From 39ef4bc9a1053b5e036bbae7465a94dcd782f707 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 25 Aug 2020 16:57:10 +0500
Subject: [PATCH 1/6] Update microsoft-defender-atp-mac.md

---
 .../microsoft-defender-atp-mac.md                    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 62d68dcdee..3f296b7a24 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -67,6 +67,18 @@ Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on
 
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
+### Licensing requirements
+
+Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers:
+
+- Microsoft 365 E5 (M365 E5)
+- Microsoft 365 E5 Security
+- Microsoft 365 A5 (M365 A5)
+
+> [!NOTE]
+> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
+> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+
 ### Network connections
 
 The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.

From 4607899d82de69af92819cff09dd4bfd77c71cdb Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 25 Aug 2020 21:16:09 +0500
Subject: [PATCH 2/6] Update linux-install-manually.md

---
 .../linux-install-manually.md                      | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
index 1746f4fcb3..b756561136 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@@ -48,6 +48,12 @@ In order to preview new features and provide early feedback, it is recommended t
 
 ### RHEL and variants (CentOS and Oracle Linux)
 
+- Install `yum-utils` if it isn't installed yet:
+
+    ```bash
+    sudo yum install yum-utils
+    ```
+
 - Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config/`.
 
     In the below commands, replace *[distro]* and *[version]* with the information you've identified:
@@ -71,12 +77,6 @@ In order to preview new features and provide early feedback, it is recommended t
     sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc
     ```
 
-- Install `yum-utils` if it isn't installed yet:
-
-    ```bash
-    sudo yum install yum-utils
-    ```
-
 - Download and make usable all the metadata for the currently enabled yum repositories:
 
     ```bash
@@ -328,4 +328,4 @@ When upgrading your operating system to a new major version, you must first unin
 
 ## Uninstallation
 
-See [Uninstall](linux-resources.md#uninstall) for details on how to remove Microsoft Defender ATP for Linux from client devices.
\ No newline at end of file
+See [Uninstall](linux-resources.md#uninstall) for details on how to remove Microsoft Defender ATP for Linux from client devices.

From cee429d94e43e66837ff4b4d710461b3cba52f21 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 26 Aug 2020 12:11:52 +0500
Subject: [PATCH 3/6] Update
 windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/microsoft-defender-atp-mac.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 3f296b7a24..6526e63f1a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -76,7 +76,7 @@ Microsoft Defender Advanced Threat Protection for Mac requires one of the follow
 - Microsoft 365 A5 (M365 A5)
 
 > [!NOTE]
-> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
+> Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
 > Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
 
 ### Network connections

From fe887186cd821dda6759aa04fd584a526df5f364 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Mon, 28 Sep 2020 09:27:17 +0200
Subject: [PATCH 4/6] Update account-lockout-threshold.md

Added note.
---
 .../security-policy-settings/account-lockout-threshold.md      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 3db828212a..20f886d1ec 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -87,6 +87,9 @@ For more information about Windows security baseline recommendations for account
 
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
 
+> [!NOTE]
+> A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built-In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory).
+
 ### Vulnerability
 
 Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed.

From 2ad5f1b2418209f0e2e5c02010a041cffb54a2e8 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Wed, 30 Sep 2020 17:07:15 +0200
Subject: [PATCH 5/6] Update
 windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../security-policy-settings/account-lockout-threshold.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 20f886d1ec..55f3b22031 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -88,7 +88,7 @@ For more information about Windows security baseline recommendations for account
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
 
 > [!NOTE]
-> A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built-In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory).
+> A lockout threshold policy will apply to both local member computer users and domain users, in order to allow mitigation of issues as described under "Vulnerability". The built-in Administrator account, however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot sign in to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory).
 
 ### Vulnerability
 

From 919bd754123d66a41ec0207e99cac043c9daf48e Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 6 Oct 2020 15:05:42 -0700
Subject: [PATCH 6/6] Applied "> [!NOTE]"

---
 .../account-lockout-threshold.md                      | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 55f3b22031..ab09ef2ca5 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -77,8 +77,11 @@ None. Changes to this policy setting become effective without a computer restart
 ### <a href="" id="bkmk-impleconsiderations"></a>Implementation considerations
 
 Implementation of this policy setting is dependent on your operational environment. You should consider threat vectors, deployed operating systems, and deployed apps, for example:
+
 -   The likelihood of an account theft or a DoS attack is based on the security design for your systems and environment. You should set the account lockout threshold in consideration of the known and perceived risk of those threats.
+
 -   When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases.
+
 -   Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold.
 
 For more information about Windows security baseline recommendations for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). 
@@ -95,17 +98,23 @@ This section describes how an attacker might exploit a feature or its configurat
 Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed.
 However, a DoS attack could be performed on a domain that has an account lockout threshold configured. An attacker could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the account lockout threshold, the attacker might be able to lock every account without needing any special privileges or being authenticated in the network.
 
-> **Note:** Offline password attacks are not countered by this policy setting.
+> [!NOTE]
+> Offline password attacks are not countered by this policy setting.
+
  
 ### <a href="" id="bkmk-countermeasure"></a>Countermeasure
 
 Because vulnerabilities can exist when this value is configured and when it is not configured, two distinct countermeasures are defined. Organizations should weigh the choice between the two, based on their identified threats and the risks that they want to mitigate. The two countermeasure options are:
+
 -   Configure the **Account lockout threshold** setting to 0. This configuration ensures that accounts will not be locked, and it will prevent a DoS attack that intentionally attempts to lock accounts. This configuration also helps reduce Help Desk calls because users cannot accidentally lock themselves out of their accounts. Because it does not prevent a brute force attack, this configuration should be chosen only if both of the following criteria are explicitly met:
+
     -   The password policy setting requires all users to have complex passwords of 8 or more characters.
     -   A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment.
+    
 -   Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account.
 
     [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack.
+    
     Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems.
 
 ### Potential impact