation goals:
[Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
[Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)
|
+| Map one goal or a combination of the predefined implementation goals to an existing Windows Defender Firewall with Advanced Security design. |
[Mapping Your implementation goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
|
+| Based on the status of your current infrastructure, document your implementation goals for your Windows Defender Firewall with Advanced Security design into a deployment plan. |
[Designing A Windows Defender Firewall Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
[Planning Your Windows Defender Firewall Design with Advanced Security](planning-your-windows-firewall-with-advanced-security-design.md)
|
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index c56fd15494..841c88ae5d 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -48,7 +48,7 @@ Use the following parent checklists in this section of the guide to become famil
- [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
-- [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+- [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
- [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
index 84999a6bd2..a07f984898 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
@@ -1,6 +1,6 @@
---
title: Isolated Domain GPOs (Windows 10)
-description: Isolated Domain GPOs
+description: Learn about GPOs for isolated domains in this example configuration of Windows Defender Firewall with Advanced Security.
ms.assetid: e254ce4a-18c6-4868-8179-4078d9de215f
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md
index bb06dc1bff..90b121b86e 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md
@@ -1,6 +1,6 @@
---
title: Isolated Domain (Windows 10)
-description: Isolated Domain
+description: Learn about the isolated domain, which is the primary zone for trusted devices, which use connection security and firewall rules to control communication.
ms.assetid: d6fa8d67-0078-49f6-9bcc-db1f24816c5e
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
index 1a5d115e8a..169d59a2df 100644
--- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
+++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
@@ -1,6 +1,6 @@
---
title: Isolating Microsoft Store Apps on Your Network (Windows 10)
-description: Isolating Microsoft Store Apps on Your Network
+description: Learn how to customize your firewall configuration to isolate the network access of the new Microsoft Store apps that run on devices added to your network.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
index 3b40dbd662..9f710aa000 100644
--- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
+++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
@@ -1,6 +1,6 @@
---
title: Link the GPO to the Domain (Windows 10)
-description: Link the GPO to the Domain
+description: Learn how to link a GPO to the Active Directory container for the target devices, after you configure it in Windows Defender Firewall with Advanced Security.
ms.assetid: 746d4553-b1a6-4954-9770-a948926b1165
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 9c73c224b9..314389955f 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -1,6 +1,6 @@
---
-title: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design (Windows 10)
-description: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
+title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows 10)
+description: Mapping your implementation goals to a Windows Firewall with Advanced Security design
ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22
ms.reviewer:
ms.author: dansimp
@@ -17,17 +17,17 @@ ms.topic: conceptual
ms.date: 04/19/2017
---
-# Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
+# Mapping your implementation goals to a Windows Firewall with Advanced Security design
**Applies to**
- Windows 10
- Windows Server 2016
-After you finish reviewing the existing Windows Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
+After you finish reviewing the existing Windows Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
+> [!IMPORTANT]
+> The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
->**Important:** The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
-
-Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security deployment goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security deployment goals to meet the needs of your organization.
+Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security implementation goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security implementation goals to meet the needs of your organization.
| Deployment Goals | Basic Firewall Policy Design | Domain Isolation Policy Design | Server Isolation Policy Design | Certificate-based Isolation Policy Design |
| - |- | - | - | - |
diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index b055c8d636..9a78732eb3 100644
--- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -1,6 +1,6 @@
---
title: Modify GPO Filters (Windows 10)
-description: Modify GPO Filters to Apply to a Different Zone or Version of Windows
+description: Learn how to modify GPO filters to apply to a different zone or version of windows in Windows Defender Firewall with Advanced Security.
ms.assetid: 24ede9ca-a501-4025-9020-1129e2cdde80
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
index e00e35ccff..63c6cbf6d2 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -1,6 +1,6 @@
---
title: Open the Group Policy Management Console to IP Security Policies (Windows 10)
-description: Open the Group Policy Management Console to IP Security Policies
+description: Learn how to open the Group Policy Management Console to IP Security Policies to configure GPOs for earlier versions of the Windows operating system.
ms.assetid: 235f73e4-37b7-40f4-a35e-3e7238bbef43
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index 8bea94a26f..ae4136db06 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -1,6 +1,6 @@
---
-title: Open the Group Policy Management Console to Windows Firewall with Advanced Security (Windows 10)
-description: Open the Group Policy Management Console to Windows Firewall with Advanced Security
+title: Group Policy Management of Windows Firewall with Advanced Security (Windows 10)
+description: Group Policy Management of Windows Firewall with Advanced Security
ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98
ms.reviewer:
ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
ms.date: 04/19/2017
---
-# Open the Group Policy Management Console to Windows Firewall with Advanced Security
+# Group Policy Management of Windows Firewall with Advanced Security
**Applies to**
- Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index bce220a506..134a6bb928 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -1,6 +1,6 @@
---
-title: Open a GPO to Windows Defender Firewall (Windows 10)
-description: Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security
+title: Group Policy Management of Windows Defender Firewall (Windows 10)
+description: Group Policy Management of Windows Defender Firewall with Advanced Security
ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760
ms.reviewer:
ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
ms.date: 04/02/2017
---
-# Open the Group Policy Management Console to Windows Defender Firewall
+# Group Policy Management of Windows Defender Firewall
**Applies to**
- Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
index cbf3fd9257..3d67c96d9d 100644
--- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
@@ -1,6 +1,6 @@
---
title: Open Windows Defender Firewall with Advanced Security (Windows 10)
-description: Open Windows Defender Firewall with Advanced Security
+description: Learn how to open the Windows Defender Firewall with Advanced Security console. You must be a member of the Administrators group.
ms.assetid: 788faff2-0f50-4e43-91f2-3e2595c0b6a1
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
index 100858ecbe..b2b2a0467b 100644
--- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
@@ -1,6 +1,6 @@
---
title: Planning Certificate-based Authentication (Windows 10)
-description: Planning Certificate-based Authentication
+description: Learn how a device unable to join an Active Directory domain can still participate in an isolated domain by using certificate-based authentication.
ms.assetid: a55344e6-d0df-4ad5-a6f5-67ccb6397dec
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
index f37a7ebdea..5a7fcb44a2 100644
--- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
@@ -1,6 +1,6 @@
---
title: Planning Domain Isolation Zones (Windows 10)
-description: Planning Domain Isolation Zones
+description: Learn how to use information you have gathered to make decisions about isolation zones for your environment in Windows Defender Firewall with Advanced Security.
ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
index 188f4f2556..831200cf48 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
@@ -1,6 +1,6 @@
---
title: Planning GPO Deployment (Windows 10)
-description: Planning GPO Deployment
+description: Learn how to use security group filtering and WMI filtering to provide the most flexible options for applying GPOs to devices in Active Directory.
ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index 991bdcec0d..22f031c902 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -1,6 +1,6 @@
---
title: Planning Group Policy Deployment for Your Isolation Zones (Windows 10)
-description: Planning Group Policy Deployment for Your Isolation Zones
+description: Learn how to plan a group policy deployment for your isolation zones after you determine the best logical design for your isolation environment.
ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
index 2183c3f911..cef2c16969 100644
--- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
@@ -1,6 +1,6 @@
---
title: Planning Isolation Groups for the Zones (Windows 10)
-description: Learn about planning isolation groups for the zones in Microsoft Firewall, including information on universal groups and GPOs
+description: Learn about planning isolation groups for the zones in Microsoft Firewall, including information on universal groups and GPOs.
ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
index 3043878e04..5cb6ff075c 100644
--- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
+++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
@@ -1,6 +1,6 @@
---
title: Planning Network Access Groups (Windows 10)
-description: Planning Network Access Groups
+description: Learn how to implement a network access group for users and devices that can access an isolated server in Windows Defender Firewall with Advanced Security.
ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
index f42eca057b..b1af014fa5 100644
--- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
@@ -1,6 +1,6 @@
---
title: Planning Server Isolation Zones (Windows 10)
-description: Planning Server Isolation Zones
+description: Learn how to restrict access to a server to approved users by using a server isolation zone in Windows Defender Firewall with Advanced Security.
ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
index 8138bd8ee1..5a8cd1a017 100644
--- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
@@ -1,6 +1,6 @@
---
title: Planning Settings for a Basic Firewall Policy (Windows 10)
-description: Planning Settings for a Basic Firewall Policy
+description: Learn how to design a basic policy for Windows Defender Firewall with Advanced Security, the settings and rules that enforce your requirements on devices.
ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
index 78c49adcca..80b776ca44 100644
--- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
@@ -1,6 +1,6 @@
---
title: Planning the GPOs (Windows 10)
-description: Planning the GPOs
+description: Learn about planning Group Policy Objects for your isolation zones in Windows Defender Firewall with Advanced Security, after you design the zone layout.
ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index 6992965186..2caa25566a 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -1,6 +1,6 @@
---
title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows 10)
-description: Planning Your Windows Defender Firewall with Advanced Security Design
+description: After you gather the relevant information, select the design or combination of designs for Windows Defender Firewall with Advanced Security in your environment.
ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
index 2d37487be2..643f41ab14 100644
--- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
@@ -1,6 +1,6 @@
---
title: Procedures Used in This Guide (Windows 10)
-description: Procedures Used in This Guide
+description: Refer to this summary of procedures for Windows Defender Firewall with Advanced Security from checklists in this guide.
ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index a3ca3c4b6e..a05d8eb5a3 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -1,6 +1,6 @@
---
-title: Protect Devices from Unwanted Network Traffic (Windows 10)
-description: Protect Devices from Unwanted Network Traffic
+title: Protect devices from unwanted network traffic (Windows 10)
+description: Learn how running a host-based firewall on every device in your organization can help protect against attacks as part of a defense-in-depth security strategy.
ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
ms.reviewer:
ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
ms.date: 04/19/2017
---
-# Protect Devices from Unwanted Network Traffic
+# Protect devices from unwanted network traffic
**Applies to**
- Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
index 4f5c2b1cb0..a79aedce9d 100644
--- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
@@ -1,6 +1,6 @@
---
title: Require Encryption When Accessing Sensitive Network Resources (Windows 10)
-description: Require Encryption When Accessing Sensitive Network Resources
+description: Windows Defender Firewall with Advanced Security allows you to require that all network traffic in an isolated domain be encrypted.
ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index cbdd8e51d9..27007f7718 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -1,6 +1,6 @@
---
-title: Restrict Access to Only Trusted Devices (Windows 10)
-description: Restrict Access to Only Trusted Devices
+title: Restrict access to only trusted devices (Windows 10)
+description: Windows Defender Firewall with Advanced Security enables you to isolate devices you trust and restrict access of untrusted devices to trusted devices.
ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
ms.reviewer:
ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
ms.date: 08/17/2017
---
-# Restrict Access to Only Trusted Devices
+# Restrict access to only trusted devices
**Applies to**
- Windows 10
@@ -27,7 +27,8 @@ Your organizational network likely has a connection to the Internet. You also li
To mitigate this risk, you must be able to isolate the devices you trust, and restrict their ability to receive unsolicited network traffic from untrusted devices. By using connection security and firewall rules available in Windows Defender Firewall with Advanced Security, you can logically isolate the devices that you trust by requiring that all unsolicited inbound network traffic be authenticated. Authentication ensures that each device or user can positively identify itself by using credentials that are trusted by the other device. Connection security rules can be configured to use IPsec with the Kerberos V5 protocol available in Active Directory, or certificates issued by a trusted certification authority as the authentication method.
->**Note:** Because the primary authentication method recommended for devices that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to devices that are not part of an Active Directory domain.
+> [!NOTE]
+> Because the primary authentication method recommended for devices that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to devices that are not part of an Active Directory domain.
The protection provided by domain isolation can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
index dbffb1b8f1..8286d47f26 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
@@ -1,6 +1,6 @@
---
title: Server Isolation GPOs (Windows 10)
-description: Server Isolation GPOs
+description: Learn about required GPOs for isolation zones and how many server isolation zones you need in Windows Defender Firewall with Advanced Security.
ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
index b93e884682..daba2b5e2c 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
@@ -1,6 +1,6 @@
---
title: Server Isolation Policy Design Example (Windows 10)
-description: Server Isolation Policy Design Example
+description: Learn about server isolation policy design in Windows Defender Firewall with Advanced Security by referring to this example of a fictitious company.
ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 1eeea3dc76..d5c4333424 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -1,6 +1,6 @@
---
title: Server Isolation Policy Design (Windows 10)
-description: Server Isolation Policy Design
+description: Learn about server isolation policy design, where you assign servers to a zone that allows access only to members of an approved network access group.
ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a
ms.reviewer:
ms.author: dansimp
@@ -43,13 +43,14 @@ Characteristics of this design include the following:
To add support for server isolation, you must ensure that the authentication methods are compatible with the requirements of the isolated server. For example, if you want to authorize user accounts that are members of a NAG in addition to authorizing computer accounts, you must enable both user and computer authentication in your connection security rules.
->**Important:** This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
+> [!IMPORTANT]
+> This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
This design can be applied to devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
For more info about this design:
-- This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+- This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
- To learn more about this design, see [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
new file mode 100644
index 0000000000..6071427eda
--- /dev/null
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -0,0 +1,1328 @@
+---
+title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
+description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
+
+ms.reviewer:
+ms.author: dansimp
+ms.prod: w10
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: dansimp
+manager: dansimp
+ms.collection: M365-security-compliance
+ms.topic: troubleshooting
+---
+
+# Troubleshooting UWP App Connectivity Issues
+
+This document is intended to help network admins, support engineers, and developers to
+investigate UWP app network connectivity issues.
