add info about the allowedThreats option

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md

@@ -328,6 +328,8 @@ Download the onboarding package from Microsoft Defender Security Center:
         mdatp threat list
         ```
 
+    If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Log installation issues
 
 See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md

@@ -248,6 +248,30 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
     ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts
     ```
 
+## Testing
+
+Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device:
+
+- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
+
+    ```bash
+    mdatp health --field real_time_protection_enabled
+    ```
+
+- Open a Terminal window. Copy and execute the following command:
+
+    ``` bash
+    curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
+    ```
+
+- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats:
+
+    ```bash
+    mdatp threat list
+    ```
+
+If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Log installation issues
 
 See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md

@@ -225,6 +225,30 @@ If the product is not healthy, the exit code (which can be checked through `echo
 - 1 if the device isn't onboarded yet.
 - 3 if the connection to the daemon cannot be established.
 
+## Testing
+
+Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device:
+
+- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
+
+    ```bash
+    mdatp health --field real_time_protection_enabled
+    ```
+
+- Open a Terminal window. Copy and execute the following command:
+
+    ``` bash
+    curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
+    ```
+
+- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats:
+
+    ```bash
+    mdatp threat list
+    ```
+
+If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+
 ## Log installation issues
 
 For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues).