From c77d424231bb08d822163703764decdf5e1cf46c Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Sat, 30 May 2020 16:10:21 -0700
Subject: [PATCH 01/13] Update
 manage-updates-baselines-windows-defender-antivirus.md

May 2020 Update
---
 ...es-baselines-windows-defender-antivirus.md | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
index 8146772e45..90822a5761 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
@@ -58,11 +58,32 @@ All our updates contain:
 * serviceability improvements
 * Integration improvements (Cloud, MTP)  
 <br/>
+<details>
+<summary> May-2020 (Platform: 4.18.2005.4 | Engine: 1.1.17100.2)</summary>
+
+&ensp;Security intelligence update version: **1.317.20.0**  
+&ensp;Released: **May 26, 2020**  
+&ensp;Platform: **4.18.2005.4**  
+&ensp;Engine: **1.1.17100.2**  
+&ensp;Support phase: **Security and Critical Updates**
+    
+### What's new
+* Improved logging for scan events
+* Improved user mode crash handling.
+* Added event tracing for Tamper protection
+* Fixed AMSI Sample submission
+* Fixed AMSI Cloud blocking
+* Fixed Security update install log
+
+### Known Issues
+No known issues  
+<br/>
+</details>
 
 <details>
 <summary> April-2020 (Platform: 4.18.2004.5 | Engine: 1.1.17000.2)</summary>
 
-&ensp;Security intelligence update version: **TBD**  
+&ensp;Security intelligence update version: **1.315.12.0**  
 &ensp;Released: **April 30, 2020**  
 &ensp;Platform: **4.18.2004.5**  
 &ensp;Engine: **1.1.17000.2**  

From bd4fcff39785fbde819cafcb04f168ea9ec57126 Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Sat, 30 May 2020 18:23:24 -0700
Subject: [PATCH 02/13] SupportLogLocation parameter

Adding new parameter SupportLogLocation and usage explanation
---
 ...llect-diagnostic-data-update-compliance.md | 34 +++++++++++++++++--
 ...ne-arguments-windows-defender-antivirus.md |  4 +--
 2 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
index 1cae26190b..0b217d93f5 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
@@ -38,14 +38,19 @@ On at least two devices that are not reporting or showing up in Update Complianc
     c. Enter administrator credentials or approve the prompt.
         
 2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`.
-
+> [!NOTE]
+> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
 3. Type the following command, and then press **Enter**
         
     ```Dos
-    mpcmdrun -getfiles
+    mpcmdrun.exe -GetFiles
     ```
-    
+  
 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
+> [!NOTE]
+> To redirect the cab file to a a different path or UNC share, use the below command:  
+> `mpcmdrun.exe -GetFiles -SupportLogLocation <path>`  
+> for more information see '[Redirect diagnostic data to a UNC share](#Redirect-diagnostic-data-to-a-UNC-share)'
 
 5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
 
@@ -60,6 +65,29 @@ On at least two devices that are not reporting or showing up in Update Complianc
 
     Please contact me at:
     ```
+## Redirect diagnostic data to a UNC share
+To collect diagnostic data on a central repository, you can specify the SupportLogLocation parameter.
+
+```Dos
+mpcmdrun.exe -GetFiles -SupportLogLocation <path>
+```
+Copies the diagnostic data to the specified path. If the path is not specified, the diagnostic data will be copied to the location specified in the Support Log Location Configuration.
+
+When the SupportLogLocation parameter is used, a folder structure as below will be created in the destination path:
+```Dos
+<path>\<MMDD>\MpSupport-<hostname>-<HHMM>.cab
+```
+| field  | Description   |
+|:----|:----|
+| path | The path as specified on the commandline or retrieved from configuration
+| MMDD | Month Day when the diagnostic data was collected (eg 0530)
+| hostname | the hostname of the device on which the diagnostic data was collected.
+| HHMM | Hours Minutes when the diagnostic data was collected (eg 1422)
+
+> [!NOTE]
+> When using a File share please make sure that domain accounts used to collect the diagnostic package has write access to the share.  
+> To prevent data loss, you can deny these accounts from deleting data.
+
 
