diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 1f15840c95..64deb7803d 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -8,9 +8,9 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 audience: itpro
-author: greg-lindsay
+author: jaimeo
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: jaimeo
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -97,7 +97,12 @@ For more details, check out the [Adopting Windows as a Service at Microsoft](htt
 
 **Does Delivery Optimization work with WSUS?**: Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
 
-**Which ports does Delivery Optimization use?**: For peer-to-peer traffic, it uses 7680 for TCP/IP or 3544 for NAT traversal (optionally Teredo). For client-service communication, it uses HTTP or HTTPS over port 80/443.
+**Which ports does Delivery Optimization use?**: Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound traffic through your firewall yourself. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
+
+If you set up Delivery Optimization to create peer groups that include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets), it will use Teredo. For this to work, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
+
+Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
+
 
 **What are the requirements if I use a proxy?**: You must allow Byte Range requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
index 4168a6fc37..4b08f7b6f1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
@@ -17,7 +17,7 @@ ms.date: 09/09/2019
 ms.reviewer: 
 ---
 
-## Conditional access
+# Conditional access
 
 **Requirements:**
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
index a193c1a932..62304559ae 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
@@ -17,7 +17,7 @@ ms.date: 09/09/2019
 ms.reviewer: 
 ---
 
-## Dynamic lock
+# Dynamic lock
 
 **Requirements:**
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md
index f73d3cc8f2..83a4dc444e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-features.md
+++ b/windows/security/identity-protection/hello-for-business/hello-features.md
@@ -25,9 +25,10 @@ ms.date: 05/05/2018
 
 Consider these additional features you can use after your organization deploys Windows Hello for Business.
 
-- [Dynamic lock](hello-feature-dynamic-lock.md)
 - [Conditional Access](hello-feature-conditional-access.md)
 - [Dual Enrollment](hello-feature-dual-enrollment.md)
+- [Dynamic lock](hello-feature-dynamic-lock.md)
+- [Multifactor Unlock](feature-multifactor-unlock.md)
 - [PIN Reset](hello-feature-pin-reset.md)
 - [Remote Desktop](hello-feature-remote-desktop.md)
 
diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md
index a9261a5239..3fe33458fc 100644
--- a/windows/security/identity-protection/hello-for-business/toc.md
+++ b/windows/security/identity-protection/hello-for-business/toc.md
@@ -8,10 +8,10 @@
 
 ## [Windows Hello for Business Features](hello-features.md)
 ### [Conditional Access](hello-feature-conditional-access.md)
+### [Dual Enrollment](hello-feature-dual-enrollment.md)
 ### [Dynamic Lock](hello-feature-dynamic-lock.md)
 ### [Multifactor Unlock](feature-multifactor-unlock.md)
 ### [PIN Reset](hello-feature-pin-reset.md)
-### [Dual Enrollment](hello-feature-dual-enrollment.md)
 ### [Remote Desktop](hello-feature-remote-desktop.md)
 
 ## [How Windows Hello for Business works](hello-how-it-works.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index ccec35886a..5d0cf9a4f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -42,6 +42,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 ## Preview features
 The following features are included in the preview release:
 
+- [Tamper Protection settings in Intune](../windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-with-intune)<br/>You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune).
+
 - [Microsoft Threat Experts - Experts on Demand](microsoft-threat-experts.md) <BR> You now have the option to consult with Microsoft Threat Experts from several places in the portal to help you in the context of your investigation.   
 
 - [Indicators for IP addresses, URLs/Domains](manage-indicators.md) <BR> You can now allow or block URLs/domains using your own threat intelligence.