+
+This document guides you through steps to debug Universal Windows Platform (UWP) app network connectivity issues by providing practical examples.
+
+## Typical causes of connectivity issues
+
+UWP app network connectivity issues are typically caused by:
+
+1. The UWP app was not permitted to receive loopback traffic. This must be configured. By default, UWP apps are not allowed to receive loopback traffic.
+2. The UWP app is missing the proper capability tokens.
+3. The private range is configured incorrectly. For example, the private range is set incorrectly through GP/MDM policies, etc.
+
+To understand these causes more thoroughly, there are several concepts to review.
+
+The traffic of network packets (what's permitted and what’s not) on Windows is determined by the Windows Filtering Platform (WFP). When a UWP app
+or the private range is configured incorrectly, it affects how the UWP app’s network traffic will be processed by WFP.
+
+When a packet is processed by WFP, the characteristics of that packet must explicitly match all the conditions of a filter to either be permitted or dropped to its target address. Connectivity issues typically happen when the packet does not match any of the filter conditions, leading the packet to be dropped by a default block filter. The presence of the default block
+filters ensures network isolation for UWP applications. Specifically, it guarantees a network drop for a packet that does not have the correct capabilities for the resource it is trying to reach. This ensures the application’s granular access to each resource type and preventing the application from escaping its environment.
+
+For more information on the filter arbitration algorithm and network isolation,
+see [Filter
+Arbitration](https://docs.microsoft.com/windows/win32/fwp/filter-arbitration)
+and
+[Isolation](https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation).
+
+The following sections cover debugging case examples for loopback and non-loopback UWP app network connectivity issues.
+
+> [!NOTE]
+> As improvements to debugging and diagnostics in the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
+traces collected on previous releases of Windows.
+
+## Debugging UWP App Loopback scenarios
+
+If you need to establish a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
+
+To enable loopback for client outbound connections, run the following at a command prompt:
+
+```console
+CheckNetIsolation.exe LoopbackExempt -a -n=
+```
+
+To enable loopback for server inbound connections, run the following at a
+command prompt:
+```console
+CheckNetIsolation.exe LoopbackExempt -is -n=
+```
+You can ensure loopback is enabled by checking the appx manifests of both the sender and receiver.
+
+For more information about loopback scenarios, see [Communicating with
+localhost
+(loopback)](https://docs.microsoft.com/windows/iot-core/develop-your-app/loopback).
+
+## Debugging Live Drops
+
+If the issue happened recently, but you find you are not able to reproduce the issue, go to Debugging Past Drops for the appropriate trace commands.
+
+If you can consistently reproduce the issue, then you can run the following in an admin command prompt to gather a fresh trace:
+
+```console
+Netsh wfp capture start keywords=19
+
+Netsh wfp capture stop
+```
+
+These commands generate a wfpdiag.cab. Inside the .cab exists a wfpdiag.xml, which contains any allow or drop netEvents and filters that existed during that repro. Without “keywords=19”, the trace will only collect drop netEvents.
+
+Inside the wfpdiag.xml, search for netEvents which have
+FWPM_NET_EVENT_TYPE_CLASSIFY_DROP as the netEvent type. To find the relevant drop events, search for the drop events with matching destination IP address,
+package SID, or application ID name. The characters in the application ID name
+will be separated by periods:
+
+```XML
+(ex)
+
+
+\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
+
+
+```
+
+The netEvent will have more information about the packet that was dropped including information about its capabilities, the filter that dropped the packet, and much more.
+
+## Case 1: UWP app connects to Internet target address with all capabilities
+
+In this example, the UWP app successfully connects to bing.com
+[2620:1ec:c11::200].
+
+A packet from a UWP app needs the correct networking capability token for the resource it is trying to reach.
+
+In this scenario, the app could successfully send a packet to the Internet target because it had an Internet capability token.
+
+The following shows the allow netEvent of the app connecting to the target IP. The netEvent contains information about the packet including its local address,
+remote address, capabilities, etc.
+
+**Classify Allow netEvent, Wfpdiag-Case-1.xml**
+```xml
+
+
+ 2020-05-21T17:25:59.070Z
+
+ FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
+ FWPM_NET_EVENT_FLAG_APP_ID_SET
+ FWPM_NET_EVENT_FLAG_USER_ID_SET
+ FWPM_NET_EVENT_FLAG_IP_VERSION_SET
+ FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
+
+ FWP_IP_VERSION_V6
+ 6
+ 2001:4898:30:3:256c:e5ba:12f3:beb1
+ 2620:1ec:c11::200
+52127
+443
+0
+
+ 5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
+ \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+ .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
+
+S-1-5-21-2993214446-1947230185-131795049-1000
+FWP_AF_INET6
+S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936
+
+0
+
+
+FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW
+
+ 125918
+ 50
+ 0
+ 1
+ 1
+
+
+
+0000000000000000
+
+ FWP_CAPABILITIES_FLAG_INTERNET_CLIENT
+ FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER
+ FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK
+
+0
+
+
+
+ 125918
+ FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH
+ FWP_ACTION_PERMIT
+
+
+ 121167
+ FWPP_SUBLAYER_INTERNAL_FIREWALL_WF
+ FWP_ACTION_PERMIT
+
+
+
+
+```
+
+The following is the filter that permitted the packet to be sent to the target
+address according to the **terminatingFiltersInfo** in the **netEvent**. This packet was
+allowed by Filter #125918, from the InternetClient Default Rule.
+
+**InternetClient Default Rule Filter #125918, Wfpdiag-Case-1.xml**
+```xml
+
+ {3389708e-f7ae-4ebc-a61a-f659065ab24e}
+
+ InternetClient Default Rule
+ InternetClient Default Rule
+
+
+ FWPM_PROVIDER_MPSSVC_WSH
+
+ ad2b000000000000
+ .+......
