diff --git a/bcs/support/microsoft-365-business-faqs.md b/bcs/support/microsoft-365-business-faqs.md
index 03a4f09a0c..f1d4a9918c 100644
--- a/bcs/support/microsoft-365-business-faqs.md
+++ b/bcs/support/microsoft-365-business-faqs.md
@@ -22,7 +22,7 @@ Microsoft 365 is an integrated solution that brings together best-in-class produ
**A holistic set of business productivity and collaboration tools**
* Word, Excel, PowerPoint, Outlook, OneNote, Publisher, and Access
* Exchange, OneDrive, Skype for Business, Microsoft Teams, SharePoint
-* Business apps from Office (Bookings, Outlook Customer Manager, MileIQ[1](#footnote1), Listings[1](#footnote1), Connections[1](#footnote1), Invoicing[1](#footnote1))
+* Business apps from Office (Bookings, Outlook Customer Manager, MileIQ[1](#footnote1), Microsoft Listings[1](#footnote1), Microsoft Connections[1](#footnote1), Microsoft Invoicing[1](#footnote1))
**Enterprise-grade device management and security capabilities**
* App protection for Office mobile apps
diff --git a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
index 38cb6ddf0f..fbef87a600 100644
--- a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -30,6 +30,8 @@ ms.date: 10/17/2017
The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning.
+You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+
If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client.
diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 8c0ade88d7..283ce4a02b 100644
--- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -121,11 +121,13 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the
```
## Windows Defender Antivirus signature updates are configured
-The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. If Windows Defender Antivirus is not the active antimalware in your organization, you may need to configure the signature updates. For more information see [Configure Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
+The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them.
+
+You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
-For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
+For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
If you're running Windows Defender Antivirus as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
diff --git a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index 68514478d8..a0e2ab8d7c 100644
--- a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Onboard endpoints and set up the Windows Defender ATP user access
description: Set up user access in Azure Active Directory and use Group Policy, SCCM, or do manual registry changes to onboard endpoints to the service.
-keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy
+keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -40,6 +40,16 @@ Windows Defender Advanced Threat Protection requires one of the following Micros
For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
+## Windows Defender Antivirus configuration requirement
+The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them.
+
+You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+
+When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
+
+For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
+
+
## In this section
Topic | Description
:---|:---
diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index a3bb50ab5b..5173d88d30 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -21,7 +21,12 @@ ms.date: 08/25/2017
**Applies to:**
-- Windows 10, version 1709
+- Windows 10, version 1709 (and later)
+- Microsoft Office 365
+- Microsoft Office 2016
+- Microsoft Office 2013
+- Microsoft Office 2010
+
@@ -47,7 +52,7 @@ The feature is comprised of a number of rules, each of which target specific beh
- Executable files and scripts used in Office apps or web mail that attempt to download or run files
- Scripts that are obfuscated or otherwise suspicious
-- Behaviors that apps undertake that are not usually inititated during normal day-to-day work
+- Behaviors that apps undertake that are not usually initiated during normal day-to-day work
See the [Attack surface reduction rules](#attack-surface-reduction-rules) section in this topic for more information on each rule.
@@ -69,6 +74,15 @@ Block JavaScript or VBScript from launching downloaded executable content | D3E0
Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+The rules apply to the following Office apps running on Windows 10, version 1709. See the **Applies to** section at the start of this topic for a list of supported Office version.
+
+Supported Office apps:
+- Microsoft Word
+- Microsoft Excel
+- Microsoft PowerPoint
+- Microsoft OneNote
+
+The rules do not apply to any other Office apps.
### Rule: Block executable content from email client and webmail