diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index d899f7568a..52450260ef 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -29,7 +29,7 @@ ms.topic: conceptual
- [Defender for Endpoint](microsoft-defender-atp-android.md)
-This topic describes deploying Defender for Endpoint for Android on Intune
+Learn how to deploy Defender for Endpoint for Android on Intune
Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll your
device](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-company-portal).
@@ -44,13 +44,13 @@ device](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-co
**Deploy Defender for Endpoint for Android on Intune Company Portal - Device
Administrator enrolled devices**
-This topic describes how to deploy Defender for Endpoint for Android on Intune Company Portal - Device Administrator enrolled devices.
+Learn how to deploy Defender for Endpoint for Android on Intune Company Portal - Device Administrator enrolled devices.
### Add as Android store app
1. In [Microsoft Endpoint Manager admin
center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
-**Android Apps** \> **Add \> Android store app** and click **Select**.
+**Android Apps** \> **Add \> Android store app** and choose **Select**.
@@ -60,13 +60,13 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
- **Name**
- **Description**
- **Publisher** as Microsoft.
- - **Appstore URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Defender for Endpoint app Google Play Store URL)
+ - **App store URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Defender for Endpoint app Google Play Store URL)
Other fields are optional. Select **Next**.
-3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Defender for Endpoint for Android app. Click **Select** and then **Next**.
+3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Defender for Endpoint for Android app. Choose **Select** and then **Next**.
>[!NOTE]
>The selected user group should consist of Intune enrolled users.
@@ -111,7 +111,7 @@ Defender for Endpoint for Android supports Android Enterprise enrolled devices.
For more information on the enrollment options supported by Intune, see
[Enrollment Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll).
-**Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrollments are supported for deployment.**
+**Currently, Personally owned devices with work profile and Corporate-owned fully managed user device enrollments are supported for deployment.**
@@ -141,7 +141,7 @@ select **Approve**.
> 
-4. You should now be presented with the permissions that Defender for Endpoint
+4. You'll be presented with the permissions that Defender for Endpoint
obtains for it to work. Review them and then select **Approve**.
@@ -218,7 +218,7 @@ Defender ATP should be visible in the apps list.
1. In the **Review + Create** page that comes up next, review all the information and then select **Create**.
- The app configuration policy for Defender for Endpoint auto-granting the storage permission is now assigned to the selected user group.
+ The app configuration policy for Defender for Endpoint autogranting the storage permission is now assigned to the selected user group.
> [!div class="mx-imgBorder"]
> 
@@ -244,11 +244,11 @@ above. Then select **Review + Save** and then **Save** again to commence
assignment.
### Auto Setup of Always-on VPN
-Defender for Endpoint supports Device configuration policies for managed devices via Intune. This capability can be leveraged to **Auto setup of Always-on VPN** on Android Enterprise enrolled devices, so the end user does not need to setup VPN service while onboarding.
-1. On **Devices** Page go to **Configuration Profiles** > **Create Profile** > **Platform** > **Android Enterprise**
+Defender for Endpoint supports Device configuration policies for managed devices via Intune. This capability can be leveraged to **Auto setup of Always-on VPN** on Android Enterprise enrolled devices, so the end user does not need to set up VPN service while onboarding.
+1. On **Devices**, select **Configuration Profiles** > **Create Profile** > **Platform** > **Android Enterprise**
Select **Device restrictions** under one of the following, based on your device enrollment type
- **Fully Managed, Dedicated, and Corporate-Owned Work Profile**
-- **Personally-Owned Work Profile**
+- **Personally owned Work Profile**
Select **Create**.
@@ -292,7 +292,7 @@ displayed here.
> 
-2. On the device, you can validate the onboarding status by going to the **work profile**. Confirm that Defender for Endpoint is available and that you are enrolled to the **Personally-owned devices with work profile**. If you are enrolled to a **Corporate-owned, fully managed user device**, you will have a single profile on the device where you can confirm that Defender for Endpoint is available.
+2. On the device, you can validate the onboarding status by going to the **work profile**. Confirm that Defender for Endpoint is available and that you are enrolled to the **Personally owned devices with work profile**. If you are enrolled to a **Corporate-owned, fully managed user device**, you will have a single profile on the device where you can confirm that Defender for Endpoint is available.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 6155038acf..71da90cdfd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -37,7 +37,7 @@ Each section corresponds to a separate article in this solution.
-
+
|Phase | Description |
|:-------|:-----|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/deployment-phases.png b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/deployment-phases.png
new file mode 100644
index 0000000000..4d2a4fa946
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/deployment-phases.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/migration-phases.png b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/migration-phases.png
new file mode 100644
index 0000000000..d502450fba
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/migration-phases.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/onboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/onboard.png
new file mode 100644
index 0000000000..b6a29de3bf
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/onboard.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/prepare.png b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/prepare.png
new file mode 100644
index 0000000000..1001e41e0d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/prepare.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/setup.png b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/setup.png
new file mode 100644
index 0000000000..1635785046
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/phase-diagrams/setup.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
index 312550fb3f..193c067a32 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
@@ -293,6 +293,7 @@ Each command is tracked with full details such as:
- Live response sessions are limited to 10 live response sessions at a time.
