From 9376aa6a6af47570b607021d885e7fc0ec0f313f Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 5 Jan 2021 13:53:42 -0800
Subject: [PATCH 01/27] update live response page

---
 .../microsoft-defender-atp/live-response.md   | 31 +++++++++++--------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
index 193c067a32..59e886e92d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
@@ -43,25 +43,30 @@ With live response, analysts can do all of the following tasks:
 
 Before you can initiate a session on a device, make sure you fulfill the following requirements:
 
-- **Verify that you're running a supported version of Windows 10**. <br/>
-Devices must be running one of the following versions of Windows 10:
-   - [1909](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1909) or later  
-   - [1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903)
-   - [1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809)
-   - [1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803)
-   - [1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709)
+- **Verify that you're running a supported version of Windows**. <br/>
+Devices must be running one of the following versions of Windows
 
-- **Make sure to install appropriate security updates**.<br/>
-   - 1903: [KB4515384](https://support.microsoft.com/help/4515384/windows-10-update-kb4515384)
-   - 1809 (RS5): [KB4537818](https://support.microsoft.com/help/4537818/windows-10-update-kb4537818)
-   - 1803 (RS4): [KB4537795](https://support.microsoft.com/help/4537795/windows-10-update-kb4537795)
-   - 1709 (RS3): [KB4537816](https://support.microsoft.com/help/4537816/windows-10-update-kb4537816)
+  - **Windows 10**
+    - [Version 1909](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1909) or later  
+    - [Version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) with [KB4515384](https://support.microsoft.com/en-us/help/4515384/windows-10-update-kb4515384)
+    - [Version 1809 (RS 5)](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) with [with KB4537818](https://support.microsoft.com/help/4537818/windows-10-update-kb4537818)
+    - [Version 1803 (RS 4)](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) with [KB4537795](https://support.microsoft.com/help/4537795/windows-10-update-kb4537795)
+    - [Version 1709 (RS 3)](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) with [KB4537816](https://support.microsoft.com/help/4537816/windows-10-update-kb4537816)
+  
+  - **Windows Server 2019 - Only applicable for Public preview**
+    - Version 1903 or (with [KB4515384](https://support.microsoft.com/en-us/help/4515384/windows-10-update-kb4515384)) later 
+    - Version 1809 (with [KB4537818](https://support.microsoft.com/en-us/help/4537818/windows-10-update-kb4537818))
 
-- **Enable live response from the settings page**.<br>
+- **Enable live response from the advanced settings page**.<br>
 You'll need to enable the live response capability in the [Advanced features settings](advanced-features.md) page.
 
     >[!NOTE]
     >Only users with manage security or global admin roles can edit these settings.
+
+- **Enable live response for servers from the advanced settings page** (recommended).<br>
+
+    >[!NOTE]
+    >Only users with manage security or global admin roles can edit these settings.
     
 - **Ensure that the device has an Automation Remediation level assigned to it**.<br>
 You'll need to enable, at least, the minimum Remediation Level for a given Device Group. Otherwise you won't be able to establish a Live Response session to a member of that group.

From 2967b9c0394b3e88675aa292fa1047df241dd3f7 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 5 Jan 2021 13:55:10 -0800
Subject: [PATCH 02/27] add description in advanced settings page

---
 .../microsoft-defender-atp/advanced-features.md             | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
index 725daf0761..50b285cef4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
@@ -42,6 +42,12 @@ Turn on this feature so that users with the appropriate permissions can start a
 
 For more information about role assignments, see [Create and manage roles](user-roles.md).
 
+## Live response for servers
+Turn on this feature so that users with the appropriate permissions can start a live response session on servers.
+
+For more information about role assignments, see [Create and manage roles](user-roles.md).
+
+
 ## Live response unsigned script execution
 
 Enabling this feature allows you to run unsigned scripts in a live response session.

From 70bfcd4ce48432ceba03373a03ad7a47dcc45714 Mon Sep 17 00:00:00 2001
From: schmurky <maccruz@microsoft.com>
Date: Tue, 12 Jan 2021 13:19:27 +0800
Subject: [PATCH 03/27] changed ATP to Endpoint

---
 .../microsoft-defender-atp/investigate-files.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
index a9e415015a..940312a02f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
@@ -20,7 +20,7 @@ ms.topic: article
 ms.date: 04/24/2018
 ---
 
-# Investigate a file associated with a Microsoft Defender ATP alert
+# Investigate a file associated with a Microsoft Defender for Endpoint alert
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 

From c4fa84e1dc3620c144718bc29780aa8bcdf697b9 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 11 Jan 2021 21:58:03 -0800
Subject: [PATCH 04/27] Add release notes for MDEP for Mac 101.19.21

---
 .../threat-protection/microsoft-defender-atp/mac-whatsnew.md  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 692a50914e..4f5d0daced 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -29,6 +29,10 @@ ms.topic: conceptual
 > [!IMPORTANT]
 > Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
 
+## 101.19.21
+
+- Bug fixes
+
 ## 101.15.26
 
 - Improved the reliability of the agent when running on macOS 11 Big Sur

From 7073288e7ecb0c5b166e4dacf48db018e8ae861f Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Tue, 12 Jan 2021 14:51:51 +0200
Subject: [PATCH 05/27] Update live-response.md

fixed missing command in the example
---
 .../threat-protection/microsoft-defender-atp/live-response.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
index 193c067a32..df1251aaec 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
@@ -186,7 +186,7 @@ Here are some examples:
 
 |Command  |What it does  |
 |---------|---------|
-|`"C:\windows\some_file.exe" &`     |Starts downloading a file named *some_file.exe* in the background.         |
+|`Download "C:\windows\some_file.exe" &`     |Starts downloading a file named *some_file.exe* in the background.         |
 |`fg 1234`     |Returns a download with command ID *1234* to the foreground.         |
 
 

From 4228e205afdb313a4c91bcc1a72d3cf56a9eae1b Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com>
Date: Tue, 12 Jan 2021 08:44:55 -0800
Subject: [PATCH 06/27] fix pre-existing typo "behaviours"

---
 .../microsoft-defender-atp/investigate-files.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
index 940312a02f..3ac5eb62bb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
@@ -1,6 +1,6 @@
 ---
 title: Investigate Microsoft Defender Advanced Threat Protection files
-description: Use the investigation options to get details on files associated with alerts, behaviours, or events.
+description: Use the investigation options to get details on files associated with alerts, behaviors, or events.
 keywords: investigate, investigation, file, malicious activity, attack motivation, deep analysis, deep analysis report
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150

From e89aa7b54a4b532f16bcc9baf35ebd3df4d1a2b2 Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Tue, 12 Jan 2021 10:07:54 -0800
Subject: [PATCH 07/27] update face authentication areas for masks

---
 .../hello-for-business/hello-biometrics-in-enterprise.md  | 6 +++++-
 .../identity-protection/hello-for-business/hello-faq.yml  | 8 ++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
index 01dffaef6d..c7680c8fe3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -15,7 +15,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 03/05/2020
+ms.date: 01/12/2021
 ---
 
 # Windows Hello biometrics in the enterprise
@@ -81,6 +81,10 @@ To allow facial recognition, you must have devices with integrated special infra
 
