This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
+ Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.
See details > | OS Build 17763.379
March 12, 2019
KB4489899 | Mitigated
| May 02, 2019
04:47 PM PT |
+ Devices with some Asian language packs installed may receive an error
After installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"
See details > | OS Build 17763.437
April 09, 2019
KB4493509 | Mitigated
| May 02, 2019
04:36 PM PT |
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.
See details > | OS Build 17763.437
April 09, 2019
KB4493509 | Mitigated
| April 25, 2019
02:00 PM PT |
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
See details > | OS Build 17763.379
March 12, 2019
KB4489899 | Mitigated
| April 09, 2019
10:00 AM PT |
Issue using PXE to start a device from WDS
Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.
See details > | OS Build 17763.379
March 12, 2019
KB4489899 | Mitigated
| April 09, 2019
10:00 AM PT |
+ Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".
See details > | OS Build 17763.253
January 08, 2019
KB4480116 | Mitigated
| April 09, 2019
10:00 AM PT |
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.
See details > | OS Build 17763.134
November 13, 2018
KB4467708 | Mitigated
| March 15, 2019
12:00 PM PT |
- Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".
See details > | OS Build 17763.253
January 08, 2019
KB4480116 | Mitigated
| January 08, 2019
10:00 AM PT |
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.
See details > | OS Build 17763.404
April 02, 2019
KB4490481 | Resolved
KB4493509 | April 09, 2019
10:00 AM PT |
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.
See details > | OS Build 17763.253
January 08, 2019
KB4480116 | Resolved
KB4493509 | April 09, 2019
10:00 AM PT |
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
See details > | OS Build 17763.253
January 08, 2019
KB4480116 | Resolved
KB4493509 | April 09, 2019
10:00 AM PT |
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
See details > | OS Build 17763.316
February 12, 2019
KB4487044 | Resolved
KB4493509 | April 09, 2019
10:00 AM PT |
- Apps may stop working after selecting an audio output device other than the default
Users with multiple audio devices that select an audio output device different from the \"Default Audio Device\" may find certain applications stop working unexpectedly.
See details > | OS Build 17763.348
March 01, 2019
KB4482887 | Resolved
KB4490481 | April 02, 2019
10:00 AM PT |
"
@@ -85,6 +86,16 @@ sections:
| Details | Originating update | Status | History |
+ | Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007 When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\" Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Workaround: You can use another browser, such as Internet Explorer to print your documents. Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17763.379
March 12, 2019
KB4489899 | Mitigated
| Last updated:
May 02, 2019
04:47 PM PT
Opened:
May 02, 2019
04:47 PM PT |
+ Devices with some Asian language packs installed may receive an errorAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Workaround: - Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
- Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
- Reset your PC:
- Go to Settings app -> Recovery.
- Click on Get Started under \"Reset this PC\" recovery option.
- Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17763.437
April 09, 2019
KB4493509 | Mitigated
| Last updated:
May 02, 2019
04:36 PM PT
Opened:
May 02, 2019
04:36 PM PT |
+
+ "
+
- title: April 2019
- items:
- type: markdown
@@ -103,7 +114,6 @@ sections:
Custom URI schemes may not start corresponding applicationAfter installing KB4489899, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites - Go to Tools > Internet options > Security.
- Within Select a zone to view of change security settings, select Local intranet and then select Enable Protected Mode.
- Select Trusted Sites and then select Enable Protected Mode.
- Select OK.
You must restart the browser after making these changes. Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17763.379
March 12, 2019
KB4489899 | Mitigated
| Last updated:
April 09, 2019
10:00 AM PT
Opened:
March 12, 2019
10:00 AM PT |
Issue using PXE to start a device from WDSAfter installing KB4489899, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:
Option 1: Open an Administrator Command prompt and type the following: Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
Option 2: Use the Windows Deployment Services UI to make the following adjustment: - Open Windows Deployment Services from Windows Administrative Tools.
- Expand Servers and right-click a WDS server.
- Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.
Option 3: Set the following registry value to 0: HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension
Restart the WDSServer service after disabling the Variable Window Extension.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17763.379
March 12, 2019
KB4489899 | Mitigated
| Last updated:
April 09, 2019
10:00 AM PT
Opened:
March 12, 2019
10:00 AM PT |
- Apps may stop working after selecting an audio output device other than the defaultAfter installing KB4482887 on machines that have multiple audio devices, applications that provide advanced options for internal or external audio output devices may stop working unexpectedly. This issue occurs for users that select an audio output device different from the \"Default Audio Device\". Examples of applications that may stop working include: - Windows Media Player
- Realtek HD Audio Manager
- Sound Blaster Control Panel
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4490481.
