Merge remote-tracking branch 'refs/remotes/origin/master' into jd5holo

2025-05-16 15:27:22 +00:00 · 2018-10-15 09:59:38 -07:00 · 2018-10-15 09:59:38 -07:00 · ff073339bb
commit ff073339bb
parent c249262270 e96adc4061
31 changed files with 274 additions and 36 deletions
--- a/devices/surface-hub/surface-hub-start-menu.md
+++ b/devices/surface-hub/surface-hub-start-menu.md
@ -145,7 +145,7 @@ This example shows a link to a website and a link to a .pdf file.
           TileID="2678823080"
           DisplayName="Bing"
           Arguments="https://www.bing.com/"
-           Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png"
+           Square150x150LogoUri="ms-appx:///"
           Wide310x150LogoUri="ms-appx:///"
           ShowNameOnSquare150x150Logo="true"
           ShowNameOnWide310x150Logo="false"
@ -164,7 +164,10 @@ This example shows a link to a website and a link to a .pdf file.
             TileID="6153963000"
             DisplayName="cstrtqbiology.pdf"
             Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf"
-             Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png"                                                Wide310x150LogoUri="ms-appx:///" ShowNameOnSquare150x150Logo="true"                                                      ShowNameOnWide310x150Logo="true"
+             Square150x150LogoUri="ms-appx:///"                                                
+             Wide310x150LogoUri="ms-appx:///" 
+             ShowNameOnSquare150x150Logo="true"                                                      
+             ShowNameOnWide310x150Logo="true"
             BackgroundColor="#ff4e4248"
             Size="4x2" 
             Row="4"
@ -177,6 +180,11 @@ This example shows a link to a website and a link to a .pdf file.

 ```

+>[!NOTE]
+>Microsoft Edge tile logos won't appear on secondary tiles because they aren't stored in Surface Hub.
+>
+>The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark.
+
 ## More information

 - [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/)
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@ -19,6 +19,7 @@ This topic lists new and updated topics in the Surface documentation library.
 New or changed topic | Description
 --- | ---
 [Battery Limit setting](battery-limit.md) | New
+|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface GO  |

 ## May 2018

--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: brecords
-ms.date: 09/13/2018
+ms.date: 10/15/2018
 ms.author: jdecker
 ms.topic: article
 ---
@ -39,6 +39,11 @@ Recent additions to the downloads for Surface devices provide you with options t
 >A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.


+## Surface GO
+
+Download the following updates for [Surface GO from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57439).
+* SurfaceGO_Win10_17134_1802010_6.msi - Cumulative firmware and driver update package for Windows 10
+
 ## Surface Book 2


--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@ -26,6 +26,8 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d

 Compatible Surface devices include:

+* Surface Pro 6
+* Surface Laptop 2
 * Surface Go
 * Surface Book 2
 * Surface Pro with LTE Advanced (Model 1807)
@ -148,6 +150,14 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo

 Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:

+### Version 3.2.69.0
+*Release Date: 12 October 2018*
+
+This version of Surface Data Eraser adds support for the following:
+
+- Surface Pro 6
+- Surface Laptop 2
+
 ### Version 3.2.68.0
 This version of Microsoft Surface Data Eraser adds support for the following:

--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@ -117,6 +117,15 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app
 >[!Note]
 >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.

+### Version 2.23.139.0
+*Release Date: 10 October 2018*
+
+This version of Surface Dock Updater adds support for the following:
+
+- Add support for Surface Pro 6
+- Add support for Surface Laptop 2
+
+
 ### Version 2.22.139.0
 *Release Date: 26 July 2018*

--- a/store-for-business/TOC.md
+++ b/store-for-business/TOC.md
@ -24,6 +24,7 @@
 ### [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md)
 ### [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md)
 ### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md)
+### [Working with solution providers in Microsoft Store for Business](work-with-partner-microsoft-store-business.md)
 ## [Device Guard signing portal](device-guard-signing-portal.md)
 ### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md)
 ### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md)
--- a/store-for-business/images/msfb-find-partner.png
+++ b/store-for-business/images/msfb-find-partner.png
--- a/store-for-business/images/msfb-provider-list.png
+++ b/store-for-business/images/msfb-provider-list.png
--- a/store-for-business/work-with-partner-microsoft-store-business.md
+++ b/store-for-business/work-with-partner-microsoft-store-business.md
@ -0,0 +1,79 @@
+---
+title: Work with solution providers in Microsoft Store for Business and Education (Windows 10)
+description: You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school.