 ## See also
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index b42e1c8729..4922a7ff73 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -36,7 +36,7 @@ MpCmdRun.exe [command] [-options]
 ```
 Here's an example:
 ```
-MpCmdRun.exe -scan -2
+MpCmdRun.exe -Scan -ScanType 2
 ``` 
 
 | Command  | Description   |
@@ -44,7 +44,7 @@ MpCmdRun.exe -scan -2
 | `-?` **or** `-h`   | Displays all available options for this tool |
 | `-Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. |
 | `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing |
-| `-GetFiles` | Collects support information |
+| `-GetFiles [-SupportLogLocation <path>]` | Collects support information.  |
 | `-GetFilesDiagTrack`  | Same as `-GetFiles`, but outputs to temporary DiagTrack folder |
 | `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set |
 | `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence |

From 22cd81e37e514419131c47b0a716d25c0606f653 Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Sun, 31 May 2020 11:05:55 -0700
Subject: [PATCH 03/13] general doc for diag data

making it a general doc to collect diagnostic data
---
 ...ta-update-compliance.md => collect-diagnostic-data.md} | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename windows/security/threat-protection/windows-defender-antivirus/{collect-diagnostic-data-update-compliance.md => collect-diagnostic-data.md} (92%)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
similarity index 92%
rename from windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
rename to windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index 0b217d93f5..ecbbb8d074 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -1,6 +1,6 @@
 ---
-title: Collect diagnostic data for Update Compliance and Windows Defender Windows Defender Antivirus
-description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender Antivirus Assessment add in
+title: Collect diagnostic data of Windows Defender Windows Defender Antivirus
+description: Use a tool to collect data to troubleshoot Windows Defender Antivirus
 keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -17,13 +17,13 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Collect Update Compliance diagnostic data for Windows Defender AV Assessment
+# Collect Windows Defender AV diagnostic
 
 **Applies to:**
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
+This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV.
 
 Before attempting this process, ensure you have read [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps.
 

From ec6e3599e22145a67136b4205eb5a015efee6ac0 Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Sun, 31 May 2020 11:09:59 -0700
Subject: [PATCH 04/13] add ref to diag data page

add reference to collecting diagnostic data page
---
 .../command-line-arguments-windows-defender-antivirus.md       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index 4922a7ff73..8a16818ba6 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -44,7 +44,7 @@ MpCmdRun.exe -Scan -ScanType 2
 | `-?` **or** `-h`   | Displays all available options for this tool |
 | `-Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. |
 | `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing |
-| `-GetFiles [-SupportLogLocation <path>]` | Collects support information.  |
+| `-GetFiles [-SupportLogLocation <path>]` | Collects support information. See '[collecting diagnostic data](collect-diagnostic-data.md)'  |
 | `-GetFilesDiagTrack`  | Same as `-GetFiles`, but outputs to temporary DiagTrack folder |
 | `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set |
 | `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence |
@@ -58,5 +58,6 @@ MpCmdRun.exe -Scan -ScanType 2
 
 ## Related topics
 
+- [Reference topics for collecting diagnostic data](collect-diagnostic-data.md)
 - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

From ad6261e8b9cb82d456acfd7342da8a51557ff1f1 Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Sun, 31 May 2020 15:03:39 -0700
Subject: [PATCH 05/13] refining and updating reference links

refining and updating reference links
---
 .../collect-diagnostic-data.md                | 44 ++++++++++---------
 .../troubleshoot-reporting.md                 |  2 +-
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index ecbbb8d074..c3c1d2b052 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -17,7 +17,7 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Collect Windows Defender AV diagnostic
+# Collect Windows Defender AV diagnostic data
 
 **Applies to:**
 
@@ -25,28 +25,29 @@ manager: dansimp
 
 This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV.
 
-Before attempting this process, ensure you have read [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps.
-
-On at least two devices that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by taking the following steps:
+On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps:
 
 1. Open an administrator-level version of the command prompt as follows:
-        
+
     a. Open the **Start** menu.
 
     b. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
 
     c. Enter administrator credentials or approve the prompt.
-        
+
 2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`.
+
 > [!NOTE]
 > If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
-3. Type the following command, and then press **Enter**
-        
+
+3. Type the following command, and then press **Enter**  
+
     ```Dos
     mpcmdrun.exe -GetFiles
     ```
   
