From 3ab062c947cb34404c21d9c35fa268350b0dd01d Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 13 Jun 2017 15:31:40 -0700
Subject: [PATCH 01/14] VDI content

---
 ...ows-defender-advanced-threat-protection.md | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 703871c3fd..bfb8775222 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -48,6 +48,50 @@ localizationpriority: high
 
 9. Click **OK** and close any open GPMC windows.
 
+## Onboard virtual desktop infrastructure (VDI)
+You can onboard VDIs using Group Policy (GP). You can onboard VDIs using a single entry or multiple entries for each machine. The following steps will guide you on how to onboard VDIs and will highlight steps for single and multiple entry methods.
+
+1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+
+    a.  Click **Endpoint management** on the **Navigation pane**.
+
+    b.  Select **Group Policy**, click **Download package** and save the .zip file.
+
+2. Copy the extracted files from the .zip into `golden/master` image under the path
+path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called WindowsDefenderATPOnboardingPackage containing the file WindowsDefenderATPOnboardingScript.cmd.
+
+3. Follow the following step if you're implementing a single entry method: <br>
+    **For single entry for each machine**:<br>
+    Copy the file `Onboard-NonPersistentMachine.ps1` to `golden/master` image to
+path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
+
+4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
+
+5. Depending on the method you'd like to implement, follow the appropriate steps: <br>
+  **For single entry for each machine**:<br>
+  Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`. <br><br>
+  **For multiple entries for each machine**:<br>
+  Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
+
+6. (sysprep and) save golden/master image [PLEASE EXPLAIN, I'M NOT SURE I UNDERSTAND THIS STEP]
+
+7. Test your solution:
+
+  a. Create a pool with one machine.
+
+  b. Logon to machine.
+
+  c. Logoff from machine.
+
+  d. Logon to machine with another user.
+
+  e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
+  **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
+
+8. Click **Machines list** on the Navigation pane.
+
+9. Use the search function by entering the machine name and select **Machine** as search type. [QUESTION TO DAN: IF USER WILL USE SEARCH FUNCTION, DO THEY REALLY NEED TO GO TO MACHINES LIST FIRST? CAN'T THEY JUST USE SEARCH FUNCTION DIRECTLY AND SKIP PRIOR STEP?]
+
 ## Additional Windows Defender ATP configuration settings
 For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
 

From fd32647090e916bde454c1d28b660fd751879414 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 13 Jun 2017 15:41:43 -0700
Subject: [PATCH 02/14] minor edits

---
 ...ndpoints-gp-windows-defender-advanced-threat-protection.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index bfb8775222..806c3e1045 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -49,7 +49,7 @@ localizationpriority: high
 9. Click **OK** and close any open GPMC windows.
 
 ## Onboard virtual desktop infrastructure (VDI)
-You can onboard VDIs using Group Policy (GP). You can onboard VDIs using a single entry or multiple entries for each machine. The following steps will guide you on how to onboard VDIs and will highlight steps for single and multiple entry methods.
+You can onboard VDIs using Group Policy (GP). You can onboard VDIs using a single entry or multiple entries for each machine. The following steps will guide you through steps in onboarding VDIs and will highlight steps for single and multiple entries.
 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
@@ -60,7 +60,7 @@ You can onboard VDIs using Group Policy (GP). You can onboard VDIs using a singl
 2. Copy the extracted files from the .zip into `golden/master` image under the path
 path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called WindowsDefenderATPOnboardingPackage containing the file WindowsDefenderATPOnboardingScript.cmd.
 