+
+ FWPM_LAYER_ALE_AUTH_CONNECT_V6
+ FWPM_SUBLAYER_MPSSVC_WSH
+ FWP_EMPTY
+
+
+
+ FWPM_CONDITION_ALE_PACKAGE_ID
+ FWP_MATCH_NOT_EQUAL
+
+ FWP_SID
+ S-1-0-0
+
+
+
+ FWPM_CONDITION_IP_REMOTE_ADDRESS
+ FWP_MATCH_RANGE
+
+ FWP_RANGE_TYPE
+
+
+ FWP_BYTE_ARRAY16_TYPE
+ ::
+
+
+ FWP_BYTE_ARRAY16_TYPE
+ ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+
+
+
+
+
+ FWPM_CONDITION_ORIGINAL_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_CURRENT_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_ALE_USER_ID
+ FWP_MATCH_EQUAL
+
+ FWP_SECURITY_DESCRIPTOR_TYPE
+ O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)
+
+
+
+
+ FWP_ACTION_PERMIT
+
+
+ 0
+
+ 125918
+
+ FWP_UINT64
+ 103079219136
+
+
+```
+
+**Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
+```xml
+
+ FWPM_CONDITION_ALE_USER_ID
+ FWP_MATCH_EQUAL
+
+ FWP_SECURITY_DESCRIPTOR_TYPE
+ O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)
+
+
+```
+This is the condition for checking capabilities in this filter.
+
+The important part of this condition is **S-1-15-3-1**, which is the capability SID
+for **INTERNET_CLIENT** privileges.
+
+From the **netEvent** capabilities section,
+capabilities from netEvent, Wfpdiag-Case-1.xml.
+```xml
+
+ FWP_CAPABILITIES_FLAG_INTERNET_CLIENTFWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER
+ FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK
+
+```
+This shows the packet came from an app with an Internet client token (**FWP_CAPABILITIES_FLAG_INTERNET_CLIENT**) which matches the capability SID in the
+filter. All the other conditions are also met for the filter, so the packet is
+allowed.
+
+Something to note is that the only capability token required for the packet to
+reach bing.com was the Internet client token, even though this example showed
+the packet having all capabilities.
+
+## Case 2: UWP APP cannot reach Internet target address and has no capabilities
+
+In this example, the UWP app is unable to connect to bing.com
+[2620:1ec:c11::200].
+
+The following is a drop netEvent that was captured in the trace.
+
+**Classify Drop netEvent, Wfpdiag-Case-2.xml**
+```xml
+
+
+2020-03-30T23:53:09.720Z
+
+ FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
+ FWPM_NET_EVENT_FLAG_APP_ID_SET
+ FWPM_NET_EVENT_FLAG_USER_ID_SET
+ FWPM_NET_EVENT_FLAG_IP_VERSION_SET
+ FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
+
+FWP_IP_VERSION_V6
+6
+2001:4898:1a:1045:8469:3351:e6e2:543
+2620:1ec:c11::200
+63187
+443
+0
+
+5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0034002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
+\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...4...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
+
+S-1-5-21-2788718703-1626973220-3690764900-1000
+FWP_AF_INET6
+S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936
+
+0
+
+
+FWPM_NET_EVENT_TYPE_CLASSIFY_DROP
+
+68893
+50
+0
+1
+1
+MS_FWP_DIRECTION_OUT
+false
+
+0
+0
+
+
+
+0000000000000000
+
+0
+
+
+
+68893
+FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH
+FWP_ACTION_BLOCK
+
+
+68879
+FWPP_SUBLAYER_INTERNAL_FIREWALL_WF
+FWP_ACTION_PERMIT
+
+
+
+
+```
+The first thing that you should check in the **netEvent** is the capabilities
+field. In this example, the capabilities field is empty, indicating that the
+UWP app was not configured with any capability tokens to allow it to connect to
+a network.
+
+**Internal Fields from netEvent, Wfpdiag-Case-2.xml**
+```xml
+
+
+0000000000000000
+
+0
+
+
+
+68893
+FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH
+FWP_ACTION_BLOCK
+
+
+68879
+FWPP_SUBLAYER_INTERNAL_FIREWALL_WF
+FWP_ACTION_PERMIT
+
+
+
+```
+The **netEvent** also shows information about the filter that explicitly dropped this packet, like the **FilterId**, listed under classify drop.
+
+**Classify Drop from netEvent, Wfpdiag-Case-2.xml**
+```xml
+
+68893
+50
+0
+1
+1
+MS_FWP_DIRECTION_OUT
+false
+
+0
+0
+
+```
+If you search for the filter #68893 in Wfpdiag-Case2.xml, you'll see that
+the packet was dropped by a Block Outbound Default Rule filter.
+
+**Block Outbound Default Rule Filter #68893, Wfpdiag-Case-2.xml**
+
+```xml
+
+ {6d51582f-bcf8-42c4-afc9-e2ce7155c11b}
+/t
+ **Block Outbound Default Rule**
+ Block Outbound Default Rule
+
+
+ {4b153735-1049-4480-aab4-d1b9bdc03710}
+
+ b001000000000000
+ ........
+
+ FWPM_LAYER_ALE_AUTH_CONNECT_V6
+ {b3cdd441-af90-41ba-a745-7c6008ff2300}
+
+ FWP_EMPTY
+
+
+
+ FWPM_CONDITION_ALE_PACKAGE_ID
+ FWP_MATCH_NOT_EQUAL
+
+ FWP_SID
+ S-1-0-0
+
+
+
+
+ FWP_ACTION_BLOCK
+
+
+ 0
+
+ 68893
+
+ FWP_UINT64
+ 68719476736
+
+
+```
+
+A packet will reach a default block filter if the packet was unable to match any of the conditions of other filters, and not allowed by the other filters in
+the same sublayer.
+
+If the packet had the correct capability token,
+**FWP_CAPABILITIES_FLAG_INTERNET_CLIENT**, it would have matched a condition for a
+non-default block filter and would have been permitted to reach bing.com.
+Without the correct capability tokens, the packet will be explicitly dropped by
+a default block outbound filter.
+
+## Case 3: UWP app cannot reach Internet target address without Internet Client capability
+
+In this example, the app is unable to connect to bing.com [2620:1ec:c11::200].
+
+The app in this scenario only has private network capabilities (Client and
+Server). The app is trying to connect to an Internet resource (bing.com), but
+only has a private network token. Therefore, the packet will be dropped.
+
+**Classify Drop netEvent, Wfpdiag-Case-3.xml**
+```xml
+
+
+2020-03-31T16:57:18.570Z
+
+FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
+FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
+FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
+FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
+FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
+FWPM_NET_EVENT_FLAG_APP_ID_SET
+FWPM_NET_EVENT_FLAG_USER_ID_SET
+FWPM_NET_EVENT_FLAG_IP_VERSION_SET
+FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
+
+FWP_IP_VERSION_V6
+6
+2001:4898:1a:1045:9c65:7805:dd4a:cc4b
+2620:1ec:c11::200
+64086
+443
+0
+
+5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0035002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
+\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...5...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
+
+S-1-5-21-2788718703-1626973220-3690764900-1000
+FWP_AF_INET6
+S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936
+
+0
+
+
+FWPM_NET_EVENT_TYPE_CLASSIFY_DROP
+
+68893
+50
+0
+1
+1
+MS_FWP_DIRECTION_OUT
+false
+
+0
+0
+
+
+
+0000000000000000
+****
+**FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK**
+****
+0
+
+
+
+68893
+FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH
+FWP_ACTION_BLOCK
+
+
+68879
+FWPP_SUBLAYER_INTERNAL_FIREWALL_WF
+FWP_ACTION_PERMIT
+
+
+
+
+```
+
+## Case 4: UWP app cannot reach Intranet target address without Private Network capability
+
+In this example, the UWP app is unable to reach the Intranet target address,
+10.50.50.50, because it does not have a Private Network capability.