 -   Effective, real world FRR with Anti-spoofing or liveness detection: &lt;10%
 
+> [!NOTE]
+>Windows Hello face authentication does not currently support wearing a mask during enrollment or authentication. Wearing a mask to enroll is a security concern because other users wearing a similar mask may be able to unlock you device. The product group is aware of this behavior and is investigating this topic further. Please remove a mask if you are wearing one when you enroll or unlock with Windows Hello face authentication. If your working environment doesn’t allow you to remove a mask temporarily, please consider unenrolling from face authentication and only using PIN or fingerprint.
+
+
 ## Related topics
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index aae7b07f4a..d7a41ce150 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -14,7 +14,7 @@ metadata:
   ms.collection: M365-identity-device-management
   ms.topic: article
   localizationpriority: medium
-  ms.date: 08/19/2018
+  ms.date: 01/12/2021
   ms.reviewer: 
     
 title: Windows Hello for Business Frequently Asked Questions (FAQ)
@@ -137,7 +137,11 @@ sections:
       - question: Can I use both a PIN and biometrics to unlock my device?
         answer: |
           Starting in Windows 10, version 1709, you can use multi-factor unlock to require users to provide an additional factor to unlock their device. Authentication remains two-factor, but another factor is required before Windows allows the user to reach the desktop. To learn more, see [Multifactor Unlock](feature-multifactor-unlock.md).
-          
+
+      - question: Can I wear a mask to enroll or unlock using Windows Hello face authentication?
+        answer: |
+          Wearing a mask to enroll is a security concern because other users wearing a similar mask may be able to unlock you device. The product group is aware of this behavior and is investigating this topic further. Please remove a mask if you are wearing one when you enroll or unlock with Windows Hello face authentication. If your working environment doesn’t allow you to remove a mask temporarily, please consider unenrolling from face authentication and only using PIN or fingerprint.
+
       - question: What's the difference between Windows Hello and Windows Hello for Business?
         answer: |
           Windows Hello represents the biometric framework provided in Windows 10. Windows Hello lets users use biometrics to sign in to their devices by securely storing their user name and password and releasing it for authentication when the user successfully identifies themselves using biometrics. Windows Hello for Business uses asymmetric keys protected by the device's security module that requires a user gesture (PIN or biometrics) to authenticate.

From 86bed88682697c4f85e3fa2f4daa8f3dede89f31 Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com>
Date: Tue, 12 Jan 2021 10:45:02 -0800
Subject: [PATCH 08/27] Update hello-biometrics-in-enterprise.md

regards --> regard per Acrolinx
---
 .../hello-for-business/hello-biometrics-in-enterprise.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
index c7680c8fe3..d0857ccd72 100644
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -53,7 +53,7 @@ The biometric data used to support Windows Hello is stored on the local device o
 ## Has Microsoft set any device requirements for Windows Hello?
 We've been working with the device manufacturers to help ensure a high-level of performance and protection is met by each sensor and device, based on these requirements:
 
--   **False Accept Rate (FAR).** Represents the instance a biometric identification solution verifies an unauthorized person. This is normally represented as a ratio of number of instances in a given population size, for example 1 in 100 000. This can also be represented as a percentage of occurrence, for example, 0.001%. This measurement is heavily considered the most important with regards to the security of the biometric algorithm.
+-   **False Accept Rate (FAR).** Represents the instance a biometric identification solution verifies an unauthorized person. This is normally represented as a ratio of number of instances in a given population size, for example 1 in 100 000. This can also be represented as a percentage of occurrence, for example, 0.001%. This measurement is heavily considered the most important with regard to the security of the biometric algorithm.
 
 -   **False Reject Rate (FRR).** Represents the instances a biometric identification solution fails to verify an authorized person correctly. Usually represented as a percentage, the sum of the True Accept Rate and False Reject Rate is 1. Can be with or without anti-spoofing or liveness detection.
 

From a88fc360e88d4663857949ff7bf93c36932e35ed Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Tue, 12 Jan 2021 12:04:19 -0800
Subject: [PATCH 09/27] update hybrid cert trust adfs scope note

---
 .../hello-hybrid-cert-whfb-settings-adfs.md           | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 8a9763ebcd..f301ec009c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -65,14 +65,17 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 7. Restart the AD FS server.
 
 > [!NOTE] 
->For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
+> For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
 >
 > 1. Launch AD FS management console. Browse to "Services > Scope Descriptions".
 > 2. Right click "Scope Descriptions" and select "Add Scope Description".
 > 3. Under name type "ugs" and Click Apply > OK.
-> 4. Launch Powershell as Administrator.
-> 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier is equal to 38aa3b87-a06d-4817-b275-7a316988d93b and make a note of the ObjectIdentifier.
-> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'.
+> 4. Launch PowerShell as an administrator.
+> 5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b":
+> ```PowerShell
+> (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
+> ```
+> 6. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'`.
 > 7. Restart the ADFS service.
 > 8. On the client: Restart the client. User should be prompted to provision WHFB.
 > 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot.

From c27c8d67503bb45cc8139081c0afad99ffc0f5e7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:23:39 -0800
Subject: [PATCH 10/27] Update
 common-exclusion-mistakes-microsoft-defender-antivirus.md

---
 ...n-mistakes-microsoft-defender-antivirus.md | 120 ++----------------
 1 file changed, 11 insertions(+), 109 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
index d33ce3552f..c4401ca56a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
@@ -26,128 +26,30 @@ This article describes some common mistake that you should avoid when defining e
 Before defining your exclusion lists, see [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions).
 
 ## Excluding certain trusted items
-Certain files, file types, folders, or processes should not be excluded from scanning even though you trust them to be not malicious. Refer to the following section for items that you should not exclude from scanning.
 
-**Do not add exclusions for the following folder locations:**
+Certain files, file types, folders, or processes should not be excluded from scanning even though you trust them to be not malicious. 
 
-- %systemdrive%
-- C:
-- C:\
-- C:\*
-- %ProgramFiles%\Java
-- C:\Program Files\Java
-- %ProgramFiles%\Contoso\
-- C:\Program Files\Contoso\
-- %ProgramFiles(x86)%\Contoso\
-- C:\Program Files (x86)\Contoso\
-- C:\Temp
-- C:\Temp\
-- C:\Temp\*
-- C:\Users\
-- C:\Users\*
-- C:\Users\<UserProfileName>\AppData\Local\Temp\
-- C:\Users\<UserProfileName>\AppData\LocalLow\Temp\
-- C:\Users\<UserProfileName>\AppData\Roaming\Temp\
-- %Windir%\Prefetch
-- C:\Windows\Prefetch
-- C:\Windows\Prefetch\
-- C:\Windows\Prefetch\*
-- %Windir%\System32\Spool
-- C:\Windows\System32\Spool
-- C:\Windows\System32\CatRoot2
-- %Windir%\Temp
-- C:\Windows\Temp
-- C:\Windows\Temp\
-- C:\Windows\Temp\*
+Do not define exclusions for the folder locations, file extensions, and processes that are listed in the following table:
 