+keywords: partner, solution provider
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
+ms.author: TrudyHa
+ms.topic: conceptual
+ms.date: 10/12/2018
+---
+
+# Working with solution providers in Microsoft Store for Business
+
+You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school. There's a few steps involved in getting the things set up. 
+
+The process goes like this:
+- Admins find and contact a solution provider using **Find a solution provider** in Microsoft Store for Business. 
+- Solution providers send a request from Partner center to customers to become their solution provider.
+- Customers accept the invitation in Microsoft Store for Business and start working with the solution provider.
+- Customers can manage setting for the relationship with Partner in Microsoft Store for Business. 
+
+## What can a solution provider do for my organization or school?
+
+There are several ways that a solution provider can work with you. Solution providers will choose one of these when they send their request to work as a partner with you.
+
+| Solution provider function | Description | 
+| ------ | ------------------- | 
+| Reseller | Solution providers sell Microsoft products to your organization or school. |
+| Delegated administrator | Solution provider manages products and services for your organization or school. In Azure Active Directory (AD), the Partner will be a Global Administrator for tenant. This allows them to manage services like creating user accounts, assigning and managing licenses, and password resets. |
+| Reseller & delegated administrator | This is a team of two solution providers. You'll receive one partner invitation, but there will be two Solution providers listed on the request. One will sell products, and the other will manage them for you. |
+| Partner | You can give your solution provider a user account in your tenant, and they work on your behalf with other Microsoft services. |
+| Microsoft Products & Services Agreement (MPSA) partner | If you've worked with multiple solution providers through the MPSA program, you can allow partners to see purchases made by each other. |
+| OEM PC partner | Solution providers can upload device IDs for PCs that you're [managing with Autopilot](https://docs.microsoft.com/microsoft-store/add-profile-to-devices).   |
+| Line-of-business (LOB) partner | Solution providers can develop, submit, and manage LOB apps specific for your organization or school. |
+
+##  Find a solution provider
+
+You can find partner in Microsoft Store for Business and Education. 
+
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/).
+2. Select **Find a solution provider**.
+
+    ![Image shows Find a solution provider option in Microsoft Store for Business.](images/msfb-find-partner.png)
+
+3. Refine the list, or search for a solution provider. 
+
+    ![Image shows Find a solution provider option in Microsoft Store for Business.](images/msfb-provider-list.png)
+
+4. When you find a solution provider you're interested in working with, click **Contact**.
+5. Complete and send the form.
+
+The solution provider will get in touch with you. You'll have a chance to learn more about them. If you decide to work with the solution provider, they will send you an email invitation from Partner Center. 
+
+## Work with a solution provider
+
+Once you've found a solution provider and decided to work with them, they'll send you an invitation to work together from Partner Center. In Microsoft Store for Business or Education, you'll need to accept the invitation. After that, you can manage their permissions.
+
+**To accept a solution provider invitation**
+1. **Follow email link** - You'll receive an email with a link accept the solution provider invitation. The link will take you to Microsoft Store for Business or Education.
+2. **Accept invitation** - On **Accept Partner Invitation**, select **Authorize** to accept the invitation, accept terms of the Microsoft Cloud Agreement, and start working with the solution provider. 
+  
+## Delegate admin privileges
+
+Depending on the request made by the solution provider, part of accepting the invitation will include agreeing to give delegated admin privileges to the solution provider. This will happen when the solution provider request includes acting as a delegated administrator. For more information, see [Delegated admin privileges in Azure AD](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges#delegated-admin-privileges-in-azure-ad). 
+
+If you don't want to delegate admin privileges to the solution provider, you'll need to cancel the invitation instead of accepting it. 
+
+If you delegate admin privileges to a solution provider, you can remove that later. 
+
+**To remove delegate admin privileges**
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/).
+2. Select **Partner**
+3. Choose the Partner you want to manage.
+4. Select **Remove Delegated Permissions**. 
+
+The solution provider will still be able to work with you, for example, as a Reseller. 
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@ -23,6 +23,9 @@ From its release, Windows 10 has supported remote connections to PCs that are jo

 ![Remote Desktop Connection client](images/rdp.png)

+>[!TIP]
+>Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics)
+
 ## Set up

 - Both PCs (local and remote) must be running Windows 10, version 1607 (or later). Remote connection to an Azure AD-joined PC that is running earlier versions of Windows 10 is not supported.