+
+**Classify Drop netEvent, Wfpdiag-Case-4.xml**
+```xml
+
+
+ 2020-05-22T21:29:28.601Z
+
+ FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
+ FWPM_NET_EVENT_FLAG_APP_ID_SET
+ FWPM_NET_EVENT_FLAG_USER_ID_SET
+ FWPM_NET_EVENT_FLAG_IP_VERSION_SET
+ FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
+
+ FWP_IP_VERSION_V4
+ 6
+ 10.216.117.17
+ 10.50.50.50
+ 52998
+ 53
+ 0
+
+ 5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
+ \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+ .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
+
+ S-1-5-21-2993214446-1947230185-131795049-1000
+ FWP_AF_INET
+ S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936
+
+ 0
+
+
+ FWPM_NET_EVENT_TYPE_CLASSIFY_DROP
+
+ 121180
+ 48
+ 0
+ 1
+ 1
+ MS_FWP_DIRECTION_OUT
+ false
+
+ 0
+ 0
+
+
+
+ 0000000000000000
+
+ FWP_CAPABILITIES_FLAG_INTERNET_CLIENT
+ FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER
+
+ 0
+
+
+
+ 121180
+ FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH
+ FWP_ACTION_BLOCK
+
+
+ 121165
+ FWPP_SUBLAYER_INTERNAL_FIREWALL_WF
+ FWP_ACTION_PERMIT
+
+
+
+
+```
+## Case 5: UWP app cannot reach “Intranet” target address with Private Network capability
+
+In this example, the UWP app is unable to reach the Intranet target address,
+10.1.1.1, even though it has a Private Network capability token.
+
+**Classify Drop netEvent, Wfpdiag-Case-5.xml**
+```xml
+
+
+ 2020-05-22T20:54:53.499Z
+
+ FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
+ FWPM_NET_EVENT_FLAG_APP_ID_SET
+ FWPM_NET_EVENT_FLAG_USER_ID_SET
+ FWPM_NET_EVENT_FLAG_IP_VERSION_SET
+ FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
+
+ FWP_IP_VERSION_V4
+ 6
+ 10.216.117.17
+ 10.1.1.1
+ 52956
+ 53
+ 0
+
+ 5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
+ \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+ .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
+
+ S-1-5-21-2993214446-1947230185-131795049-1000
+ FWP_AF_INET
+ S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936
+
+ 0
+
+
+ FWPM_NET_EVENT_TYPE_CLASSIFY_DROP
+
+ 121180
+ 48
+ 0
+ 1
+ 1
+ MS_FWP_DIRECTION_OUT
+ false
+
+ 0
+ 0
+
+
+
+ 0000000000000000
+
+ FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK
+
+ 0
+
+
+
+ 121180
+ FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH
+ FWP_ACTION_BLOCK
+
+
+ 121165
+ FWPP_SUBLAYER_INTERNAL_FIREWALL_WF
+ FWP_ACTION_PERMIT
+
+
+
+
+```
+The following shows the filter that blocked the event:
+
+**Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
+
+```xml
+
+ {e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}
+
+ Block Outbound Default Rule
+ Block Outbound Default Rule
+
+
+ FWPM_PROVIDER_MPSSVC_WSH
+
+ c029000000000000
+ .)......
+
+ FWPM_LAYER_ALE_AUTH_CONNECT_V4
+ FWPM_SUBLAYER_MPSSVC_WSH
+
+ FWP_EMPTY
+
+
+
+ FWPM_CONDITION_ALE_PACKAGE_ID
+ FWP_MATCH_NOT_EQUAL
+
+ FWP_SID
+ S-1-0-0
+
+
+
+
+ FWP_ACTION_BLOCK
+
+
+ 0
+
+ 121180
+
+ FWP_UINT64
+ 274877906944
+
+
+```
+If the target was in the private range, then it should have been allowed by a
+PrivateNetwork Outbound Default Rule filter.
+
+The following PrivateNetwork Outbound Default Rule filters have conditions for matching Intranet IP addresses. Since the expected Intranet target address,
+10.1.1.1, is not included in these filters it becomes clear that the address is not in the private range. Check the policies that configure the private range
+on the device (MDM, Group Policy, etc.) and make sure it includes the private target address you wanted to reach.
+
+**PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
+```xml
+
+ {fd65507b-e356-4e2f-966f-0c9f9c1c6e78}
+
+ PrivateNetwork Outbound Default Rule
+ PrivateNetwork Outbound Default Rule
+
+
+ FWPM_PROVIDER_MPSSVC_WSH
+
+ f22d000000000000
+ .-......
+
+ FWPM_LAYER_ALE_AUTH_CONNECT_V4
+ FWPM_SUBLAYER_MPSSVC_WSH
+
+ FWP_EMPTY
+
+
+
+ FWPM_CONDITION_ALE_PACKAGE_ID
+ FWP_MATCH_NOT_EQUAL
+
+ FWP_SID
+ S-1-0-0
+
+
+
+ FWPM_CONDITION_IP_REMOTE_ADDRESS
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1.1.1.1
+
+
+
+ FWPM_CONDITION_ORIGINAL_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_CURRENT_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_ALE_USER_ID
+ FWP_MATCH_EQUAL
+
+ FWP_SECURITY_DESCRIPTOR_TYPE
+ O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)
+
+
+
+
+ FWP_ACTION_PERMIT
+
+
+ 0
+
+ 129656
+
+ FWP_UINT64
+ 144115600392724416
+
+
+
+ {b11b4f8a-222e-49d6-8d69-02728681d8bc}
+
+ PrivateNetwork Outbound Default Rule
+ PrivateNetwork Outbound Default Rule
+
+
+ FWPM_PROVIDER_MPSSVC_WSH
+
+ f22d000000000000
+ .-......