 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
+
 > [!NOTE]
 > To redirect the cab file to a a different path or UNC share, use the below command:  
 > `mpcmdrun.exe -GetFiles -SupportLogLocation <path>`  
@@ -54,29 +55,32 @@ On at least two devices that are not reporting or showing up in Update Complianc
 
 5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
 
-6. Send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
-  
-    ```
-    I am encountering the following issue when using Windows Defender Antivirus in Update Compliance:
-    
-    I have provided at least 2 support .cab files at the following location: <accessible share, including access details such as password>
+> [!NOTE]
+>If you have a problem with Update compliance, send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
+>```
+> I am encountering the following issue when using Windows Defender Antivirus in Update Compliance:
+> I have provided at least 2 support .cab files at the following location:  
+> <accessible share, including access details such as password>
+>
+>    My OMS workspace ID is:
+>
+>    Please contact me at:
 
-    My OMS workspace ID is:
-
-    Please contact me at:
-    ```
 ## Redirect diagnostic data to a UNC share
 To collect diagnostic data on a central repository, you can specify the SupportLogLocation parameter.
 
 ```Dos
 mpcmdrun.exe -GetFiles -SupportLogLocation <path>
 ```
+
 Copies the diagnostic data to the specified path. If the path is not specified, the diagnostic data will be copied to the location specified in the Support Log Location Configuration.
 
 When the SupportLogLocation parameter is used, a folder structure as below will be created in the destination path:
+
 ```Dos
 <path>\<MMDD>\MpSupport-<hostname>-<HHMM>.cab
 ```
+
 | field  | Description   |
 |:----|:----|
 | path | The path as specified on the commandline or retrieved from configuration
@@ -85,9 +89,7 @@ When the SupportLogLocation parameter is used, a folder structure as below will
 | HHMM | Hours Minutes when the diagnostic data was collected (eg 1422)
 
 > [!NOTE]
-> When using a File share please make sure that domain accounts used to collect the diagnostic package has write access to the share.  
-> To prevent data loss, you can deny these accounts from deleting data.
-
+> When using a File share please make sure that account used to collect the diagnostic package has write access to the share.  
 
 ## See also
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
index 2efa65178d..05e621e3b8 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
@@ -62,7 +62,7 @@ In order for devices to properly show up in Update Compliance, you have to meet
 If the above prerequisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us.
 
 > [!div class="nextstepaction"]
-> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md)
+> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data.md)
 
 
 

From cde54e4146bbe48c4172557a02a7d79143f48573 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Jun 2020 14:16:45 -0700
Subject: [PATCH 06/13] Update collect-diagnostic-data.md

---
 .../windows-defender-antivirus/collect-diagnostic-data.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index c3c1d2b052..4755f2a042 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/03/2018
+ms.date: 06/01/2020
 ms.reviewer: 
 manager: dansimp
 ---

From 8643fdc2d90088dfa00758b2b12fd45c588ad229 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Jun 2020 14:18:26 -0700
Subject: [PATCH 07/13] Update collect-diagnostic-data.md

---
 .../collect-diagnostic-data.md                         | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index c3c1d2b052..f56e156e57 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -1,6 +1,6 @@
 ---
-title: Collect diagnostic data of Windows Defender Windows Defender Antivirus
-description: Use a tool to collect data to troubleshoot Windows Defender Antivirus
+title: Collect diagnostic data of Windows Defender Microsoft Defender Antivirus
+description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus
 keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/03/2018
+ms.date: 06/01/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -58,7 +58,7 @@ On at least two devices that are experiencing the same issue, obtain the .cab di
 > [!NOTE]
 >If you have a problem with Update compliance, send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
 >```
-> I am encountering the following issue when using Windows Defender Antivirus in Update Compliance:
+> I am encountering the following issue when using Microsoft Defender Antivirus in Update Compliance:
 > I have provided at least 2 support .cab files at the following location:  
 > <accessible share, including access details such as password>
 >
@@ -93,5 +93,5 @@ When the SupportLogLocation parameter is used, a folder structure as below will
 
 ## See also
 
-- [Troubleshoot Windows Defender Windows Defender Antivirus reporting](troubleshoot-reporting.md)
+- [Troubleshoot Microsoft Defender Antivirus reporting](troubleshoot-reporting.md)
 

From 4a93b236cad2900285ea9a7f4e1900a375d1e60a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Jun 2020 14:19:53 -0700
Subject: [PATCH 08/13] Update
 command-line-arguments-windows-defender-antivirus.md

---
 ...ommand-line-arguments-windows-defender-antivirus.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index dbacf4e3a3..dbb696e4b4 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -1,6 +1,6 @@
 ---
-title: Use the command line to manage Windows Defender Antivirus
-description: Run Windows Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility.
+title: Use the command line to manage Microsoft Defender Antivirus
+description: Run Microsoft Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility.
 keywords: run windows defender scan, run antivirus scan from command line, run windows defender scan from command line, mpcmdrun, defender
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -16,13 +16,13 @@ ms.reviewer: ksarens
 manager: dansimp
 ---
 
-# Configure and manage Windows Defender Antivirus with the mpcmdrun.exe command-line tool
+# Configure and manage Microsoft Defender Antivirus with the mpcmdrun.exe command-line tool
 
 **Applies to:**
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Windows Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.
+You can perform various Microsoft Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Microsoft Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.
 
 > [!NOTE]
 > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
@@ -60,4 +60,4 @@ MpCmdRun.exe -Scan -ScanType 2
 
 - [Reference topics for collecting diagnostic data](collect-diagnostic-data.md)
 - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
-- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
+- [Microsoft Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

From e1366cecd06cd25c8fa1e7ea107163849f7d5537 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Jun 2020 14:24:38 -0700
Subject: [PATCH 09/13] Revert "Update
 command-line-arguments-windows-defender-antivirus.md"

This reverts commit 4a93b236cad2900285ea9a7f4e1900a375d1e60a.
---
 ...ommand-line-arguments-windows-defender-antivirus.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index dbb696e4b4..dbacf4e3a3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -1,6 +1,6 @@
 ---
-title: Use the command line to manage Microsoft Defender Antivirus
-description: Run Microsoft Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility.
+title: Use the command line to manage Windows Defender Antivirus
+description: Run Windows Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility.
 keywords: run windows defender scan, run antivirus scan from command line, run windows defender scan from command line, mpcmdrun, defender
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -16,13 +16,13 @@ ms.reviewer: ksarens
 manager: dansimp
 ---
 
-# Configure and manage Microsoft Defender Antivirus with the mpcmdrun.exe command-line tool
+# Configure and manage Windows Defender Antivirus with the mpcmdrun.exe command-line tool
 
 **Applies to:**
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-You can perform various Microsoft Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Microsoft Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.
+You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Windows Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.
 