- Large-scale command execution is not supported.
+- Live response session inactive timeout value is 5 minutes.
- A user can only initiate one session at a time.
- A device can only be in one session at a time.
- The following file size limits apply:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index dbb50ab562..6977f6f2c9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -35,7 +35,7 @@ If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microso
When you switch from McAfee to Microsoft Defender for Endpoint, you follow a process that can be divided into three phases, as described in the following table:
-
+
|Phase |Description |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index 703d353b4c..dd52552ec9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -28,7 +28,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-|[](mcafee-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |[](mcafee-to-microsoft-defender-setup.md)
[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |
Phase 3: Onboard |
+|[](mcafee-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |[](mcafee-to-microsoft-defender-setup.md)
[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |
Phase 3: Onboard |
|--|--|--|
|| |*You are here!* |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 4fa7e47e70..886846f36f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -29,7 +29,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-|
Phase 1: Prepare |[](mcafee-to-microsoft-defender-setup.md)
[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |[](mcafee-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) |
+|
Phase 1: Prepare |[](mcafee-to-microsoft-defender-setup.md)
[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |[](mcafee-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) |
|--|--|--|
|*You are here!*| | |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index b9f5ed18c6..432aed7160 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -29,7 +29,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-|[](mcafee-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |
Phase 2: Set up |[](mcafee-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) |
+|[](mcafee-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |
Phase 2: Set up |[](mcafee-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) |
|--|--|--|
||*You are here!* | |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
index 7c9ce553cb..5cbe6e5c30 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
@@ -29,7 +29,7 @@ ms.topic: article
Deploying Defender for Endpoint is a three-phase process:
-| [](prepare-deployment.md)
[Phase 1: Prepare](prepare-deployment.md) | [](production-deployment.md)
[Phase 2: Setup](production-deployment.md) | 
Phase 3: Onboard |
+| [](prepare-deployment.md)
[Phase 1: Prepare](prepare-deployment.md) | [](production-deployment.md)
[Phase 2: Setup](production-deployment.md) | 
Phase 3: Onboard |
| ----- | ----- | ----- |
| | |*You are here!*|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
index 2db4bdf69c..f93867d6d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -33,7 +33,7 @@ ms.topic: article
Deploying Defender for Endpoint is a three-phase process:
-| 
Phase 1: Prepare | [](production-deployment.md)
[Phase 2: Setup](production-deployment.md) | [](onboarding.md)
[Phase 3: Onboard](onboarding.md) |
+| 
Phase 1: Prepare | [](production-deployment.md)
[Phase 2: Setup](production-deployment.md) | [](onboarding.md)
[Phase 3: Onboard](onboarding.md) |
| ----- | ----- | ----- |
|*You are here!* | ||
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
index 801cfd63d9..3f5f8aabcc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -31,7 +31,7 @@ ms.topic: article
Deploying Defender for Endpoint is a three-phase process:
-| [](prepare-deployment.md)
[Phase 1: Prepare](prepare-deployment.md) | 
Phase 2: Setup | [](onboarding.md)
[Phase 3: Onboard](onboarding.md) |
+| [](prepare-deployment.md)
[Phase 1: Prepare](prepare-deployment.md) | 
Phase 2: Setup | [](onboarding.md)
[Phase 3: Onboard](onboarding.md) |
| ----- | ----- | ----- |
| | *You are here!*||
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md
index 1a9ceac19e..0a7421bb95 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md
@@ -35,7 +35,7 @@ If you are planning to switch from a non-Microsoft endpoint protection solution
When you switch to Microsoft Defender for Endpoint, you follow a process that can be divided into three phases, as described in the following table:
-
+
|Phase |Description |
|--|--|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
index 40074d3a9c..18422aba57 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
@@ -25,7 +25,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
# Switch to Microsoft Defender for Endpoint - Phase 3: Onboard
-|[](switch-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](switch-to-microsoft-defender-prepare.md) |[](switch-to-microsoft-defender-setup.md)
[Phase 2: Set up](switch-to-microsoft-defender-setup.md) |
Phase 3: Onboard |
+|[](switch-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](switch-to-microsoft-defender-prepare.md) |[](switch-to-microsoft-defender-setup.md)
[Phase 2: Set up](switch-to-microsoft-defender-setup.md) |
Phase 3: Onboard |
|--|--|--|
|| |*You are here!* |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
index 334eb1708e..c55bd95f20 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
@@ -25,7 +25,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
# Switch to Microsoft Defender for Endpoint - Phase 1: Prepare
-|
Phase 1: Prepare |[](switch-to-microsoft-defender-setup.md)
[Phase 2: Set up](switch-to-microsoft-defender-setup.md) |[](switch-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](switch-to-microsoft-defender-onboard.md) |
+|
Phase 1: Prepare |[](switch-to-microsoft-defender-setup.md)
[Phase 2: Set up](switch-to-microsoft-defender-setup.md) |[](switch-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](switch-to-microsoft-defender-onboard.md) |
