From c060703ab83c10ca3df575a1778790798a504d4e Mon Sep 17 00:00:00 2001
From: arcarley <52137849+arcarley@users.noreply.github.com>
Date: Wed, 15 Jul 2020 14:03:09 -0700
Subject: [PATCH 1/5] Update update-csp.md

Updating to be more specific on the functionality no longer recommended.
---
 windows/client-management/mdm/update-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index 1d4d3a7e86..310b0192c6 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -17,7 +17,7 @@ ms.date: 02/23/2018
 The Update configuration service provider enables IT administrators to manage and control the rollout of new updates.
 
 > [!Note]
-> All aspects of the Update CSP aside from Rollback are not recommended for managing desktop devices. To manage desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation. Rollback can be used for desktop devices on 1803 and above. 
+> The Update CSP functionality of 'AprrovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies. 
 
 The following diagram shows the Update configuration service provider in tree format.
 

From 10f3bbe0453f35d102372de9dfc54d6df4461fac Mon Sep 17 00:00:00 2001
From: arcarley <52137849+arcarley@users.noreply.github.com>
Date: Wed, 15 Jul 2020 14:10:00 -0700
Subject: [PATCH 2/5] Update policy-csp-update.md

Updating to show the Require Update Approval policy is meant only to be used on Mobile device.
---
 windows/client-management/mdm/policy-csp-update.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 7fd2c3cd5a..1648a29310 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -3256,7 +3256,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
 > [!NOTE]
-> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
+> This policy is **only** recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. 
 
 
 Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.

From 64c887ca3fcc89ef0e153a1d5cf7b4f9c09c60ed Mon Sep 17 00:00:00 2001
From: Caroline Gitonga <carolgitonga@outlook.com>
Date: Thu, 16 Jul 2020 03:31:42 +0300
Subject: [PATCH 3/5] Add self.events.data.microsoft.com

Updating endpoints under Office
---
 windows/privacy/manage-windows-2004-endpoints.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md
index 73e8c9e0fd..14db2c3cc4 100644
--- a/windows/privacy/manage-windows-2004-endpoints.md
+++ b/windows/privacy/manage-windows-2004-endpoints.md
@@ -85,6 +85,7 @@ The following methodology was used to derive these network endpoints:
 |||HTTPS|*ow1.res.office365.com|
 |||HTTPS|office.com|
 |||HTTPS|blobs.officehome.msocdn.com|
+|||HTTPS|self.events.data.microsoft.com|
 |OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
 |||TLSv1.2|*g.live.com|
 |||TLSv1.2|oneclient.sfx.ms|

From fcf40f3c0340234fa8ae90b2d0b3c8a20c9189af Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 16 Jul 2020 11:33:19 -0700
Subject: [PATCH 4/5] Update enable-controlled-folders.md

---
 .../enable-controlled-folders.md              | 23 ++++++++++++-------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
index 1fe945f148..4fa6b49fc9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
@@ -60,19 +60,21 @@ For more information about disabling local list merging, see [Prevent or allow u
 ## Intune
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune.
-1. Click **Device configuration** > **Profiles** > **Create profile**.
-1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
-   ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
-1. Click **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**.
-1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**.
 
-   ![Enable controlled folder access in Intune](../images/enable-cfa-intune.png)
+2. Click **Device configuration** > **Profiles** > **Create profile**.
+
+3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. <br/> ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png) <br/>
+
+4. Click **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**.
+
+5. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**.<br/> ![Enable controlled folder access in Intune](../images/enable-cfa-intune.png)<br/>
 
    > [!NOTE]
    > Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted.
 
-1. Click **OK** to save each open blade and click **Create**.
-1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
+6. Click **OK** to save each open blade and click **Create**.
+
+7. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
 
 ## MDM
 
@@ -81,12 +83,17 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
 ## Microsoft Endpoint Configuration Manager
 
 1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+
 2. Click **Home** > **Create Exploit Guard Policy**.
+
 3. Enter a name and a description, click **Controlled folder access**, and click **Next**.
+
 4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**.
    > [!NOTE]
    > Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted.
+
 5. Review the settings and click **Next** to create the policy.
+
 6. After the policy is created, click **Close**.
 
 ## Group Policy

From d3e585fdd3701e6c7dbed6988aeb2f6a74756e15 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 16 Jul 2020 13:29:26 -0700
Subject: [PATCH 5/5] Changed bold to Italic for emphasis

---
 windows/client-management/mdm/policy-csp-update.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 1648a29310..3c5cf80686 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -3256,7 +3256,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
 > [!NOTE]
-> This policy is **only** recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. 
+> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. 
 
 
 Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.