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@ -17,7 +17,7 @@
 ### [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md)
 ### [Register your free Azure Active Directory subscription](register-your-free-azure-active-directory-subscription.md)
 ## [Enterprise app management](enterprise-app-management.md)
-## [Device update management](device-update-management.md)
+## [Mobile device management (MDM) for device updates](device-update-management.md)
 ## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md)
 ## [Management tool for the Microsoft Store for Business](management-tool-for-windows-store-for-business.md)
 ### [REST API reference for Microsoft Store for Business](rest-api-reference-windows-store-for-business.md)
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@ -1,5 +1,5 @@
 ---
-title: Device update management
+title: Mobile device management MDM for device updates
 description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology.
 ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777
 keywords: mdm,management,administrator
@ -12,7 +12,7 @@ ms.date: 11/15/2017
 ---


-# Device update management
+# Mobile device management (MDM) for device updates 

 >[!TIP]
 >If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq).
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@ -61,7 +61,7 @@ When an organization wants to move to MDM to manage devices, they should prepare

 -   [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
 -   [Enterprise app management](enterprise-app-management.md)
-   [Device update management](device-update-management.md)
+-   [Mobile device management (MDM) for device updates](device-update-management.md)
 -   [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
 -   [OMA DM protocol support](oma-dm-protocol-support.md)
 -   [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@ -17,6 +17,12 @@ ms.date: 10/02/2018

 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.

+## October 2018
+
+New or changed topic | Description
+--- | ---
+[Troubleshoot multi-app kiosk](multi-app-kiosk-troubleshoot.md) and [Set up a single-app kiosk](kiosk-single-app.md) | Added event log path for auto-logon issues.
+
 ## RELEASE: Windows 10, version 1809

 The topics in this library have been updated for Windows 10, version 1809. The following new topic has been added:
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@ -38,6 +38,12 @@ Disable the camera. |     Go to **Settings** &gt; **Privacy** &gt; **Camera**, a
 Turn off app notifications on the lock screen. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
 Disable removable media. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.</br></br>**NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.

+## Enable logging
+
+Logs can help you [troubleshoot issues](multi-app-kiosk-troubleshoot.md) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default.
+
+![Event Viewer, right-click Operational, select enable log](images/enable-assigned-access-log.png)
+
 ## Automatic logon

 In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in.
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 10/02/2018
+ms.date: 10/09/2018
 ---

 # Set up a single-app kiosk
@ -185,7 +185,7 @@ Clear-AssignedAccess


 >[!IMPORTANT]
->When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows}(https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
+>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).

 When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application.

@ -200,7 +200,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
 <tr><td  style="width:45%" valign="top">![step three](images/three.png)  ![account management](images/account-management.png)</br></br>Enable account management if you want to configure settings on this page. </br></br>**If enabled:**</br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.</br></br>**Warning:** You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br>**Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td>![join Active Directory, Azure AD, or create a local admin account](images/account-management-details.png)</td></tr>
 <tr><td  style="width:45%" valign="top">![step four](images/four.png) ![add applications](images/add-applications.png)</br></br>You can provision the kiosk app in the **Add applications** step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)</br></br>**Warning:** If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in **Installer Path**, and then a **Cancel** button becomes available, allowing you to complete the provisioning package without an application. </td><td>![add an application](images/add-applications-details.png)</td></tr>
 <tr><td  style="width:45%" valign="top">![step five](images/five.png) ![add certificates](images/add-certificates.png)</br></br>To provision the device with a certificate for the kiosk app, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td>![add a certificate](images/add-certificates-details.png)</td></tr> 
-<tr><td  style="width:45%" valign="top">![step six](images/six.png)  ![Configure kiosk account and app](images/kiosk-account.png)</br></br>You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.</br></br>If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts.</br></br>In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.</td><td>![Configure kiosk account and app](images/kiosk-account-details.png)</td></tr>
+<tr><td  style="width:45%" valign="top">![step six](images/six.png)  ![Configure kiosk account and app](images/kiosk-account.png)</br></br>You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.</br></br>If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts. (If you encounter issues with auto sign-in after you apply the provisioning package, check the Event Viewer logs for auto logon issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**.)</br></br>In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.</td><td>![Configure kiosk account and app](images/kiosk-account-details.png)</td></tr>
 <tr><td  style="width:45%" valign="top">![step seven](images/seven.png)  ![configure kiosk common settings](images/kiosk-common.png)</br></br>On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.</td><td>![set tablet mode and configure welcome and shutdown and turn off timeout settings](images/kiosk-common-details.png)</td></tr>
 <tr><td  style="width:45%" valign="top">  ![finish](images/finish.png)</br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td>![Protect your package](images/finish-details.png)</td></tr>
 </table>
--- a/windows/configuration/multi-app-kiosk-troubleshoot.md
+++ b/windows/configuration/multi-app-kiosk-troubleshoot.md
@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 07/30/2018
+ms.date: 10/09/2018
 ms.author: jdecker
 ms.topic: article
 ---
@ -39,6 +39,10 @@ For example:
 ![Event Viewer, right-click Operational, select enable log](images/enable-assigned-access-log.png)


+## Automatic logon issues 
+
+Check the Event Viewer logs for auto logon issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**.