|--|--|--|
|*You are here!*| | |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index 5fef44d9d6..c1ad46027c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -25,7 +25,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
# Switch to Microsoft Defender for Endpoint - Phase 2: Setup
-|[](switch-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](switch-to-microsoft-defender-prepare.md) |
Phase 2: Set up |[](switch-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](switch-to-microsoft-defender-onboard.md) |
+|[](switch-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](switch-to-microsoft-defender-prepare.md) |
Phase 2: Set up |[](switch-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](switch-to-microsoft-defender-onboard.md) |
|--|--|--|
||*You are here!* | |
@@ -87,11 +87,11 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
`Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
-> [!NOTE]
-> When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
-> Example:
-> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
-> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
+ > [!NOTE]
+ > When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
+ > Example:
+ > `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
+ > `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet:
@@ -227,12 +227,13 @@ To use CMPivot to get your file hash, follow these steps:
6. In the query box, type the following query:
-```kusto
-File(c:\\windows\\notepad.exe)
-| project Hash
-```
-> [!NOTE]
-> In the query above, replace *notepad.exe* with the your third-party security product process name.
+ ```kusto
+ File(c:\\windows\\notepad.exe)
+ | project Hash
+ ```
+
+ > [!NOTE]
+ > In the query above, replace *notepad.exe* with the your third-party security product process name.
## Set up your device groups, device collections, and organizational units
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index cd4d8387d3..0fe3fbf828 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -35,7 +35,7 @@ If you are planning to switch from Symantec Endpoint Protection (Symantec) to [M
When you switch from Symantec to Microsoft Defender for Endpoint, you follow a process that can be divided into three phases, as described in the following table:
-
+
|Phase |Description |
|--|--|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index b78be37a84..a80c0ae736 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -28,7 +28,7 @@ ms.reviewer: depicker, yongrhee, chriggs
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-|[](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |
Phase 3: Onboard |
+|[](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |
Phase 3: Onboard |
|--|--|--|
|| |*You are here!* |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 86b5570c34..10e8d99bb4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -28,7 +28,7 @@ ms.reviewer: depicker, yongrhee, chriggs
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-|
Phase 1: Prepare |[](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[](symantec-to-microsoft-defender-atp-onboard.md)
[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|
Phase 1: Prepare |[](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[](symantec-to-microsoft-defender-atp-onboard.md)
[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
|--|--|--|
|*You are here!*| | |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 68a0f10921..72385ecf92 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -28,7 +28,7 @@ ms.reviewer: depicker, yongrhee, chriggs
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-|[](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |
Phase 2: Set up |[](symantec-to-microsoft-defender-atp-onboard.md)
[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|[](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |
Phase 2: Set up |[](symantec-to-microsoft-defender-atp-onboard.md)
[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
|--|--|--|
||*You are here!* | |
@@ -64,15 +64,16 @@ Now that you're moving from Symantec to Microsoft Defender for Endpoint, you'll
1. As a local administrator on the endpoint or device, open Windows PowerShell.
-2. Run the following PowerShell cmdlets:
- `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
- `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
+2. Run the following PowerShell cmdlets:
-> [!NOTE]
-> When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
-> Example:
-> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
-> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
+ `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
+ `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
+
+ > [!NOTE]
+ > When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
+ > Example:
+ > `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`
+ > `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`
3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet:
`Get-Service -Name windefend`
@@ -174,10 +175,12 @@ To add exclusions to Microsoft Defender for Endpoint, you create [indicators](ht
3. On the **File hashes** tab, choose **Add indicator**.
3. On the **Indicator** tab, specify the following settings:
+
- File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.)
- Under **Expires on (UTC)**, choose **Never**.
4. On the **Action** tab, specify the following settings:
+
- **Response Action**: **Allow**
- Title and description
@@ -203,12 +206,14 @@ To use CMPivot to get your file hash, follow these steps:
6. In the query box, type the following query:
-```kusto
-File(c:\\windows\\notepad.exe)
-| project Hash
-```
-> [!NOTE]
-> In the query above, replace *notepad.exe* with the your third-party security product process name.
+ ```kusto
+ File(c:\\windows\\notepad.exe)
+ | project Hash
+ ```
+
+ > [!NOTE]
+ > In the query above, replace *notepad.exe* with the your third-party security product process name.
+
## Set up your device groups, device collections, and organizational units