diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
index 904279814f..375f715a8e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@@ -116,7 +116,7 @@ To complete this process, you must have admin privileges on the device.
     The client device is not associated with orgId. Note that the *orgId* attribute is blank.
 
     ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
     ```
 
 2. Run the Python script to install the configuration file:
@@ -128,7 +128,7 @@ To complete this process, you must have admin privileges on the device.
 3. Verify that the device is now associated with your organization and reports a valid *orgId*:
 
     ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
     ```
 
 After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
index a83bc01f7a..37371fa8f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
@@ -59,7 +59,7 @@ You can configure how PUA files are handled from the command line or from the ma
 In Terminal, execute the following command to configure PUA protection:
 
 ```bash
-mdatp --threat --type-handling potentially_unwanted_application [off|audit|block]
+mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]
 ```
 
 ### Use the management console to configure PUA protection:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
index 8ab4ccb54a..227df25707 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
@@ -149,7 +149,7 @@ To enable autocompletion in zsh:
 
 ## Client Microsoft Defender for Endpoint quarantine directory
 
-`/Library/Application Support/Microsoft/Defender/quarantine/` contains the files quarantined by `mdatp`. The files are named after the threat trackingId. The current trackingIds is shown with `mdatp --threat --list --pretty`.
+`/Library/Application Support/Microsoft/Defender/quarantine/` contains the files quarantined by `mdatp`. The files are named after the threat trackingId. The current trackingIds is shown with `mdatp threat list`.
 
 ## Microsoft Defender for Endpoint portal information
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
index b7f2649c73..331b7057ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
@@ -47,7 +47,7 @@ You can create a scanning schedule using the *launchd* daemon on a macOS device.
         <array>
             <string>sh</string>
             <string>-c</string>
-            <string>/usr/local/bin/mdatp --scan --quick</string>
+            <string>/usr/local/bin/mdatp scan quick</string>
         </array>
         <key>RunAtLoad</key>
         <true/>
@@ -73,7 +73,7 @@ You can create a scanning schedule using the *launchd* daemon on a macOS device.
 2. Save the file as *com.microsoft.wdav.schedquickscan.plist*.
 
     > [!TIP]
-    > To run a full scan instead of a quick scan, change line 12, `<string>/usr/local/bin/mdatp --scan --quick</string>`, to use the `--full` option instead of `--quick` (i.e. `<string>/usr/local/bin/mdatp --scan --full</string>`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*.
+    > To run a full scan instead of a quick scan, change line 12, `<string>/usr/local/bin/mdatp scan quick</string>`, to use the `full` option instead of `quick` (i.e. `<string>/usr/local/bin/mdatp scan full</string>`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*.
 
 3. Open **Terminal**.
 4. Enter the following commands to load your file:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
index 3cefc80735..dae30c8c6a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
@@ -37,15 +37,15 @@ If you did not approve the kernel extension during the deployment/installation o
 
    ![RTP disabled screenshot](../microsoft-defender-antivirus/images/MDATP-32-Main-App-Fix.png)
 
-You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This indicates that the kernel extension is not approved to run on your device.
+You can also run ```mdatp health```. It reports if real-time protection is enabled but not available. This indicates that the kernel extension is not approved to run on your device.
 
 ```bash
-mdatp --health
+mdatp health
 ```
 ```Output
 ...
-realTimeProtectionAvailable             : false
-realTimeProtectionEnabled               : true
+real_time_protection_enabled                : true
+real_time_protection_available              : true
 ...
 ```
 
@@ -90,15 +90,15 @@ In this case, you need to perform the following steps to trigger the approval fl
     sudo kextutil /Library/Extensions/wdavkext.kext
     ```
 
-    The banner should disappear from the Defender application, and ```mdatp --health``` should now report that real-time protection is both enabled and available:
+    The banner should disappear from the Defender application, and ```mdatp health``` should now report that real-time protection is both enabled and available:
 
     ```bash
-    mdatp --health
+    mdatp health
     ```
 
     ```Output
     ...
-    realTimeProtectionAvailable             : true
-    realTimeProtectionEnabled               : true
+    real_time_protection_enabled                : true
+    real_time_protection_available              : true
     ...
     ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
index 96b85255e0..9aff2517bf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
@@ -48,7 +48,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
     - From the Terminal. For security purposes, this operation requires elevation.
 
     ```bash
-    mdatp --config realTimeProtectionEnabled false
+    mdatp config real-time-protection --value disabled
     ```
 
     If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 2ae1e83837..55c92067b1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -173,7 +173,7 @@ ms.technology: mde
 - Fixed an issue where Microsoft Defender for Endpoint for Mac was sometimes interfering with Time Machine
 - Added a new switch to the command-line utility for testing the connectivity with the backend service
   ```bash
-  mdatp --connectivity-test
+  mdatp connectivity test
   ```
 - Added ability to view the full threat history in the user interface (can be accessed from the **Protection history** view)
 - Performance improvements & bug fixes
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 61c7fe0660..9766c422da 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -132,7 +132,7 @@ The output from this command should be similar to the following:
 
 Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
 ```bash
-mdatp --connectivity-test
+mdatp connectivity test
 ```
 
 ## How to update Microsoft Defender for Endpoint for Mac