diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 4a51afaa13..bf0e603e07 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -1,6 +1,6 @@
---
title: Microsoft Defender for Endpoint for US Government customers
-description: Learn about the requirements and the available Microsoft Defender for Endpoint capabilities for US Government customers
+description: Learn about the Microsoft Defender for Endpoint for US Government customers requirements and capabilities available
keywords: government, gcc, high, requirements, capabilities, defender, defender atp, mdatp, endpoint, dod
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -20,14 +20,11 @@ ms.technology: mde
# Microsoft Defender for Endpoint for US Government customers
-[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
-
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
Microsoft Defender for Endpoint for US Government customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
-This offering is currently available to Microsoft 365 GCC and GCC High customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering.
+This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering.
> [!NOTE]
> If you are a "GCC on Commercial" customer, please refer to the public documentation pages.
@@ -39,6 +36,7 @@ Customer type | Portal URL
:---|:---
GCC | https://gcc.securitycenter.microsoft.us
GCC High | https://securitycenter.microsoft.us
+DoD (PREVIEW) | Rolling out
@@ -47,28 +45,28 @@ GCC High | https://securitycenter.microsoft.us
### Standalone OS versions
The following OS versions are supported:
-OS version | GCC | GCC High
-:---|:---|:---
-Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853)) |  | 
-Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853)) |  | 
-Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819)) |  | 
-Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) |  | 
-Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) |  | 
-Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245)) |  | 
-Windows 10, version 1709 | 
Note: Won't be supported |  With [KB4499147](https://support.microsoft.com/help/4499147)
Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade
-Windows 10, version 1703 and earlier | 
Note: Won't be supported | 
Note: Won't be supported
-Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) |  | 
-Windows Server 2016 |  |  In development
-Windows Server 2012 R2 |  |  In development
-Windows Server 2008 R2 SP1 |  |  In development
-Windows 8.1 Enterprise |  |  In development
-Windows 8 Pro |  |  In development
-Windows 7 SP1 Enterprise |  |  In development
-Windows 7 SP1 Pro |  |  In development
-Linux |  In development |  In development
-macOS |  In development |  In development
-Android |  On engineering backlog |  On engineering backlog
-iOS |  On engineering backlog |  On engineering backlog
+OS version | GCC | GCC High | DoD (PREVIEW)
+:---|:---|:---|:---
+Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853)) |  |  |  Rolling out
+Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853)) |  |  |  Rolling out
+Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819)) |  |  |  Rolling out
+Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) |  |  |  Rolling out
+Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) |  |  |  Rolling out
+Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245)) |  |  |  Rolling out
+Windows 10, version 1709 | 
Note: Won't be supported |  With [KB4499147](https://support.microsoft.com/help/4499147)
Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade | 
Note: Won't be supported
+Windows 10, version 1703 and earlier | 
Note: Won't be supported | 
Note: Won't be supported | 
Note: Won't be supported
+Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) |  |  |  Rolling out
+Windows Server 2016 |  |  Rolling out |  Rolling out
+Windows Server 2012 R2 |  |  Rolling out |  Rolling out
+Windows Server 2008 R2 SP1 |  |  Rolling out |  Rolling out
+Windows 8.1 Enterprise |  |  Rolling out |  Rolling out
+Windows 8 Pro |  |  Rolling out |  Rolling out
+Windows 7 SP1 Enterprise |  |  Rolling out |  Rolling out
+Windows 7 SP1 Pro |  |  Rolling out |  Rolling out
+Linux |  In development |  In development |  In development
+macOS |  In development |  In development |  In development
+Android |  On engineering backlog |  On engineering backlog |  On engineering backlog
+iOS |  On engineering backlog |  On engineering backlog |  On engineering backlog
> [!NOTE]
> Where a patch is specified, it must be deployed prior to device onboarding in order to configure Defender for Endpoint to the correct environment.
@@ -79,11 +77,11 @@ iOS |  On engineering backlog | :
-OS version | GCC | GCC High
-:---|:---|:---
-Windows Server 2016 |  Rolling out | 
-Windows Server 2012 R2 |  Rolling out | 
-Windows Server 2008 R2 SP1 |  Rolling out | 
+OS version | GCC | GCC High | DoD (PREVIEW)
+:---|:---|:---|:---
+Windows Server 2016 |  Rolling out |  | 
+Windows Server 2012 R2 |  Rolling out |  | 
+Windows Server 2008 R2 SP1 |  Rolling out |  | 
@@ -95,14 +93,14 @@ Service location | DNS record
Common URLs for all locations (Global location) | `crl.microsoft.com`
`ctldl.windowsupdate.com`
`notify.windows.com`
`settings-win.data.microsoft.com`
Note: `settings-win.data.microsoft.com` is only needed on Windows 10 devices running version 1803 or earlier.