-**Do not add exclusions for the following file extensions:**  
-- `.7zip`
-- `.bat`
-- `.bin`
-- `.cab`
-- `.cmd`
-- `.com`
-- `.cpl`
-- `.dll`
-- `.exe`
-- `.fla`
-- `.gif`
-- `.gz`
-- `.hta`
-- `.inf`
-- `.java`
-- `.jar`
-- `.job`
-- `.jpeg`
-- `.jpg`
-- `.js`
-- `.ko`
-- `.ko.gz`
-- `.msi`
-- `.ocx`
-- `.png`
-- `.ps1`
-- `.py`
-- `.rar`
-- `.reg`
-- `.scr`
-- `.sys`
-- `.tar`
-- `.tmp`
-- `.url`
-- `.vbe`
-- `.vbs`
-- `.wsf`
-- `.zip`
+| Folder locations | File extensions | Processes |
+|:--|:--|:--|
+| `%systemdrive%` <br/> `C:`<br/> `C:\` <br/> `C:\*` <br/> `%ProgramFiles%\Java` <br/> `C:\Program Files\Java` <br/> `%ProgramFiles%\Contoso\` <br/> `C:\Program Files\Contoso\` <br/> `%ProgramFiles(x86)%\Contoso\` <br/> `C:\Program Files (x86)\Contoso\` <br/> `C:\Temp` <br/> `C:\Temp\` <br/> `C:\Temp\*` <br/> `C:\Users\` <br/> `C:\Users\*` <br/> `C:\Users\<UserProfileName>\AppData\Local\Temp\` <br/> `C:\Users\<UserProfileName>\AppData\LocalLow\Temp\` <br/> `C:\Users\<UserProfileName>\AppData\Roaming\Temp\` <br/> `%Windir%\Prefetch` <br/> `C:\Windows\Prefetch` <br/> `C:\Windows\Prefetch\` <br/> `C:\Windows\Prefetch\*` <br/> `%Windir%\System32\Spool` <br/> `C:\Windows\System32\Spool` <br/> `C:\Windows\System32\CatRoot2` <br/> `%Windir%\Temp` <br/> `C:\Windows\Temp` <br/> `C:\Windows\Temp\` <br/> `C:\Windows\Temp\*` | `.7zip` <br/> `.bat` <br/> `.bin` <br/> `.cab` <br/> `.cmd` <br/> `.com` <br/> `.cpl` <br/> `.dll` <br/> `.exe` <br/> `.fla` <br/> `.gif` <br/> `.gz` <br/> `.hta` <br/> `.inf` <br/> `.java` <br/> `.jar` <br/> `.job` <br/> `.jpeg` <br/> `.jpg` <br/> `.js` <br/> `.ko` <br/> `.ko.gz` <br/> `.msi` <br/> `.ocx` <br/> `.png` <br/> `.ps1` <br/> `.py` <br/> `.rar` <br/> `.reg` <br/> `.scr` <br/> `.sys` <br/> `.tar` <br/> `.tmp` <br/> `.url` <br/> `.vbe` <br/> `.vbs` <br/> `.wsf` <br/> `.zip` | `AcroRd32.exe` <br/> `bitsadmin.exe` <br/> `excel.exe` <br/> `iexplore.exe` <br/> `java.exe` <br/> `outlook.exe` <br/> `psexec.exe` <br/> `powerpnt.exe` <br/> `powershell.exe` <br/> `schtasks.exe`  <br/> `svchost.exe` <br/>`wmic.exe` <br/> `winword.exe` <br/> `wuauclt.exe` <br/> `addinprocess.exe` <br/> `addinprocess32.exe` <br/> `addinutil.exe` <br/> `bash.exe` <br/> `bginfo.exe`[1] <br/>`cdb.exe` <br/> `csi.exe` <br/> `dbghost.exe` <br/> `dbgsvc.exe` <br/> `dnx.exe` <br/> `fsi.exe` <br/> `fsiAnyCpu.exe` <br/> `kd.exe` <br/> `ntkd.exe` <br/> `lxssmanager.dll` <br/> `msbuild.exe`[2] <br/> `mshta.exe` <br/> `ntsd.exe` <br/> `rcsi.exe` <br/> `system.management.automation.dll` <br/> `windbg.exe` |
 
 >[!NOTE]
-> You can chose to exclude file types, such as .gif, .jpg, .jpeg, .png if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.
-
-**Do not add exclusions for the following processes:**  
-- AcroRd32.exe
-- bitsadmin.exe
-- excel.exe
-- iexplore.exe
-- java.exe
-- outlook.exe
-- psexec.exe
-- powerpnt.exe
-- powershell.exe
-- schtasks.exe
-- svchost.exe
-- wmic.exe
-- winword.exe
-- wuauclt.exe
-- addinprocess.exe
-- addinprocess32.exe
-- addinutil.exe
-- bash.exe
-- bginfo.exe[1]
-- cdb.exe
-- csi.exe
-- dbghost.exe
-- dbgsvc.exe
-- dnx.exe
-- fsi.exe
-- fsiAnyCpu.exe
-- kd.exe
-- ntkd.exe
-- lxssmanager.dll
-- msbuild.exe[2]
-- mshta.exe
-- ntsd.exe
-- rcsi.exe
-- system.management.automation.dll
-- windbg.exe
+> You can chose to exclude file types, such as `.gif`, `.jpg`, `.jpeg`, or `.png` if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.
 
 ## Using just the file name in the exclusion list
-A malware may have the same name as that of the file that you trust and want to exclude from scanning. Therefore, to avoid excluding a potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude **Filename.exe** from scanning, use the complete path to the file, such as **C:\program files\contoso\Filename.exe**.
+
+A malware may have the same name as that of the file that you trust and want to exclude from scanning. Therefore, to avoid excluding a potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude `Filename.exe` from scanning, use the complete path to the file, such as `C:\program files\contoso\Filename.exe`.
 
 ## Using a single exclusion list for multiple server workloads
+
 Do not use a single exclusion list to define exclusions for multiple server workloads. Split the exclusions for different application or service workloads into multiple exclusion lists. For example, the exclusion list for your IIS Server workload must be different from the exclusion list for your SQL Server workload.
 
 ## Using incorrect environment variables as wildcards in the file name and folder path or extension exclusion lists
+
 Microsoft Defender Antivirus Service runs in system context using the LocalSystem account, which means it gets information from the system environment variable, and not from the user environment variable. Use of environment variables as a wildcard in exclusion lists is limited to system variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account. Therefore, do not use user environment variables as wildcards when adding Microsoft Defender Antivirus folder and process exclusions. See the table under [System environment variables](configure-extension-file-exclusions-microsoft-defender-antivirus.md#system-environment-variables) for a complete list of system environment variables.
+
 See [Use wildcards in the file name and folder path or extension exclusion lists](configure-extension-file-exclusions-microsoft-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) for information on how to use wildcards in exclusion lists.
 