-3. Follow the following step if you're implementing a single entry method: <br>
+3. The following step is only applicable if you're implementing a single entry for each machine: <br>
     **For single entry for each machine**:<br>
     Copy the file `Onboard-NonPersistentMachine.ps1` to `golden/master` image to
 path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>

From 74e4cd00ca817ebbe29f0cfd2c8d20925ef07784 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Mon, 26 Jun 2017 21:17:16 -0700
Subject: [PATCH 03/14] note for hidden folder

---
 ...endpoints-gp-windows-defender-advanced-threat-protection.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 806c3e1045..b1aab65177 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -60,6 +60,9 @@ You can onboard VDIs using Group Policy (GP). You can onboard VDIs using a singl
 2. Copy the extracted files from the .zip into `golden/master` image under the path
 path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called WindowsDefenderATPOnboardingPackage containing the file WindowsDefenderATPOnboardingScript.cmd.
 
+    >[!NOTE]
+    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer. 
+
 3. The following step is only applicable if you're implementing a single entry for each machine: <br>
     **For single entry for each machine**:<br>
     Copy the file `Onboard-NonPersistentMachine.ps1` to `golden/master` image to

From 6a85eb0cab75f11858929ebeda488a0bce20d5cb Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Mon, 26 Jun 2017 21:21:23 -0700
Subject: [PATCH 04/14] add note

---
 ...endpoints-gp-windows-defender-advanced-threat-protection.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index b1aab65177..d3ad03625e 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -68,6 +68,9 @@ path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have
     Copy the file `Onboard-NonPersistentMachine.ps1` to `golden/master` image to
 path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
 
+    >[!NOTE]
+    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer. 
+
 4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
 
 5. Depending on the method you'd like to implement, follow the appropriate steps: <br>

From 024f1d42bd0cf24a8e33c837417db191b6ee6943 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Mon, 26 Jun 2017 22:01:02 -0700
Subject: [PATCH 05/14] add step to download file

---
 ...ndpoints-gp-windows-defender-advanced-threat-protection.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index d3ad03625e..8fd5e8aa13 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -65,8 +65,8 @@ path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have
 
 3. The following step is only applicable if you're implementing a single entry for each machine: <br>
     **For single entry for each machine**:<br>
-    Copy the file `Onboard-NonPersistentMachine.ps1` to `golden/master` image to
-path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
+        a. Download the file: [Onboard-NonPersistenMachine.ps1](https://go.microsoft.com/fwlink/p/?linkid=852276 ).<br>
+        b. Copy the file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
 
     >[!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer. 

From 4174506bfa0117f04d25f32c07a10988fe5dd987 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 3 Aug 2017 14:00:30 -0700
Subject: [PATCH 06/14] remove note

---
 ...-endpoints-gp-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index d544e11c73..1154e6ca3b 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -97,7 +97,7 @@ path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have
 
 8. Click **Machines list** on the Navigation pane.
 
-9. Use the search function by entering the machine name and select **Machine** as search type. [QUESTION TO DAN: IF USER WILL USE SEARCH FUNCTION, DO THEY REALLY NEED TO GO TO MACHINES LIST FIRST? CAN'T THEY JUST USE SEARCH FUNCTION DIRECTLY AND SKIP PRIOR STEP?]
+9. Use the search function by entering the machine name and select **Machine** as search type. 
 
 ## Additional Windows Defender ATP configuration settings
 For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.

From 19732e55c82ed1a446495c8a68278192249c13c6 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Mon, 7 Aug 2017 13:20:20 -0700
Subject: [PATCH 07/14] update to explain challenges of vdi onboarding

---
 ...-gp-windows-defender-advanced-threat-protection.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index d544e11c73..a47218351d 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -49,7 +49,16 @@ ms.localizationpriority: high
 
 9. Click **OK** and close any open GPMC windows.
 
-## Onboard virtual desktop infrastructure (VDI)
+## Onboard non-persistent virtual desktop infrastructure (VDI) machines
+
+Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challendges when onboarding VDIs. The typical challenges for this scenario are:
+
+- Instant early onboarding of a short living session
+    - A session should be onboared to Windows Defender ATP prior to the actual provisioning
+    
+- Machine name persistence 
+    - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
+
 You can onboard VDIs using Group Policy (GP). You can onboard VDIs using a single entry or multiple entries for each machine. The following steps will guide you through steps in onboarding VDIs and will highlight steps for single and multiple entries.
 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):

From cc2d4c07ee538371607c48603f79ccd413d9dbf3 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 9 Aug 2017 14:57:26 -0700
Subject: [PATCH 08/14] updates

---
 ...oints-gp-windows-defender-advanced-threat-protection.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 528a5522f4..19dfa555bd 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -31,7 +31,7 @@ ms.localizationpriority: high
 
     a.  Click **Endpoint management** on the **Navigation pane**.
 
