From e86996aa68b5b5841be9433fa8d9ee7b344224ba Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 21 Jun 2019 16:33:12 -0700
Subject: [PATCH 01/13] Initial page for preferences for MDATP for macOS

---
 .../microsoft-defender-atp-mac-preferences.md | 317 ++++++++++++++++++
 1 file changed, 317 insertions(+)
 create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
new file mode 100644
index 0000000000..a0c9b83cc8
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -0,0 +1,317 @@
+---
+title: Set preferences for Microsoft Defender ATP for Mac
+ms.reviewer: 
+description: Describes how to configure Microsoft Defender ATP for Mac in enterprises.
+keywords: microsoft, defender, atp, mac, management, preferences, enterprise, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Set preferences for Microsoft Defender ATP for Mac
+
+In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users of the devices in your enterprise will not be able to change preferences that are set through this configuration profile.
+
+This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile.
+
+## Configuration profile structure
+
+The configuration profile is a .plist file that consists of entries identified by a key (denoting the name of the preference being set), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
+
+The top level of the configuration profile includes product-wide preferences, as well as entries for sub-areas of the product, which are explained in more detail in the next sections.
+
+### Antivirus engine preferences
+
+The *antivirusEngine* section of the configuration profile is used to manage the preferences of the antivirus component of the product.
+
+:---|:---
+**Domain** | com.microsoft.wdav
+**Key** | antivirusEngine
+**Data type** | Dictionary (nested preference)
+**Comments** | See the following sections for a description of the dictionary contents.
+
+#### Enable / disable real-time protection
+
+Whether real time protection (scan files as they are accessed) is enabled or not.
+
+:---|:---
+**Domain** | com.microsoft.wdav
+**Key** | enableRealTimeProtection
+**Data type** | Boolean
+**Possible values** | true (default); false
+
+#### Scan exclusions
+
+Entities that have been excluded from scanning. Exclusions can be specified by full paths, extensions or file names.
+
+:---|:---
+**Domain** | com.microsoft.wdav
+**Key** | exclusions
+**Data type** | Dictionary (nested preference)
+**Comments** | See the following sections for a description of the dictionary contents.
+
+##### Type of exclusion
+
+Specifies the type of the excluded content.
+
+**Domain** | com.microsoft.wdav
+**Key** | $type
+**Data type** | String
+**Possible values** | excludedPath; excludedFileExtension; excludedFileName
+
+##### Path to excluded content
+
+Path to file or directory that should be exluded from scanning.
+
+**Domain** | com.microsoft.wdav
+**Key** | path
+**Data type** | String
+**Possible values** | valid paths
+**Comments** | Applicable only if *$type* is *excludedPath*
+
+##### Path type (file / directory)
+
+Indicates if the *path* property refers to a file or directory. 
+
+**Domain** | com.microsoft.wdav
+**Key** | isDirectory
+**Data type** | Boolean
+**Possible values** | false (default); true
+**Comments** | Applicable only if *$type* is *excludedPath*
+
+##### Extension excluded from scanning
+
+Extension of files that should be excluded from scanning.
+
+**Domain** | com.microsoft.wdav
+**Key** | extension
+**Data type** | String
+**Possible values** | valid file extensions
+**Comments** | Applicable only if *$type* is *excludedFileExtension*
+
+##### Name of excluded content
+
+Name of file that should be excluded from scanning.
+
+**Domain** | com.microsoft.wdav
+**Key** | name
+**Data type** | String
+**Possible values** | any string
+**Comments** | Applicable only if *$type* is *excludedFileName*
+
+#### Threat type settings
+
+The *threatTypeSettings* preference in the antivirus engine is used to control how certain threat types are handled by the product.
+
+:---|:---
+**Domain** | com.microsoft.wdav
+**Key** | threatTypeSettings
+**Data type** | Dictionary (nested preference)
+**Comments** | See the following sections for a description of the dictionary contents.
+
+##### Threat type
+
+Type of the threat for which the behavior is configured.
+
+**Domain** | com.microsoft.wdav
+**Key** | key
+**Data type** | String
+**Possible values** | potentially_unwanted_application
+
+##### Action to take
+
+Action to take when encountering a threat of the the type being configured. Can be:
+
+- Audit: adds an entry to the log about the threat, but does not report it to the user interface or the security console
+- Block: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on
+- Off: does not block the threat or report it
+
+**Domain** | com.microsoft.wdav
+**Key** | value
+**Data type** | String
+**Possible values** | audit (default); block; off
+
+### Cloud delivered protection preferences
+
+The *cloudService* entry in the configuration profile is used to configure the cloud driven protection feature of the product.
+
+:---|:---
+**Domain** | com.microsoft.wdav
+**Key** | cloudService
+**Data type** | Dictionary (nested preference)
+**Comments** | See the following sections for a description of the dictionary contents.
+
+#### Enable / disable cloud delivered protection
+
+Whether cloud delivered protection is enabled on the device or not. To improve the security of your sevices, we recommend keeping this feature turned on.
+
+:---|:---
+**Domain** | com.microsoft.wdav
+**Key** | enabled
+**Data type** | Boolean
+**Possible values** | true (default); false
+
+#### Diagnostic collection level
+
+Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by the product to Microsoft.
+
+:---|:---
+**Domain** | com.microsoft.wdav
+**Key** | diagnosticLevel
+**Data type** | String
+**Possible values** | optional (default); required
+
+#### Enable / disable automatic sample submissions
+
+Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file we need is likely to contain personal information.
+
+:---|:---
+**Domain** | com.microsoft.wdav
+**Key** | automaticSampleSubmission
+**Data type** | Boolean
+**Possible values** | true (default); false
+
+## Recommended configuration profile
+
+To get started, we recommend the following configuration profile for your enterprise in order to take advantage of all of the protection features that Microsoft Defender ATP provides. 
+
+The following configuration profile will:
+- Enable real time protection (RTP)
+- Enable the blocking of potentially unwanted applications (PUA), which by default are in *audit* (non-blocking) mode
+- Enable cloud delivered protection
+- Enable automatic sample submission
+
+```
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>antivirusEngine</key>
+    <dict>
+        <key>enableRealTimeProtection</key>
+        <true/>
+        <key>threatTypeSettings</key>
+        <array>
+            <dict>
+                <key>key</key>
+                <string>potentially_unwanted_application</string>
+                <key>value</key>
+                <string>block</string>
+            </dict>
+        </array>
+    </dict>
+    <key>cloudService</key>
+    <dict>
+        <key>enabled</key>
+        <true/>
+        <key>automaticSampleSubmission</key>
+        <true/>
+    </dict>
+</dict>
+</plist>
+```
+
+## Full configuration profile example
+
+The following configuration profile contains entries for all of the settings described in this document and can be used for more advanced scenarios where you want more control over the product.
+
+```
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>antivirusEngine</key>
+    <dict>
+        <key>enableRealTimeProtection</key>
+        <true/>
+        <key>exclusions</key>
+        <array>
+            <dict>
+                <key>$type</key>
+                <string>excludedPath</string>
+                <key>isDirectory</key>
+                <false/>
+                <key>path</key>
+                <string>/var/log/system.log</string>
+            </dict>
+            <dict>
+                <key>$type</key>
+                <string>excludedPath</string>
+                <key>isDirectory</key>
+                <true/>
+                <key>path</key>
+                <string>/home</string>
+            </dict>
+            <dict>
+                <key>$type</key>
+                <string>excludedFileExtension</string>
+                <key>extension</key>
+                <string>pdf</string>
+            </dict>
+        </array>
+        <key>allowedThreats</key>
+        <array>
+            <string>eicar</string>
+        </array>
+        <key>threatTypeSettings</key>
+        <array>
+            <dict>
+                <key>key</key>
+                <string>potentially_unwanted_application</string>
+                <key>value</key>
+                <string>block</string>
+            </dict>
+        </array>
+    </dict>
+    <key>cloudService</key>
+    <dict>
+        <key>enabled</key>
+        <true/>
+        <key>diagnosticLevel</key>
+        <string>optional</string>
+        <key>automaticSampleSubmission</key>
+        <true/>
+    </dict>
+</dict>
+</plist>
+```
+
+## Configuration profile deployment
+
+Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. Listed below are steps for deploying this through JAMF and Intune.
+
+### JAMF deployment
+
+From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist with the settings.
+
+**NOTE:** it is important that you enter the correct preference domain, otherwise these preferences might not be recognized by the product.
+
+### Intune deployment
+
+1. Open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**.
+
+2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select Configure.
+
+3. Save the .plist with the settings as **com.microsoft.wdav.xml**.
+
+4. Enter **com.microsoft.wdav** as the **custom configuration profile name**.
+
+5. Open the configuration profile and upload **com.microsoft.wdav.xml**. This file was created in step 3.
+
+6. Select **OK**.
+
+7. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
+
+## Resources
+
+- [Configuration Profile Reference (Apple developer documentation)](https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf)