 ## Related articles

From 38c178a46b614dfdcf63f215d2d83dcaf758abdf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:25:20 -0800
Subject: [PATCH 11/27] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 25a5417d95..99c0b4887e 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -195,8 +195,7 @@
 ##### [Customize, initiate, and review the results of scans and remediation]()
 ###### [Configuration overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
    
-###### [Configure and validate exclusions in antivirus scans]()
-###### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
+###### [Configure and validate exclusions in antivirus scans](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
 ###### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md)
 ###### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
 ###### [Configure antivirus exclusions Windows Server](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md)

From e5a5466ec95e154c7c4c774cea0b2e2a4ea38db2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:38:23 -0800
Subject: [PATCH 12/27] AV content fixes

---
 ...exclusions-microsoft-defender-antivirus.md |  2 -
 ...exclusions-microsoft-defender-antivirus.md | 40 ++-----------------
 2 files changed, 4 insertions(+), 38 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 725634e323..4943302a17 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -77,8 +77,6 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 
 5. Click **OK**.
 
-![The Group Policy setting for specifying process exclusions](images/defender/wdav-process-exclusions.png)
-
 ### Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans
 
 Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess` parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender).
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
index 7c834bd8e4..3ac64a1e57 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
@@ -204,43 +204,11 @@ This section lists the default exclusions for all Windows Server 2016 and 2019 r
 
 #### Hyper-V exclusions
 
-This section lists the file type exclusions, folder exclusions, and process exclusions that are delivered automatically when you install the Hyper-V role
+The following table lists the file type exclusions, folder exclusions, and process exclusions that are delivered automatically when you install the Hyper-V role.
 
-- File type exclusions:
-
-  - `*.vhd`
-
-  - `*.vhdx`
-
-  - `*.avhd`
-
-  - `*.avhdx`
-
-  - `*.vsv`
-
-  - `*.iso`
-
-  - `*.rct`
-
-  - `*.vmcx`
-
-  - `*.vmrs`
-
-- Folder exclusions:
-
-  - `%ProgramData%\Microsoft\Windows\Hyper-V`
-
-  - `%ProgramFiles%\Hyper-V`
-
-  - `%SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots`
-
-  - `%Public%\Documents\Hyper-V\Virtual Hard Disks`
-
-- Process exclusions:
-
-  - `%systemroot%\System32\Vmms.exe`
-
-  - `%systemroot%\System32\Vmwp.exe`
+|File type exclusions |Folder exclusions  | Process exclusions |
+|:--|:--|:--|
+| `*.vhd` <br/> `*.vhdx` <br/> `*.avhd` <br/> `*.avhdx` <br/> `*.vsv` <br/> `*.iso` <br/> `*.rct` <br/> `*.vmcx` <br/> `*.vmrs` | `%ProgramData%\Microsoft\Windows\Hyper-V` <br/> `%ProgramFiles%\Hyper-V` <br/> `%SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots` <br/> `%Public%\Documents\Hyper-V\Virtual Hard Disks` | `%systemroot%\System32\Vmms.exe` <br/> `%systemroot%\System32\Vmwp.exe` |
 
 #### SYSVOL files
 

From 6325beafe40f41a4d79f250ef22b4a650fdf39e0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:39:54 -0800
Subject: [PATCH 13/27] Update
 configure-extension-file-exclusions-microsoft-defender-antivirus.md

---
 ...n-file-exclusions-microsoft-defender-antivirus.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 88a2e71534..37b5c8ad0a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -36,12 +36,12 @@ You can exclude certain files from Microsoft Defender Antivirus scans by modifyi
 
 This article  describes how to configure exclusion lists for the files and folders. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists.
 
-Exclusion | Examples | Exclusion list
----|---|---
-Any file with a specific extension | All files with the specified extension, anywhere on the machine.<br/>Valid syntax: `.test` and `test`  | Extension exclusions
-Any file under a specific folder | All files under the `c:\test\sample` folder | File and folder exclusions
-A specific file in a specific folder | The file `c:\sample\sample.test` only | File and folder exclusions
-A specific process | The executable file `c:\test\process.exe` | File and folder exclusions
+| Exclusion | Examples | Exclusion list |
+|:---|:---|:---|
+|Any file with a specific extension | All files with the specified extension, anywhere on the machine.<br/>Valid syntax: `.test` and `test`  | Extension exclusions |
+|Any file under a specific folder | All files under the `c:\test\sample` folder | File and folder exclusions |
+| A specific file in a specific folder | The file `c:\sample\sample.test` only | File and folder exclusions |
+| A specific process | The executable file `c:\test\process.exe` | File and folder exclusions |
 
 Exclusion lists have the following characteristics:
 

From 80ced9e5f49884b8fdff4ff41d5aa245c5390963 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:42:50 -0800
Subject: [PATCH 14/27] Update
 configure-extension-file-exclusions-microsoft-defender-antivirus.md

---
 ...exclusions-microsoft-defender-antivirus.md | 52 ++++++++-----------
 1 file changed, 23 insertions(+), 29 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 37b5c8ad0a..2643fbb1a0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -48,21 +48,18 @@ Exclusion lists have the following characteristics:
 - Folder exclusions apply to all files and folders under that folder, unless the subfolder is a reparse point. Reparse point subfolders must be excluded separately.
 - File extensions apply to any file name with the defined extension if a path or folder is not defined.
 
->[!IMPORTANT]
->Using wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work.
->
->You cannot exclude mapped network drives. You must specify the actual network path.
->
->Folders that are reparse points that are created after the Microsoft Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target.
+> [!IMPORTANT]
+> - Using wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work.
+> - You cannot exclude mapped network drives. You must specify the actual network path.
+> - Folders that are reparse points that are created after the Microsoft Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target.
 
 To exclude files opened by a specific process, see [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md).
 
 The exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md).
 
->[!IMPORTANT]
->Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
->
->Changes made in the Windows Security app **will not show** in the Group Policy lists.
+> [!IMPORTANT]
+> Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
+> Changes made in the Windows Security app **will not show** in the Group Policy lists.
 
 By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists take precedence when there are conflicts.
 
@@ -134,13 +131,13 @@ Remove item from the list | `Remove-MpPreference`
 
 The following are allowed as the `<exclusion list>`:
 
-Exclusion type | PowerShell parameter
----|---
-All files with a specified file extension | `-ExclusionExtension`
-All files under a folder (including files in subdirectories), or a specific file | `-ExclusionPath`
+| Exclusion type | PowerShell parameter |
+|:---|:---|
+| All files with a specified file extension | `-ExclusionExtension` |
+| All files under a folder (including files in subdirectories), or a specific file | `-ExclusionPath` |
 
->[!IMPORTANT]
->If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
+> [!IMPORTANT]
+> If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
 
 For example, the following code snippet would cause Microsoft Defender AV scans to exclude any file with the `.test` file extension:
 
@@ -175,29 +172,26 @@ See [Add exclusions in the Windows Security app](microsoft-defender-security-cen
 
 You can use the asterisk `*`, question mark `?`, or environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the file name or folder path exclusion list. The way in which these wildcards are interpreted differs from their usual usage in other apps and languages. Make sure to read this section to understand their specific limitations.
 
