From 54e98e1350b1a58d3387d5cadb6d62ca7db52b10 Mon Sep 17 00:00:00 2001
From: Jose Ortega <jortega928@yahoo.com>
Date: Mon, 20 May 2019 01:33:49 -0500
Subject: [PATCH 1/7] Adding note to be explicit what is the requiremet on
 issue #3499

---
 ...-connections-windows-defender-antivirus.md | 101 ++----------------
 1 file changed, 11 insertions(+), 90 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index b895c48fac..4ce668c163 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -46,97 +46,18 @@ After you've enabled the service, you may need to configure your network or fire
 
 The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an **allow** rule specifically for them:
 
-<table  style="vertical-align:top">
-<tr style="vertical-align:top">
-<th >Service</th>
-<th>Description</th>
-<th>URL</th>
-</tr>
-<tr style="vertical-align:top">
-<td>
- Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)
-</td>
-<td>
- Used by Windows Defender Antivirus to provide cloud-delivered protection
-</td>
-<td>
-*.wdcp.microsoft.com<br />
-*.wdcpalt.microsoft.com<br />
-*.wd.microsoft.com
-</td>
-</tr>
-<tr style="vertical-align:top">
-<td>
-Microsoft Update Service (MU)
-</td>
-<td>
-Security intelligence and product updates
-</td>
-<td>
-*.update.microsoft.com
-</td>
-</tr>
-<tr style="vertical-align:top">
-<td>
- Security intelligence updates alternate download location (ADL)
-</td>
-<td>
- Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence falls out of date (7 or more days behind)
-</td>
-<td>
-*.download.microsoft.com
-</td>
-</tr>
-<tr style="vertical-align:top">
-<td>
- Malware submission storage 
-</td>
-<td>
- Upload location for files submitted to Microsoft via the <a href="https://www.microsoft.com/en-us/security/portal/submission/submit.aspx">Submission form</a> or automatic sample submission
-</td>
-<td>
-*.blob.core.windows.net
-</td>
-</tr>
-<tr style="vertical-align:top">
-<td>
-Certificate Revocation List (CRL)
-</td>
-<td>
-Used by Windows when creating the SSL connection to MAPS for updating the CRL
-</td>
-<td>
-http://www.microsoft.com/pkiops/crl/<br />
-http://www.microsoft.com/pkiops/certs<br />
-http://crl.microsoft.com/pki/crl/products<br />
-http://www.microsoft.com/pki/certs
-</ul>
-</td>
-</tr>
-<tr style="vertical-align:top">
-<td>
-Symbol Store 
-</td>
-<td>
-Used by Windows Defender Antivirus to restore certain critical files during remediation flows
-</td>
-<td>
-https://msdl.microsoft.com/download/symbols
-</td>
-</tr>
-<tr style="vertical-align:top">
-<td>
-Universal Telemetry Client
-</td>
-<td>
-Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes
-</td>
-<td>
-This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:  <ul><li>vortex-win.data.microsoft.com</li><li>settings-win.data.microsoft.com</li></ul></td>
-</tr>
-</table>
+| **Service**| **Description** |**URL** |
+| :--: | :-- | :-- |
+| *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|*.wdcp.microsoft.com  *.wdcpalt.microsoft.com  *.wd.microsoft.com|
+| *Microsoft Update Service (MU)*|	Security intelligence and product updates	|*.update.microsoft.com|
+| *Security intelligence updates alternate download location (ADL)*|	Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence falls out of date (7 or more days behind)|	*.download.microsoft.com|
+| *Malware submission storage	*|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission	|*.blob.core.windows.net|
+| *Certificate Revocation List (CRL)*	|Used by Windows when creating the SSL connection to MAPS for updating the CRL	| http://www.microsoft.com/pkiops/crl/   http://www.microsoft.com/pkiops/certs  http://crl.microsoft.com/pki/crl/products   http://www.microsoft.com/pki/certs |
+| *Symbol Store	*|Used by Windows Defender Antivirus to restore certain critical files during remediation flows	| https://msdl.microsoft.com/download/symbols |
+| *Universal Telemetry Client*	| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes	| This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   * vortex-win.data.microsoft.com  * settings-win.data.microsoft.com|
 
-<a id="validate"></a>
+>[!IMPORTANT]
+> As a cloud service is required that the computer has access to internet the firewall and traffic can hit the ATP, machine learning services.
 