From 88c20d22069a74e45e165122196d618da3b2478a Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 21 Jun 2019 16:45:47 -0700
Subject: [PATCH 02/13] Table adjustments

---
 .../microsoft-defender-atp-mac-preferences.md | 166 ++++++++++--------
 1 file changed, 94 insertions(+), 72 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index a0c9b83cc8..fc59259235 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -34,99 +34,115 @@ The top level of the configuration profile includes product-wide preferences, as
 
 The *antivirusEngine* section of the configuration profile is used to manage the preferences of the antivirus component of the product.
 
-:---|:---
-**Domain** | com.microsoft.wdav
-**Key** | antivirusEngine
-**Data type** | Dictionary (nested preference)
-**Comments** | See the following sections for a description of the dictionary contents.
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | antivirusEngine |
+| **Data type** | Dictionary (nested preference) |
+| **Comments** | See the following sections for a description of the dictionary contents. |
 
 #### Enable / disable real-time protection
 
 Whether real time protection (scan files as they are accessed) is enabled or not.
 
-:---|:---
-**Domain** | com.microsoft.wdav
-**Key** | enableRealTimeProtection
-**Data type** | Boolean
-**Possible values** | true (default); false
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | enableRealTimeProtection |
+| **Data type** | Boolean |
+| **Possible values** | true (default); false |
 
 #### Scan exclusions
 
 Entities that have been excluded from scanning. Exclusions can be specified by full paths, extensions or file names.
 
-:---|:---
-**Domain** | com.microsoft.wdav
-**Key** | exclusions
-**Data type** | Dictionary (nested preference)
-**Comments** | See the following sections for a description of the dictionary contents.
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | exclusions |
+| **Data type** | Dictionary (nested preference) |
+| **Comments** | See the following sections for a description of the dictionary contents. |
 
 ##### Type of exclusion
 
 Specifies the type of the excluded content.
 
-**Domain** | com.microsoft.wdav
-**Key** | $type
-**Data type** | String
-**Possible values** | excludedPath; excludedFileExtension; excludedFileName
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | $type |
+| **Data type** | String |
+| **Possible values** | excludedPath; excludedFileExtension; excludedFileName |
 
 ##### Path to excluded content
 
 Path to file or directory that should be exluded from scanning.
 
-**Domain** | com.microsoft.wdav
-**Key** | path
-**Data type** | String
-**Possible values** | valid paths
-**Comments** | Applicable only if *$type* is *excludedPath*
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | path |
+| **Data type** | String |
+| **Possible values** | valid paths |
+| **Comments** | Applicable only if *$type* is *excludedPath* |
 
 ##### Path type (file / directory)
 
 Indicates if the *path* property refers to a file or directory. 
 
-**Domain** | com.microsoft.wdav
-**Key** | isDirectory
-**Data type** | Boolean
-**Possible values** | false (default); true
-**Comments** | Applicable only if *$type* is *excludedPath*
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | isDirectory |
+| **Data type** | Boolean |
+| **Possible values** | false (default); true |
+| **Comments** | Applicable only if *$type* is *excludedPath* |
 
 ##### Extension excluded from scanning
 
 Extension of files that should be excluded from scanning.
 
-**Domain** | com.microsoft.wdav
-**Key** | extension
-**Data type** | String
-**Possible values** | valid file extensions
-**Comments** | Applicable only if *$type* is *excludedFileExtension*
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | extension |
+| **Data type** | String |
+| **Possible values** | valid file extensions |
+| **Comments** | Applicable only if *$type* is *excludedFileExtension* |
 
 ##### Name of excluded content
 
 Name of file that should be excluded from scanning.
 
-**Domain** | com.microsoft.wdav
-**Key** | name
-**Data type** | String
-**Possible values** | any string
-**Comments** | Applicable only if *$type* is *excludedFileName*
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | name |
+| **Data type** | String |
+| **Possible values** | any string |
+| **Comments** | Applicable only if *$type* is *excludedFileName* |
 
 #### Threat type settings
 
 The *threatTypeSettings* preference in the antivirus engine is used to control how certain threat types are handled by the product.
 
-:---|:---
-**Domain** | com.microsoft.wdav
-**Key** | threatTypeSettings
-**Data type** | Dictionary (nested preference)
-**Comments** | See the following sections for a description of the dictionary contents.
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | threatTypeSettings |
+| **Data type** | Dictionary (nested preference) |
+| **Comments** | See the following sections for a description of the dictionary contents. |
 
 ##### Threat type
 
 Type of the threat for which the behavior is configured.
 
-**Domain** | com.microsoft.wdav
-**Key** | key
-**Data type** | String
-**Possible values** | potentially_unwanted_application
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | key |
+| **Data type** | String |
+| **Possible values** | potentially_unwanted_application |
 
 ##### Action to take
 
@@ -136,50 +152,56 @@ Action to take when encountering a threat of the the type being configured. Can
 - Block: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on
 - Off: does not block the threat or report it
 
-**Domain** | com.microsoft.wdav
-**Key** | value
-**Data type** | String
-**Possible values** | audit (default); block; off
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | value |
+| **Data type** | String |
+| **Possible values** | audit (default); block; off |
 
 ### Cloud delivered protection preferences
 
 The *cloudService* entry in the configuration profile is used to configure the cloud driven protection feature of the product.
 
-:---|:---
-**Domain** | com.microsoft.wdav
-**Key** | cloudService
-**Data type** | Dictionary (nested preference)
-**Comments** | See the following sections for a description of the dictionary contents.
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | cloudService |
+| **Data type** | Dictionary (nested preference) |
+| **Comments** | See the following sections for a description of the dictionary contents. |
 
 #### Enable / disable cloud delivered protection
 
 Whether cloud delivered protection is enabled on the device or not. To improve the security of your sevices, we recommend keeping this feature turned on.
 
-:---|:---
-**Domain** | com.microsoft.wdav
-**Key** | enabled
-**Data type** | Boolean
-**Possible values** | true (default); false
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | enabled |
+| **Data type** | Boolean |
+| **Possible values** | true (default); false |
 
 #### Diagnostic collection level
 
 Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by the product to Microsoft.
 