->[!IMPORTANT]
->There are key limitations and usage scenarios for these wildcards:
->
->- Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account.
->- You cannot use a wildcard in place of a drive letter.
->- An asterisk `*` in a folder exclusion stands in place for a single folder. Use multiple instances of `\*\` to indicate multiple nested folders with unspecified names.
+> [!IMPORTANT]
+> There are key limitations and usage scenarios for these wildcards:
+> - Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account.
+> - You cannot use a wildcard in place of a drive letter.
+> - An asterisk `*` in a folder exclusion stands in place for a single folder. Use multiple instances of `\*\` to indicate multiple nested folders with unspecified names.
 
 The following table describes how the wildcards can be used and provides some examples.
 
 
 |Wildcard  |Examples  |
-|---------|---------|
+|:---------|:---------|
 |`*` (asterisk) <br/><br/>In **file name and file extension inclusions**, the asterisk replaces any number of characters, and only applies to files in the last folder defined in the argument. <br/><br/>In **folder exclusions**, the asterisk replaces a single folder. Use multiple `*` with folder slashes `\` to indicate multiple nested folders. After matching the number of wild carded and named folders, all subfolders are also included.   | `C:\MyData\*.txt` would include `C:\MyData\notes.txt`<br/><br/>`C:\somepath\*\Data` would include any file in `C:\somepath\Archives\Data and its subfolders` and `C:\somepath\Authorized\Data and its subfolders` <br/><br/>`C:\Serv\*\*\Backup` would include any file in `C:\Serv\Primary\Denied\Backup and its subfolders` and `C:\Serv\Secondary\Allowed\Backup and its subfolders`     |
 |`?` (question mark)  <br/><br/>In **file name and file extension inclusions**, the question mark replaces a single character, and only applies to files in the last folder defined in the argument. <br/><br/>In **folder exclusions**, the question mark replaces a single character in a folder name. After matching the number of wild carded and named folders, all subfolders are also included.   |`C:\MyData\my?` would include `C:\MyData\my1.zip` <br/><br/>`C:\somepath\?\Data` would include any file in `C:\somepath\P\Data` and its subfolders <br/><br/>`C:\somepath\test0?\Data` would include any file in `C:\somepath\test01\Data` and its subfolders          |
 |Environment variables <br/><br/>The defined variable is populated as a path when the exclusion is evaluated.          |`%ALLUSERSPROFILE%\CustomLogFiles` would include `C:\ProgramData\CustomLogFiles\Folder1\file1.txt`         |
         
 
->[!IMPORTANT]
->If you mix a file exclusion argument with a folder exclusion argument, the rules will stop at the file argument match in the matched folder, and will not look for file matches in any subfolders.
->
->For example, you can exclude all files that start with "date" in the folders `c:\data\final\marked` and `c:\data\review\marked` by using the rule argument `c:\data\*\marked\date*`.
->
->This argument, however, will not match any files in subfolders under `c:\data\final\marked` or `c:\data\review\marked`.
+> [!IMPORTANT]
+> If you mix a file exclusion argument with a folder exclusion argument, the rules will stop at the file argument match in the matched folder, and will not look for file matches in any subfolders.
+> For example, you can exclude all files that start with "date" in the folders `c:\data\final\marked` and `c:\data\review\marked` by using the rule argument `c:\data\*\marked\date*`.
+> This argument, however, will not match any files in subfolders under `c:\data\final\marked` or `c:\data\review\marked`.
 
 <a id="review"></a>
 

From b25fa3e84517722d7da5c09172084dfbacf199fb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:12:44 -0800
Subject: [PATCH 15/27] Update
 configure-extension-file-exclusions-microsoft-defender-antivirus.md

---
 ...exclusions-microsoft-defender-antivirus.md | 329 ++++--------------
 1 file changed, 62 insertions(+), 267 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 2643fbb1a0..6715d17298 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -199,273 +199,68 @@ The following table describes how the wildcards can be used and provides some ex
 
 The following table lists and describes the system account environment variables. 
 
