Merge branch 'master' into 7612625

windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md

@@ -25,7 +25,7 @@ Using the GP configuration package ensures your endpoints will be correctly conf
 
 > **Note**  To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 Insider Preview Build 14332 or later.
 
-1.  Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a.  Click **Client onboarding** on the **Navigation pane**.
 
@@ -52,13 +52,13 @@ For additional settings, see the [Additional configuration settings section](add
 
 ## Configure with System Center Configuration Manager
 
-1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage_ConfigurationManager.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a. Click **Client onboarding** on the **Navigation pane**.
 
     b. Select **System Center Configuration Manager**, click **Download package**, and save the .zip file.
 
-2.	Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package.
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATPOnboardingScript.cmd*.
 
 3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic.
 
@@ -76,12 +76,12 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 
     a.  Click **Client onboarding** on the **Navigation pane**.
 
-    b.  Select **Manually on-board local machine**, click **Download package** and save the .zip file.
+    b.  Select **Local Script**, click **Download package** and save the .zip file.
 
 
 2.  Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.cmd*.
 
-2.  Open an elevated command-line prompt on the endpoint and run the script:
+3.  Open an elevated command-line prompt on the endpoint and run the script:
 
     a.  Click **Start** and type **cmd**.
 
@@ -89,9 +89,9 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 
     ![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
 
-3.  Type the location of the script file. If you copied the file to the desktop, type: *`%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.cmd`*
+4.  Type the location of the script file. If you copied the file to the desktop, type: *`%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.cmd`*
 
-4.  Press the **Enter** key or click **OK**.
+5.  Press the **Enter** key or click **OK**.
 
 See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) topic for details on how you can manually validate that the endpoint is compliant and correctly reports telemetry.
 

windows/keep-secure/credential-guard.md

@@ -169,7 +169,7 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi
 2.  Enable virtualization-based security:
     -   Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard.
     -   Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it.
-    -   Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 2 to use **Secure Boot and DMA protection**.
+    -   Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**.
 3.  Enable Credential Guard:
     -   Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA.
     -   Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it.

windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md

@@ -0,0 +1,53 @@
+---
+title: Run a scan from the command line in Windows Defender in Windows 10 (Windows 10)
+description: IT professionals can run a scan using the command line in Windows Defender in Windows 10.
+keywords: scan, command line, mpcmdrun, defender
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: W10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: mjcaparas
+---
+
+# Run a Windows Defender scan from the command line
+
+**Applies to:**
+
+- Windows 10
+
+IT professionals can use a command-line utility to run a Windows Defender scan. 
+
+The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe_
+
+This utility can be handy when you want to automate the use of Windows Defender. 
+
+**To run a full system scan from the command line**
+
+1. Click **Start**, type **cmd**, and press **Enter**.
+2. Navigate to _%ProgramFiles%\Windows Defender_ and enter the following command, and press **Enter**:
+
+```
+C:\Program Files\Windows Defender\mpcmdrun.exe -scan -scantype 2
+```
+The full scan will start. When the scan completes, you'll see a message indicating that the scan is finished. 
+
+
+The utility also provides other commands that you can run:
+
+```
+MpCmdRun.exe [command] [-options]
+```
+
+Command | Description 
+:---|:---
+\- ? / -h | Displays all available options for the tool
+\-Scan [-ScanType #] [-File <path> [-DisableRemediation] [-BootSectorScan]][-Timeout <days>] | Scans for malicious softare
+\-Trace  [-Grouping #] [-Level #]| Starts diagnostic tracing
+\-GetFiles | Collects support information
+\-RemoveDefinitions [-All] | Restores the installed signature definitions to a previous backup copy or to the original default set of signatures
+\-AddDynamicSignature [-Path] | Loads a dyanmic signature
+\-ListAllDynamicSignature [-Path] | Lists the loaded dynamic signatures
+\-RemoveDynamicSignature [-SignatureSetID] | Removes a dynamic signature
+\-EnableIntegrityServices | Enables integrity services
+\-SubmitSamples | Submit all sample requests 

windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md

@@ -38,7 +38,7 @@ If the endpoints aren't reporting correctly, you might need to check that the Wi
 
 **Check the onboarding state in Registry**:
 
-1. Click **Start**, type **Run**, and press **Enter**
+1. Click **Start**, type **Run**, and press **Enter**.
 
 2. From the **Run** dialog box, type **regedit** and press **Enter**.