-:---|:---
-**Domain** | com.microsoft.wdav
-**Key** | diagnosticLevel
-**Data type** | String
-**Possible values** | optional (default); required
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | diagnosticLevel |
+| **Data type** | String |
+| **Possible values** | optional (default); required |
 
 #### Enable / disable automatic sample submissions
 
 Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file we need is likely to contain personal information.
 
-:---|:---
-**Domain** | com.microsoft.wdav
-**Key** | automaticSampleSubmission
-**Data type** | Boolean
-**Possible values** | true (default); false
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | automaticSampleSubmission |
+| **Data type** | Boolean |
+| **Possible values** | true (default); false |
 
 ## Recommended configuration profile
 

From 9b788d1f7c9738fc22785638af1129991efbc004 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 21 Jun 2019 16:49:21 -0700
Subject: [PATCH 03/13] Spacing

---
 .../microsoft-defender-atp-mac-preferences.md    | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index fc59259235..1e5c79356f 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -20,7 +20,7 @@ ms.topic: conceptual
 
 # Set preferences for Microsoft Defender ATP for Mac
 
-In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users of the devices in your enterprise will not be able to change preferences that are set through this configuration profile.
+In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise will not be able to change preferences that are set through this configuration profile.
 
 This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile.
 
@@ -50,7 +50,7 @@ Whether real time protection (scan files as they are accessed) is enabled or not
 | **Domain** | com.microsoft.wdav |
 | **Key** | enableRealTimeProtection |
 | **Data type** | Boolean |
-| **Possible values** | true (default); false |
+| **Possible values** | true (default) <br/> false |
 
 #### Scan exclusions
 
@@ -72,7 +72,7 @@ Specifies the type of the excluded content.
 | **Domain** | com.microsoft.wdav |
 | **Key** | $type |
 | **Data type** | String |
-| **Possible values** | excludedPath; excludedFileExtension; excludedFileName |
+| **Possible values** | excludedPath <br/> excludedFileExtension <br/> excludedFileName |
 
 ##### Path to excluded content
 
@@ -95,7 +95,7 @@ Indicates if the *path* property refers to a file or directory.
 | **Domain** | com.microsoft.wdav |
 | **Key** | isDirectory |
 | **Data type** | Boolean |
-| **Possible values** | false (default); true |
+| **Possible values** | false (default) <br/> true |
 | **Comments** | Applicable only if *$type* is *excludedPath* |
 
 ##### Extension excluded from scanning
@@ -157,7 +157,7 @@ Action to take when encountering a threat of the the type being configured. Can
 | **Domain** | com.microsoft.wdav |
 | **Key** | value |
 | **Data type** | String |
-| **Possible values** | audit (default); block; off |
+| **Possible values** | audit (default) <br/> block <br/> off |
 
 ### Cloud delivered protection preferences
 
@@ -179,7 +179,7 @@ Whether cloud delivered protection is enabled on the device or not. To improve t
 | **Domain** | com.microsoft.wdav |
 | **Key** | enabled |
 | **Data type** | Boolean |
-| **Possible values** | true (default); false |
+| **Possible values** | true (default) <br/> false |
 
 #### Diagnostic collection level
 
@@ -190,7 +190,7 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de
 | **Domain** | com.microsoft.wdav |
 | **Key** | diagnosticLevel |
 | **Data type** | String |
-| **Possible values** | optional (default); required |
+| **Possible values** | optional (default) <br/> required |
 
 #### Enable / disable automatic sample submissions
 
@@ -201,7 +201,7 @@ Determines whether suspicious samples (that are likely to contain threats) are s
 | **Domain** | com.microsoft.wdav |
 | **Key** | automaticSampleSubmission |
 | **Data type** | Boolean |
-| **Possible values** | true (default); false |
+| **Possible values** | true (default) <br/> false |
 
 ## Recommended configuration profile
 

From c31d376f962669bed129741337feda4d93de3a17 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 21 Jun 2019 16:56:08 -0700
Subject: [PATCH 04/13] Warning for deployment

---
 .../microsoft-defender-atp-mac-preferences.md        | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index 1e5c79356f..9567b6c75e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -148,9 +148,9 @@ Type of the threat for which the behavior is configured.
 
 Action to take when encountering a threat of the the type being configured. Can be:
 
-- Audit: adds an entry to the log about the threat, but does not report it to the user interface or the security console
-- Block: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on
-- Off: does not block the threat or report it
+- *Audit*: adds an entry to the log about the threat, but does not report it to the user interface or the security console
+- *Block*: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on
+- *Off*: does not block the threat or report it
 
 |||
 |:---|:---|
@@ -316,7 +316,8 @@ Once you've built the configuration profile for your enterprise, you can deploy
 
 From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist with the settings.
 
-**NOTE:** it is important that you enter the correct preference domain, otherwise these preferences might not be recognized by the product.
+>[!WARNING]
+>It is important that you enter the correct preference domain, otherwise these preferences might not be recognized by the product.
 