-<table border="0" cellspacing="0" cellpadding="20">
-<thead>
-<tr>
-<th valign="top">System environment variables</th>
-<th valign="top">Will redirect to:</th>
-</tr>
-</thead><tbody>
-<tr>
-<td valign="top">%APPDATA%</td>
-<td valign="top">C:\Users\UserName.DomainName\AppData\Roaming</td>
-</tr>
-<tr>
-<td valign="top">%APPDATA%\Microsoft\Internet Explorer\Quick Launch</td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch</td>
-</tr>
-<tr>
-<td valign="top">%APPDATA%\Microsoft\Windows\Start Menu</td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu</td>
-</tr>
-<tr>
-<td valign="top">%APPDATA%\Microsoft\Windows\Start Menu\Programs</td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs</td>
-</tr>
-<tr>
-<td valign="top">%LOCALAPPDATA% </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local</td>
-</tr>
-<tr>
-<td valign="top">%ProgramData%</td>
-<td valign="top">C:\ProgramData</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles%</td>
-<td valign="top">C:\Program Files</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles%\Common Files </td>
-<td valign="top">C:\Program Files\Common Files</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles%\Windows Sidebar\Gadgets </td>
-<td valign="top">C:\Program Files\Windows Sidebar\Gadgets</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles%\Common Files</td>
-<td valign="top">C:\Program Files\Common Files</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles(x86)% </td>
-<td valign="top">C:\Program Files (x86)</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles(x86)%\Common Files </td>
-<td valign="top">C:\Program Files (x86)\Common Files</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%</td>
-<td valign="top">C:</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%\Program Files</td>
-<td valign="top">C:\Program Files</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%\Program Files (x86) </td>
-<td valign="top">C:\Program Files (x86)</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%\Users </td>
-<td valign="top">C:\Users</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%\Users\Public</td>
-<td valign="top">C:\Users\Public</td>
-</tr>
-<tr>
-<td valign="top">%SystemRoot%</td>
-<td valign="top"> C:\Windows</td>
-</tr>
-<tr>
-<td valign="top">%windir%</td>
-<td valign="top">C:\Windows</td>
-</tr>
-<tr>
-<td valign="top">%windir%\Fonts</td>
-<td valign="top">C:\Windows\Fonts</td>
-</tr>
-<tr>
-<td valign="top">%windir%\Resources </td>
-<td valign="top">C:\Windows\Resources</td>
-</tr>
-<tr>
-<td valign="top">%windir%\resources\0409</td>
-<td valign="top">C:\Windows\resources\0409</td>
-</tr>
-<tr>
-<td valign="top">%windir%\system32</td>
-<td valign="top">C:\Windows\System32</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%</td>
-<td valign="top">C:\ProgramData</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Application Data</td>
-<td valign="top">C:\ProgramData\Application Data</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents</td>
-<td valign="top">C:\ProgramData\Documents</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Music\Sample Music</td>
-<td valign="top">
-<p>C:\ProgramData\Documents\My Music\Sample Music</p>
-<p>.</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Music </td>
-<td valign="top">C:\ProgramData\Documents\My Music</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Pictures </td>
-<td valign="top">
-<p>C:\ProgramData\Documents\My Pictures
-</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures </td>
-<td valign="top">C:\ProgramData\Documents\My Pictures\Sample Pictures</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Videos </td>
-<td valign="top">C:\ProgramData\Documents\My Videos</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\DeviceMetadataStore </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\DeviceMetadataStore</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\GameExplorer </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\GameExplorer</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Ringtones </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Ringtones</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs </td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools</td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Templates </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Templates</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Start Menu </td>
-<td valign="top">C:\ProgramData\Start Menu</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Start Menu\Programs </td>
-<td valign="top">C:\ProgramData\Start Menu\Programs</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools </td>
-<td valign="top">C:\ProgramData\Start Menu\Programs\Administrative Tools</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Templates </td>
-<td valign="top">C:\ProgramData\Templates</td>
-</tr>
-<tr>
-<td valign="top">%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\Templates </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates</td>
-</tr>
-<tr>
-<td valign="top">%LOCALAPPDATA%\Microsoft\Windows\History </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History</td>
-</tr>
-<tr>
-<td valign="top">
-<p>
-%PUBLIC% </p>
-</td>
-<td valign="top">C:\Users\Public</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\AccountPictures </td>
-<td valign="top">C:\Users\Public\AccountPictures</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Desktop </td>
-<td valign="top">C:\Users\Public\Desktop</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Documents </td>
-<td valign="top">C:\Users\Public\Documents</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Downloads </td>
-<td valign="top">C:\Users\Public\Downloads</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Music\Sample Music </td>
-<td valign="top">
-<p>C:\Users\Public\Music\Sample Music</p>
-<p>.</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Music\Sample Playlists </td>
-<td valign="top">
-<p>C:\Users\Public\Music\Sample Playlists</p>
-<p>.</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Pictures\Sample Pictures </td>
-<td valign="top">C:\Users\Public\Pictures\Sample Pictures</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\RecordedTV.library-ms</td>
-<td valign="top">C:\Users\Public\RecordedTV.library-ms</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Videos</td>
-<td valign="top">C:\Users\Public\Videos</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Videos\Sample Videos</td>
-<td valign="top">
-<p>C:\Users\Public\Videos\Sample Videos</p>
-<p>.</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%USERPROFILE% </td>
-<td valign="top">C:\Windows\System32\config\systemprofile</td>
-</tr>
-<tr>
-<td valign="top">%USERPROFILE%\AppData\Local </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local</td>
-</tr>
-<tr>
-<td valign="top">%USERPROFILE%\AppData\LocalLow </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\LocalLow</td>
-</tr>
-<tr>
-<td valign="top">%USERPROFILE%\AppData\Roaming </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming</td>
-</tr>
-</tbody>
-</table>
+| This system environment variable... | Redirects to this |
+|:--|:--|
+| `%APPDATA%`| `C:\Users\UserName.DomainName\AppData\Roaming` |
+| `%APPDATA%\Microsoft\Internet Explorer\Quick Launch` | `C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch` |
+| `%APPDATA%\Microsoft\Windows\Start Menu` | `C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu` |
+| `%APPDATA%\Microsoft\Windows\Start Menu\Programs` | `C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs` |
+| `%LOCALAPPDATA%` | `C:\Windows\System32\config\systemprofile\AppData\Local` |
+| `%ProgramData%` | `C:\ProgramData` |
+| `%ProgramFiles%` | `C:\Program Files` |
+| `%ProgramFiles%\Common Files` | `C:\Program Files\Common Files` |
+| `%ProgramFiles%\Windows Sidebar\Gadgets` | `C:\Program Files\Windows Sidebar\Gadgets` |
+| `%ProgramFiles%\Common Files` | `C:\Program Files\Common Files` |
+| `%ProgramFiles(x86)%` | `C:\Program Files (x86)` |
+| `%ProgramFiles(x86)%\Common Files` | `C:\Program Files (x86)\Common Files` |
+| `%SystemDrive%` | `C:` |
+| `%SystemDrive%\Program Files` | `C:\Program Files` |
+| `%SystemDrive%\Program Files (x86)` | `C:\Program Files (x86)` |
+| `%SystemDrive%\Users` | `C:\Users` |
+| `%SystemDrive%\Users\Public` | `C:\Users\Public` |
+| `%SystemRoot%` | `C:\Windows` |
+| `%windir%` | `C:\Windows` |
+| `%windir%\Fonts` | `C:\Windows\Fonts` |
+| `%windir%\Resources` | `C:\Windows\Resources` |
+| `%windir%\resources\0409` | `C:\Windows\resources\0409` |
+| `%windir%\system32` | `C:\Windows\System32` |
+| `%ALLUSERSPROFILE%` | `C:\ProgramData` |
+| `%ALLUSERSPROFILE%\Application Data` | `C:\ProgramData\Application Data` |
+| `%ALLUSERSPROFILE%\Documents` | `C:\ProgramData\Documents` |
+| `%ALLUSERSPROFILE%\Documents\My Music\Sample Music` | `C:\ProgramData\Documents\My Music\Sample Music` |
+| `%ALLUSERSPROFILE%\Documents\My Music` | `C:\ProgramData\Documents\My Music` |
+| `%ALLUSERSPROFILE%\Documents\My Pictures` | `C:\ProgramData\Documents\My Pictures` |
+| `%ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures` | `C:\ProgramData\Documents\My Pictures\Sample Pictures` |
+| `%ALLUSERSPROFILE%\Documents\My Videos` | `C:\ProgramData\Documents\My Videos` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\DeviceMetadataStore` | `C:\ProgramData\Microsoft\Windows\DeviceMetadataStore` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\GameExplorer` | `C:\ProgramData\Microsoft\Windows\GameExplorer` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Ringtones` | `C:\ProgramData\Microsoft\Windows\Ringtones` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu` | `C:\ProgramData\Microsoft\Windows\Start Menu` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs` | `C:\ProgramData\Microsoft\Windows\Start Menu\Programs` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools` | `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp` | `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Templates` | `C:\ProgramData\Microsoft\Windows\Templates` |
+| `%ALLUSERSPROFILE%\Start Menu` | `C:\ProgramData\Start Menu` |
+| `%ALLUSERSPROFILE%\Start Menu\Programs` | C:\ProgramData\Start Menu\Programs |
+| `%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools` | `C:\ProgramData\Start Menu\Programs\Administrative Tools` | 
+| `%ALLUSERSPROFILE%\Templates` | `C:\ProgramData\Templates` |
+| `%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\Templates` | `C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates` |
+| `%LOCALAPPDATA%\Microsoft\Windows\History` | `C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History` |
+| `%PUBLIC%` | `C:\Users\Public` |
+| `%PUBLIC%\AccountPictures` | `C:\Users\Public\AccountPictures` |
+| `%PUBLIC%\Desktop` | `C:\Users\Public\Desktop` |
+| `%PUBLIC%\Documents` | `C:\Users\Public\Documents` |
+| `%PUBLIC%\Downloads` | `C:\Users\Public\Downloads` |
+| `%PUBLIC%\Music\Sample Music` | `C:\Users\Public\Music\Sample Music` |
+| `%PUBLIC%\Music\Sample Playlists` | `C:\Users\Public\Music\Sample Playlists` |
+| `%PUBLIC%\Pictures\Sample Pictures` | `C:\Users\Public\Pictures\Sample Pictures` |
+| `%PUBLIC%\RecordedTV.library-ms` | `C:\Users\Public\RecordedTV.library-ms` |
+| `%PUBLIC%\Videos` | `C:\Users\Public\Videos` |
+| `%PUBLIC%\Videos\Sample Videos` | `C:\Users\Public\Videos\Sample Videos` | 
+| `%USERPROFILE%` | `C:\Windows\System32\config\systemprofile` |
+| `%USERPROFILE%\AppData\Local` | `C:\Windows\System32\config\systemprofile\AppData\Local` |
+| `%USERPROFILE%\AppData\LocalLow` | `C:\Windows\System32\config\systemprofile\AppData\LocalLow` |
+| `%USERPROFILE%\AppData\Roaming` | `C:\Windows\System32\config\systemprofile\AppData\Roaming` |
 
