diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 2ad3ca1434..404877f84d 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -112,7 +112,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic
```
**AppManagement/RemovePackage**
-Added in Windows 10, version 1703. Used to remove packages.
+
Added in Windows 10, version 1703. Used to remove packages. Not supported for ./User/Vendor/MSFT.
Parameters:
@@ -121,34 +121,18 @@ The following image shows the EnterpriseModernAppManagement configuration servic
- Name: Specifies the PackageFullName of the particular package to remove.
- RemoveForAllUsers:
- - 0 (default) – Package will be un-provisioned so that new users do not receive the package. The package will remain installed for current users.
- - 1 – Package will be removed for all users.
+ - 0 (default) – Package will be un-provisioned so that new users do not receive the package. The package will remain installed for current users. This is not currently supported.
+ - 1 – Package will be removed for all users only if it is a provisioned package.
- User (optional): Specifies the SID of the particular user for whom to remove the package; only the package for the specified user can be removed. Not required for ./User/Vendor/MSFT.
+ User (optional): Specifies the SID of the particular user for whom to remove the package; only the package for the specified user can be removed.
Supported operation is Execute.
-
The following example removes a package for the specified user:
-
-```XML
-
- 10
- -
-
- ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/RemovePackage
-
- xml
-
-
-
-
-
-```
The following example removes a package for all users:
````XML
@@ -307,7 +291,12 @@ The following image shows the EnterpriseModernAppManagement configuration servic
Supported operation is Get.
**.../*PackageFamilyName*/*PackageFullName*/Users**
-
Required. Registered users of the app. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.
+
Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.
+
+- Not Installed = 0
+- Staged = 1
+- Installed = 2
+- Paused = 6
Supported operation is Get.
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 27f995e4d9..6554f182c6 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/03/2018
---
# Policy CSP - KioskBrowser
@@ -14,6 +14,7 @@ ms.date: 03/12/2018
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+These policies only apply to kiosk browser.
@@ -83,6 +84,9 @@ ms.date: 03/12/2018
Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
+> [!Note]
+> This policy only applies to kiosk browser.
+
@@ -127,6 +131,9 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
+> [!Note]
+> This policy only applies to kiosk browser.
+
@@ -171,6 +178,9 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.
+> [!Note]
+> This policy only applies to kiosk browser.
+
@@ -215,6 +225,9 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
+> [!Note]
+> This policy only applies to kiosk browser.
+
@@ -259,6 +272,9 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).
+> [!Note]
+> This policy only applies to kiosk browser.
+
@@ -305,6 +321,9 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle
The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
+> [!Note]
+> This policy only applies to kiosk browser.
+
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 822b8ec80b..b328c042ce 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -8,13 +8,19 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: jdeckerms
-ms.date: 03/23/2018
+ms.date: 04/04/2018
---
# Change history for Configure Windows 10
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
+## April 2018
+
+New or changed topic | Description
+--- | ---
+[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints.
+
## March 2018
New or changed topic | Description
diff --git a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
index c77762a5e4..ce9e5b4792 100644
--- a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: brianlic-msft
-ms.date: 10/17/2017
+ms.date: 04/04/2018
---
# Configure Windows diagnostic data in your organization
@@ -143,11 +143,17 @@ All diagnostic data data is encrypted using SSL and uses certificate pinning dur
The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access.
-The following table defines the endpoints for diagnostic data services:
+The following table defines the endpoints for Connected User Experiences and Telemetry component:
+
+Windows release | Endpoint
+--- | ---
+Windows 10, versions 1703 and 1709 | Diagnostics data: v10.vortex-win.data.microsoft.com/collect/v1Functional: v20.vortex-win.data.microsoft.com/collect/v1Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com/collect/v1settings-win.data.microsoft.com
+Windows 10, version 1607 | v10.vortex-win.data.microsoft.comsettings-win.data.microsoft.com
+
+The following table defines the endpoints for other diagnostic data services:
| Service | Endpoint |
| - | - |
-| Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com
settings-win.data.microsoft.com |
| [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
| [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
index 504909f266..7da0245da9 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
@@ -29,7 +29,7 @@ This policy setting is dependent on the **Account lockout threshold** policy set
If [Account lockout threshold](account-lockout-threshold.md) is configured, after the specified number of failed attempts, the account will be locked out. If th **Account lockout duration** is set to 0, the account will remain locked until an administrator unlocks it manually.
-It is advisable to set **Account lockout duration** to approximately 15 minutes. To specify that the account will never be locked out, set the Account lockout threshold value to 0.
+It is advisable to set **Account lockout duration** to approximately 15 minutes. To specify that the account will never be locked out, set the **Account lockout threshold** value to 0.
### Location
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index f44c485e39..2de4642ade 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/04/2018
---
# Configure and validate network connections for Windows Defender Antivirus
@@ -77,7 +77,7 @@ Microsoft Update Service (MU)
Signature and product updates
-*.updates.microsoft.com
+*.update.microsoft.com
|
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 4fe762ad49..fb71bda388 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/09/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/04/2018
---
@@ -67,7 +67,7 @@ This table indicates the functionality and features that are available in each s
State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Threat definition updates](manage-updates-baselines-windows-defender-antivirus.md)
:-|:-|:-:|:-:|:-:|:-:|:-:
-Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]]
Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index 576adf3128..551c97fea5 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
-ms.date: 11/30/2017
+ms.date: 04/04/2018
---
# Configure Windows Defender ATP server endpoints
@@ -80,13 +80,52 @@ Once completed, you should see onboarded servers in the portal within an hour.
| winatp-gw-weu.microsoft.com | 443 |
-### Offboard server endpoints
+## Offboard server endpoints
+You have two options to offboard servers from the service:
+- Uninstall the MMA agent
+- Remove the Windows Defender ATP workspace configuration
+
+
+### Uninstall servers by uinstalling the MMA agent
To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP.
For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
>[!NOTE]
>Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
+
+### Remove the Windows Defender ATP workspace configuration
+To offboard the server, you can use either of the following methods:
+
+- Remove the Windows Defender ATP workspace configuration from the MMA agent
+- Run a PowerShell command to remove the configuration
+
+#### Remove the Windows Defender ATP workspace configuration from the MMA agent
+
+1. In the **Microsoft Monitoring Agent Properties**, select the **Azure Log Analytics (OMS)** tab.
+
+2. Select the Windows Defender ATP workspace, and click **Remove**.
+
+ 
+
+#### Run a PowerShell command to remove the configuration
+
+1. Get your workspace ID by going to **Endpoint management** > **Servers**:
+
+ 
+
+2. Open an elevated PowerShell and run the following command. Use the workspace ID you obtained and replacing `WorkspaceID`:
+
+ ```
+ # Load agent scripting object
+ $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
+ # Remove OMS Workspace
+ $AgentCfg.RemoveCloudWorkspace($WorkspaceID)
+ # Reload the configuration and apply changes
+ $AgentCfg.ReloadConfiguration()
+ ```
+
+
## Related topics
- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png
new file mode 100644
index 0000000000..37219b5b0b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png b/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png
new file mode 100644
index 0000000000..ef0a1a23bc
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png differ