Merge branch 'master' into symantec-mdatp

2025-05-29 05:37:22 +00:00 · 2020-06-17 08:02:42 -07:00 · 2020-06-17 08:02:42 -07:00 · 878c6e1386
commit 878c6e1386
parent 7b6f03b0a2 335ec480f1
19 changed files with 144 additions and 121 deletions
--- a/devices/surface-hub/hub-teams-app.md
+++ b/devices/surface-hub/hub-teams-app.md
@ -21,4 +21,4 @@ The Microsoft Teams app for Surface Hub is periodically updated and available vi
 | --------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------- |
 | 0.2020.13201.0        | - 3x3 Gallery view on Surface Hub<br>- Ability to search for External users                         | June 10, 2020<br>            |
 | 0.2020.13201          | - Quality improvements and Bug fixes                                                                | June 1, 2020<br>          |
-| 0.2020.4301.0         | - Accept incoming PSTN calls on Surface Hub<br>- Added controls for Attendee/Presenter role changes | May 21, 2020                     |
+| 0.2020.4301.0         | - Accept incoming PSTN calls on Surface Hub<br>- Consume Attendee/Presenter role changes            | May 21, 2020                     |
--- a/windows/configuration/images/Shared_PC_1.jpg
+++ b/windows/configuration/images/Shared_PC_1.jpg
--- a/windows/configuration/images/Shared_PC_1.png
+++ b/windows/configuration/images/Shared_PC_1.png
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@ -9,7 +9,6 @@ author: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 10/02/2018
 ms.reviewer: 
 manager: dansimp
 ---
@ -93,20 +92,20 @@ You can configure Windows to be in shared PC mode in a couple different ways:
  5. From the **Platform** menu, select **Windows 10 and later**.
  6. From the **Profile** menu, select **Shared multi-user device**.
-     ![custom OMA-URI policy in Intune](images/Shared_PC_1.png) 
+     ![custom OMA-URI policy in Intune](images/shared_pc_1.jpg) 
  7. Select **Create**.
  8. Enter a name for the policy (e.g. My Win10 Shared devices policy). You can optionally add a description should you wish to do so.
  9. Select **Next**.
  10. On the **Configuration settings** page, set the ‘Shared PC Mode’ value to **Enabled**.
-     ![Shared PC settings in ICD](images/Shared_PC_3.png) 
+     ![Shared PC settings in ICD](images/shared_pc_3.png) 
  11. From this point on, you can configure any additional settings you’d like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 6**.
 - A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**.
-     ![Shared PC settings in ICD](images/icd-adv-shared-pc.PNG)
+     ![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
 - WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the [MDM_SharedPC class](https://msdn.microsoft.com/library/windows/desktop/mt779129.aspx). For all device settings, the WMI Bridge client must be executed under local system user; for more information, see [Using PowerShell scripting with the WMI Bridge Provider](https://docs.microsoft.com/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). For example, open PowerShell as an administrator and enter the following:
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@ -66,28 +66,26 @@ For examples of activation issues, see [Troubleshoot the user experience](https:
 4. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**.
 5. Click **Add**, type **Authenticated users**, and then click **OK** three times.
 6. Follow the instructions to use sysprep at [Steps to generalize a VHD](https://docs.microsoft.com/azure/virtual-machines/windows/prepare-for-upload-vhd-image#steps-to-generalize-a-vhd) and then start the VM again.
-7. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
+7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps to use Windows Configuration Designer and inject an activation key. Otherwise, skip to step 20.
-8. Open Windows Configuration Designer and click **Provison desktop services**.
+8. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
-9. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 10.
+9. Open Windows Configuration Designer and click **Provison desktop services**.
-
+10. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name.
    1. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name.
        - Note: You can use a different project name, but this name is also used with dism.exe in a subsequent step.
-    2. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
+11. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
-10. On the Set up network page, choose **Off**.
+12. On the Set up network page, choose **Off**.
-11. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
+13. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
    - Note: This step is different for [Azure AD-joined VMs](#azure-active-directory-joined-vms).
-12. On the Add applications page, add applications if desired. This step is optional.
+14. On the Add applications page, add applications if desired. This step is optional.
-13. On the Add certificates page, add certificates if desired. This step is optional.
+15. On the Add certificates page, add certificates if desired. This step is optional.
-14. On the Finish page, click **Create**.