 ## Validate connections between your network and the cloud
 

From bb8b410dcfe09b531d84a5bc6bc03d88564d5049 Mon Sep 17 00:00:00 2001
From: Jose Gabriel Ortega Castro <jortega@faboit.com>
Date: Mon, 20 May 2019 11:30:39 -0500
Subject: [PATCH 2/7] Update
 windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../configure-network-connections-windows-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index 4ce668c163..a813754eb6 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -50,7 +50,7 @@ The following table lists the services and their associated URLs that your netwo
 | :--: | :-- | :-- |
 | *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|*.wdcp.microsoft.com  *.wdcpalt.microsoft.com  *.wd.microsoft.com|
 | *Microsoft Update Service (MU)*|	Security intelligence and product updates	|*.update.microsoft.com|
-| *Security intelligence updates alternate download location (ADL)*|	Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence falls out of date (7 or more days behind)|	*.download.microsoft.com|
+| *Security intelligence updates Alternate Download Location (ADL)*|	Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)|	*.download.microsoft.com|
 | *Malware submission storage	*|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission	|*.blob.core.windows.net|
 | *Certificate Revocation List (CRL)*	|Used by Windows when creating the SSL connection to MAPS for updating the CRL	| http://www.microsoft.com/pkiops/crl/   http://www.microsoft.com/pkiops/certs  http://crl.microsoft.com/pki/crl/products   http://www.microsoft.com/pki/certs |
 | *Symbol Store	*|Used by Windows Defender Antivirus to restore certain critical files during remediation flows	| https://msdl.microsoft.com/download/symbols |

From 070fe933fa6bbf33a5fd4c139f98f8e3d427ede8 Mon Sep 17 00:00:00 2001
From: Jose Gabriel Ortega Castro <jortega@faboit.com>
Date: Mon, 20 May 2019 11:30:50 -0500
Subject: [PATCH 3/7] Update
 windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../configure-network-connections-windows-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index a813754eb6..8e45b295fb 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -57,7 +57,7 @@ The following table lists the services and their associated URLs that your netwo
 | *Universal Telemetry Client*	| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes	| This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   * vortex-win.data.microsoft.com  * settings-win.data.microsoft.com|
 
 >[!IMPORTANT]
-> As a cloud service is required that the computer has access to internet the firewall and traffic can hit the ATP, machine learning services.
+> As a cloud service is required so that the computer has access to internet the firewall and traffic can hit the ATP machine learning services.
 
 ## Validate connections between your network and the cloud
 

From 22e98446cc274f453a5d9d9f409bc130eb6a9baa Mon Sep 17 00:00:00 2001
From: Jose Ortega <jortega928@yahoo.com>
Date: Mon, 27 May 2019 10:01:16 -0500
Subject: [PATCH 4/7] Updated

---
 .../configure-network-connections-windows-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index 4ce668c163..54db13d636 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -57,7 +57,7 @@ The following table lists the services and their associated URLs that your netwo
 | *Universal Telemetry Client*	| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes	| This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   * vortex-win.data.microsoft.com  * settings-win.data.microsoft.com|
 
 >[!IMPORTANT]
-> As a cloud service is required that the computer has access to internet the firewall and traffic can hit the ATP, machine learning services.
+> As a cloud service, it is required that computers have access to the internet and that the ATP machine learning services are reachable. The following table lists the services and their associated URLs. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.
 