Back to top | OS Build 17763.348
March 01, 2019
KB4482887 | Resolved
KB4490481 | Resolved:
April 02, 2019
10:00 AM PT
Opened:
March 01, 2019
10:00 AM PT |
"
@@ -121,7 +131,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following: - Perform the operation from a process that has administrator privilege.
- Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17763.253
January 08, 2019
KB4480116 | Mitigated
| Last updated:
January 08, 2019
10:00 AM PT
Opened:
January 08, 2019
10:00 AM PT |
+ | Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following: - Perform the operation from a process that has administrator privilege.
- Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17763.253
January 08, 2019
KB4480116 | Mitigated
| Last updated:
April 09, 2019
10:00 AM PT
Opened:
January 08, 2019
10:00 AM PT |
Internet Explorer 11 authentication issue with multiple concurrent logonsAfter installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: - Cache size and location show zero or empty.
- Keyboard shortcuts may not work properly.
- Webpages may intermittently fail to load or render correctly.
- Issues with credential prompts.
- Issues when downloading files.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493509.
Back to top | OS Build 17763.253
January 08, 2019
KB4480116 | Resolved
KB4493509 | Resolved:
April 09, 2019
10:00 AM PT
Opened:
January 08, 2019
10:00 AM PT |
MSXML6 may cause applications to stop responding After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493509.
Back to top | OS Build 17763.253
January 08, 2019
KB4480116 | Resolved
KB4493509 | Resolved:
April 09, 2019
10:00 AM PT
Opened:
January 08, 2019
10:00 AM PT |
diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
index 9c9b11c520..a15923a007 100644
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493472 | Investigating
| April 25, 2019
02:00 PM PT |
+ System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493472 | Mitigated
| May 03, 2019
08:50 AM PT |
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.
See details > | March 12, 2019
KB4489878 | Mitigated
| April 25, 2019
02:00 PM PT |
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.
See details > | April 09, 2019
KB4493472 | Mitigated
| April 25, 2019
02:00 PM PT |
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493472 | Mitigated
| April 25, 2019
02:00 PM PT |
@@ -85,7 +85,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- System may be unresponsive after restart if Avira antivirus software installedMicrosoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.
Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: We are presently investigating this issue with Avira and will provide an update when available.
Back to top | April 09, 2019
KB4493472 | Investigating
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
+ System may be unresponsive after restart if Avira antivirus software installedMicrosoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.
Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.
Back to top | April 09, 2019
KB4493472 | Mitigated
| Last updated:
May 03, 2019
08:50 AM PT
Opened:
April 09, 2019
10:00 AM PT |
System unresponsive after restart if Sophos Endpoint Protection installedMicrosoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.
Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.
Back to top | April 09, 2019
KB4493472 | Mitigated
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
System may be unresponsive after restart if ArcaBit antivirus software installedMicrosoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.
Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.
Back to top | April 09, 2019
KB4493472 | Mitigated
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
| System may be unresponsive after restart with certain McAfee antivirus products Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.
Back to top | April 09, 2019
KB4493472 | Mitigated
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
index 4a94eba224..75805707fb 100644
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493446 | Investigating
| April 25, 2019
02:00 PM PT |
+ System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493446 | Mitigated
| May 03, 2019
08:50 AM PT |
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.
See details > | March 12, 2019
KB4489881 | Mitigated
| April 25, 2019
02:00 PM PT |
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.
See details > | April 09, 2019
KB4493446 | Mitigated
| April 25, 2019
02:00 PM PT |
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493446 | Mitigated
| April 25, 2019
02:00 PM PT |
@@ -86,7 +86,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- System may be unresponsive after restart if Avira antivirus software installedMicrosoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.
Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: We are presently investigating this issue with Avira and will provide an update when available.
Back to top | April 09, 2019
KB4493446 | Investigating
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
+ System may be unresponsive after restart if Avira antivirus software installedMicrosoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.
Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.
Back to top | April 09, 2019
KB4493446 | Mitigated
| Last updated:
May 03, 2019
08:50 AM PT
Opened:
April 09, 2019
10:00 AM PT |
System unresponsive after restart if Sophos Endpoint Protection installedMicrosoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.
Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.
Back to top | April 09, 2019
KB4493446 | Mitigated
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
System may be unresponsive after restart if ArcaBit antivirus software installedMicrosoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.
Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.
Back to top | April 09, 2019
KB4493446 | Mitigated
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
| System may be unresponsive after restart with certain McAfee antivirus products Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.
Back to top | April 09, 2019
KB4493446 | Mitigated
| Last updated:
April 18, 2019
05:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml
index 40672e97b4..102f665769 100644
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ b/windows/release-information/status-windows-server-2008-sp2.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493471 | Investigating
| April 25, 2019
02:00 PM PT |
+ System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493471 | Mitigated
| May 03, 2019
08:51 AM PT |
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.
See details > | April 09, 2019
KB4493471 | Mitigated
| April 25, 2019
02:00 PM PT |
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.
See details > | March 12, 2019
KB4489880 | Mitigated
| April 25, 2019
02:00 PM PT |
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
See details > | February 12, 2019
KB4487023 | Resolved
KB4493471 | April 09, 2019
10:00 AM PT |
@@ -80,7 +80,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- System may be unresponsive after restart if Avira antivirus software installedMicrosoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.
Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: We are presently investigating this issue with Avira and will provide an update when available.
Back to top | April 09, 2019
KB4493471 | Investigating
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
+ System may be unresponsive after restart if Avira antivirus software installedMicrosoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.
Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article
Back to top | April 09, 2019
KB4493471 | Mitigated
| Last updated:
May 03, 2019
08:51 AM PT
Opened:
April 09, 2019
10:00 AM PT |
System unresponsive after restart if Sophos Endpoint Protection installedMicrosoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471.
Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.
Back to top | April 09, 2019
KB4493471 | Mitigated
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
"
diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml
index 046f75de26..831a726f86 100644
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493451 | Investigating
| April 25, 2019
02:00 PM PT |
+ System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details > | April 09, 2019
KB4493451 | Mitigated
| May 03, 2019
08:51 AM PT |
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.
See details > | March 12, 2019
KB4489891 | Mitigated
| April 25, 2019
02:00 PM PT |
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.
See details > | April 09, 2019
KB4493451 | Mitigated
| April 25, 2019
02:00 PM PT |
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.
See details > | January 08, 2019
KB4480975 | Mitigated
| April 25, 2019
02:00 PM PT |
@@ -82,7 +82,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- System may be unresponsive after restart if Avira antivirus software installedMicrosoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.
Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: We are presently investigating this issue with Avira and will provide an update when available.
Back to top | April 09, 2019
KB4493451 | Investigating
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
+ System may be unresponsive after restart if Avira antivirus software installedMicrosoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.
Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.
Back to top | April 09, 2019
KB4493451 | Mitigated
| Last updated:
May 03, 2019
08:51 AM PT
Opened:
April 09, 2019
10:00 AM PT |
System unresponsive after restart if Sophos Endpoint Protection installedMicrosoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451.
Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.
Affected platforms: - Client: Windows 8.1; Windows 7 SP1
- Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.
Back to top | April 09, 2019
KB4493451 | Mitigated
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
April 09, 2019
10:00 AM PT |
"
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 3de2479c2a..600663b95b 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 02/26/2019
+ms.date: 05/02/2019
---
# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
@@ -70,6 +70,9 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
- Microsoft Remote Desktop
+>[!NOTE]
+>Microsoft Visio and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining.
+
## List of WIP-work only apps from Microsoft
Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
new file mode 100644
index 0000000000..27b3a8f924
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
@@ -0,0 +1,145 @@
+---
+title: Installing Microsoft Defender ATP for Mac with JAMF
+description: Describes how to install Microsoft Defender ATP for Mac, using JAMF.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: #met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: v-maave
+author: martyav
+ms.localizationpriority: #medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: #conceptual
+---
+
+# Manual deployment
+
+**Applies to:**
+
+[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change.
+Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program.
+
+## Prerequisites and system requirements
+
+Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version.
+
+## Download installation and onboarding packages
+
+Download the installation and onboarding packages from Windows Defender Security Center:
+
+1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
+2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**.
+3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
+4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
+
+ 
+
+5. From a command prompt, verify that you have the two files.
+ Extract the contents of the .zip files:
+
+ ```bash
+ mavel-macmini:Downloads test$ ls -l
+ total 721152
+ -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip
+ -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
+ mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+ Archive: WindowsDefenderATPOnboardingPackage.zip
+ inflating: WindowsDefenderATPOnboarding.py
+ ```
+
+## Application installation
+
+To complete this process, you must have admin privileges on the machine.
+
+1. Navigate to the downloaded wdav.pkg in Finder and open it.