 ### Intune deployment
 
@@ -334,6 +335,9 @@ From the JAMF console, open **Computers** > **Configuration Profiles**, navigate
 
 7. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
 
+>[!WARNING]
+>It is important that you enter the correct custom configuration profile name, otherwise these preferences might not be recognized by the product.
+
 ## Resources
 
 - [Configuration Profile Reference (Apple developer documentation)](https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf)

From eaf7b97185199f26c35416f3e5dd72596c6eb210 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 09:47:11 -0700
Subject: [PATCH 05/13] Minor updates

---
 .../microsoft-defender-atp-mac-preferences.md | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index 9567b6c75e..72915e7619 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -76,7 +76,7 @@ Specifies the type of the excluded content.
 
 ##### Path to excluded content
 
-Path to file or directory that should be exluded from scanning.
+Used to exclude content from scanning by full file path.
 
 |||
 |:---|:---|
@@ -98,9 +98,9 @@ Indicates if the *path* property refers to a file or directory.
 | **Possible values** | false (default) <br/> true |
 | **Comments** | Applicable only if *$type* is *excludedPath* |
 
-##### Extension excluded from scanning
+##### File extension excluded from scanning
 
-Extension of files that should be excluded from scanning.
+Used to exclude content from scanning by file extension.
 
 |||
 |:---|:---|
@@ -112,7 +112,7 @@ Extension of files that should be excluded from scanning.
 
 ##### Name of excluded content
 
-Name of file that should be excluded from scanning.
+Used to exclude content from scanning by file name.
 
 |||
 |:---|:---|
@@ -148,9 +148,9 @@ Type of the threat for which the behavior is configured.
 
 Action to take when encountering a threat of the the type being configured. Can be:
 
-- *Audit*: adds an entry to the log about the threat, but does not report it to the user interface or the security console
-- *Block*: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on
-- *Off*: does not block the threat or report it
+- **Audit**: adds an entry to the log about the threat, but does not report it to the user interface or the security console
+- **Block**: reports the threat to the user interface and the security console and protects the device against this type of threat
+- **Off**: does not block the threat and does not report it to the log or security console
 
 |||
 |:---|:---|
@@ -194,7 +194,7 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de
 
 #### Enable / disable automatic sample submissions
 
-Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file we need is likely to contain personal information.
+Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file being submitted is likely to contain personal information.
 
 |||
 |:---|:---|
@@ -314,10 +314,10 @@ Once you've built the configuration profile for your enterprise, you can deploy
 
 ### JAMF deployment
 
-From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist with the settings.
+From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist produced using the steps described earlier in this document.
 
 >[!WARNING]
->It is important that you enter the correct preference domain, otherwise these preferences might not be recognized by the product.
+>It is important that you enter the correct preference domain (*com.microsoft.wdav*), otherwise the preferences might not be recognized by the product.
 
 ### Intune deployment
 
@@ -325,7 +325,7 @@ From the JAMF console, open **Computers** > **Configuration Profiles**, navigate
 
 2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select Configure.
 
-3. Save the .plist with the settings as **com.microsoft.wdav.xml**.
+3. Save the .plist produced using the steps described earlier in this document as **com.microsoft.wdav.xml**.
 
 4. Enter **com.microsoft.wdav** as the **custom configuration profile name**.
 

From 896cc1f51c124b785edbad1b00605dcaaed5e87a Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 10:46:00 -0700
Subject: [PATCH 06/13] Add more info on archive bombs

---
 .../microsoft-defender-atp-mac-preferences.md  | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index 72915e7619..bfb9e7d141 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -142,7 +142,7 @@ Type of the threat for which the behavior is configured.
 | **Domain** | com.microsoft.wdav |
 | **Key** | key |
 | **Data type** | String |
-| **Possible values** | potentially_unwanted_application |
+| **Possible values** | potentially_unwanted_application <br/> archive_bomb |
 
 ##### Action to take
 
@@ -209,7 +209,9 @@ To get started, we recommend the following configuration profile for your enterp
 
 The following configuration profile will:
 - Enable real time protection (RTP)
-- Enable the blocking of potentially unwanted applications (PUA), which by default are in *audit* (non-blocking) mode
+- Specify how the following threat types are handled:
+  - **Potentially unwanted applications (PUA)** are blocked
+  - **Archive bombs** (file with a very high compression rate) are audited to the product logs
 - Enable cloud delivered protection
 - Enable automatic sample submission
 
@@ -230,6 +232,12 @@ The following configuration profile will:
                 <key>value</key>
                 <string>block</string>
             </dict>
+            <dict>
+                <key>key</key>
+                <string>archive_bomb</string>
+                <key>value</key>
+                <string>audit</string>
+            </dict>
         </array>
     </dict>
     <key>cloudService</key>
@@ -293,6 +301,12 @@ The following configuration profile contains entries for all of the settings des
                 <key>value</key>
                 <string>block</string>
             </dict>
+            <dict>
+                <key>key</key>
+                <string>archive_bomb</string>
+                <key>value</key>
+                <string>audit</string>
+            </dict>
         </array>
     </dict>
     <key>cloudService</key>

From 4e35255901007abfe33b4da998b80531af6ce50f Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 13:19:34 -0700
Subject: [PATCH 07/13] Try out different formatting

---
 .../microsoft-defender-atp-mac-preferences.md  | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index bfb9e7d141..609e571bb1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -63,7 +63,7 @@ Entities that have been excluded from scanning. Exclusions can be specified by f
 | **Data type** | Dictionary (nested preference) |
 | **Comments** | See the following sections for a description of the dictionary contents. |
 
-##### Type of exclusion
+**Type of exclusion**
 
 Specifies the type of the excluded content.
 
@@ -74,7 +74,7 @@ Specifies the type of the excluded content.
 | **Data type** | String |
 | **Possible values** | excludedPath <br/> excludedFileExtension <br/> excludedFileName |
 
-##### Path to excluded content
+**Path to excluded content**
 
 Used to exclude content from scanning by full file path.
 
@@ -86,7 +86,7 @@ Used to exclude content from scanning by full file path.
 | **Possible values** | valid paths |
 | **Comments** | Applicable only if *$type* is *excludedPath* |
 
-##### Path type (file / directory)
+**Path type (file / directory)**
 
 Indicates if the *path* property refers to a file or directory. 
 
@@ -98,7 +98,7 @@ Indicates if the *path* property refers to a file or directory.
 | **Possible values** | false (default) <br/> true |
 | **Comments** | Applicable only if *$type* is *excludedPath* |
 
-##### File extension excluded from scanning
+**File extension excluded from scanning**
 
 Used to exclude content from scanning by file extension.
 
@@ -110,7 +110,7 @@ Used to exclude content from scanning by file extension.
 | **Possible values** | valid file extensions |
 | **Comments** | Applicable only if *$type* is *excludedFileExtension* |
 
-##### Name of excluded content
+**Name of excluded content**
 
 Used to exclude content from scanning by file name.
 
@@ -133,7 +133,7 @@ The *threatTypeSettings* preference in the antivirus engine is used to control h
 | **Data type** | Dictionary (nested preference) |
 | **Comments** | See the following sections for a description of the dictionary contents. |
 
-##### Threat type
+**Threat type**
 
 Type of the threat for which the behavior is configured.
 
@@ -144,7 +144,7 @@ Type of the threat for which the behavior is configured.
 | **Data type** | String |
 | **Possible values** | potentially_unwanted_application <br/> archive_bomb |
 
-##### Action to take
+**Action to take**
 
 Action to take when encountering a threat of the the type being configured. Can be:
 
@@ -215,7 +215,7 @@ The following configuration profile will:
 - Enable cloud delivered protection
 - Enable automatic sample submission
 
-```
+```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -255,7 +255,7 @@ The following configuration profile will:
 
 The following configuration profile contains entries for all of the settings described in this document and can be used for more advanced scenarios where you want more control over the product.
 
-```
+```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">

From 110f441e4ef77d218057b912cbcfc83fd6507791 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 13:55:56 -0700
Subject: [PATCH 08/13] Minor wording update

---
 .../microsoft-defender-atp-mac-preferences.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index 609e571bb1..633baf9a77 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -65,7 +65,7 @@ Entities that have been excluded from scanning. Exclusions can be specified by f
 
 **Type of exclusion**
 
-Specifies the type of the excluded content.
+Specifies the type of content excluded from scanning.
 
 |||
 |:---|:---|

From 3396f53b83c5f7873f27058876cda5157a39a883 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 15:45:48 -0700
Subject: [PATCH 09/13] Try to change casing

---
 .../microsoft-defender-atp-mac-preferences.md                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index 633baf9a77..5cd8cf407c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -215,7 +215,7 @@ The following configuration profile will:
 - Enable cloud delivered protection
 - Enable automatic sample submission
 
-```xml
+```XML
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -255,7 +255,7 @@ The following configuration profile will:
 
 The following configuration profile contains entries for all of the settings described in this document and can be used for more advanced scenarios where you want more control over the product.
 
-```xml
+```XML
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">

From 4d26fe7a379d4b0952e30f900e3c367b24e6d939 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 19:25:13 -0700
Subject: [PATCH 10/13] Add more info at the top of the page

---
 .../microsoft-defender-atp-mac-preferences.md                  | 3 +++
 .../windows-defender-antivirus/microsoft-defender-atp-mac.md   | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index 5cd8cf407c..bf85527a38 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -20,6 +20,9 @@ ms.topic: conceptual
 
 # Set preferences for Microsoft Defender ATP for Mac
 
+>[!IMPORTANT]
+>This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page.
+
 In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise will not be able to change preferences that are set through this configuration profile.
 
 This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
index 6794868296..79866deb5d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@@ -55,6 +55,8 @@ In general you'll need to take the following steps:
 
 Whichever method you choose, you will first need to visit the onboarding page in the Microsoft Defender ATP portal.
 
