From ec4632a20f21ac30e2064f48b9211b2821164065 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Sun, 14 Feb 2021 11:25:14 +0200
Subject: [PATCH 1/7] Update offboard-machines.md
Changing note to better explain behavior and avoid customer confusion.
---
.../microsoft-defender-atp/offboard-machines.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index 8e102e75dc..e840c08ebd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -47,6 +47,8 @@ Follow the corresponding instructions depending on your preferred deployment met
- [Offboard non-Windows devices](configure-endpoints-non-windows.md#offboard-non-windows-devices)
>[!NOTE]
-> Offboarded devices will remain in the portal until [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) for the device's data expires. The status will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
+> The status of a device will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
+> Offboarded devices' data (such as Timeline, Alerts, Vulnerabilities, etc.) will remain in the portal until the configured [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) expires.
+> The device's profile (without data) will remain in the ['Device List'](machines-view-overview.md) for no longer than 180 days.
> In addition, [Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices.](tvm-dashboard-insights.md)
> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state) or by [device tags](machine-tags.md) and [groups](machine-groups.md) etc.
From fc8b58adc500310a5e1e1bb42f89a46554e27953 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Sun, 14 Feb 2021 11:33:31 +0200
Subject: [PATCH 2/7] Update offboard-machines.md
Changing the location of the note
---
.../microsoft-defender-atp/offboard-machines.md | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index e840c08ebd..4f91b48ffe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -35,6 +35,13 @@ ms.technology: mde
Follow the corresponding instructions depending on your preferred deployment method.
+>[!NOTE]
+> The status of a device will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
+> Offboarded devices' data (such as Timeline, Alerts, Vulnerabilities, etc.) will remain in the portal until the configured [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) expires.
+> The device's profile (without data) will remain in the ['Device List'](machines-view-overview.md) for no longer than 180 days.
+> In addition, [Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices.](tvm-dashboard-insights.md)
+> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state) or by [device tags](machine-tags.md) and [groups](machine-groups.md) etc.
+
## Offboard Windows 10 devices
- [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script)
- [Offboard devices using Group Policy](configure-endpoints-gp.md#offboard-devices-using-group-policy)
@@ -46,9 +53,3 @@ Follow the corresponding instructions depending on your preferred deployment met
## Offboard non-Windows devices
- [Offboard non-Windows devices](configure-endpoints-non-windows.md#offboard-non-windows-devices)
->[!NOTE]
-> The status of a device will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
-> Offboarded devices' data (such as Timeline, Alerts, Vulnerabilities, etc.) will remain in the portal until the configured [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) expires.
-> The device's profile (without data) will remain in the ['Device List'](machines-view-overview.md) for no longer than 180 days.
-> In addition, [Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices.](tvm-dashboard-insights.md)
-> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state) or by [device tags](machine-tags.md) and [groups](machine-groups.md) etc.
From b608568f02be46f511eae7891966457773fcf360 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Sun, 14 Feb 2021 11:37:57 +0200
Subject: [PATCH 3/7] Update offboard-machines.md
minor change
---
.../microsoft-defender-atp/offboard-machines.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index 4f91b48ffe..53c9bfcf01 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -36,10 +36,10 @@ ms.technology: mde
Follow the corresponding instructions depending on your preferred deployment method.
>[!NOTE]
-> The status of a device will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
+> The status of a device will be switched to [Inactive](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
> Offboarded devices' data (such as Timeline, Alerts, Vulnerabilities, etc.) will remain in the portal until the configured [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) expires.
-> The device's profile (without data) will remain in the ['Device List'](machines-view-overview.md) for no longer than 180 days.
-> In addition, [Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices.](tvm-dashboard-insights.md)
+> The device's profile (without data) will remain in the [Device List](machines-view-overview.md) for no longer than 180 days.
+> In addition, Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) exposure score and Microsoft Secure Score for Devices.
> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state) or by [device tags](machine-tags.md) and [groups](machine-groups.md) etc.