-    b.  Select **Group Policy**, click **Download package** and save the .zip file.
+    b.  Select **VDI onboarding scripts for non-persisten endpoints**, click **Download package** and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
 
@@ -51,7 +51,8 @@ ms.localizationpriority: high
 
 ## Onboard non-persistent virtual desktop infrastructure (VDI) machines
 
-Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challendges when onboarding VDIs. The typical challenges for this scenario are:
+Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The typical challenges for this scenario are:
+dges when onboarding VDIs. The typical challenges for this scenario are:
 
 - Instant early onboarding of a short living session
     - A session should be onboared to Windows Defender ATP prior to the actual provisioning
@@ -59,7 +60,7 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might
 - Machine name persistence 
     - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
 
-You can onboard VDIs using Group Policy (GP). You can onboard VDIs using a single entry or multiple entries for each machine. The following steps will guide you through steps in onboarding VDIs and will highlight steps for single and multiple entries.
+You can onboard VDIs using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 

From bf435d47b5c9e4303fa9690be585cbb6c7659344 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 9 Aug 2017 15:10:38 -0700
Subject: [PATCH 09/14] update steps

---
 ...ows-defender-advanced-threat-protection.md | 30 +++++++++----------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 19dfa555bd..4e1adf045f 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -29,9 +29,9 @@ ms.localizationpriority: high
 ## Onboard endpoints
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a.  Click **Endpoint management** on the **Navigation pane**.
+    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
 
-    b.  Select **VDI onboarding scripts for non-persisten endpoints**, click **Download package** and save the .zip file.
+    b.  Select **Group Policy**, click **Download package** and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
 
@@ -55,32 +55,32 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might
 dges when onboarding VDIs. The typical challenges for this scenario are:
 
 - Instant early onboarding of a short living session
-    - A session should be onboared to Windows Defender ATP prior to the actual provisioning
-    
-- Machine name persistence 
+    - A session should be onboarded to Windows Defender ATP prior to the actual provisioning
+
+- Machine name persistence
     - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
 
-You can onboard VDIs using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
+You can onboard VDIs machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a.  Click **Endpoint management** on the **Navigation pane**.
+    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
 
-    b.  Select **Group Policy**, click **Download package** and save the .zip file.
+    b.  Select **VDI onboarding scripts for non-persistent endpoints**, click **Download package** and save the .zip file.
 
 2. Copy the extracted files from the .zip into `golden/master` image under the path
 path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called WindowsDefenderATPOnboardingPackage containing the file WindowsDefenderATPOnboardingScript.cmd.
 
     >[!NOTE]
-    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer. 
+    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
 
 3. The following step is only applicable if you're implementing a single entry for each machine: <br>
     **For single entry for each machine**:<br>
-        a. Download the file: [Onboard-NonPersistenMachine.ps1](https://go.microsoft.com/fwlink/p/?linkid=852276 ).<br>
+        a. Download the file: [Onboard-NonPersistenMachine.ps1](https://go.microsoft.com/fwlink/p/?linkid=852276 ).<br> [LUBA - DO I STILL NEED THIS STEP?]
         b. Copy the file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
 
     >[!NOTE]
-    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer. 
+    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
 
 4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
 
@@ -90,9 +90,7 @@ path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have
   **For multiple entries for each machine**:<br>
   Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
 
-6. (sysprep and) save golden/master image [PLEASE EXPLAIN, I'M NOT SURE I UNDERSTAND THIS STEP]
-
-7. Test your solution:
+6. Test your solution:
 
   a. Create a pool with one machine.
 
