diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-manually.md
index 7116f0b7ef..7e214e9a60 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-manually.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-manually.md
@@ -39,30 +39,24 @@ Before you get started, see [the main Microsoft Defender ATP for Linux page](mic
Follow the steps given in [Configure Microsoft's Linux Software Repository](https://docs.microsoft.com/en-us/windows-server/administration/linux-package-repository-for-microsoft-software) to setup the repository.
-> [!NOTE]
-> * **TODO:** Use a forward link for above instead of URL
-> * I am assuming that ring 0 customers will download the onboarding package from ATP portal
-
## Download onboarding package
-Download the onboarding package from Windows Defender Security Center:
+Download the onboarding package from Microsoft Defender Security Center:
-1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2. In Section 1 of the page, set operating system to **Linux, macOS, iOS, and Android** and Deployment method to **Local script**.
-3. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
+1. In Microsoft Defender Security Center, go to **Settings > Machine Management > Onboarding**.
+2. In the first drop down, set operating system to **Windows 10** and in second drop down, Deployment method to **Mobile Device Management / Microsoft Intune**.
+3. Click on **Download package**. Save it as WindowsDefenderATPOnboardingPackage.zip.
- 
+ 
4. From a command prompt, verify that you have the file.
- Extract the contents of the .zip file:
+ Extract the contents of the .zip file and create mdatp_onboard.json file as follows:
```bash
$ ls -l
total 8
-rw-r--r-- 1 test staff 6287 Oct 21 11:22 WindowsDefenderATPOnboardingPackage.zip
- $ unzip WindowsDefenderATPOnboardingPackage.zip
- Archive: WindowsDefenderATPOnboardingPackage.zip
- inflating: WindowsDefenderATPOnboarding.py
+ $ unzip -p WindowsDefenderATPOnboardingPackage.zip | python -c 'import sys,json;data={"onboardingInfo":"\n".join(sys.stdin.readlines())};print(json.dumps(data));' >mdatp_onboard.json
```
## Application installation
@@ -74,13 +68,13 @@ To complete this process, you must have admin privileges on the machine.
- ### Enterprise Linux (RHEL and variants)
```bash
- sudo yum install mdatp
+ sudo yum -y install mdatp
```
- ### Ubuntu and Debian systems
```bash
- sudo apt-get install mdatp
+ sudo apt-get -y install mdatp
```
@@ -94,14 +88,11 @@ To complete this process, you must have admin privileges on the machine.
$ mdatp --health orgId
```
-2. Run the Python script to install the configuration file:
+2. Copy the mdatp_onboard.json created in earlier step to /etc/opt/microsoft/mdatp_onboard.json
```bash
- $ /usr/bin/python WindowsDefenderATPOnboarding.py
- Generating /etc/opt/microsoft/mdatp/mdatp_onboard.json ... (You may be required to enter sudo password)
+ $ sudo cp mdatp.json /etc/opt/microsoft/mdatp/mdatp_onboard.json
```
-> [!NOTE]
-> **TODO:** verify the path associated with above command.
3. Verify that the machine is now associated with your organization and reports a valid *orgId*:
@@ -110,15 +101,23 @@ To complete this process, you must have admin privileges on the machine.
E6875323-A6C0-4C60-87AD-114BBE7439B8
```
-After installation, you can see the status by running the following command:
+4. After installation, you can see the status by running the following command:
-```bash
-$ mdatp --health healthy
-1
-```
+ ```bash
+ $ mdatp --health healthy
+ 1
+ ```
-> [!NOTE]
-> **TODO:** Should we add eicar detection step?
+5. Run a detection test
+To verify that the machine is properly onboarded and reporting to the service, take the following steps on the newly onboarded machine:
+
+ - Ensure Real-time protection setting is ON ```mdatp --health realTimeProtectionEnabled```
+ - Open a Terminal window
+Copy and run the command below:
+
+ ``` bash
+ curl -o ~/Downloads/eicar.com.txt http://www.eicar.org/download/eicar.com.txt
+ ```
## Logging installation issues
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md
index 2977bcf490..3731d54b7c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md
@@ -35,20 +35,20 @@ This topic describes how to deploy Microsoft Defender ATP for Linux through Pupp
Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
-In addition, for Puppet deployment, you need to be familiar with Puppet administration tasks, have a Puppet configured, and know how to deploy packages. Puppet has many ways to complete the same task. These instructions assume availability of supported puppet modules such as *apt*, *lsb-release* to help deploy the package. Your organization might use a different workflow.
