From 1c60d9b448e225a8707e85cbc1d7c0292741de68 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 12:52:02 -0800
Subject: [PATCH] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md  | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 703de9a4ef..4fc988374f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -57,12 +57,23 @@ Depending on the apps your organization is using, you might be getting false pos
 #### Use Microsoft Endpoint Manager to edit PUA protection for existing configuration profiles
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
+2. Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-pua-protection-for-a-new-configuration-profile)).
 3. Under **Manage**, choose **Properties**, and then, next to **Configuration settings**, choose **Edit**.
 4. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
 5. Set **Detect potentially unwanted applications** to **Audit**. (You can turn it off, but by using audit mode, you will be able to see detections.)
 6. Choose **Review + save**, and then choose **Save**.
 
+#### Use Microsoft Endpoint Manager to set PUA protection for a new configuration profile
+
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Devices** > **Configuration profiles** > **+ Create profile**.
+3. For the **Platform**, choose **Windows 10 and later**, and for **Profile**, select **Device restrictions**.
+4. On the **Basics** tab, specify a name and description for your policy. Then choose **Next**.
+5. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
+6. Set **Detect potentially unwanted applications** to **Audit**, and then choose **Next**. (You can turn PUA protection off, but by using audit mode, you will be able to see detections.)
+7. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](Assign device profiles in Microsoft Intune - Azure | Microsoft Docs).)
+8. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.
+9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
 
 
 ## Review or define exclusions