@@ -105,9 +103,9 @@ path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have
   e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
   **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
 
-8. Click **Machines list** on the Navigation pane.
+7. Click **Machines list** on the Navigation pane.
 
-9. Use the search function by entering the machine name and select **Machine** as search type. 
+8. Use the search function by entering the machine name and select **Machine** as search type.
 
 ## Additional Windows Defender ATP configuration settings
 For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.

From d7a5714ba0b291e04878970f9804ca8eaad28a2c Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 9 Aug 2017 15:16:56 -0700
Subject: [PATCH 10/14] remove extra sentence

---
 ...ndpoints-gp-windows-defender-advanced-threat-protection.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 4e1adf045f..13c364d185 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -51,8 +51,8 @@ ms.localizationpriority: high
 
 ## Onboard non-persistent virtual desktop infrastructure (VDI) machines
 
-Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The typical challenges for this scenario are:
-dges when onboarding VDIs. The typical challenges for this scenario are:
+Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
+
 
 - Instant early onboarding of a short living session
     - A session should be onboarded to Windows Defender ATP prior to the actual provisioning

From 8b3d300b4c67b6695b4270c9b30d98ebf37875ff Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 14 Aug 2017 13:37:03 -0700
Subject: [PATCH 11/14] update script step

---
 ...s-gp-windows-defender-advanced-threat-protection.md | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 13c364d185..5d8abbd58c 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -60,24 +60,22 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might
 - Machine name persistence
     - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
 
-You can onboard VDIs machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
+You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
 
-    b.  Select **VDI onboarding scripts for non-persistent endpoints**, click **Download package** and save the .zip file.
+    b.  Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file.
 
-2. Copy the extracted files from the .zip into `golden/master` image under the path
-path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called WindowsDefenderATPOnboardingPackage containing the file WindowsDefenderATPOnboardingScript.cmd.
+2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
 
     >[!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
 
 3. The following step is only applicable if you're implementing a single entry for each machine: <br>
     **For single entry for each machine**:<br>
-        a. Download the file: [Onboard-NonPersistenMachine.ps1](https://go.microsoft.com/fwlink/p/?linkid=852276 ).<br> [LUBA - DO I STILL NEED THIS STEP?]
-        b. Copy the file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
+        a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
 
     >[!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.

From d9848c128db95435ca9a872e0490c28f9f8fcf9c Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 14 Aug 2017 13:50:11 -0700
Subject: [PATCH 12/14] create stand alone topic for vdi

---
 windows/threat-protection/TOC.md              |  1 +
 ...ows-defender-advanced-threat-protection.md | 56 +------------
 ...ows-defender-advanced-threat-protection.md |  1 +
 ...ows-defender-advanced-threat-protection.md |  1 +
 ...ows-defender-advanced-threat-protection.md |  1 +
 ...ows-defender-advanced-threat-protection.md | 83 +++++++++++++++++++
 6 files changed, 88 insertions(+), 55 deletions(-)
 create mode 100644 windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md

diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md
index f482e0b44e..db5c68b7c1 100644
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@@ -12,6 +12,7 @@
 ##### [Configure endpoints using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
 ###### [Configure endpoints using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune)
 ##### [Configure endpoints using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+##### [Configure non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
 #### [Configure proxy and Internet settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 #### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 ### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 5d8abbd58c..305f982f51 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -49,61 +49,6 @@ ms.localizationpriority: high
 