+
+ FWPM_LAYER_ALE_AUTH_CONNECT_V4
+ FWPM_SUBLAYER_MPSSVC_WSH
+
+ FWP_EMPTY
+
+
+
+ FWPM_CONDITION_ALE_PACKAGE_ID
+ FWP_MATCH_NOT_EQUAL
+
+ FWP_SID
+ S-1-0-0
+
+
+
+ FWPM_CONDITION_IP_REMOTE_ADDRESS
+ FWP_MATCH_RANGE
+
+ FWP_RANGE_TYPE
+
+
+ FWP_UINT32
+ 172.16.0.0
+
+
+ FWP_UINT32
+ 172.31.255.255
+
+
+
+
+
+ FWPM_CONDITION_ORIGINAL_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_CURRENT_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_ALE_USER_ID
+ FWP_MATCH_EQUAL
+
+ FWP_SECURITY_DESCRIPTOR_TYPE
+ O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)
+
+
+
+
+ FWP_ACTION_PERMIT
+
+
+ 0
+
+ 129657
+
+ FWP_UINT64
+ 36029209335832512
+
+
+
+ {21cd82bc-6077-4069-94bf-750e5a43ca23}
+
+ PrivateNetwork Outbound Default Rule
+ PrivateNetwork Outbound Default Rule
+
+
+ FWPM_PROVIDER_MPSSVC_WSH
+
+ f22d000000000000
+ .-......
+
+ FWPM_LAYER_ALE_AUTH_CONNECT_V4
+ FWPM_SUBLAYER_MPSSVC_WSH
+
+ FWP_EMPTY
+
+
+
+ FWPM_CONDITION_ALE_PACKAGE_ID
+ FWP_MATCH_NOT_EQUAL
+
+ FWP_SID
+ S-1-0-0
+
+
+
+ FWPM_CONDITION_IP_REMOTE_ADDRESS
+ FWP_MATCH_RANGE
+
+ FWP_RANGE_TYPE
+
+
+ FWP_UINT32
+ 192.168.0.0
+
+
+ FWP_UINT32
+ 192.168.255.255
+
+
+
+
+
+ FWPM_CONDITION_ORIGINAL_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_CURRENT_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_ALE_USER_ID
+ FWP_MATCH_EQUAL
+
+ FWP_SECURITY_DESCRIPTOR_TYPE
+ O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)
+
+
+
+
+ FWP_ACTION_PERMIT
+
+
+ 0
+
+ 129658
+
+ FWP_UINT64
+ 36029209335832512
+
+
+```
+## Debugging Past Drops
+
+If you are debugging a network drop from the past or from a remote machine, you
+may have traces already collected from Feedback Hub, such as nettrace.etl and
+wfpstate.xml. Once nettrace.etl is converted, nettrace.txt will have the
+netEvents of the reproduced event, and wfpstate.xml will contain the filters
+that were present on the machine at the time.
+
+If you do not have a live repro or traces already collected, you can still
+collect traces after the UWP network connectivity issue has happened by running
+these commands in an admin command prompt
+
+```xml
+
+ Netsh wfp show netevents
+ Netsh wfp show state
+```
+
+**Netsh wfp show netevents** creates netevents.xml, which contains the past
+net events. **Netsh wfp show state** creates wfpstate.xml, which contains
+the current filters present on the machine.
+
+Unfortunately, collecting traces after the UWP network connectivity issue is not
+always reliable.
+
+NetEvents on the device are stored in a buffer. Once that buffer has reached
+maximum capacity, the buffer will overwrite older net events. Due to the buffer
+overwrite, it is possible that the collected netevents.xml will not contain the
+net event associated with the UWP network connectivity issue. It could have been ov
+overwritten. Additionally, filters on the device can get deleted and re-added
+with different filterIds due to miscellaneous events on the device. Because of
+this, a **filterId** from **netsh wfp show netevents** may not necessarily match any
+filter in **netsh wfp show state** because that **filterId** may be outdated.
+
+If you can reproduce the UWP network connectivity issue consistently, we
+recommend using the commands from Debugging Live Drops instead.
+
+Additionally, you can still follow the examples from Debugging Live Drops
+section using the trace commands in this section, even if you do not have a live
+repro. The **netEvents** and filters are stored in one file in Debugging Live Drops
+as opposed to two separate files in the following Debugging Past Drops examples.
+
+## Case 7: Debugging Past Drop - UWP app cannot reach Internet target address and has no capabilities
+
+In this example, the UWP app is unable to connect to bing.com.
+
+Classify Drop Net Event, NetEvents-Case-7.xml
+
+```xml
+
+
+2020-05-04T22:04:07.039Z
+
+FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
+FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
+FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
+FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
+FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
+FWPM_NET_EVENT_FLAG_APP_ID_SET
+FWPM_NET_EVENT_FLAG_USER_ID_SET
+FWPM_NET_EVENT_FLAG_IP_VERSION_SET
+FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
+
+FWP_IP_VERSION_V4
+6
+10.195.36.30
+204.79.197.200
+57062
+443
+0
+
+5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
+\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
+
+S-1-5-21-1578316205-4060061518-881547182-1000
+FWP_AF_INET
+S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936
+
+0
+
+
+FWPM_NET_EVENT_TYPE_CLASSIFY_DROP
+
+206064
+48
+0
+1
+1
+MS_FWP_DIRECTION_OUT
+false
+
+0
+0
+
+
+
+0000000000000000
+
+0
+
+
+
+206064
+FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH
+FWP_ACTION_BLOCK
+
+
+206049
+FWPP_SUBLAYER_INTERNAL_FIREWALL_WF
+FWP_ACTION_PERMIT
+
+
+
+
+```
+
+The Internal fields lists no active capabilities, and the packet is dropped at
+filter 206064.
+
+This is a default block rule filter, meaning the packet passed through every
+filter that could have allowed it, but because conditions didn’t match for any
+those filters, the packet fell to the filter which blocks any packet that the
+Security Descriptor doesn’t match.
+
+**Block Outbound Default Rule Filter \#206064, FilterState-Case-7.xml**
+
+```xml
+
+{f138d1ad-9293-478f-8519-c3368e796711}
+
+Block Outbound Default Rule
+Block Outbound Default Rule
+
+
+FWPM_PROVIDER_MPSSVC_WSH
+
+2e65000000000000
+.e......
+
+FWPM_LAYER_ALE_AUTH_CONNECT_V4
+FWPM_SUBLAYER_MPSSVC_WSH
+
+FWP_EMPTY
+
+
+
+FWPM_CONDITION_ALE_PACKAGE_ID
+FWP_MATCH_NOT_EQUAL
+
+FWP_SID
+S-1-0-0
+
+
+
+
+FWP_ACTION_BLOCK
+
+
+0
+
+206064
+
+FWP_UINT64
+274877906944
+
+
+```
+## Case 8: Debugging Past Drop - UWP app connects to Internet target address with all capabilities
+
+In this example, the UWP app successfully connects to bing.com [204.79.197.200].