+
 ## Apps configured in AllowedList are blocked

 1. Ensure the account is mapped to the correct profile and that the apps are specific for that profile. 
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@ -30,7 +30,7 @@ Enter the account and the application you want to use for Assigned access, using
 **Example**:

 ```
-"Account":"domain\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"
+{"Account":"domain\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}
 ```

 ## MultiAppAssignedAccessSettings
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 10/01/2018
+ms.date: 10/08/2018
 ms.localizationpriority: medium
 ---

@ -53,7 +53,7 @@ To enable data sharing, configure your proxy server to whitelist the following e
 | `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
 | `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
 | `https://oca.telemetry.microsoft.com`  | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
-| `https://login.live.com` | This end-point is required by Device Health to ensure data integrity and provides a more reliable device identity for all Windows Analytics solutions on Windows 10. Those who wish to disable end-user MSA access should do so by applying [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) rather than blocking this end-point. |
+| `https://login.live.com` | This endpoint is required by Device Health to ensure data integrity and provides a more reliable device identity for all of the Windows Analytics solutions on Windows 10. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. |
 | `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
 | `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity.  |

--- a/windows/security/information-protection/TOC.md
+++ b/windows/security/information-protection/TOC.md
@ -48,7 +48,7 @@
 ### [How to collect WIP audit event logs](windows-information-protection\collect-wip-audit-event-logs.md)
 ### [General guidance and best practices for WIP](windows-information-protection\guidance-and-best-practices-wip.md)
 #### [Enlightened apps for use with WIP](windows-information-protection\enlightened-microsoft-apps-and-wip.md)
-#### [Unenlightened and enlightened app behavior while using WI)](windows-information-protection\app-behavior-with-wip.md)
+#### [Unenlightened and enlightened app behavior while using WIP](windows-information-protection\app-behavior-with-wip.md)
 #### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP](windows-information-protection\recommended-network-definitions-for-wip.md)
 #### [Using Outlook Web Access with WIP](windows-information-protection\using-owa-with-wip.md)
 ### [Fine-tune WIP Learning](windows-information-protection\wip-learning.md)
--- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
+++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: justinha
 ms.localizationpriority: medium
-ms.date: 10/10/2018
+ms.date: 10/12/2018
 ---

 # How Windows Information Protection protects files with a sensitivity label 
@ -76,7 +76,9 @@ The PDF file doesn't need any work context beyond the sensitivity label.
 - Windows 10, version 1809
 - [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
 - [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center
- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.
+- WIP policy needs to be applied to endpoint devices by using [Intune](create-wip-policy-using-intune-azure.md) or [System Center Configuration Manager (SCCM)](overview-create-wip-policy-sccm.md).
+
+



--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -404,10 +404,10 @@
 #### [Software developer FAQ](intelligence/developer-faq.md)
 #### [Software developer resources](intelligence/developer-resources.md)

-## Certifications
+## Windows Certifications

-### [FIPS 140 Validation](fips-140-validation.md)
-### [Windows Platform Common Criteria Certification](windows-platform-common-criteria.md)
+### [FIPS 140 Validations](fips-140-validation.md)
+### [Common Criteria Certifications](windows-platform-common-criteria.md)


 ## More Windows 10 security
@ -465,6 +465,7 @@
 ##### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md)
 ##### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md)
 ###### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md)
+###### [How to list XML elements in <EventData>](auditing/how-to-list-xml-elements-in-eventdata.md)

 ###### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)
 ####### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md)
--- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
+++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
@ -0,0 +1,84 @@
+---
+title: How to get a list of XML elements in <EventData> (Windows 10)
+description: This reference topic for the IT professional explains how to use PowerShell to get a list of XML elements that can appear in <EventData>.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: justinha
+ms.date: 10/15/2018
+---
+
+# How to get a list of XML elements in EventData
+
+**Applies to**
+-   Windows 10
+
+The Security log uses a manifest where you can get all of the event schema.