 > [!NOTE]
 > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
@@ -60,4 +60,4 @@ MpCmdRun.exe -Scan -ScanType 2
 
 - [Reference topics for collecting diagnostic data](collect-diagnostic-data.md)
 - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
-- [Microsoft Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
+- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

From f28aba320092b0eb0f9be39175998f994c1c1698 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Jun 2020 14:34:01 -0700
Subject: [PATCH 10/13] Update troubleshoot-reporting.md

---
 .../troubleshoot-reporting.md                       | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
index 05e621e3b8..a5d643e874 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
@@ -23,9 +23,9 @@ manager: dansimp
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 > [!IMPORTANT]
-> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
+> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance was removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
 
-You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx).
+You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com), which is also referred to as the Microsoft Defender Advanced Threat Protection portal).To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). To learn more about onboarding devices, see [Onboarding tools and methods for Windows 10 machines](../microsoft-defender-atp/configure-endpoints.md).
 
 When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you might encounter problems or issues.
 
@@ -57,17 +57,12 @@ In order for devices to properly show up in Update Compliance, you have to meet
 > - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level).
 > - It has been 3 days since all requirements have been met
 
-“You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options"
+You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you must use the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com), which is also referred to as the Microsoft Defender Advanced Threat Protection portal). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). To learn more about onboarding devices, see [Onboarding tools and methods for Windows 10 machines](../microsoft-defender-atp/configure-endpoints.md).
 
 If the above prerequisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us.
 
 > [!div class="nextstepaction"]
-> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data.md)
-
-
-
-
-
+> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data.md)  
 
 ## Related topics
 

From ec0ddfe7bd75daae25412eca40895539adc27b69 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Jun 2020 14:38:13 -0700
Subject: [PATCH 11/13] Update collect-diagnostic-data.md

---
 .../windows-defender-antivirus/collect-diagnostic-data.md     | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index f56e156e57..eee2bb59a8 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -49,9 +49,7 @@ On at least two devices that are experiencing the same issue, obtain the .cab di
 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
 
 > [!NOTE]
-> To redirect the cab file to a a different path or UNC share, use the below command:  
-> `mpcmdrun.exe -GetFiles -SupportLogLocation <path>`  
-> for more information see '[Redirect diagnostic data to a UNC share](#Redirect-diagnostic-data-to-a-UNC-share)'
+> To redirect the cab file to a a different path or UNC share, use the following command: `mpcmdrun.exe -GetFiles -SupportLogLocation <path>`  <br/>For more information see [Redirect diagnostic data to a UNC share](#Redirect-diagnostic-data-to-a-UNC-share).
 
 5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
 

From 55cd0f7a1d9d904fd71844213dcec77aa96c50ee Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Jun 2020 14:51:29 -0700
Subject: [PATCH 12/13] Update collect-diagnostic-data.md

---
 .../windows-defender-antivirus/collect-diagnostic-data.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index eee2bb59a8..06033c098b 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -49,7 +49,7 @@ On at least two devices that are experiencing the same issue, obtain the .cab di
 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
 
 > [!NOTE]
-> To redirect the cab file to a a different path or UNC share, use the following command: `mpcmdrun.exe -GetFiles -SupportLogLocation <path>`  <br/>For more information see [Redirect diagnostic data to a UNC share](#Redirect-diagnostic-data-to-a-UNC-share).
+> To redirect the cab file to a a different path or UNC share, use the following command: `mpcmdrun.exe -GetFiles -SupportLogLocation <path>`  <br/>For more information see [Redirect diagnostic data to a UNC share](#redirect-diagnostic-data-to-a-unc-share).
 
 5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
 

From 6a415ccdc7d6668cb656b1d407711dc7a877bff6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Jun 2020 15:03:44 -0700
Subject: [PATCH 13/13] Update collect-diagnostic-data.md

---
 .../windows-defender-antivirus/collect-diagnostic-data.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index 06033c098b..708ec3f869 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -1,5 +1,5 @@
 ---
-title: Collect diagnostic data of Windows Defender Microsoft Defender Antivirus
+title: Collect diagnostic data of Microsoft Defender Antivirus
 description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus
 keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
 search.product: eADQiWindows 10XVcnh