+
+**Classify Allow Net Event, NetEvents-Case-8.xml**
+
+```xml
+
+
+ 2020-05-04T18:49:55.101Z
+
+ FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
+ FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
+ FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
+ FWPM_NET_EVENT_FLAG_APP_ID_SET
+ FWPM_NET_EVENT_FLAG_USER_ID_SET
+ FWPM_NET_EVENT_FLAG_IP_VERSION_SET
+ FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
+
+ FWP_IP_VERSION_V4
+ 6
+ 10.195.36.30
+ 204.79.197.200
+ 61673
+ 443
+ 0
+
+ 5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
+ \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+ .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
+
+ S-1-5-21-1578316205-4060061518-881547182-1000
+ FWP_AF_INET
+ S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936
+
+ 0
+
+
+ FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW
+
+ 208757
+ 48
+ 0
+ 1
+ 1
+
+
+
+ 0000000000000000
+
+ FWP_CAPABILITIES_FLAG_INTERNET_CLIENT
+ FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER
+ FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK
+
+ 0
+
+
+
+ 208757
+ FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH
+ FWP_ACTION_PERMIT
+
+
+ 206049
+ FWPP_SUBLAYER_INTERNAL_FIREWALL_WF
+ FWP_ACTION_PERMIT
+
+
+
+
+```
+All capabilities are enabled and the resulting filter determining the flow of the packet is 208757.
+
+The filter stated above with action permit:
+
+**InternetClient Default Rule Filter \#208757, FilterState-Case-8.xml**
+```xml
+
+ {e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}
+
+ InternetClient Default Rule
+ InternetClient Default Rule
+
+
+ FWPM_PROVIDER_MPSSVC_WSH
+
+ e167000000000000
+ .g......
+
+ FWPM_LAYER_ALE_AUTH_CONNECT_V4
+ FWPM_SUBLAYER_MPSSVC_WSH
+
+ FWP_EMPTY
+
+
+
+ FWPM_CONDITION_ALE_PACKAGE_ID
+ FWP_MATCH_NOT_EQUAL
+
+ FWP_SID
+ S-1-0-0
+
+
+
+ FWPM_CONDITION_IP_REMOTE_ADDRESS
+ FWP_MATCH_RANGE
+
+ FWP_RANGE_TYPE
+
+
+ FWP_UINT32
+ 0.0.0.0
+
+
+ FWP_UINT32
+ 255.255.255.255
+
+
+
+
+
+ FWPM_CONDITION_ORIGINAL_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_CURRENT_PROFILE_ID
+ FWP_MATCH_EQUAL
+
+ FWP_UINT32
+ 1
+
+
+
+ FWPM_CONDITION_ALE_USER_ID
+ FWP_MATCH_EQUAL
+
+ FWP_SECURITY_DESCRIPTOR_TYPE
+ O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)
+
+
+
+
+ FWP_ACTION_PERMIT
+
+
+ 0
+
+ 208757
+
+ FWP_UINT64
+ 412316868544
+
+
+```
+The capabilities field in a netEvent was added to the traces in the Windows 10
+May 2019 Update.
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 26796b6814..0449d6b01f 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -20,13 +20,12 @@ ms.author: dansimp
Designing any deployment starts by performing several important tasks:
-- [Identifying Your Windows Defender Firewall with Advanced Security Design Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+- [Identifying your windows defender firewall with advanced security design goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
-- [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+- [Mapping your implementation goals to a Windows Defender Firewall with Advanced Security design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
-- [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
-After you identify your deployment goals and map them to a Windows Defender Firewall with Advanced Security design, you can begin documenting the design based on the processes that are described in the following topics:
+After you identify your implementation goals and map them to a Windows Defender Firewall with Advanced Security design, you can begin documenting the design based on the processes that are described in the following topics:
- [Designing A Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
index 7cbeb23689..a7178f39fe 100644
--- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
+++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
@@ -1,6 +1,6 @@
---
title: Verify That Network Traffic Is Authenticated (Windows 10)
-description: Verify That Network Traffic Is Authenticated
+description: Learn how to confirm that network traffic is being protected by IPsec authentication after you configure your domain isolation rule to require authentication.
ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2
ms.reviewer:
ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index d91723c3d2..ddb0304065 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -1,6 +1,6 @@
---
-title: Deploy Windows Defender Firewall with Advanced Security (Windows 10)
-description: Windows Defender Firewall with Advanced Security Deployment Guide
+title: Windows Defender Firewall with Advanced Security deployment overview (Windows 10)
+description: Use this guide to deploy Windows Defender Firewall with Advanced Security for your enterprise to help protect devices and data that they share across a network.
ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
ms.reviewer:
ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
ms.date: 08/17/2017
---
-# Windows Defender Firewall with Advanced Security Deployment Guide
+# Windows Defender Firewall with Advanced Security deployment overview
**Applies to**
- Windows 10
@@ -46,8 +46,8 @@ After you select your design and gather the required information about the zones
- [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
Use the checklists in [Implementing Your Windows Defender Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md) to determine how best to use the instructions in this guide to deploy your particular design.
-
->**Caution:** We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the devices in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
+> [!CAUTION]
+> We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the devices in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
In a large enterprise environment with hundreds or thousands of GPOs, using this technique with too many GPOs can result in user or device accounts that are members of an excessive number of groups; this can result in network connectivity problems if network protocol limits are exceeded.
@@ -61,10 +61,4 @@ This guide does not provide:
- Guidance for setting up certification authorities (CAs) to create certificates for certificate-based authentication.
-## Overview of Windows Defender Firewall with Advanced Security
-
-Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot be authenticated as a trusted device cannot communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
-
-The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
-
For more information about Windows Defender Firewall with Advanced Security, see [Windows Defender Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md).
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 70c8912478..d6b2ed3cde 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -1,6 +1,6 @@
---
-title: Windows Defender Firewall with Advanced Security Design Guide (Windows 10)
-description: Windows Defender Firewall with Advanced Security Design Guide
+title: Windows Defender Firewall with Advanced Security design guide (Windows 10)
+description: Learn about common goals for using Windows Defender Firewall with Advanced Security to choose or create a design for deploying the firewall in your enterprise.
ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
ms.reviewer:
ms.author: dansimp
@@ -17,8 +17,7 @@ ms.topic: conceptual
ms.date: 10/05/2017
---
-# Windows Defender Firewall with Advanced Security
-Design Guide
+# Windows Defender Firewall with Advanced Security design guide
**Applies to**
- Windows 10
@@ -40,7 +39,7 @@ Windows Defender Firewall should be part of a comprehensive security solution th
To successfully use this guide, you need a good understanding of both the capabilities provided by Windows Defender Firewall, and how to deliver configuration settings to your managed devices by using Group Policy in Active Directory.
