Merge remote-tracking branch 'refs/remotes/origin/master' into vs-uatfixes

windows/deploy/mbr-to-gpt.md

@@ -216,7 +216,7 @@ Before any change to the disk is made, MBR2GPT validates the layout and geometry
 - There are at most 3 primary partitions in the MBR partition table
 - One of the partitions is set as active and is the system partition
 - The BCD store on the system partition contains a default OS entry pointing to an OS partition
-- The volume IDs can retrieved for each volume which has a drive letter assigned
+- The volume IDs can be retrieved for each volume which has a drive letter assigned
 - All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
 
 If any of these checks fails, the conversion will not proceed and an error will be returned.

windows/deploy/resolve-windows-10-upgrade-errors.md

@@ -2,7 +2,7 @@
 title: Resolve Windows 10 upgrade errors - Windows IT Pro
 description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
 ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
-keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -560,11 +560,13 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
 
 </TABLE>
 
+
 ### 0x800xxxxx
 
+
 Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
 
-<P>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
+See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
 
 <TABLE border=1 cellspacing=0 cellpadding=0>
 

windows/keep-secure/bitlocker-group-policy-settings.md

@@ -37,6 +37,7 @@ The following policy settings can be used to determine how a BitLocker-protected
 -   [Require additional authentication at startup](#bkmk-unlockpol1)
 -   [Allow enhanced PINs for startup](#bkmk-unlockpol2)
 -   [Configure minimum PIN length for startup](#bkmk-unlockpol3)
+-   [Disable new DMA devices when this computer is locked](#disable-new-dma-devices-when-this-computer-is-locked)
 -   [Disallow standard users from changing the PIN or password](#bkmk-dpinchange)
 -   [Configure use of passwords for operating system drives](#bkmk-ospw)
 -   [Require additional authentication at startup (Windows Server 2008 and Windows Vista)](#bkmk-unlockpol4)
@@ -355,6 +356,24 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
 
 This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
 
+### Disable new DMA devices when this computer is locked
+
+This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI ports until a user signs in to Windows.
+
+|                    |                      |
+|--------------------|----------------------|
+| Policy description | This setting helps prevent attacks that use external PCI-based devices to access BitLocker keys. |
+| Introduced         | Windows 10, version 1703 |
+| Drive type         | Operating system drives  |
+| Policy path        | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives|
+| Conflicts          | None                     |
+| When enabled       | Every time the user locks the screen, DMA will be blocked on hot pluggable PCI ports until the user signs in again. |
+| When disabled or not configured | DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed in.|
+
+**Reference**
+
+This policy setting is only enforced when BitLocker or device encyption is enabled.
+
 ### <a href="" id="bkmk-dpinchange"></a>Disallow standard users from changing the PIN or password
 
 This policy setting allows you to configure whether standard users are allowed to change the PIN or password that is used to protect the operating system drive.

windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md

@@ -45,7 +45,7 @@ Configure a registry-based static proxy to allow only Windows Defender ATP senso
 
 The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**.
 
-The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DisableEnterpriseAuthProxy`.
+The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DisableEnterpriseAuthProxy\DataCollection`.
 
 The registry value `TelemetryProxyServer` takes the following string format:
 

windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md

@@ -117,4 +117,4 @@ If you're running Windows Defender as the primary antimalware product on your en
 
 If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender ELAM driver is enabled. For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy).
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-abovefoldlink1)
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-minreq-belowfoldlink1)

windows/keep-secure/windows-defender-advanced-threat-protection.md

@@ -27,6 +27,8 @@ localizationpriority: high
 
 Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
 
+Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787].
+
 Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
 -   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors

windows/whats-new/whats-new-windows-10-version-1703.md

@@ -121,6 +121,8 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10
 
 You can read more about ransomware mitigations and detection capability in Windows Defender Advanced Threat Protection in the blog: [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/).
 
+Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787].
+
 ### Windows Defender Antivirus
 Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](../keep-secure/windows-defender-antivirus-in-windows-10.md).