diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
index 44f2ed7150..9a52b56369 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
@@ -198,8 +198,9 @@ You can check that devices have been correctly onboarded by creating a script. F
mdatp --health healthy
```
-This script returns:
-- 0 if Microsoft Defender ATP is registered with the Microsoft Defender ATP service
+The above command prints "1" if the product is onboarded and functioning as expected.
+
+If the product is not healthy, the exit code (which can be checked through `echo $?`) indicates the problem:
- 1 if the device is not yet onboarded
- 3 if the connection to the daemon cannot be established—for example, if the daemon is not running
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md
index dde9d19622..50267f26bb 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md
@@ -34,7 +34,7 @@ If you decide to deploy updates by using your software distribution tools, you s
## Use msupdate
-MAU includes a command line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate).
+MAU includes a command-line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate).
In MAU, the application identifier for Microsoft Defender ATP for Mac is *WDAV00*. To download and install the latest updates for Microsoft Defender ATP for Mac, execute the following command from a Terminal window:
@@ -86,6 +86,17 @@ Change how MAU searches for updates.
| **Possible values** | Manual
AutomaticCheck
AutomaticDownload |
| **Comment** | Note that AutomaticDownload will do a download and install silently if possible. |
+### Change whether the "Check for Updates" button is enabled
+
+Change whether local users will be able to click the "Check for Updates" option in the Microsoft AutoUpdate user interface.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | EnableCheckForUpdatesButton |
+| **Data type** | Boolean |
+| **Possible values** | True (default)
False |
+
### Disable Insider checkbox
Set to true to make the "Join the Office Insider Program..." checkbox unavailable / greyed out to users.
@@ -116,6 +127,8 @@ The following configuration profile is used to:
- Enable the "Check for updates" button in the user interface
- Allow users on the device to enroll into the Insider channels
+### JAMF
+
```XML
@@ -135,6 +148,68 @@ The following configuration profile is used to:
```
+### Intune
+
+```XML
+
+
+
+
+ PayloadUUID
+ B762FF60-6ACB-4A72-9E72-459D00C936F3
+ PayloadType
+ Configuration
+ PayloadOrganization
+ Microsoft
+ PayloadIdentifier
+ com.microsoft.autoupdate2
+ PayloadDisplayName
+ Microsoft AutoUpdate settings
+ PayloadDescription
+ Microsoft AutoUpdate configuration settings
+ PayloadVersion
+ 1
+ PayloadEnabled
+
+ PayloadRemovalDisallowed
+
+ PayloadScope
+ System
+ PayloadContent
+
+
+ PayloadUUID
+ 5A6F350A-CC2C-440B-A074-68E3F34EBAE9
+ PayloadType
+ com.microsoft.autoupdate2
+ PayloadOrganization
+ Microsoft
+ PayloadIdentifier
+ com.microsoft.autoupdate2
+ PayloadDisplayName
+ Microsoft AutoUpdate configuration settings
+ PayloadDescription
+
+ PayloadVersion
+ 1
+ PayloadEnabled
+
+ ChannelName
+ InsiderFast
+ HowToCheck
+ AutomaticDownload
+ EnableCheckForUpdatesButton
+
+ DisableInsiderCheckbox
+
+ SendAllTelemetryEnabled
+
+
+
+
+
+```
+
To configure MAU, you can deploy this configuration profile from the management tool that your enterprise is using:
- From JAMF, upload this configuration profile and set the Preference Domain to *com.microsoft.autoupdate2*.
- From Intune, upload this configuration profile and set the custom configuration profile name to *com.microsoft.autoupdate2*.