+
+Run the following from an elevated PowerShell prompt:
+
+```powershell
+$secEvents = get-winevent -listprovider "microsoft-windows-security-auditing"
+```
+
+The .events property is a collection of all of the events listed in the manifest on the local machine.
+
+For each event, there is a .Template property for the XML template used for the event properties (if there are any).
+
+For example:
+
+```powershell
+PS C:\WINDOWS\system32> $SecEvents.events[100]
+
+
+Id          : 4734
+Version     : 0
+LogLink     : System.Diagnostics.Eventing.Reader.EventLogLink
+Level       : System.Diagnostics.Eventing.Reader.EventLevel
+Opcode      : System.Diagnostics.Eventing.Reader.EventOpcode
+Task        : System.Diagnostics.Eventing.Reader.EventTask
+Keywords    : {}
+Template    : <template xmlns="http://schemas.microsoft.com/win/2004/08/events">
+                <data name="TargetUserName" inType="win:UnicodeString" outType="xs:string"/>
+                <data name="TargetDomainName" inType="win:UnicodeString" outType="xs:string"/>
+                <data name="TargetSid" inType="win:SID" outType="xs:string"/>
+                <data name="SubjectUserSid" inType="win:SID" outType="xs:string"/>
+                <data name="SubjectUserName" inType="win:UnicodeString" outType="xs:string"/>
+                <data name="SubjectDomainName" inType="win:UnicodeString" outType="xs:string"/>
+                <data name="SubjectLogonId" inType="win:HexInt64" outType="win:HexInt64"/>
+                <data name="PrivilegeList" inType="win:UnicodeString" outType="xs:string"/>
+              </template>
+
+Description : A security-enabled local group was deleted.
+
+              Subject:
+                Security ID:            %4
+                Account Name:           %5
+                Account Domain:         %6
+                Logon ID:               %7
+
+              Group:
+                Security ID:            %3
+                Group Name:             %1
+                Group Domain:           %2
+
+              Additional Information:
+                Privileges:             %8
+
+
+
+PS C:\WINDOWS\system32> $SecEvents.events[100].Template
+<template xmlns="http://schemas.microsoft.com/win/2004/08/events">
+  <data name="TargetUserName" inType="win:UnicodeString" outType="xs:string"/>
+  <data name="TargetDomainName" inType="win:UnicodeString" outType="xs:string"/>
+  <data name="TargetSid" inType="win:SID" outType="xs:string"/>
+  <data name="SubjectUserSid" inType="win:SID" outType="xs:string"/>
+  <data name="SubjectUserName" inType="win:UnicodeString" outType="xs:string"/>
+  <data name="SubjectDomainName" inType="win:UnicodeString" outType="xs:string"/>
+  <data name="SubjectLogonId" inType="win:HexInt64" outType="win:HexInt64"/>
+  <data name="PrivilegeList" inType="win:UnicodeString" outType="xs:string"/>
+</template>
+
+```
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@ -30,7 +30,7 @@ Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified
 <a href="#apis"><center><b>Management and APIs</a></b></center></td>
 </tr>
 <tr>
-<td colspan="6"><a href="#mtp"><center><b>Microsoft threat protection</a></center></b></td>
+<td colspan="6"><a href="#mtp"><center><b>Microsoft Threat Protection</a></center></b></td>
 </tr>
 </table>
 <br>
@ -111,8 +111,8 @@ Integrate Windows Defender Advanced Threat Protection into your existing workflo

 <a name="mtp"></a>

-**[Microsoft threat protection](windows-defender-atp/threat-protection-integration.md)** <br>
-Bring the power of Microsoft threat protection to your organization.
+**[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)** <br>
+Bring the power of Microsoft threat protection to your organization. Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.