+
+ 
+
+2. Select **Continue**, agree with the License terms, and enter the password when prompted.
+
+ 
+
+ > [!IMPORTANT]
+ > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed.
+
+ 
+
+3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**:
+
+ 
+
+The installation will proceed.
+
+> [!NOTE]
+> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time.
+
+## Client configuration
+
+1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac.
+
+ The client machine is not associated with orgId. Note that the orgid is blank.
+
+ ```bash
+ mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+ uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
+ orgid :
+ ```
+
+2. Install the configuration file on a client machine:
+
+ ```bash
+ mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py
+ Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
+ ```
+
+3. Verify that the machine is now associated with orgId:
+
+ ```bash
+ mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+ uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
+ orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8
+ ```
+
+After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
+
+ 
+
+## Configuring from the command line
+
+Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
+
+|Group |Scenario |Command |
+|-------------|-------------------------------------------|-----------------------------------------------------------------------|
+|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` |
+|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` |
+|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` |
+|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` |
+|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`|
+|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` |
+|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`|
+|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` |
+|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` |
+|Health |Check the product's health |`mdatp --health` |
+|Protection |Scan a path |`mdatp scan --path [path]` |
+|Protection |Do a quick scan |`mdatp scan --quick` |
+|Protection |Do a full scan |`mdatp scan --full` |
+|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` |
+|Protection |Request a definition update |`mdatp --signature-update` |
+
+## Logging installation issues
+
+See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+
+## Uninstallation
+
+See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
new file mode 100644
index 0000000000..8af90fded1
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
@@ -0,0 +1,173 @@
+---
+title: Installing Microsoft Defender ATP for Mac with Microsoft Intune
+description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: #met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: v-maave
+author: martyav
+ms.localizationpriority: #medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: #conceptual
+---
+
+# Microsoft Intune-based deployment
+
+**Applies to:**
+
+[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change.
+Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program.
+
+## Prerequisites and system requirements
+
+Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version.
+
+## Download installation and onboarding packages
+
+Download the installation and onboarding packages from Windows Defender Security Center:
+
+1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
+2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
+3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
+4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
+5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos).
+
+ 
+
+6. From a command prompt, verify that you have the three files.
+ Extract the contents of the .zip files:
+
+ ```bash
+ mavel-macmini:Downloads test$ ls -l
+ total 721688
+ -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil
+ -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
+ -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
+ mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+ Archive: WindowsDefenderATPOnboardingPackage.zip
+ warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
+ inflating: intune/kext.xml
+ inflating: intune/WindowsDefenderATPOnboarding.xml
+ inflating: jamf/WindowsDefenderATPOnboarding.plist
+ mavel-macmini:Downloads test$
+ ```
+
+7. Make IntuneAppUtil an executable:
+
+ ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil```
+
+8. Create the wdav.pkg.intunemac package from wdav.pkg:
+
+ ```bash
+ mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
+ Microsoft Intune Application Utility for Mac OS X
+ Version: 1.0.0.0
+ Copyright 2018 Microsoft Corporation
+
+ Creating intunemac file for /Users/test/Downloads/wdav.pkg
+ Composing the intunemac file output
+ Output written to ./wdav.pkg.intunemac.
+
+ IntuneAppUtil successfully processed "wdav.pkg",
+ to deploy refer to the product documentation.
+ ```
+
+## Client Machine Setup
+
+You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp).
+
+1. You'll be asked to confirm device management.
+
+
+
+Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**:
+
+
+
+2. Select the **Continue** button and complete the enrollment.
+
+You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned.
+
+3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine:
+
+
+
+## Create System Configuration profiles
+
+1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**.
+2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**.
+3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
+4. Select **OK**.
+
+ 
+
+5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
+6. Repeat these steps with the second profile.
+7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file.
+8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**.
+
+After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade:
+
+
+
+## Publish application
+
+1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**.
+2. Select **App type=Other/Line-of-business app**.
+3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload.
+4. Select **Configure** and add the required information.
+5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value.
+
+ 
+
+6. Select **OK** and **Add**.
+
+ 
+
+7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**.
+
+ 
+
+8. Change **Assignment type=Required**.
+9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
+
+ 
+
+10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade:
+
+ 
+
+## Verify client machine state
+
+1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**.
+
+ 
+ 
+
+2. Verify the three profiles listed there:
+ 
+
+3. The **Management Profile** should be the Intune system profile.
+4. wdav-config and wdav-kext are system configuration profiles that we added in Intune.
+5. You should also see the Microsoft Defender icon in the top-right corner:
+
+ 
+
+## Logging installation issues
+
+See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+
+## Uninstallation
+
+See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
new file mode 100644
index 0000000000..8837b3bcc5
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
@@ -0,0 +1,208 @@
+---
+title: Installing Microsoft Defender ATP for Mac with JAMF
+description: Describes how to install Microsoft Defender ATP for Mac, using JAMF.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: #met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: v-maave
+author: martyav
+ms.localizationpriority: #medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: #conceptual
+---
+
+# JAMF-based deployment
+
+**Applies to:**
+
+[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change.
+Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program.
+
+## Prerequisites and system requirements
+
+Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version.
+
+In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow.
+
+## Download installation and onboarding packages
+
+Download the installation and onboarding packages from Windows Defender Security Center:
+
+1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
+2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
+3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
+4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
+
+ 
+
+5. From a command prompt, verify that you have the two files.
+ Extract the contents of the .zip files:
+
+ ```bash
+ mavel-macmini:Downloads test$ ls -l
+ total 721160
+ -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
+ -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
+ mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+ Archive: WindowsDefenderATPOnboardingPackage.zip
+ warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
+ inflating: intune/kext.xml
+ inflating: intune/WindowsDefenderATPOnboarding.xml
+ inflating: jamf/WindowsDefenderATPOnboarding.plist
+ mavel-macmini:Downloads test$
+ ```
+
+## Create JAMF Policies
+
+You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines.
+
+### Configuration Profile
+
+The configuration profile contains one custom settings payload that includes:
+
+- Microsoft Defender ATP for Mac onboarding information
+- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run
+
+1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File.
+
+ >[!NOTE]
+ > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain.
+
+ 
+
+### Approved Kernel Extension
+
+To approve the kernel extension:
+
+1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
+2. Use **UBF8T346G9** for Team Id.
+
+
+
+#### Configuration Profile's Scope
+
+Configure the appropriate scope to specify the machines that will receive this configuration profile.
+
+Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers.
+
+
+
+Save the **Configuration Profile**.
+
+Use the **Logs** tab to monitor deployment status for each enrolled machine.
+
+### Package
+
+1. Create a package in **Settings > Computer Management > Packages**.
+
+ 
+
+2. Upload wdav.pkg to the Distribution Point.
+3. In the **filename** field, enter the name of the package. For example, wdav.pkg.
+
+### Policy
+
+Your policy should contain a single package for Microsoft Defender.
+
+
+
+Configure the appropriate scope to specify the computers that will receive this policy.
+
+After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine.
+
+## Client machine setup
+
+You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment.
+
+> [!NOTE]
+> After a computer is enrolled, it will show up in the Computers inventory (All Computers).
+
+1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
+
+
+
+
+After some time, the machine's User Approved MDM status will change to Yes.
+
+
+
+You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned.
+
+## Deployment
+
+Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected.
+
+### Status on server
+
+You can monitor the deployment status in the Logs tab:
+
+- **Pending** means that the deployment is scheduled but has not yet happened
+- **Completed** means that the deployment succeeded and is no longer scheduled
+
+
+
+### Status on client machine
+
+After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile.
+
+
+
+After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
+
+
+
+You can monitor policy installation on a machine by following the JAMF's log file:
+
+```bash
+mavel-mojave:~ testuser$ tail -f /var/log/jamf.log
+Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
+Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
+Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
+Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender...
+Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender.
+Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches...
+Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found.
+```
+
+You can also check the onboarding status:
+
+```bash
+mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
+orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
+orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
+orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
+```
+
+- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set.
+
+- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed.
+
+## Check onboarding status
+
+You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded:
+
+```bash
+sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+'
+```
+
+This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered.
+
+## Logging installation issues
+
+See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+
+## Uninstallation
+
+See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
new file mode 100644
index 0000000000..09a4dcceae
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
@@ -0,0 +1,136 @@
+---
+title: Microsoft Defender ATP for Mac Resources
+description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, and known issues with the product.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: #met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: v-maave
+author: martyav
+ms.localizationpriority: #medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: #conceptual
+---
+
+# Resources
+
+**Applies to:**
+
+[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic describes how to use, and details about, Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change.
+Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program.
+
+## Collecting diagnostic information
+
+If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
+
+1) Increase logging level:
+
+```bash
+ mavel-mojave:~ testuser$ mdatp log-level --verbose
+ Creating connection to daemon
+ Connection established
+ Operation succeeded
+```
+
+2) Reproduce the problem
+
+3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file.