+Once installed, you can configure the product in your enterprise using the steps in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
+
 ### Prerequisites
 
 You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine.

From ba9334c30d79bddf9f670fedf05fbff042efee0c Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 21:35:38 -0700
Subject: [PATCH 11/13] Fixes to improve the scorecard

---
 .../microsoft-defender-atp-mac-preferences.md | 44 +++++++++----------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index bf85527a38..fb45bfadcb 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -23,15 +23,15 @@ ms.topic: conceptual
 >[!IMPORTANT]
 >This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page.
 
-In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise will not be able to change preferences that are set through this configuration profile.
+In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile. This profile is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile.
 
 This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile.
 
 ## Configuration profile structure
 
-The configuration profile is a .plist file that consists of entries identified by a key (denoting the name of the preference being set), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
+The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference being set), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
 
-The top level of the configuration profile includes product-wide preferences, as well as entries for sub-areas of the product, which are explained in more detail in the next sections.
+The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.
 
 ### Antivirus engine preferences
 
@@ -46,7 +46,7 @@ The *antivirusEngine* section of the configuration profile is used to manage the
 
 #### Enable / disable real-time protection
 
-Whether real time protection (scan files as they are accessed) is enabled or not.
+Whether real-time protection (scan files as they are accessed) is enabled or not.
 
 |||
 |:---|:---|
@@ -57,7 +57,7 @@ Whether real time protection (scan files as they are accessed) is enabled or not
 
 #### Scan exclusions
 
-Entities that have been excluded from scanning. Exclusions can be specified by full paths, extensions or file names.
+Entities that have been excluded from being scanned. Exclusions can be specified by full paths, extensions, or file names.
 
 |||
 |:---|:---|
@@ -68,7 +68,7 @@ Entities that have been excluded from scanning. Exclusions can be specified by f
 
 **Type of exclusion**
 
-Specifies the type of content excluded from scanning.
+Specifies the type of content excluded from being scanned.
 
 |||
 |:---|:---|
@@ -79,7 +79,7 @@ Specifies the type of content excluded from scanning.
 
 **Path to excluded content**
 
-Used to exclude content from scanning by full file path.
+Used to exclude content from being scanned by full file path.
 
 |||
 |:---|:---|
@@ -101,9 +101,9 @@ Indicates if the *path* property refers to a file or directory.
 | **Possible values** | false (default) <br/> true |
 | **Comments** | Applicable only if *$type* is *excludedPath* |
 
-**File extension excluded from scanning**
+**File extension excluded from being scanned**
 
-Used to exclude content from scanning by file extension.
+Used to exclude content from being scanned by file extension.
 
 |||
 |:---|:---|
@@ -115,7 +115,7 @@ Used to exclude content from scanning by file extension.
 
 **Name of excluded content**
 
-Used to exclude content from scanning by file name.
+Used to exclude content from being scanned by file name.
 
 |||
 |:---|:---|
@@ -149,11 +149,11 @@ Type of the threat for which the behavior is configured.
 
 **Action to take**
 
-Action to take when encountering a threat of the the type being configured. Can be:
+Action to take when coming across a threat of the type specified above. Can be:
 
-- **Audit**: adds an entry to the log about the threat, but does not report it to the user interface or the security console
+- **Audit**: adds an entry to the log about the threat, but will not report it to the user interface or the security console
 - **Block**: reports the threat to the user interface and the security console and protects the device against this type of threat
-- **Off**: does not block the threat and does not report it to the log or security console
+- **Off**: will not block the threat and will not report it to the log or security console
 
 |||
 |:---|:---|
@@ -175,7 +175,7 @@ The *cloudService* entry in the configuration profile is used to configure the c
 
 #### Enable / disable cloud delivered protection
 
-Whether cloud delivered protection is enabled on the device or not. To improve the security of your sevices, we recommend keeping this feature turned on.
+Whether cloud delivered protection is enabled on the device or not. To improve the security of your services, we recommend keeping this feature turned on.
 
 |||
 |:---|:---|
@@ -197,7 +197,7 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de
 
 #### Enable / disable automatic sample submissions
 
-Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file being submitted is likely to contain personal information.
+Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. Users will be prompted if the file being submitted is likely to contain personal information.
 
 |||
 |:---|:---|
@@ -208,13 +208,13 @@ Determines whether suspicious samples (that are likely to contain threats) are s
 
 ## Recommended configuration profile
 
-To get started, we recommend the following configuration profile for your enterprise in order to take advantage of all of the protection features that Microsoft Defender ATP provides. 
+To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
 
 The following configuration profile will:
-- Enable real time protection (RTP)
+- Enable real-time protection (RTP)
 - Specify how the following threat types are handled:
   - **Potentially unwanted applications (PUA)** are blocked
-  - **Archive bombs** (file with a very high compression rate) are audited to the product logs
+  - **Archive bombs** (file with a high compression rate) are audited to the product logs
 - Enable cloud delivered protection
 - Enable automatic sample submission
 