Common URLs for all US Gov customers | `us4-v20.events.data.microsoft.com`
`*.blob.core.usgovcloudapi.net`
Defender for Endpoint GCC specific | `winatp-gw-usmt.microsoft.com`
`winatp-gw-usmv.microsoft.com`
-Defender for Endpoint GCC High specific | `winatp-gw-usgt.microsoft.com`
`winatp-gw-usgv.microsoft.com`
+Defender for Endpoint GCC High & DoD (PREVIEW) specific | `winatp-gw-usgt.microsoft.com`
`winatp-gw-usgv.microsoft.com`
## API
Instead of the public URIs listed in our [API documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro), you'll need to use the following URIs:
-Endpoint type | GCC | GCC High
+Endpoint type | GCC | GCC High & DoD (PREVIEW)
:---|:---|:---
Login | `https://login.microsoftonline.com` | `https://login.microsoftonline.us`
Defender for Endpoint API | `https://api-gcc.securitycenter.microsoft.us` | `https://api-gov.securitycenter.microsoft.us`
@@ -111,30 +109,30 @@ SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/
## Feature parity with commercial
-Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight.
+Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
-These are the known gaps as of January 2021:
+These are the known gaps as of February 2021:
-Feature name | GCC | GCC High
-:---|:---|:---
-Automated investigation and remediation: Live response |  |  In development
-Automated investigation and remediation: Response to Office 365 alerts |  On engineering backlog |  On engineering backlog
-Email notifications |  Rolling out |  In development
-Evaluation lab |  |  In development
-Management and APIs: Device health and compliance report |  |  In development
-Management and APIs: Integration with third-party products |  |  In development
-Management and APIs: Streaming API |  |  In development
-Management and APIs: Threat protection report |  |  In development
-Threat & vulnerability management |  |  In development
-Threat analytics |  |  In development
-Web content filtering |  In development |  In development
-Integrations: Azure Sentinel |  |  In development
-Integrations: Microsoft Cloud App Security |  On engineering backlog |  On engineering backlog
-Integrations: Microsoft Compliance Center |  On engineering backlog |  On engineering backlog
-Integrations: Microsoft Defender for Identity |  On engineering backlog |  On engineering backlog
-Integrations: Microsoft Defender for Office 365 |  On engineering backlog |  On engineering backlog
-Integrations: Microsoft Endpoint DLP |  On engineering backlog |  On engineering backlog
-Integrations: Microsoft Intune |  |  In development
-Integrations: Microsoft Power Automate & Azure Logic Apps |  |  In development
-Integrations: Skype for Business / Teams |  |  In development
-Microsoft Threat Experts |  On engineering backlog |  On engineering backlog
+Feature name | GCC | GCC High | DoD (PREVIEW)
+:---|:---|:---|:---
+Automated investigation and remediation: Live response |  |  Rolling out |  Rolling out
+Automated investigation and remediation: Response to Office 365 alerts |  On engineering backlog |  On engineering backlog |  On engineering backlog
+Email notifications |  Rolling out |  Rolling out |  Rolling out
+Evaluation lab |  |  Rolling out |  Rolling out
+Management and APIs: Device health and compliance report |  |  Rolling out |  Rolling out
+Management and APIs: Integration with third-party products |  In development |  In development |  In development
+Management and APIs: Streaming API |  |  In development |  In development
+Management and APIs: Threat protection report |  |  Rolling out |  Rolling out
+Threat & vulnerability management |  |  Rolling out |  Rolling out
+Threat analytics |  |  Rolling out |  Rolling out
+Web content filtering |  In development |  In development |  In development
+Integrations: Azure Sentinel |  |  In development |  In development
+Integrations: Microsoft Cloud App Security |  On engineering backlog |  On engineering backlog |  On engineering backlog
+Integrations: Microsoft Compliance Center |  On engineering backlog |  On engineering backlog |  On engineering backlog
+Integrations: Microsoft Defender for Identity |  On engineering backlog |  On engineering backlog |  On engineering backlog
+Integrations: Microsoft Defender for Office 365 |  On engineering backlog |  On engineering backlog |  On engineering backlog
+Integrations: Microsoft Endpoint DLP |  On engineering backlog |  On engineering backlog |  On engineering backlog
+Integrations: Microsoft Intune |  |  In development |  In development
+Integrations: Microsoft Power Automate & Azure Logic Apps |  |  In development |  In development
+Integrations: Skype for Business / Teams |  |  Rolling out |  Rolling out
+Microsoft Threat Experts |  On engineering backlog |  On engineering backlog |  On engineering backlog