 ## Validate connections between your network and the cloud
 

From 7fd0521d1b8e4f55c3974fdd852d6db0ab467cd8 Mon Sep 17 00:00:00 2001
From: Jose Ortega <jortega928@yahoo.com>
Date: Mon, 27 May 2019 10:03:32 -0500
Subject: [PATCH 5/7] Update Monday

---
 ...onfigure-network-connections-windows-defender-antivirus.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index 54db13d636..a813754eb6 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -50,14 +50,14 @@ The following table lists the services and their associated URLs that your netwo
 | :--: | :-- | :-- |
 | *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|*.wdcp.microsoft.com  *.wdcpalt.microsoft.com  *.wd.microsoft.com|
 | *Microsoft Update Service (MU)*|	Security intelligence and product updates	|*.update.microsoft.com|
-| *Security intelligence updates alternate download location (ADL)*|	Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence falls out of date (7 or more days behind)|	*.download.microsoft.com|
+| *Security intelligence updates Alternate Download Location (ADL)*|	Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)|	*.download.microsoft.com|
 | *Malware submission storage	*|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission	|*.blob.core.windows.net|
 | *Certificate Revocation List (CRL)*	|Used by Windows when creating the SSL connection to MAPS for updating the CRL	| http://www.microsoft.com/pkiops/crl/   http://www.microsoft.com/pkiops/certs  http://crl.microsoft.com/pki/crl/products   http://www.microsoft.com/pki/certs |
 | *Symbol Store	*|Used by Windows Defender Antivirus to restore certain critical files during remediation flows	| https://msdl.microsoft.com/download/symbols |
 | *Universal Telemetry Client*	| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes	| This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   * vortex-win.data.microsoft.com  * settings-win.data.microsoft.com|
 
 >[!IMPORTANT]
-> As a cloud service, it is required that computers have access to the internet and that the ATP machine learning services are reachable. The following table lists the services and their associated URLs. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.
+> As a cloud service is required that the computer has access to internet the firewall and traffic can hit the ATP, machine learning services.
 
 ## Validate connections between your network and the cloud
 

From 6a4140039556a15a15c1a390cb0d22fb1bd74a9f Mon Sep 17 00:00:00 2001
From: Michael Niehaus <niehaus@live.com>
Date: Thu, 30 May 2019 22:56:35 -0700
Subject: [PATCH 6/7] Update add-devices.md

Rearranged the documentation to focus more on OEM and CSP partner registration.  Cleaned up the manual registration instructions.
---
 .../windows-autopilot/add-devices.md          | 66 +++++++++++--------
 1 file changed, 40 insertions(+), 26 deletions(-)

diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md
index d0ace72c1e..72ca57267c 100644
--- a/windows/deployment/windows-autopilot/add-devices.md
+++ b/windows/deployment/windows-autopilot/add-devices.md
@@ -24,19 +24,31 @@ ms.topic: article
 
 Before deploying a device using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Ideally, this would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
 