 9. Click **OK** and close any open GPMC windows.
 
-## Onboard non-persistent virtual desktop infrastructure (VDI) machines
-
-Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
-
-
-- Instant early onboarding of a short living session
-    - A session should be onboarded to Windows Defender ATP prior to the actual provisioning
-
-- Machine name persistence
-    - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
-
-You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
-
-1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
-
-    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
-
-    b.  Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file.
-
-2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
-
-    >[!NOTE]
-    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
-
-3. The following step is only applicable if you're implementing a single entry for each machine: <br>
-    **For single entry for each machine**:<br>
-        a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
-
-    >[!NOTE]
-    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
-
-4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
-
-5. Depending on the method you'd like to implement, follow the appropriate steps: <br>
-  **For single entry for each machine**:<br>
-  Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`. <br><br>
-  **For multiple entries for each machine**:<br>
-  Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
-
-6. Test your solution:
-
-  a. Create a pool with one machine.
-
-  b. Logon to machine.
-
-  c. Logoff from machine.
-
-  d. Logon to machine with another user.
-
-  e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
-  **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
-
-7. Click **Machines list** on the Navigation pane.
-
-8. Use the search function by entering the machine name and select **Machine** as search type.
 
 ## Additional Windows Defender ATP configuration settings
 For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
@@ -206,4 +151,5 @@ With Group Policy there isn’t an option to monitor deployment of policies on t
 - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 2c8aed6960..3d56ded8f0 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -203,4 +203,5 @@ Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/W
 - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index 59794d532f..e50a75222d 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -169,4 +169,5 @@ For more information about System Center Configuration Manager Compliance see [C
 - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index 0f47beb693..b43f77504f 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -121,4 +121,5 @@ Monitoring can also be done directly on the portal, or by using the different de
 - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..def2b6ce11
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,83 @@
+---
+title: Configure non-persistent virtual desktop infrastructure (VDI) machines in Windows Defender ATP
+description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to the service.
+keywords: configure virtual desktop infrastructure (VDI) machine, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, vdi
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+---
+
+# Configure non-persistent virtual desktop infrastructure (VDI) machines
+
+**Applies to:**
+- Virtual desktop infrastructure (VDI)
+
+## Onboard non-persistent virtual desktop infrastructure (VDI) machines
+
+Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
+
+
+- Instant early onboarding of a short living session
+    - A session should be onboarded to Windows Defender ATP prior to the actual provisioning
+
+- Machine name persistence
+    - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
+
+You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
+
+1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+
+    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
+
+    b.  Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file.
+
+2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
+
+    >[!NOTE]
+    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
+
+3. The following step is only applicable if you're implementing a single entry for each machine: <br>
+    **For single entry for each machine**:<br>
+        a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
+
+    >[!NOTE]
+    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
+
+4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
+
+5. Depending on the method you'd like to implement, follow the appropriate steps: <br>
+  **For single entry for each machine**:<br>
+  Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`. <br><br>
+  **For multiple entries for each machine**:<br>
+  Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
+
+6. Test your solution:
+
+  a. Create a pool with one machine.
+
+  b. Logon to machine.
+
+  c. Logoff from machine.
+
+  d. Logon to machine with another user.
+
+  e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
+  **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
+
+7. Click **Machines list** on the Navigation pane.
+
+8. Use the search function by entering the machine name and select **Machine** as search type.
+
+## Related topics
+- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+
+

From b95da4c1431de96c3e692d72073bd91aceb26759 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 21 Aug 2017 11:50:23 -0700
Subject: [PATCH 13/14] update to vdi package

---
 ...endpoints-vdi-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
index def2b6ce11..7189c64627 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -30,7 +30,7 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might
 
 You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
 
-1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
 

From 92e64096defe7c54391aab6f7cb504b6c6f31b74 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 22 Aug 2017 12:06:33 -0700
Subject: [PATCH 14/14] fix format

---
 ...ints-vdi-windows-defender-advanced-threat-protection.md | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
index 7189c64627..c4dc9ac2f8 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -57,17 +57,12 @@ You can onboard VDI machines using a single entry or multiple entries for each m
   Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
 
 6. Test your solution:
-
   a. Create a pool with one machine.
-
   b. Logon to machine.
-
   c. Logoff from machine.
-
   d. Logon to machine with another user.
-
   e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
-  **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
+**For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
 
 7. Click **Machines list** on the Navigation pane.