Merge remote-tracking branch 'refs/remotes/origin/windef-atp'

windows/keep-secure/TOC.md

@@ -428,6 +428,7 @@
 ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
 #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
 #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)
+#### [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md)
 #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)
 ## [Enterprise security guides](windows-10-enterprise-security-guides.md)
 ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)

windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md

@@ -25,7 +25,7 @@ Using the GP configuration package ensures your endpoints will be correctly conf
 
 > **Note**  To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 Insider Preview Build 14332 or later.
 
-1.  Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a.  Click **Client onboarding** on the **Navigation pane**.
 
@@ -52,13 +52,13 @@ For additional settings, see the [Additional configuration settings section](add
 
 ## Configure with System Center Configuration Manager
 
-1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage_ConfigurationManager.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a. Click **Client onboarding** on the **Navigation pane**.
 
     b. Select **System Center Configuration Manager**, click **Download package**, and save the .zip file.
 
-2.	Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package.
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATPOnboardingScript.cmd*.
 
 3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic.
 
@@ -76,7 +76,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 
     a.  Click **Client onboarding** on the **Navigation pane**.
 
-    b.  Select **Manually on-board local machine**, click **Download package** and save the .zip file.
+    b.  Select **Local Script**, click **Download package** and save the .zip file.
 
 
 2.  Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.cmd*.

windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md

@@ -0,0 +1,53 @@
+---
+title: Run a scan from the command line in Windows Defender in Windows 10 (Windows 10)
+description: IT professionals can run a scan using the command line in Windows Defender in Windows 10.
+keywords: scan, command line, mpcmdrun, defender
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: W10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: mjcaparas
+---
+
+# Run a Windows Defender scan from the command line
+
+**Applies to:**
+
+- Windows 10
+
+IT professionals can use a command-line utility to run a Windows Defender scan. 
+
+The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe_
+
+This utility can be handy when you want to automate the use of Windows Defender. 
+
+**To run a full system scan from the command line**
+
+1. Click **Start**, type **cmd**, and press **Enter**.
+2. Navigate to _%ProgramFiles%\Windows Defender_ and enter the following command, and press **Enter**:
+
+```
+C:\Program Files\Windows Defender\mpcmdrun.exe -scan -scantype 2
+```
+The full scan will start. When the scan completes, you'll see a message indicating that the scan is finished. 
+
+
+The utility also provides other commands that you can run:
+
+```
+MpCmdRun.exe [command] [-options]
+```
+
+Command | Description 
+:---|:---
+\- ? / -h | Displays all available options for the tool
+\-Scan [-ScanType #] [-File <path> [-DisableRemediation] [-BootSectorScan]][-Timeout <days>] | Scans for malicious softare
+\-Trace  [-Grouping #] [-Level #]| Starts diagnostic tracing
+\-GetFiles | Collects support information
+\-RemoveDefinitions [-All] | Restores the installed signature definitions to a previous backup copy or to the original default set of signatures
+\-AddDynamicSignature [-Path] | Loads a dyanmic signature
+\-ListAllDynamicSignature [-Path] | Lists the loaded dynamic signatures
+\-RemoveDynamicSignature [-SignatureSetID] | Removes a dynamic signature
+\-EnableIntegrityServices | Enables integrity services
+\-SubmitSamples | Submit all sample requests 

windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md

@@ -38,7 +38,7 @@ If the endpoints aren't reporting correctly, you might need to check that the Wi
 
 **Check the onboarding state in Registry**:
 
-1. Click **Start**, type **Run**, and press **Enter**
+1. Click **Start**, type **Run**, and press **Enter**.
 
 2. From the **Run** dialog box, type **regedit** and press **Enter**.