 
 ## Review the list of exclusions

From 88dbf9fdaddb2dbd1ef54532128c81cbb41bdffc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:14:48 -0800
Subject: [PATCH 16/27] Update
 configure-extension-file-exclusions-microsoft-defender-antivirus.md

---
 ...n-file-exclusions-microsoft-defender-antivirus.md | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 6715d17298..a969dcf58a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -12,7 +12,6 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 10/21/2020
 ---
 
 # Configure and validate exclusions based on file extension and folder location
@@ -107,7 +106,6 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 
 7. Click **OK**.
 
-    ![The Group Policy setting for extension exclusions](images/defender/wdav-extension-exclusions.png)
 
 <a id="ps"></a>
 
@@ -123,11 +121,11 @@ The format for the cmdlets is as follows:
 
 The following are allowed as the `<cmdlet>`:
 
-Configuration action | PowerShell cmdlet
----|---
-Create or overwrite the list | `Set-MpPreference`
-Add to the list | `Add-MpPreference`
-Remove item from the list | `Remove-MpPreference`
+| Configuration action | PowerShell cmdlet |
+|:---|:---|
+|Create or overwrite the list | `Set-MpPreference` |
+|Add to the list | `Add-MpPreference` |
+|Remove item from the list | `Remove-MpPreference` |
 
 The following are allowed as the `<exclusion list>`:
 

From d536a77139a0cc30d5069ca781cc11292500cd4b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:16:03 -0800
Subject: [PATCH 17/27] Update
 configure-exclusions-microsoft-defender-antivirus.md

---
 .../configure-exclusions-microsoft-defender-antivirus.md      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
index 4d3ba69753..55b286bcf0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
@@ -10,7 +10,6 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 03/12/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -41,8 +40,11 @@ Defining exclusions lowers the protection offered by Microsoft Defender Antiviru
 The following is a list of recommendations that you should keep in mind when defining exclusions:  
 
 - Exclusions are technically a protection gap—always consider additional mitigations when defining exclusions. Additional mitigations could be as simple as making sure the excluded location has the appropriate access-control lists (ACLs), audit policy, is processed by an up-to-date software, etc.
+
 - Review the exclusions periodically. Re-check and re-enforce the mitigations as part of the review process.
+
 - Ideally, avoid defining proactive exclusions. For instance, don't exclude something just because you think it might be a problem in the future. Use exclusions only for specific issues—mostly around performance, or sometimes around application compatibility that exclusions could mitigate.
+
 - Audit the exclusion list changes. The security admin should preserve enough context around why a certain exclusion was added. You should be able to provide answer with specific reasoning as to why a certain path was excluded.
 
 ## Related articles

From a6e292c1822bd0b912fe5fa4c871cb9e5388935c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:20:50 -0800
Subject: [PATCH 18/27] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ocess-opened-file-exclusions-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 4943302a17..db2519b9ab 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -104,7 +104,7 @@ For example, the following code snippet would cause Microsoft Defender AV scans
 Add-MpPreference -ExclusionProcess "c:\internal\test.exe"
 ```
 
-For more information on how to use PowerShell with Microsoft Defender Antivirus, see Manage antivirus with PowerShell cmdlets and [Microsoft Defender Antivirus cmdlets](https://docs.microsoft.com/powershell/module/defender/?view=win10-ps&preserve=true).
+For more information on how to use PowerShell with Microsoft Defender Antivirus, see Manage antivirus with PowerShell cmdlets and [Microsoft Defender Antivirus cmdlets](https://docs.microsoft.com/powershell/module/defender).
 
 ### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans
 

From 006f0e658ee935411581f4ef272b3495b89ec7c0 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 12 Jan 2021 13:21:20 -0800
Subject: [PATCH 19/27] Update .openpublishing.redirection.json

---
 .openpublishing.redirection.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 0cf060785e..edaafad269 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -16510,6 +16510,11 @@
       "redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot",
       "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection",
+      "redirect_document_id": true
+    },
     {
       "source_path": "windows/hub/windows-10.yml",
       "redirect_url": "https://docs.microsoft.com/windows/windows-10",

From 308a4437c19903e4eba7b154e92ad991db15676d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:21:29 -0800
Subject: [PATCH 20/27] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ocess-opened-file-exclusions-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index db2519b9ab..4d432355f1 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -108,7 +108,7 @@ For more information on how to use PowerShell with Microsoft Defender Antivirus,
 
 ### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans
 
-Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
+Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://docs.microsoft.com/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)) class for the following properties:
 
 ```WMI
 ExclusionProcess

From 1ccca48e53b4bef374612464b0fbcba1280732af Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:22:04 -0800
Subject: [PATCH 21/27] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ocess-opened-file-exclusions-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 4d432355f1..14b6cea060 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -116,7 +116,7 @@ ExclusionProcess
 
 The use of **Set**, **Add**, and **Remove** is analogous to their counterparts in PowerShell: `Set-MpPreference`, `Add-MpPreference`, and `Remove-MpPreference`.
 
-For more information and allowed parameters, see  [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx).
+For more information and allowed parameters, see  [Windows Defender WMIv2 APIs](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal).
 
 ### Use the Windows Security app to exclude files that have been opened by specified processes from scans
 

From 659fbcd62042f39f0e2eb33e9b8426b8a3e3bb7c Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 12 Jan 2021 13:22:08 -0800
Subject: [PATCH 22/27] Delete mbsa-removal-and-guidance.md