+
+ ```bash
+ mavel-mojave:~ testuser$ mdatp --diagnostic
+ Creating connection to daemon
+ Connection established
+ "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip"
+ ```
+
+4) Restore logging level:
+
+ ```bash
+ mavel-mojave:~ testuser$ mdatp log-level --info
+ Creating connection to daemon
+ Connection established
+ Operation succeeded
+ ```
+
+## Logging installation issues
+
+If an error occurs during installation, the installer will only report a general failure.
+
+The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
+
+## Uninstalling
+
+There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
+
+### Within the GUI
+
+- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
+
+### From the command line
+
+- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
+
+### With a script
+
+Create a script in **Settings > Computer Management > Scripts**.
+
+
+
+For example, this script removes Microsoft Defender ATP from the /Applications directory:
+
+```bash
+ echo "Is WDAV installed?"
+ ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
+
+ echo "Uninstalling WDAV..."
+ rm -rf '/Applications/Microsoft Defender ATP.app'
+
+ echo "Is WDAV still installed?"
+ ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
+
+ echo "Done!"
+```
+
+### With a JAMF policy
+
+If you are running JAMF, your policy should contain a single script:
+
+
+
+Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.
+
+## What to expect in the ATP portal
+
+- AV alerts:
+ - Severity
+ - Scan type
+ - Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
+ - File information (name, path, size, and hash)
+ - Threat information (name, type, and state)
+- Device information:
+ - Machine identifier
+ - Tenant identifier
+ - App version
+ - Hostname
+ - OS type
+ - OS version
+ - Computer model
+ - Processor architecture
+ - Whether the device is a virtual machine
+
+## Known issues
+
+- Not fully optimized for performance or disk space yet.
+- Full Windows Defender ATP integration is not available yet.
+- Mac devices that switch networks may appear multiple times in the APT portal.
+- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
index e05ea856f0..af6205c2ca 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@@ -37,7 +37,18 @@ We've been working hard through the private preview period, and we've heard your
- Product health can be queried with JAMF or the command line.
- Admins can set their cloud preference for any location, not just for those in the US.
-## Prerequisites
+## Installing and configuring
+
+There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+In general you'll need to take the following steps:
+
+- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal
+- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
+ - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune)
+ - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf)
+ - [Manual deployment](microsoft-defender-atp-mac-install-manually)
+
+### Prerequisites
You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine.
@@ -71,527 +82,6 @@ To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/ap
We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines.
SIP is a built-in macOS security feature that prevents low-level tampering with the OS.
-## Installation and configuration overview
+## Resources
-There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
-In general you'll need to take the following steps:
-
-- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal
-- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
- - [Microsoft Intune based deployment](#microsoft-intune-based-deployment)
- - [JAMF based deployment](#jamf-based-deployment)
- - [Manual deployment](#manual-deployment)
-
-## Microsoft Intune based deployment
-
-### Download installation and onboarding packages
-
-Download the installation and onboarding packages from Windows Defender Security Center:
-
-1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
-3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
-4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
-5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos).
-
- 
-
-6. From a command prompt, verify that you have the three files.
- Extract the contents of the .zip files:
-
- ```bash
- mavel-macmini:Downloads test$ ls -l
- total 721688
- -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil
- -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
- -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
- mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
- Archive: WindowsDefenderATPOnboardingPackage.zip
- warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
- inflating: intune/kext.xml
- inflating: intune/WindowsDefenderATPOnboarding.xml
- inflating: jamf/WindowsDefenderATPOnboarding.plist
- mavel-macmini:Downloads test$
- ```
-
-7. Make IntuneAppUtil an executable:
-
- ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil```
-
-8. Create the wdav.pkg.intunemac package from wdav.pkg:
-
- ```bash
- mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
- Microsoft Intune Application Utility for Mac OS X
- Version: 1.0.0.0
- Copyright 2018 Microsoft Corporation
-
- Creating intunemac file for /Users/test/Downloads/wdav.pkg
- Composing the intunemac file output
- Output written to ./wdav.pkg.intunemac.
-
- IntuneAppUtil successfully processed "wdav.pkg",
- to deploy refer to the product documentation.
- ```
-
-### Client Machine Setup
-
-You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp).
-
-1. You'll be asked to confirm device management.
-
-
-
-Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**:
-
-
-
-2. Select the **Continue** button and complete the enrollment.