 - [Conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
 - [O365 ATP](windows-defender-atp/threat-protection-integration.md)
 - [Azure ATP](windows-defender-atp/threat-protection-integration.md)
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@ -151,7 +151,7 @@
 #### [Managed security service provider support](mssp-support-windows-defender-advanced-threat-protection.md)


-### [Microsoft threat protection](threat-protection-integration.md)
+### [Microsoft Threat Protection](threat-protection-integration.md)
 ####  [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
 #### [Microsoft Cloud App Security integration overview](microsoft-cloud-app-security-integration.md)

@ -316,7 +316,7 @@

 #### [Configure managed security service provider (MSSP) support](configure-mssp-support-windows-defender-advanced-threat-protection.md)

-### Configure Microsoft threat protection integration
+### Configure Microsoft Threat Protection integration
 #### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md)
 #### [Configure Microsoft Cloud App Security integration](microsoft-cloud-app-security-config.md)

--- a/windows/security/threat-protection/windows-defender-atp/get-started.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-started.md
@ -14,6 +14,10 @@ ms.date: 09/03/2018
 ---

 # Get started with Windows Defender Advanced Threat Protection
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
 Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.

 The following capabilities are available across multiple products that make up the Windows Defender ATP platform. 
@ -40,7 +44,7 @@ Advanced hunting allows you to hunt for possible threats across your organizatio
 Integrate Windows Defender Advanced Threat Protection into your existing workflows.

 **Microsoft threat protection**<br>
-Bring the power of Microsoft threat protection to your organization.
+Bring the power of Microsoft Threat Protection to your organization.

 ## In this section 
 Topic | Description 
--- a/windows/security/threat-protection/windows-defender-atp/onboard.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard.md
@ -14,6 +14,9 @@ ms.date: 09/03/2018
 ---

 # Configure and manage Windows Defender ATP capabilities
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)

 Configure and manage all the Windows Defender ATP capabilities to get the best security protection for your organization. 

@ -24,7 +27,7 @@ Topic | Description
 [Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) |  By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
 [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
 [Configure Secure score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | Configure the security controls in Secure score to increase the security posture of your organization.
-Configure Microsoft threat protection integration| Configure other solutions that integrate with Windows Defender ATP.
+Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Windows Defender ATP.
 Management and API support| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. 
 [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) |  Configure portal related settings such as general settings, advanced features, enable the preview experience and others.

--- a/windows/security/threat-protection/windows-defender-atp/overview.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview.md
@ -14,6 +14,9 @@ ms.date: 09/03/2018
 ---

 # Overview of Windows Defender ATP capabilities
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)

 Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform. 

@ -28,7 +31,7 @@ Topic | Description
 [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
 [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) |  Use a powerful search and query language to create custom queries and detection rules.
 [Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
-[Microsoft threat protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack. 
+[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack. 
 [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) |Learn to navigate your way around Windows Defender Security Center. 


--- a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
@ -1,7 +1,7 @@
 ---
-title: Microsoft threat protection
-description: 
-keywords: 
+title: Windows Defender ATP in Microsoft Threat Protection
+description: Learn about the capabilities within the Microsoft Threat Protection 
+keywords: microsoft threat protection, conditional access, office, advanced threat protection, azure atp, azure security center, microsoft cloud app security
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -10,10 +10,18 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 09/12/2018
+ms.date: 10/12/2018
 ---

-#  Microsoft threat protection
+# Microsoft Threat Protection 
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.
+
+For more information on Microsoft Threat Protection, see [Announcing Microsoft Threat Protection](https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Announcing-Microsoft-Threat-Protection/ba-p/262783).

 Microsoft's multiple layers of threat protection across data, applications, devices, and identities can help protect your organization from advanced cyber threats. 

--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@ -15,6 +15,10 @@ ms.date: 03/12/2018

 # Overview of Windows Defender Security Center

+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) 

 Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. 
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@ -112,9 +112,6 @@ We’ve continued to work on the **Current threats** area in  [Virus & threat pr

 ![Virus & threat protection settings](images/virus-and-threat-protection.png "Virus & threat protection settings")

-You can enable a new protection setting, **Block suspicious behaviors**, which brings [Windows Defender Exploit Guard attack surface reduction technology](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to all users. To enable this setting, go to the **Virus & threat protection** section and click **Manage settings**, as shown in the following screenshot:
-
-![Block suspicious behaviors](images/block-suspicious-behaviors.png "Block suspicious behaviors")

 With controlled folder access you can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We’ve made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether.