diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
deleted file mode 100644
index 1cae26190b..0000000000
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ /dev/null
@@ -1,67 +0,0 @@
----
-title: Collect diagnostic data for Update Compliance and Windows Defender Windows Defender Antivirus
-description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender Antivirus Assessment add in
-keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
-search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: denisebmsft
-ms.author: deniseb
-ms.custom: nextgen
-ms.date: 09/03/2018
-ms.reviewer:
-manager: dansimp
----
-
-# Collect Update Compliance diagnostic data for Windows Defender AV Assessment
-
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
-
-Before attempting this process, ensure you have read [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps.
-
-On at least two devices that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by taking the following steps:
-
-1. Open an administrator-level version of the command prompt as follows:
-
- a. Open the **Start** menu.
-
- b. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
-
- c. Enter administrator credentials or approve the prompt.
-
-2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`.
-
-3. Type the following command, and then press **Enter**
-
- ```Dos
- mpcmdrun -getfiles
- ```
-
-4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
-
-5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
-
-6. Send an email using the Update Compliance support email template, and fill out the template with the following information:
-
- ```
- I am encountering the following issue when using Windows Defender Antivirus in Update Compliance:
-
- I have provided at least 2 support .cab files at the following location:
-
- My OMS workspace ID is:
-
- Please contact me at:
- ```
-
-## See also
-
-- [Troubleshoot Windows Defender Windows Defender Antivirus reporting](troubleshoot-reporting.md)
-
diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
new file mode 100644
index 0000000000..708ec3f869
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -0,0 +1,95 @@
+---
+title: Collect diagnostic data of Microsoft Defender Antivirus
+description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus
+keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: denisebmsft
+ms.author: deniseb
+ms.custom: nextgen
+ms.date: 06/01/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Collect Windows Defender AV diagnostic data
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV.
+
+On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps:
+
+1. Open an administrator-level version of the command prompt as follows:
+
+ a. Open the **Start** menu.
+
+ b. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
+
+ c. Enter administrator credentials or approve the prompt.
+
+2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`.
+
+> [!NOTE]
+> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\`.
+
+3. Type the following command, and then press **Enter**
+
+ ```Dos
+ mpcmdrun.exe -GetFiles
+ ```
+
+4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
+
+> [!NOTE]
+> To redirect the cab file to a a different path or UNC share, use the following command: `mpcmdrun.exe -GetFiles -SupportLogLocation `
For more information see [Redirect diagnostic data to a UNC share](#redirect-diagnostic-data-to-a-unc-share).
+
+5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
+
+> [!NOTE]
+>If you have a problem with Update compliance, send an email using the Update Compliance support email template, and fill out the template with the following information:
+>```
+> I am encountering the following issue when using Microsoft Defender Antivirus in Update Compliance:
+> I have provided at least 2 support .cab files at the following location:
+>
+>
+> My OMS workspace ID is:
+>
+> Please contact me at:
+
+## Redirect diagnostic data to a UNC share
+To collect diagnostic data on a central repository, you can specify the SupportLogLocation parameter.
+
+```Dos
+mpcmdrun.exe -GetFiles -SupportLogLocation
+```
+
+Copies the diagnostic data to the specified path. If the path is not specified, the diagnostic data will be copied to the location specified in the Support Log Location Configuration.
+
+When the SupportLogLocation parameter is used, a folder structure as below will be created in the destination path:
+
+```Dos
+\\MpSupport--.cab
+```
+
+| field | Description |
+|:----|:----|
+| path | The path as specified on the commandline or retrieved from configuration
+| MMDD | Month Day when the diagnostic data was collected (eg 0530)
+| hostname | the hostname of the device on which the diagnostic data was collected.
+| HHMM | Hours Minutes when the diagnostic data was collected (eg 1422)
+
+> [!NOTE]
+> When using a File share please make sure that account used to collect the diagnostic package has write access to the share.
+
+## See also
+
+- [Troubleshoot Microsoft Defender Antivirus reporting](troubleshoot-reporting.md)
+
diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index 0483497ae8..dbacf4e3a3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -36,7 +36,7 @@ MpCmdRun.exe [command] [-options]
```
Here's an example:
```
-MpCmdRun.exe -scan -2
+MpCmdRun.exe -Scan -ScanType 2
```
| Command | Description |
@@ -44,7 +44,7 @@ MpCmdRun.exe -scan -2
| `-?` **or** `-h` | Displays all available options for this tool |
| `-Scan [-ScanType [0\|1\|2\|3]] [-File [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout ] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. CpuThrottling will honor the configured CPU throttling from policy |
| `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing |
-| `-GetFiles` | Collects support information |
+| `-GetFiles [-SupportLogLocation ]` | Collects support information. See '[collecting diagnostic data](collect-diagnostic-data.md)' |
| `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder |
| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set |
| `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence |
@@ -58,5 +58,6 @@ MpCmdRun.exe -scan -2
## Related topics
+- [Reference topics for collecting diagnostic data](collect-diagnostic-data.md)
- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
index 5fdfa55aa4..ab23c09139 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
@@ -58,11 +58,32 @@ All our updates contain:
* serviceability improvements
* integration improvements (Cloud, MTP)
+
+ May-2020 (Platform: 4.18.2005.4 | Engine: 1.1.17100.2)
+
+ Security intelligence update version: **1.317.20.0**
+ Released: **May 26, 2020**
+ Platform: **4.18.2005.4**
+ Engine: **1.1.17100.2**
+ Support phase: **Security and Critical Updates**
+
+### What's new
+* Improved logging for scan events
+* Improved user mode crash handling.
+* Added event tracing for Tamper protection
+* Fixed AMSI Sample submission
+* Fixed AMSI Cloud blocking
+* Fixed Security update install log
+
+### Known Issues
+No known issues
+
+
April-2020 (Platform: 4.18.2004.6 | Engine: 1.1.17000.2)
- Security intelligence update version: **TBD**
+ Security intelligence update version: **1.315.12.0**
Released: **April 30, 2020**
Platform: **4.18.2004.6**
Engine: **1.1.17000.2**
diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
index 2efa65178d..a5d643e874 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
@@ -23,9 +23,9 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> [!IMPORTANT]
-> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
+> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance was removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
-You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx).
+You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com), which is also referred to as the Microsoft Defender Advanced Threat Protection portal).To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). To learn more about onboarding devices, see [Onboarding tools and methods for Windows 10 machines](../microsoft-defender-atp/configure-endpoints.md).
When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you might encounter problems or issues.
@@ -57,17 +57,12 @@ In order for devices to properly show up in Update Compliance, you have to meet
> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level).
> - It has been 3 days since all requirements have been met
-“You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options"
+You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you must use the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com), which is also referred to as the Microsoft Defender Advanced Threat Protection portal). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). To learn more about onboarding devices, see [Onboarding tools and methods for Windows 10 machines](../microsoft-defender-atp/configure-endpoints.md).
If the above prerequisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us.
> [!div class="nextstepaction"]
-> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md)
-
-
-
-
-
+> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data.md)
## Related topics