---
 .../mbsa-removal-and-guidance.md              | 44 -------------------
 1 file changed, 44 deletions(-)
 delete mode 100644 windows/security/threat-protection/mbsa-removal-and-guidance.md

diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
deleted file mode 100644
index 59f32f84e6..0000000000
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
-description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
-keywords: MBSA, security, removal
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.author: dansimp
-author: dulcemontemayor
-ms.date: 10/05/2018
-ms.reviewer: 
-manager: dansimp
----
- 
-# What is Microsoft Baseline Security Analyzer and its uses?
- 
-Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these additional checks had not been actively maintained since Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive. 
- 
-MBSA was largely used in situations where neither Microsoft Update nor a local WSUS or Configuration Manager server was available, or as a compliance tool to ensure that all security updates were deployed to a managed environment. While MBSA version 2.3 introduced support for Windows Server 2012 R2 and Windows 8.1, it has since been deprecated and no longer developed. MBSA 2.3 is not updated to fully support Windows 10 and Windows Server 2016.
-
-> [!NOTE]
-> In accordance with our [SHA-1 deprecation initiative](https://aka.ms/sha1deprecation), the Wsusscn2.cab file is no longer dual-signed using both SHA-1 and the SHA-2 suite of hash algorithms (specifically SHA-256). This file is now signed using only SHA-256. Administrators who verify digital signatures on this file should now expect only single SHA-256 signatures. Starting with the August 2020 Wsusscn2.cab file, MBSA will return the following error "The catalog file is damaged or an invalid catalog." when attempting to scan using the offline scan file. 
- 
-## The Solution 
-A script can help you with an alternative to MBSA’s patch-compliance checking:
- 
-- [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script. 
-For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be).
- 
-For example:
- 
-[![VBS script](images/vbs-example.png)](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline) 
-[![PowerShell script](images/powershell-example.png)](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be) 
-  
-The preceding scripts leverage the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it.
-The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update; it does not contain any information on non-security updates, tools or drivers.
- 
-## More Information  
-
-For security compliance and for desktop/server hardening, we recommend the Microsoft Security Baselines and the Security Compliance Toolkit.
-
-- [Windows security baselines](windows-security-baselines.md) 
-- [Download Microsoft Security Compliance Toolkit 1.0](https://www.microsoft.com/download/details.aspx?id=55319) 
-- [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/)  

From d173252d051e82c185b9393208f4c8f2cbee3ae9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:23:06 -0800
Subject: [PATCH 23/27] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ess-opened-file-exclusions-microsoft-defender-antivirus.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 14b6cea060..51ae6f0011 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -164,7 +164,7 @@ Use the following cmdlet:
 Get-MpPreference
 ```
 
-See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/en-us/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 
 ### Retrieve a specific exclusions list by using PowerShell
 
@@ -175,7 +175,7 @@ $WDAVprefs = Get-MpPreference
 $WDAVprefs.ExclusionProcess
 ```
 
-See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 
 ## Related articles
 

From 32e33487a5d384ee2b7611c7d6824fd64ec63bb2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:31:38 -0800
Subject: [PATCH 24/27] antivirus

---
 ...exclusions-microsoft-defender-antivirus.md | 21 +++++++++----------
 ...exclusions-microsoft-defender-antivirus.md |  2 +-
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index a969dcf58a..dcf0ef8305 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -28,7 +28,7 @@ manager: dansimp
 
 ## Exclusion lists
 
-You can exclude certain files from Microsoft Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
+You can exclude certain files from Microsoft Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Microsoft Defender Antivirus includes many automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
 
 > [!NOTE]
 > Automatic exclusions apply only to Windows Server 2016 and above. These exclusions are not visible in the Windows Security app and in PowerShell.
@@ -81,31 +81,30 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 >[!NOTE]
 >If you specify a fully qualified path to a file, then only that file is excluded. If a folder is defined in the exclusion, then all files and subdirectories under that folder are excluded.
 
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
 
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
 
-3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.
+3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Exclusions**.
 
-4. Double-click the **Path Exclusions** setting and add the exclusions.
+4. Open the **Path Exclusions** setting for editing, and add your exclusions.
 
     - Set the option to **Enabled**.
     - Under the **Options** section, click **Show...**.
     - Specify each folder on its own line under the **Value name** column.
     - If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.
 
-5. Click **OK**.
+5. Choose **OK**.
 
     ![The Group Policy setting for file and folder exclusions](images/defender/wdav-path-exclusions.png)
 
-6. Double-click the **Extension Exclusions** setting and add the exclusions.
+6. Open the **Extension Exclusions** setting for editing and add your exclusions.
 
     - Set the option to **Enabled**.
-    - Under the **Options** section, click **Show...**.
+    - Under the **Options** section, select **Show...**.
     - Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.
 
-7. Click **OK**.
-
+7. Choose **OK**.
 
 <a id="ps"></a>
 
@@ -277,7 +276,7 @@ You can retrieve the items in the exclusion list using one of the following meth
 
 If you use PowerShell, you can retrieve the list in two ways:
 
-- Retrieve the status of all Microsoft Defender Antivirus preferences. Each of the lists are displayed on separate lines, but the items within each list are combined into the same line.
+- Retrieve the status of all Microsoft Defender Antivirus preferences. Each list is displayed on separate lines, but the items within each list are combined into the same line.
 - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line.
 
 ### Validate the exclusion list by using MpCmdRun
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 51ae6f0011..968b2a6975 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -164,7 +164,7 @@ Use the following cmdlet:
 Get-MpPreference
 ```
 
-See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/en-us/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 
 ### Retrieve a specific exclusions list by using PowerShell
 

From 2fde0b93007535aa84cce056c82774709f95c9a9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:32:35 -0800
Subject: [PATCH 25/27] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ess-opened-file-exclusions-microsoft-defender-antivirus.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 968b2a6975..466126fe0d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -152,8 +152,8 @@ To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://
 MpCmdRun.exe -CheckExclusion -path <path>
 ```
 
->[!NOTE]
->Checking exclusions with MpCmdRun requires Microsoft Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later.
+> [!NOTE]
+> Checking exclusions with MpCmdRun requires Microsoft Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later.
 
 
 ### Review the list of exclusions alongside all other Microsoft Defender Antivirus preferences by using PowerShell

From 01d866018e9f61aa59e4b27d9822c6100eba9e1d Mon Sep 17 00:00:00 2001
From: Thomas Raya <v-thraya@microsoft.com>
Date: Tue, 12 Jan 2021 14:29:21 -0800
Subject: [PATCH 26/27] remove mbsa-removal-and-guidance from TOC

---
 windows/security/threat-protection/TOC.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 25a5417d95..90d6dfa378 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -1334,7 +1334,6 @@
 #### [Windows security baselines](windows-security-configuration-framework/windows-security-baselines.md)
 ##### [Security Compliance Toolkit](windows-security-configuration-framework/security-compliance-toolkit-10.md)
 ##### [Get support](windows-security-configuration-framework/get-support-for-security-baselines.md)
-### [MBSA removal and alternatives](mbsa-removal-and-guidance.md)
 
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 

From b4bbcfefa942343ea8f11d5621a5e85d588f7edd Mon Sep 17 00:00:00 2001
From: dstrome <dstrome@microsoft.com>
Date: Wed, 13 Jan 2021 00:29:22 +0000
Subject: [PATCH 27/27] Initialize Docs repository:
 https://github.com/MicrosoftDocs/windows-docs-pr of branch master

---
 .openpublishing.publish.config.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 3e1c1d1d11..f9ebdac192 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -390,7 +390,7 @@
     "elizapo@microsoft.com"
   ],
   "sync_notification_subscribers": [
-    "daniha@microsoft.com"
+    "dstrome@microsoft.com"
   ],
   "branches_to_filter": [
     ""
@@ -431,9 +431,9 @@
       "template_folder": "_themes.pdf"
     }
   },
-  "need_generate_pdf": false,
-  "need_generate_intellisense": false,
   "docs_build_engine": {
     "name": "docfx_v3"
-  }
-}
+  },
+  "need_generate_pdf": false,
+  "need_generate_intellisense": false
+}
\ No newline at end of file