-
-You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned.
-
-3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine:
-
-
-
-### Create System Configuration profiles
-
-1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**.
-2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**.
-3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
-4. Select **OK**.
-
- 
-
-5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
-6. Repeat these steps with the second profile.
-7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file.
-8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**.
-
-After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade:
-
-
-
-### Publish application
-
-1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**.
-2. Select **App type=Other/Line-of-business app**.
-3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload.
-4. Select **Configure** and add the required information.
-5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value.
-
- 
-
-6. Select **OK** and **Add**.
-
- 
-
-7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**.
-
- 
-
-8. Change **Assignment type=Required**.
-9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
-
- 
-
-10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade:
-
- 
-
-### Verify client machine state
-
-1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**.
-
- 
- 
-
-2. Verify the three profiles listed there:
- 
-
-3. The **Management Profile** should be the Intune system profile.
-4. wdav-config and wdav-kext are system configuration profiles that we added in Intune.
-5. You should also see the Microsoft Defender icon in the top-right corner:
-
- 
-
-## JAMF based deployment
-
-### Prerequsites
-
-You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow.
-
-### Download installation and onboarding packages
-
-Download the installation and onboarding packages from Windows Defender Security Center:
-
-1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
-3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
-4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
-
- 
-
-5. From a command prompt, verify that you have the two files.
- Extract the contents of the .zip files:
-
- ```bash
- mavel-macmini:Downloads test$ ls -l
- total 721160
- -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
- -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
- mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
- Archive: WindowsDefenderATPOnboardingPackage.zip
- warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
- inflating: intune/kext.xml
- inflating: intune/WindowsDefenderATPOnboarding.xml
- inflating: jamf/WindowsDefenderATPOnboarding.plist
- mavel-macmini:Downloads test$
- ```
-
-### Create JAMF Policies
-
-You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines.
-
-#### Configuration Profile
-
-The configuration profile contains one custom settings payload that includes:
-
-- Microsoft Defender ATP for Mac onboarding information
-- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run
-
-1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File.
-
- >[!NOTE]
- > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain.
-
- 
-
-#### Approved Kernel Extension
-
-To approve the kernel extension:
-
-1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
-2. Use **UBF8T346G9** for Team Id.
-
-
-
-#### Configuration Profile's Scope
-
-Configure the appropriate scope to specify the machines that will receive this configuration profile.
-
-Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers.
-
-
-
-Save the **Configuration Profile**.
-
-Use the **Logs** tab to monitor deployment status for each enrolled machine.
-
-#### Package
-
-1. Create a package in **Settings > Computer Management > Packages**.
-
- 
-
-2. Upload wdav.pkg to the Distribution Point.
-3. In the **filename** field, enter the name of the package. For example, wdav.pkg.
-
-#### Policy
-
-Your policy should contain a single package for Microsoft Defender.
-
-
-
-Configure the appropriate scope to specify the computers that will receive this policy.
-
-After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine.
-
-### Client machine setup
-
-You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment.
-
-> [!NOTE]
-> After a computer is enrolled, it will show up in the Computers inventory (All Computers).
-
-1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
-
-
-
-
-After some time, the machine's User Approved MDM status will change to Yes.
-
-
-
-You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned.
-
-### Deployment
-
-Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected.
-
-#### Status on server
-
-You can monitor the deployment status in the Logs tab:
-
-- **Pending** means that the deployment is scheduled but has not yet happened
-- **Completed** means that the deployment succeeded and is no longer scheduled
-
-
-
-#### Status on client machine
-
-After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile.
-
-
-
-After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
-
-
-
-You can monitor policy installation on a machine by following the JAMF's log file:
-
-```bash
-mavel-mojave:~ testuser$ tail -f /var/log/jamf.log
-Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
-Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
-Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
-Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender...
-Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender.
-Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches...
-Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found.
-```
-
-You can also check the onboarding status:
-
-```bash
-mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
-uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
-orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
-orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
-orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
-```
-
-- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set.
-
-- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed.
-
-### Uninstalling Microsoft Defender ATP for Mac
-
-#### Uninstalling with a script
-
-Create a script in **Settings > Computer Management > Scripts**.
-
-
-
-For example, this script removes Microsoft Defender ATP from the /Applications directory:
-
-```bash
-echo "Is WDAV installed?"
-ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
-
-echo "Uninstalling WDAV..."
-rm -rf '/Applications/Microsoft Defender ATP.app'
-
-echo "Is WDAV still installed?"
-ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
-
-echo "Done!"
-```
-
-#### Uninstalling with a policy
-
-Your policy should contain a single script:
-
-
-
-Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.
-
-### Check onboarding status
-
-You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded:
-
-```bash
-sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+'
-```
-
-This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered.
-
-## Manual deployment
-
-### Download installation and onboarding packages
-
-Download the installation and onboarding packages from Windows Defender Security Center:
-
-1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**.
-3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
-4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
-
- 
-
-5. From a command prompt, verify that you have the two files.
- Extract the contents of the .zip files:
-
- ```bash
- mavel-macmini:Downloads test$ ls -l
- total 721152
- -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip
- -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
- mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
- Archive: WindowsDefenderATPOnboardingPackage.zip
- inflating: WindowsDefenderATPOnboarding.py
- ```
-
-### Application installation
-
-To complete this process, you must have admin privileges on the machine.
-
-1. Navigate to the downloaded wdav.pkg in Finder and open it.
-
- 
-
-2. Select **Continue**, agree with the License terms, and enter the password when prompted.
-
- 
-
- > [!IMPORTANT]
- > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed.
-
- 
-
-3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**:
-
- 
-
-The installation will proceed.
-
-> [!NOTE]
-> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time.
-
-### Client configuration
-
-1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac.
-
- The client machine is not associated with orgId. Note that the orgid is blank.
-
- ```bash
- mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
- uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
- orgid :
- ```
-
-2. Install the configuration file on a client machine:
-
- ```bash
- mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py
- Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
- ```
-
-3. Verify that the machine is now associated with orgId:
-
- ```bash
- mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
- uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
- orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8
- ```
-
-After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
-
- 
-
-## Configuring with the command line
-
-Controlling product settings, triggering on-demand scans, and several other important tasks can be done from the command line with the following commands:
-
-|Group |Scenario |Command |
-|-------------|-------------------------------------------|-----------------------------------------------------------------------|
-|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` |
-|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` |
-|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` |
-|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` |
-|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`|
-|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` |
-|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`|
-|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` |
-|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` |
-|Health |Check the product's health |`mdatp --health` |
-|Protection |Scan a path |`mdatp scan --path [path]` |
-|Protection |Do a quick scan |`mdatp scan --quick` |
-|Protection |Do a full scan |`mdatp scan --full` |
-|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` |
-|Protection |Request a definition update |`mdatp --signature-update` |
-
-## What to expect in the ATP portal
-
-- AV alerts:
- - Severity
- - Scan type
- - Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
- - File information (name, path, size, and hash)
- - Threat information (name, type, and state)
-- Device information:
- - Machine identifier
- - Tenant identifier
- - App version
- - Hostname
- - OS type
- - OS version
- - Computer model
- - Processor architecture
- - Whether the device is a virtual machine
-
-## Uninstallation
-
-### Removing Microsoft Defender ATP from Mac devices
-
-To remove Microsoft Defender ATP from your macOS devices:
-
-- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
-
-Or, from a command line:
-
-- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
-
-## Known issues
-
-- Not fully optimized for performance or disk space yet.
-- Full Windows Defender ATP integration is not available yet.
-- Mac devices that switch networks may appear multiple times in the APT portal.
-- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device.
-
-## Collecting diagnostic information
-
-If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
-
-1) Increase logging level:
-
-```bash
- mavel-mojave:~ testuser$ mdatp log-level --verbose
- Creating connection to daemon
- Connection established
- Operation succeeded
-```
-
-2) Reproduce the problem
-
-3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file.
-
- ```bash
- mavel-mojave:~ testuser$ mdatp --diagnostic
- Creating connection to daemon
- Connection established
- "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip"
- ```
-
-4) Restore logging level:
-
- ```bash
- mavel-mojave:~ testuser$ mdatp log-level --info
- Creating connection to daemon
- Connection established
- Operation succeeded
- ```
-
-### Installation issues
-
-If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
+For further information on logging, uninstalling, the ATP portal, or known issues, see our [Resources](microsoft-defender-atp-mac-resources) page.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
index a125e6e506..8ce696c455 100644
--- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
+++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
@@ -51,7 +51,7 @@ The following capabilities are included in the April 2019 preview release.
### In preview
The following capability are included in the March 2019 preview release.
-- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-rotection) The machine health and compliance report provides high-level information about the devices in your organization.
+- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection) The machine health and compliance report provides high-level information about the devices in your organization.
## February 2019