+In addition, for Puppet deployment, you need to be familiar with Puppet administration tasks, have a Puppet configured, and know how to deploy packages. Puppet has many ways to complete the same task. These instructions assume availability of supported puppet modules such as *apt* to help deploy the package. Your organization might use a different workflow. Please refer to [Puppet documentation](https://puppet.com/docs) for details.
## Download onboarding package
-Download the onboarding package from Windows Defender Security Center:
+Download the onboarding package from Microsoft Defender Security Center:
-1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2. In Section 1 of the page, set operating system to **Linux, macOS, iOS, and Android** and Deployment method to **Local script**.
-3. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
+1. In Microsoft Defender Security Center, go to **Settings > Machine Management > Onboarding**.
+2. In the first drop down, set operating system to **Windows 10** and in second drop down, Deployment method to **Mobile Device Management / Microsoft Intune**.
+3. Click on **Download package**. Save it as WindowsDefenderATPOnboardingPackage.zip.
4. From a command prompt, verify that you have the file.
- Extract the contents of the .zip file and create mdatp_onboard.json file as follows
+ Extract the contents of the .zip file and create mdatp_onboard.json file as follows:
```bash
$ ls -l
@@ -61,7 +61,7 @@ Download the onboarding package from Windows Defender Security Center:
You need to create a puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by puppet server. This example makes use of *apt* module available from puppetlabs and assumes that apt module has been installed on your puppet server.
-Create a folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your puppet installation. This typically is located in */etc/puppetlabs/code/environments/production/modules* on your puppet server. Copy the mdatp.json file created in above step to *install_mdatp/files* folder. Create *init.pp* file which will contain the deployment instructions.
+Create a folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your puppet installation. This typically is located in */etc/puppetlabs/code/environments/production/modules* on your puppet server. Copy the mdatp_onboard.json file created in above step to *install_mdatp/files* folder. Create *init.pp* file which will contain the deployment instructions.
```bash
$ pwd
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-preferences.md
index 9a8245fa7f..eb249f3fe3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-preferences.md
@@ -35,13 +35,9 @@ This topic describes the structure of this profile (including a recommended prof
The configuration profile is a .json file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
-The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.
+Typically, you would use a configuration management tool to push a file with name ```mdatp_maanged.json``` at location ```/etc/opt/microsoft/mdatp/managed/```
->[!NOTE]
-> **TODO:**
-> * Should Domain be removed from all the entries below?
-> * Should we add path to wdavcfg?
-> * Verify each of below?
+The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.
### Antivirus engine preferences
@@ -49,7 +45,6 @@ The *antivirusEngine* section of the configuration profile is used to manage the
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | antivirusEngine |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
@@ -60,7 +55,6 @@ Whether real-time protection (scan files as they are accessed) is enabled or not
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | enableRealTimeProtection |
| **Data type** | Boolean |
| **Possible values** | true (default)
false |
@@ -76,7 +70,6 @@ Whether the antivirus engine runs in passive mode or not. In passive mode:
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | passiveMode |
| **Data type** | Boolean |
| **Possible values** | false (default)
true |
@@ -88,7 +81,6 @@ Entities that have been excluded from the scan. Exclusions can be specified by f
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | exclusions |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
@@ -99,7 +91,6 @@ Specifies the type of content excluded from the scan.
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | $type |
| **Data type** | String |
| **Possible values** | excludedPath
excludedFileExtension
excludedFileName |
@@ -110,7 +101,6 @@ Used to exclude content from the scan by full file path.
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | path |
| **Data type** | String |
| **Possible values** | valid paths |
@@ -122,7 +112,6 @@ Indicates if the *path* property refers to a file or directory.
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | isDirectory |
| **Data type** | Boolean |
| **Possible values** | false (default)
true |
@@ -134,7 +123,6 @@ Used to exclude content from the scan by file extension.