+## OEM registration
+
+When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service.  For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/en-us/windowsforbusiness/windows-autopilot).
+
+Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so.  This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization.  See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/registration-auth#oem-authorization).
+
+## Reseller, distributor, or partner registration
+
+Customers may purchase devices from resellers, distributors, or other partners.  As long as these resellers, distributors, and partners are part of the [Cloud Solution Partners (CSP) program](https://partner.microsoft.com/en-us/cloud-solution-provider), they too can register devices on behalf of the customer.  
+
+As with OEMs, CSP parnters must be granted permission to register devices on behalf of an organization.  This follows the process described on the [Customer consent page](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/registration-auth#csp-authorization).  The CSP partner initiates a request to establish a relationship with the organization, with approval granted by a global administrator from the organization.  Once approved, CSP partners add devices using [Partner Center](https://partner.microsoft.com/en-us/pcv/dashboard/overview), either directly through the web site or via available APIs that can automate the same tasks.
+
+Windows Autopilot does not require delegated administrator permissions when establishing the relationship between the CSP partner and the organization.  As part of the approval process performed by the global administrator, the global administrator can choose to uncheck the "Include delegated administration permissions" checkbox.
+
+## Automatic registration of existing devices
+
+If an existing device is already running Windows 10 version 1703 or later and enrolled in an MDM service such an Intune, that MDM service can ask the device for the hardwareh ID (also known as a hardware hash).  Once it has that, it can automatically register the device with Windows Autopilot.
+
+For instructions on how to do this with Microsoft Intune, see [Create an Autopilot deployment profile](https://docs.microsoft.com/en-us/intune/enrollment-autopilot#create-an-autopilot-deployment-profile) documentation describing the "Convert all targeted devices to Autopilot" setting. 
+
+Also note that when using the [Windows Autopilot for existing devices](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/existing-devices) scenario, it is not necessary to pre-register the devices with Windows Autopilot.  Instead, a configuration file (AutopilotConfigurationFile.json) containing all the Windows Autopilot profile settings is used; the device can be registered with Windows Autopilot after the fact using the same "Convert all targeted devices to Autopilot" setting.
+
 ## Manual registration
 
-To perform manual registration of a device, you must caputure its hardware ID (also known as a hardware hash) and upload this to the Windows Autopilot deployment service. See the topics below for detailed information on how to collect and upload hardware IDs.
-
->[!IMPORTANT]
->Do not connect devices to the Internet prior to capturing the hardware ID and creating an Autopilot device profile. This includes collecting the hardware ID, uploading the .CSV into MSfB or Intune, assigning the profile, and confirming the profile assignment. Connecting the device to the Internet before this process is complete will result in the device downloading a blank profile that is stored on the device until it is explicity removed. In Windows 10 version 1809, you can clear the cached profile by restarting OOBE. In previous versions, the only way to clear the stored profile is to re-install the OS, reimage the PC, or run **sysprep /generalize /oobe**. <br>
->After Intune reports the profile ready to go, only then should the device be connected to the Internet.
-
-Also note that if OOBE is restarted too many times it can enter a recovery mode and fail to run the Autopilot configuration. You can identify this scenario if OOBE displays multiple configuration options on the same page, including language, region, and keyboard layout. The normal OOBE displays each of these on a separate page. The following value key tracks the count of OOBE retries:
-
-**HKCU\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UserOOBE** 
-
-To ensure OOBE has not been restarted too many times, you can change this value to 1.
+To perform manual registration of a device, you must first caputure its hardware ID (also known as a hardware hash).  Once this process has completed, the resulting hardware ID can be uploaded to the Windows Autopilot service.  Because this process requires booting the device into Windows 10 in order to obtain the hardware ID, this is intended primarily for testing and evaluation scenarios.
 
 ## Device identification
 
@@ -44,9 +56,13 @@ To define a device to the Windows Autopilot deployment service, a unique hardwar
 
 The hardware ID, also commonly referred to as a hardware hash, contains several details about the device, including its manufacturer, model, device serial number, hard drive serial number, and many other attributes that can be used to uniquely identify that device.
 
-Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot Deployment Service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as motherboard replacement, would not match, so the device would need to be re-uploaded.
+Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot deployment service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as a motherboard replacement, would not match, so a new hash would need to be generated and uploaded.
 
-## Collecting the hardware ID from existing devices using PowerShell
+### Collecting the hardware ID from existing devices using System Center Configuration Manager
+
+Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details.  The hash information can be extracted from Configuration Manager into a CSV file.
+
+### Collecting the hardware ID from existing devices using PowerShell
 
 The hardware ID, or hardware hash, for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running Windows 10 version 1703 or later. To help gather this information, as well as the serial number of the device (useful to see at a glance the machine to which it belongs), a PowerShell script called [Get-WindowsAutoPilotInfo.ps1 has been published to the PowerShell Gallery website](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo).
 
