add info about the allowedThreats option

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md

@@ -14,9 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: 
+ms.collection:
-- m365-security-compliance 
+- m365-security-compliance
-- m365initiative-defender-endpoint 
+- m365initiative-defender-endpoint
 ms.topic: conceptual
 ---
 
@@ -144,10 +144,10 @@ In order to preview new features and provide early feedback, it is recommended t
     sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list
     ```
     For example, if you chose *insiders-fast* channel:
-    
+
     ```bash
     sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-insiders-fast.list
-    ```   
+    ```
 
 - Install the `gpg` package if not already installed:
 
@@ -328,6 +328,8 @@ Download the onboarding package from Microsoft Defender Security Center:
         mdatp threat list
         ```
 
+    If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Log installation issues
 
 See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md

@@ -14,9 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: 
+ms.collection:
-- m365-security-compliance 
+- m365-security-compliance
-- m365initiative-defender-endpoint 
+- m365initiative-defender-endpoint
 ms.topic: conceptual
 ---
 
@@ -248,6 +248,30 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
     ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts
     ```
 
+## Testing
+
+Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device:
+
+- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
+
+    ```bash
+    mdatp health --field real_time_protection_enabled
+    ```
+
+- Open a Terminal window. Copy and execute the following command:
+
+    ``` bash
+    curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
+    ```
+
+- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats:
+
+    ```bash
+    mdatp threat list
+    ```
+
+If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Log installation issues
 
 See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md

@@ -14,9 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: 
+ms.collection:
-- m365-security-compliance 
+- m365-security-compliance
-- m365initiative-defender-endpoint 
+- m365initiative-defender-endpoint
 ms.topic: conceptual
 ---
 
@@ -52,7 +52,7 @@ Download the onboarding package from Microsoft Defender Security Center:
 
     ![Microsoft Defender Security Center screenshot](images/atp-portal-onboarding-linux-2.png)
 
-4. From a command prompt, verify that you have the file. 
+4. From a command prompt, verify that you have the file.
 
     ```bash
     ls -l
@@ -225,9 +225,33 @@ If the product is not healthy, the exit code (which can be checked through `echo
 - 1 if the device isn't onboarded yet.
 - 3 if the connection to the daemon cannot be established.
 
+## Testing
+
+Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device:
+
+- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
+
+    ```bash
+    mdatp health --field real_time_protection_enabled
+    ```
+
+- Open a Terminal window. Copy and execute the following command:
+
+    ``` bash
+    curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
+    ```
+
+- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats:
+
+    ```bash
+    mdatp threat list
+    ```
+
+If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Log installation issues
 
- For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues).
+For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues).
 
 ## Operating system upgrades