@@ -256,7 +256,7 @@ The following configuration profile will:
 
 ## Full configuration profile example
 
-The following configuration profile contains entries for all of the settings described in this document and can be used for more advanced scenarios where you want more control over the product.
+The following configuration profile contains entries for all settings described in this document and can be used for more advanced scenarios where you want more control over the product.
 
 ```XML
 <?xml version="1.0" encoding="UTF-8"?>
@@ -327,11 +327,11 @@ The following configuration profile contains entries for all of the settings des
 
 ## Configuration profile deployment
 
-Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. Listed below are steps for deploying this through JAMF and Intune.
+Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. The following sections provide instructions on how to deploy this profile using JAMF and Intune.
 
 ### JAMF deployment
 
-From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist produced using the steps described earlier in this document.
+From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**. Create an entry with *com.microsoft.wdav* as the preference domain and upload the .plist produced earlier.
 
 >[!WARNING]
 >It is important that you enter the correct preference domain (*com.microsoft.wdav*), otherwise the preferences might not be recognized by the product.
@@ -342,7 +342,7 @@ From the JAMF console, open **Computers** > **Configuration Profiles**, navigate
 
 2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select Configure.
 
-3. Save the .plist produced using the steps described earlier in this document as **com.microsoft.wdav.xml**.
+3. Save the .plist produced earlier as **com.microsoft.wdav.xml**.
 
 4. Enter **com.microsoft.wdav** as the **custom configuration profile name**.
 

From 763622bd9fc58bb7b0136b4fb8a0387981c16f9a Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 22:00:26 -0700
Subject: [PATCH 12/13] Try to rephrase action to take

---
 .../microsoft-defender-atp-mac-preferences.md             | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index fb45bfadcb..288275c972 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -149,11 +149,11 @@ Type of the threat for which the behavior is configured.
 
 **Action to take**
 
-Action to take when coming across a threat of the type specified above. Can be:
+Action to take when coming across a threat of the type specified in the preceding section. Can be:
 
-- **Audit**: adds an entry to the log about the threat, but will not report it to the user interface or the security console
-- **Block**: reports the threat to the user interface and the security console and protects the device against this type of threat
-- **Off**: will not block the threat and will not report it to the log or security console
+- **Audit**: your device is not protected against this type of threat, but an entry about the threat is logged.
+- **Block**: your device is protected against this type of threat and you are notified in the user interface and the security console.
+- **Off**: your device is not protected against this type of threat and nothing is logged.
 
 |||
 |:---|:---|

From 89fd41672c47c58cb518f8e8c87e2c8e84fb6614 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 24 Jun 2019 22:35:57 -0700
Subject: [PATCH 13/13] More scorecard updates

---
 .../microsoft-defender-atp-mac-preferences.md  | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index 288275c972..fd571e3bb9 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -23,13 +23,13 @@ ms.topic: conceptual
 >[!IMPORTANT]
 >This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page.
 
-In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile. This profile is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile.
+In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile. This profile is deployed from management tool of your choice. Preferences managed by the enterprise take precedence over the ones set locally on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile.
 
 This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile.
 
 ## Configuration profile structure
 
-The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference being set), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
+The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
 
 The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.
 
@@ -57,7 +57,7 @@ Whether real-time protection (scan files as they are accessed) is enabled or not
 
 #### Scan exclusions
 
-Entities that have been excluded from being scanned. Exclusions can be specified by full paths, extensions, or file names.
+Entities that have been excluded from the scan. Exclusions can be specified by full paths, extensions, or file names.
 
 |||
 |:---|:---|
@@ -68,7 +68,7 @@ Entities that have been excluded from being scanned. Exclusions can be specified
 
 **Type of exclusion**
 
-Specifies the type of content excluded from being scanned.
+Specifies the type of content excluded from the scan.
 
 |||
 |:---|:---|
@@ -79,7 +79,7 @@ Specifies the type of content excluded from being scanned.
 
 **Path to excluded content**
 
-Used to exclude content from being scanned by full file path.
+Used to exclude content from the scan by full file path.
 
 |||
 |:---|:---|
@@ -101,9 +101,9 @@ Indicates if the *path* property refers to a file or directory.
 | **Possible values** | false (default) <br/> true |
 | **Comments** | Applicable only if *$type* is *excludedPath* |
 
-**File extension excluded from being scanned**
+**File extension excluded from the scan**
 
-Used to exclude content from being scanned by file extension.
+Used to exclude content from the scan by file extension.
 
 |||
 |:---|:---|
@@ -115,7 +115,7 @@ Used to exclude content from being scanned by file extension.
 
 **Name of excluded content**
 
-Used to exclude content from being scanned by file name.
+Used to exclude content from the scan by file name.
 
 |||
 |:---|:---|
@@ -197,7 +197,7 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de
 
 #### Enable / disable automatic sample submissions
 
-Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. Users will be prompted if the file being submitted is likely to contain personal information.
+Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. You are prompted if the submitted file is likely to contain personal information.
 
 |||
 |:---|:---|