## Offboard Windows 10 devices
From 7eee5e305373a896d4acd4474b46d04d1e0bbb58 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Sun, 14 Feb 2021 11:44:20 +0200
Subject: [PATCH 4/7] Update offboard-machines.md
more tweaks
---
.../microsoft-defender-atp/offboard-machines.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index 53c9bfcf01..7561342d07 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -38,9 +38,9 @@ Follow the corresponding instructions depending on your preferred deployment met
>[!NOTE]
> The status of a device will be switched to [Inactive](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
> Offboarded devices' data (such as Timeline, Alerts, Vulnerabilities, etc.) will remain in the portal until the configured [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) expires.
-> The device's profile (without data) will remain in the [Device List](machines-view-overview.md) for no longer than 180 days.
-> In addition, Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) exposure score and Microsoft Secure Score for Devices.
-> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state) or by [device tags](machine-tags.md) and [groups](machine-groups.md) etc.
+> The device's profile (without data) will remain in the [Devices List](machines-view-overview.md) for no longer than 180 days.
+> In addition, devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management [exposure score](tvm-exposure-score.md) and Microsoft Secure Score for Devices.
+> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state), [device tags](machine-tags.md) or [machine groups](machine-groups.md).
## Offboard Windows 10 devices
- [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script)
From 7307c98f893e7a8c95f0194ab928d706e9a49872 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 15 Feb 2021 18:39:34 +0200
Subject: [PATCH 5/7] Update configure-server-endpoints.md
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9148
---
.../microsoft-defender-atp/configure-server-endpoints.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 47e0a664ac..a602d094fb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -1,7 +1,7 @@
---
-title: Onboard Windows servers to the Microsoft Defender ATP service
-description: Onboard Windows servers so that they can send sensor data to the Microsoft Defender ATP sensor.
-keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, device management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers
+title: Onboard Windows servers to the Microsoft Defender for Endpoint service
+description: Onboard Windows servers so that they can send sensor data to the Microsoft Defender for Endpoint sensor.
+keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, device management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers, onboard Microsoft Defender for Endpoint servers
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: m365-security
@@ -161,7 +161,7 @@ You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windo
Support for Windows Server provides deeper insight into server activities, coverage for kernel and memory attack detection, and enables response actions.
-1. Configure Defender for Endpoint onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
+1. Configure Defender for Endpoint onboarding settings on the Windows server using the same tools and methods for Windows 10 devices. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
2. If you're running a third-party antimalware solution, you'll need to apply the following Microsoft Defender AV passive mode settings. Verify that it was configured correctly:
From e0fd704fb26f265708ec3ce2481586752e592a8c Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 15 Feb 2021 18:40:35 +0200
Subject: [PATCH 6/7] Update configure-server-endpoints.md
---
.../microsoft-defender-atp/configure-server-endpoints.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index a602d094fb..ebb9189935 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -118,7 +118,7 @@ If your servers need to use a proxy to communicate with Defender for Endpoint, u
- [Configure Windows to use a proxy server for all connections](configure-proxy-internet.md)
-If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Defender for Endpoint service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service.
+If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender for Endpoint service URLs directly and without SSL interception. For more information, see [enable access to Defender for Endpoint service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service.
Once completed, you should see onboarded Windows servers in the portal within an hour.
From 6f0bccd2073adf140248e5c5e15155faec002aac Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 15 Feb 2021 19:01:01 +0200
Subject: [PATCH 7/7] Update gov.md
New features rollout to GCC-H & DoD.