@@ -62,25 +78,23 @@ Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
 
 The commands can also be run remotely, as long as WMI permissions are in place and WMI is accessible through the Windows Firewall on that remote computer. See the Get-WindowsAutoPilotInfo script’s help (using “Get-Help Get-WindowsAutoPilotInfo.ps1”) for more information about running the script.
 
+>[!IMPORTANT]
+>Do not connect devices to the Internet prior to capturing the hardware ID and creating an Autopilot device profile. This includes collecting the hardware ID, uploading the .CSV into MSfB or Intune, assigning the profile, and confirming the profile assignment. Connecting the device to the Internet before this process is complete will result in the device downloading a blank profile that is stored on the device until it is explicity removed. In Windows 10 version 1809, you can clear the cached profile by restarting OOBE. In previous versions, the only way to clear the stored profile is to re-install the OS, reimage the PC, or run **sysprep /generalize /oobe**. <br>
+>After Intune reports the profile ready to go, only then should the device be connected to the Internet.
+
 >[!NOTE]
->If you will connect to the device remotely to collect the hardware ID, see the information at the top of this page about device connectivity to the Internet. 
-
-## Collecting the hardware ID from existing devices using System Center Configuration Manager
-
-Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details.
+>If OOBE is restarted too many times it can enter a recovery mode and fail to run the Autopilot configuration. You can identify this scenario if OOBE displays multiple configuration options on the same page, including language, region, and keyboard layout. The normal OOBE displays each of these on a separate page. The following value key tracks the count of OOBE retries: <br>
+>**HKCU\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UserOOBE** <br>
+>To ensure OOBE has not been restarted too many times, you can change this value to 1.
 
 ## Registering devices
 
 Once the hardware IDs have been captured from existing devices, they can be uploaded through a variety of means. See the detailed documentation for each available mechanism:
 
-For guidance on how to register devices, configure and apply deployment profiles, follow one of the available administration options:
+-   [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot).  This is the preferred mechanism for all customers.
 
--   [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
+-   [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).  This is used by CSP partners to register devices on behalf of customers.
 
--   [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
+-   [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa).  This is typically used by small and medium businesses (SMBs) who manage their devices using Microsoft 365 Business.
 
--   [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
-
--   [Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
-
-For those using Microsoft Intune, devices should normally be uploaded via Intune; for those using Microsoft 365 Business, its administrative portal would be used. For [Cloud Solution Provider (CSP)](https://partnercenter.microsoft.com/en-us/partner/cloud-solution-provider) partners uploading devices on the behalf of a customer that they are authorized to manage, Partner Center can be used. For any other scenario, the Microsoft Store for Business is available.
+-   [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles).  

From 85ea3d52eae4d81dc9cbd6cbf2b5591ffc790243 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Thu, 30 May 2019 23:01:36 -0700
Subject: [PATCH 7/7] Removing important tag and text and rephrasing

---
 ...nfigure-network-connections-windows-defender-antivirus.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index 9079d86f60..70b8c68e19 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -44,7 +44,7 @@ See [Enable cloud-delivered protection](enable-cloud-protection-windows-defender
 
 After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints.
 
-The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an **allow** rule specifically for them:
+As a cloud service, it is required that computers have access to the internet and that the ATP machine learning services are reachable. The following table lists the services and their associated URLs. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them:
 
 
 | **Service**| **Description** |**URL** |
@@ -57,9 +57,6 @@ The following table lists the services and their associated URLs that your netwo
 | *Symbol Store	*|Used by Windows Defender Antivirus to restore certain critical files during remediation flows	| https://msdl.microsoft.com/download/symbols |
 | *Universal Telemetry Client*	| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes	| This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   * vortex-win.data.microsoft.com  * settings-win.data.microsoft.com|
 
->[!IMPORTANT]
-> As a cloud service is required that the computer has access to internet the firewall and traffic can hit the ATP, machine learning services.
-
 ## Validate connections between your network and the cloud
 
 After whitelisting the URLs listed above, you can test if you are connected to the Windows Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you are fully protected.