-You can use the deployment goals to form one of these Windows Defender Firewall with Advanced Security designs, or a custom design that combines elements from those presented here:
+You can use the implementation goals to form one of these Windows Defender Firewall with Advanced Security designs, or a custom design that combines elements from those presented here:
- **Basic firewall policy design**. Restricts network traffic in and out of your devices to only that which is needed and authorized.
@@ -68,9 +67,8 @@ Deployment Guide at these locations:
| Topic | Description
| - | - |
| [Understanding the Windows Defender Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md) | Learn how to get started with the Windows Defender Firewall with Advanced Security design process. |
-| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) | Learn how to identify your Windows Defender Firewall with Advanced Security deployment goals. |
-| [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) | After you finish reviewing the existing Windows Defender Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Defender Firewall with Advanced Security design. |
-| [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md) | Learn how to use Windows Defender Firewall to improve the security of the computers connected to the network. |
+| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) | Learn how to identify your Windows Defender Firewall with Advanced Security implementation goals. |
+| [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) | After you finish reviewing the existing Windows Defender Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Defender Firewall with Advanced Security design. |
| [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) | To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. |
| [Planning Your Windows Defender Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md) | After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs. |
| [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) | You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC). |
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 3261e0545f..9718aa85cf 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -1,6 +1,6 @@
---
title: Windows Defender Firewall with Advanced Security (Windows 10)
-description: Windows Defender Firewall with Advanced Security
+description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
@@ -25,10 +25,17 @@ ms.custom: asr
This is an overview of the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
+## Overview of Windows Defender Firewall with Advanced Security
+
+Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot be authenticated as a trusted device cannot communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
+
+The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
+
+
+
## Feature description
-Windows Defender Firewall with Advanced Security
-is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy.
+Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy.
## Practical applications
@@ -41,12 +48,4 @@ To help address your organizational network security challenges, Windows Defende
- **Extends the value of existing investments.** Because Windows Defender Firewall is a host-based firewall that is included with the operating system, there is no additional hardware or software required. Windows Defender Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).
-## In this section
-| Topic | Description
-| - | - |
-| [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md) | You can customize your Windows Defender Firewall configuration to isolate the network access of Microsoft Store apps that run on devices. |
-| [Securing End-to-End IPsec Connections by Using IKEv2](securing-end-to-end-ipsec-connections-by-using-ikev2.md) | You can use IKEv2 to help secure your end-to-end IPSec connections. |
-| [Windows Defender Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md) | Learn more about using Windows PowerShell to manage the Windows Defender Firewall. |
-| [Windows Defender Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md) | Learn how to create a design for deploying Windows Defender Firewall with Advanced Security. |
-| [Windows Defender Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md) | Learn how to deploy Windows Defender Firewall with Advanced Security. |
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index fa85062872..e7b8a53f7a 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -35,7 +35,7 @@ The following video provides an overview of Windows Sandbox.
## Prerequisites
-- Windows 10 Pro or Enterprise build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
+- Windows 10 Pro, Enterprise or Education build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
- AMD64 architecture
- Virtualization capabilities enabled in BIOS
- At least 4 GB of RAM (8 GB recommended)
@@ -48,7 +48,7 @@ The following video provides an overview of Windows Sandbox.
2. Enable virtualization on the machine.
- If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
- - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization: **Set -VMProcessor -VMName \ -ExposeVirtualizationExtensions $true**
+ - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization: **Set-VMProcessor -VMName \ -ExposeVirtualizationExtensions $true**
1. Use the search bar on the task bar and type **Turn Windows Features on and off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
- If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md
index 2b22a606de..c2522f3e4c 100644
--- a/windows/whats-new/get-started-with-1709.md
+++ b/windows/whats-new/get-started-with-1709.md
@@ -1,6 +1,6 @@
---
title: Get started with Windows 10, version 1709
-description: Learn the dos and don'ts for getting started with Windows 10, version 1709.
+description: Learn about features, review requirements, and plan your deployment of Windows 10, version 1709, including IT Pro content, release information, and history.
keywords: ["get started", "windows 10", "fall creators update", "1709"]
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index ba0090d559..309ce421df 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 1809
ms.reviewer:
-description: New and updated features in Windows 10, version 1809
+description: Learn about features for Windows 10, version 1809, including features and fixes included in previous cumulative updates to Windows 10, version 1803.
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 October 2018 Update"]
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index 8518f5c4af..8c86914b6b 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -124,6 +124,16 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym
- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds.
- Update less: Last year, we [changed update installation policies](https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency/#l2jH7KMkOkfcWdBs.97) for Windows 10 to only target devices running a feature update version that is nearing end of service. As a result, many devices are only updating once a year. To enable all devices to make the most of this policy change, and to prevent confusion, we have removed deferrals from the Windows Update settings **Advanced Options** page starting on Windows 10, version 2004. If you wish to continue leveraging deferrals, you can use local Group Policy (**Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview builds and Feature Updates are received** or **Select when Quality Updates are received**). For more information about this change, see [Simplified Windows Update settings for end users](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplified-windows-update-settings-for-end-users/ba-p/1497215).
+## Networking
+
+### Wi-Fi 6 and WPA3
+
+Windows now supports the latest Wi-Fi standards with [Wi-Fi 6 and WPA3](https://support.microsoft.com/help/4562575/windows-10-faster-more-secure-wifi). Wi-Fi 6 gives you better wireless coverage and performance with added security. WPA3 provides improved Wi-Fi security and secures open networks.
+
+### TEAP
+
+In this release, Tunnel Extensible Authentication Protocol (TEAP) has been added as an authentication method to allow chaining together multiple credentials into a single EAP transaction. TEAP networks can be configured by [enterprise policy](https://docs.microsoft.com/openspecs/windows_protocols/ms-gpwl/94cf6896-c28e-4865-b12a-d83ee38cd3ea).
+
## Virtualization
### Windows Sandbox
Expand a category.
Select a setting.
Enter a value for the setting. Click Add if the button is displayed.
Some settings, such as this example, require additional information. In Available customizations, select the value you just created, and additional settings are displayed.
When the setting is configured, it is displayed in the Selected customizations pane.
-
-
-Once the hardware IDs have been captured from existing devices, they can be uploaded through a variety of means. See the detailed documentation for each available mechanism.
-
-- [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot). This is the preferred mechanism for all customers.
-- [Partner Center](https://msdn.microsoft.com/partner-center/autopilot). This is used by CSP partners to register devices on behalf of customers.
-- [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa). This is typically used by small and medium businesses (SMBs) who manage their devices using Microsoft 365 Business.
-- [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles). You might already be using MSfB to manage your apps and settings.
-
-A summary of each platform's capabilities is provided below.
+
+
+
@@ -241,7 +247,8 @@ More information: 
-Subcategory: 