---
.../microsoft-defender-atp/gov.md | 42 +++++++++----------
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index ef93116bee..ccfd7fdd9b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -58,7 +58,7 @@ Customer type | Portal URL
:---|:---
GCC | https://gcc.securitycenter.microsoft.us
GCC High | https://securitycenter.microsoft.us
-DoD (PREVIEW) | Rolling out
+DoD (PREVIEW) | https://securitycenter.microsoft.us
@@ -69,22 +69,22 @@ The following OS versions are supported:
OS version | GCC | GCC High | DoD (PREVIEW)
:---|:---|:---|:---
-Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853)) |  |  |  Rolling out
-Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853)) |  |  |  Rolling out
-Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819)) |  |  |  Rolling out
-Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) |  |  |  Rolling out
-Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) |  |  |  Rolling out
-Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245)) |  |  |  Rolling out
+Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853)) |  |  | 
+Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853)) |  |  | 
+Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819)) |  |  | 
+Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) |  |  | 
+Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) |  |  | 
+Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245)) |  |  | 
Windows 10, version 1709 | 
Note: Won't be supported |  With [KB4499147](https://support.microsoft.com/help/4499147)
Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade | 
Note: Won't be supported
Windows 10, version 1703 and earlier | 
Note: Won't be supported | 
Note: Won't be supported | 
Note: Won't be supported
-Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) |  |  |  Rolling out
-Windows Server 2016 |  |  Rolling out |  Rolling out
-Windows Server 2012 R2 |  |  Rolling out |  Rolling out
-Windows Server 2008 R2 SP1 |  |  Rolling out |  Rolling out
-Windows 8.1 Enterprise |  |  Rolling out |  Rolling out
-Windows 8 Pro |  |  Rolling out |  Rolling out
-Windows 7 SP1 Enterprise |  |  Rolling out |  Rolling out
-Windows 7 SP1 Pro |  |  Rolling out |  Rolling out
+Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) |  |  | 
+Windows Server 2016 |  |  | 
+Windows Server 2012 R2 |  |  | 
+Windows Server 2008 R2 SP1 |  |  | 
+Windows 8.1 Enterprise |  |  | 
+Windows 8 Pro |  |  | 
+Windows 7 SP1 Enterprise |  |  | 
+Windows 7 SP1 Pro |  |  | 
Linux |  In development |  In development |  In development
macOS |  In development |  In development |  In development
Android |  On engineering backlog |  On engineering backlog |  On engineering backlog
@@ -137,16 +137,16 @@ These are the known gaps as of February 2021:
Feature name | GCC | GCC High | DoD (PREVIEW)
:---|:---|:---|:---
-Automated investigation and remediation: Live response |  |  Rolling out |  Rolling out
+Automated investigation and remediation: Live response |  |  | 
Automated investigation and remediation: Response to Office 365 alerts |  On engineering backlog |  On engineering backlog |  On engineering backlog
Email notifications |  Rolling out |  Rolling out |  Rolling out
-Evaluation lab |  |  Rolling out |  Rolling out
+Evaluation lab |  |  | 
Management and APIs: Device health and compliance report |  |  Rolling out |  Rolling out
Management and APIs: Integration with third-party products |  In development |  In development |  In development
Management and APIs: Streaming API |  |  In development |  In development
-Management and APIs: Threat protection report |  |  Rolling out |  Rolling out
-Threat & vulnerability management |  |  Rolling out |  Rolling out
-Threat analytics |  |  Rolling out |  Rolling out
+Management and APIs: Threat protection report |  |  | 
+Threat & vulnerability management |  |  | 
+Threat analytics |  |  | 
Web content filtering |  In development |  In development |  In development
Integrations: Azure Sentinel |  |  In development |  In development
Integrations: Microsoft Cloud App Security |  On engineering backlog |  On engineering backlog |  On engineering backlog
@@ -156,5 +156,5 @@ Integrations: Microsoft Defender for Office 365 |  On engineering backlog |  On engineering backlog |  On engineering backlog
Integrations: Microsoft Intune |  |  In development |  In development
Integrations: Microsoft Power Automate & Azure Logic Apps |  |  In development |  In development
-Integrations: Skype for Business / Teams |  |  Rolling out |  Rolling out
+Integrations: Skype for Business / Teams |  |  | 
Microsoft Threat Experts |  On engineering backlog |  On engineering backlog |  On engineering backlog