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | extension |
| **Data type** | String |
| **Possible values** | valid file extensions |
@@ -146,7 +134,6 @@ Used to exclude content from the scan by file name.
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | name |
| **Data type** | String |
| **Possible values** | any string |
@@ -158,7 +145,6 @@ List of threats (identified by their name) that are not blocked by the product a
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | allowedThreats |
| **Data type** | Array of strings |
@@ -168,7 +154,6 @@ The *threatTypeSettings* preference in the antivirus engine is used to control h
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | threatTypeSettings |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
@@ -179,7 +164,6 @@ Type of the threat for which the behavior is configured.
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | key |
| **Data type** | String |
| **Possible values** | potentially_unwanted_application
archive_bomb |
@@ -194,7 +178,6 @@ Action to take when coming across a threat of the type specified in the precedin
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | value |
| **Data type** | String |
| **Possible values** | audit (default)
block
off |
@@ -205,7 +188,6 @@ The *cloudService* entry in the configuration profile is used to configure the c
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | cloudService |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
@@ -216,7 +198,6 @@ Whether cloud delivered protection is enabled on the device or not. To improve t
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | enabled |
| **Data type** | Boolean |
| **Possible values** | true (default)
false |
@@ -227,7 +208,6 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | diagnosticLevel |
| **Data type** | String |
| **Possible values** | optional (default)
required |
@@ -238,7 +218,6 @@ Determines whether suspicious samples (that are likely to contain threats) are s
|||
|:---|:---|
-| **Domain** | com.microsoft.wdav |
| **Key** | automaticSampleSubmission |
| **Data type** | Boolean |
| **Possible values** | true (default)
false |
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-resources.md
index dffd8f9839..295efbedca 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-resources.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-resources.md
@@ -60,19 +60,16 @@ If you can reproduce a problem, please increase the logging level, run the syste
If an error occurs during installation, the installer will only report a general failure.
-The detailed log will be saved to /Library/Logs/Microsoft/mdatp/install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
+The detailed log will be saved to /var/log/microsoft/mdatp_install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
## Uninstalling
-There are several ways to uninstall Microsoft Defender ATP for Linux. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
+There are several ways to uninstall Microsoft Defender ATP for Linux. If you are using a configuration tool such as Puppet, please follow the package uninstallation instructions for the configuration tool.
-### Interactive uninstallation
+### Manual uninstallation
-- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
-
-### From the command line
-
-- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
+- ```sudo apt-get purge mdatp``` for Debian and Ubuntu systems
+- ```sudo yum remove mdatp``` for RHEL, Oracle Linux, CentOS based systems
## Configuring from the command line
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux.md
index 83c84689a0..fa8fb3cbe0 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux.md
@@ -25,12 +25,6 @@ This topic describes how to install, configure, update, and use Microsoft Defend
> [!CAUTION]
> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to lead to performance problems and unpredictable side effects.
-> [!NOTE]
->How would users give us feedback?
-> **TODO:** Should we add atp --feedback "Feedback" that will send the feedback to us / OCV. I am keeping the original line for reference.
->
-> If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
-
## How to install Microsoft Defender ATP for Linux
### Prerequisites
@@ -41,14 +35,10 @@ This topic describes how to install, configure, update, and use Microsoft Defend
### System requirements
-- Supported Linux distributions and versions: RHEL 7, Oracle 7, CentOS 7, Ubuntu 16 and 18, Debian 9
+- Supported Linux server distributions and versions: RHEL 7, Oracle Linux 7, CentOS 7, Ubuntu 16 and 18, Debian 9
- Disk space: 650 MB.
-> [!NOTE]
->**TODO**: Verify this
-After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
-
-The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
+If your Linux server is behind firewall or proxy, you will likely need to allow outbound connections between it and following servers. The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
| Service location | DNS record |
| ---------------------------------------- | ----------------------- |
@@ -57,9 +47,6 @@ The following table lists the services and their associated URLs that your netwo
| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com |
| United States | unitedstates.x.cp.wd.microsoft.com |
->[!NOTE]
-> **TODO:** Verify the proxy paragraph
-
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
- Web Proxy Auto-discovery Protocol (WPAD)
- Manual static proxy configuration