+16. On the Finish page, click **Create**.
-15. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 16.
+17. In file explorer, double-click the VHD to mount the disk image. Determine the drive letter of the mounted image.
-    1. In file explorer, double-click the VHD to mount the disk image. Determine the drive letter of the mounted image.
+18. Type the following at an elevated command prompt. Replace the letter **G** with the drive letter of the mounted image, and enter the project name you used if it is different than the one suggested:
    2. Type the following at an elevated commnand prompt. Replace the letter **G** with the drive letter of the mounted image, and enter the project name you used if it is different than the one suggested:
-    ```
+    ```cmd
    Dism.exe /Image=G:\ /Add-ProvisioningPackage /PackagePath: "Desktop AD Enrollment Pro GVLK.ppkg"
    ```
-    3. Right-click the mounted image in file explorer and click **Eject**.
+19. Right-click the mounted image in file explorer and click **Eject**.
-16. See instructions at [Upload and create VM from generalized VHD](https://docs.microsoft.com/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image.
+20. See instructions at [Upload and create VM from generalized VHD](https://docs.microsoft.com/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image.
 ## Azure Active Directory-joined VMs
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
@ -64,7 +64,7 @@ For more information on how to configure exclusions from Puppet, Ansible, or ano
 Run the following command to see the available switches for managing exclusions:
 ```bash
-$ mdatp --exclusion
+$ mdatp exclusion
 ```
 Examples:
@ -72,29 +72,29 @@ Examples:
 - Add an exclusion for a file extension:
    ```bash
-    $ mdatp --exclusion --add-extension .txt
+    $ mdatp exclusion extension add --name .txt
-    Configuration updated successfully
+    Extension exclusion configured successfully
    ```
 - Add an exclusion for a file:
    ```bash
-    $ mdatp --exclusion --add-folder /var/log/dummy.log
+    $ mdatp exclusion file add --path /var/log/dummy.log
-    Configuration updated successfully
+    File exclusion configured successfully
    ```
 - Add an exclusion for a folder:
    ```bash
-    $ mdatp --exclusion --add-folder /var/log/
+    $ mdatp exclusion folder add --path /var/log/
-    Configuration updated successfully
+    Folder exclusion configured successfully
    ```
 - Add an exclusion for a process:
    ```bash
-    $ mdatp --exclusion --add-process cat
+    $ mdatp exclusion process add --name cat
-    Configuration updated successfully
+    Process exclusion configured successfully
    ```
 ## Validate exclusions lists with the EICAR test file
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@ -268,7 +268,7 @@ Download the onboarding package from Microsoft Defender Security Center:
    Initially the client machine is not associated with an organization. Note that the *orgId* attribute is blank:
    ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
    ```
 2. Run MicrosoftDefenderATPOnboardingLinuxServer.py, and note that, in order to run this command, you must have `python` installed on the device:
@ -280,17 +280,20 @@ Download the onboarding package from Microsoft Defender Security Center:
 3. Verify that the machine is now associated with your organization and reports a valid organization identifier:
    ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
    ```
 4. A few minutes after you complete the installation, you can see the status by running the following command. A return value of `1` denotes that the product is functioning as expected:
    ```bash
-    mdatp --health healthy
+    mdatp health --field healthy
    ```
    > [!IMPORTANT]
-    > When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes. During this time the above command returns a value of `0`.<br>
+    > When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes. During this time the above command returns a value of `false`. You can check the status of the definition update using the following command:
    > ```bash
    > mdatp health --field definitions_status
    > ```
    > Please note that you may also need to configure a proxy after completing the initial installation. See [Configure Microsoft Defender ATP for Linux for static proxy discovery: Post-installation configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration#post-installation-configuration).
 5. Run a detection test to verify that the machine is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded machine:
@ -298,7 +301,7 @@ Download the onboarding package from Microsoft Defender Security Center:
    - Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
        ```bash
-        mdatp --health realTimeProtectionEnabled
+        mdatp health --field real_time_protection_enabled
        ```
    - Open a Terminal window. Copy and execute the following command:
@ -310,7 +313,7 @@ Download the onboarding package from Microsoft Defender Security Center:
    - The file should have been quarantined by Microsoft Defender ATP for Linux. Use the following command to list all the detected threats:
        ```bash
-        mdatp --threat --list --pretty
+        mdatp threat list
        ```
 ## Log installation issues
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
@ -149,31 +149,31 @@ Create subtask or role files that contribute to an actual task. First create the
    > [!NOTE]
    > In case of Oracle Linux, replace *[distro]* with “rhel”.
-        ```bash
+  ```bash
-        - name: Add Microsoft apt repository for MDATP
+  - name: Add Microsoft apt repository for MDATP
-            apt_repository:
+      apt_repository:
-                repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main
+          repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main
-                update_cache: yes
+          update_cache: yes
-                state: present
+          state: present
-                filename: microsoft-[channel].list
+          filename: microsoft-[channel].list
-            when: ansible_os_family == "Debian"
+      when: ansible_os_family == "Debian"
-        - name: Add Microsoft APT key
+  - name: Add Microsoft APT key
-            apt_key:
+      apt_key:
-                keyserver: https://packages.microsoft.com/
+          keyserver: https://packages.microsoft.com/
-                id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
+          id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
-            when: ansible_os_family == "Debian"
+      when: ansible_os_family == "Debian"
-        - name: Add  Microsoft yum repository for MDATP
+  - name: Add  Microsoft yum repository for MDATP
-            yum_repository:
+      yum_repository:
-                name: packages-microsoft-com-prod-[channel]
+          name: packages-microsoft-com-prod-[channel]
-                description: Microsoft Defender ATP
+          description: Microsoft Defender ATP
-                file: microsoft-[channel]
+          file: microsoft-[channel]
-                baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/
+          baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/
-                gpgcheck: yes
+          gpgcheck: yes
-                enabled: Yes
+          enabled: Yes
-            when: ansible_os_family == "RedHat"
+      when: ansible_os_family == "RedHat"
-        ```
+  ```
 - Create the actual install/uninstall YAML files under `/etc/ansible/playbooks`.
@ -241,8 +241,8 @@ Now run the tasks files under `/etc/ansible/playbooks/`.
 - Validation/configuration:
    ```bash
-    $ ansible -m shell -a 'mdatp --connectivity-test' all
+    $ ansible -m shell -a 'mdatp connectivity test' all
-    $ ansible -m shell -a 'mdatp --health' all
+    $ ansible -m shell -a 'mdatp health' all
    ```
 - Uninstallation:
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
@ -174,10 +174,10 @@ Enrolled agent devices periodically poll the Puppet Server, and install new conf
 On the agent machine, you can also check the onboarding status by running:
 ```bash
-$ mdatp --health
+$ mdatp health
 ...
 licensed                                : true
-orgId                                   : "[your organization identifier]"
+org_id                                  : "[your organization identifier]"
 ...
 ```
@ -190,7 +190,7 @@ orgId                                   : "[your organization identifier]"
 You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status:
 ```bash
-mdatp --health healthy
+mdatp health --field healthy
 ```
 The above command prints `1` if the product is onboarded and functioning as expected.
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
@ -247,13 +247,17 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de
 #### Enable / disable automatic sample submissions
-Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. You are prompted if the submitted file is likely to contain personal information.
+Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. There are three levels for controlling sample submission:
 - **None**: no suspicious samples are submitted to Microsoft.
 - **Safe**: only suspicious samples that do not contain personally identifiable information (PII) are submitted automatically. This is the default value for this setting.
 - **All**: all suspicious samples are submitted to Microsoft.
 |||
 |:---|:---|
-| **Key** | automaticSampleSubmission |
+| **Key** | automaticSampleSubmissionConsent |
-| **Data type** | Boolean |
+| **Data type** | String |
-| **Possible values** | true (default) <br/> false |
+| **Possible values** | none <br/> safe (default) <br/> all |
 ## Recommended configuration profile
@ -266,7 +270,7 @@ The following configuration profile will:
  - **Potentially unwanted applications (PUA)** are blocked.
  - **Archive bombs** (file with a high compression rate) are audited to the product logs.
 - Enable cloud-delivered protection.
- Enable automatic sample submission.
+- Enable automatic sample submission at `safe` level.
 ### Sample profile
@ -286,7 +290,7 @@ The following configuration profile will:
      ]
   },
   "cloudService":{
-      "automaticSampleSubmission":true,
+      "automaticSampleSubmissionConsent":"safe",
      "enabled":true
   }
 }
@ -346,7 +350,7 @@ The following configuration profile contains entries for all settings described
   "cloudService":{
      "enabled":true,
      "diagnosticLevel":"optional",
-      "automaticSampleSubmission":true
+      "automaticSampleSubmissionConsent":"safe"
   }
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
@ -53,7 +53,7 @@ You can configure how PUA files are handled from the command line or from the ma
 In Terminal, execute the following command to configure PUA protection:
 ```bash
-$ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block]
+$ mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]
 ```
 ### Use the management console to configure PUA protection:
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@ -31,29 +31,24 @@ If you can reproduce a problem, please increase the logging level, run the syste
 1. Increase logging level:
   ```bash
-   $ mdatp --log-level verbose
+   $ mdatp log level set --level verbose
-   Creating connection to daemon
+   Log level configured successfully
   Connection established
   Operation succeeded
   ```
 2. Reproduce the problem.
-3. Run `sudo mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds:
+3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds:
   ```bash
-   $ sudo mdatp --diagnostic --create
+   $ sudo mdatp diagnostic create
-   Creating connection to daemon
+   Diagnostic file created: <path to file>
   Connection established
   ```
 4. Restore logging level:
   ```bash
-   $ mdatp --log-level info
+   $ mdatp log level set --level info
-   Creating connection to daemon
+   Log level configured successfully
   Connection established
   Operation succeeded
   ```
 ## Log installation issues
@ -78,21 +73,22 @@ Important tasks, such as controlling product settings and triggering on-demand s
 |Group        |Scenario                                   |Command                                                                |
 |-------------|-------------------------------------------|-----------------------------------------------------------------------|
-|Configuration|Turn on/off real-time protection           |`mdatp --config realTimeProtectionEnabled [true/false]`                |
+|Configuration|Turn on/off real-time protection           |`mdatp config real_time_protection --value [enabled|disabled]`         |
-|Configuration|Turn on/off cloud protection               |`mdatp --config cloudEnabled [true/false]`                             |
+|Configuration|Turn on/off cloud protection               |`mdatp config cloud --value [enabled|disabled]`                        |
-|Configuration|Turn on/off product diagnostics            |`mdatp --config cloudDiagnosticEnabled [true/false]`                               |
+|Configuration|Turn on/off product diagnostics            |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
-|Configuration|Turn on/off automatic sample submission    |`mdatp --config cloudAutomaticSampleSubmission [true/false]`           |
+|Configuration|Turn on/off automatic sample submission    |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
-|Configuration|Turn on PUA protection                     |`mdatp --threat --type-handling potentially_unwanted_application block`|
+|Configuration|Turn on/off AV passive mode                |`mdatp config passive-mode [enabled|disabled]`                         |
-|Configuration|Turn off PUA protection                    |`mdatp --threat --type-handling potentially_unwanted_application off`  |
+|Configuration|Turn on PUA protection                     |`mdatp threat policy set --type potentially_unwanted_application --action block` |
-|Configuration|Turn on audit mode for PUA protection      |`mdatp --threat --type-handling potentially_unwanted_application audit`|
+|Configuration|Turn off PUA protection                    |`mdatp threat policy set --type potentially_unwanted_application --action off` |
-|Diagnostics  |Change the log level                       |`mdatp --log-level [error/warning/info/verbose]`                       |
+|Configuration|Turn on audit mode for PUA protection      |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
-|Diagnostics  |Generate diagnostic logs                   |`mdatp --diagnostic --create`                                                   |
+|Diagnostics  |Change the log level                       |`mdatp log level set --level verbose [error|warning|info|verbose]`     |
-|Health       |Check the product's health                 |`mdatp --health`                                                       |
+|Diagnostics  |Generate diagnostic logs                   |`mdatp diagnostic create`                                              |
-|Protection   |Scan a path                                |`mdatp --scan --path [path]`                                           |
+|Health       |Check the product's health                 |`mdatp health`                                                         |
-|Protection   |Do a quick scan                            |`mdatp --scan --quick`                                                 |
+|Protection   |Scan a path                                |`mdatp scan custom --path [path]`                                      |
-|Protection   |Do a full scan                             |`mdatp --scan --full`                                                  |
+|Protection   |Do a quick scan                            |`mdatp scan quick`                                                     |
-|Protection   |Cancel an ongoing on-demand scan           |`mdatp --scan --cancel`                                                |
+|Protection   |Do a full scan                             |`mdatp scan full`                                                      |
-|Protection   |Request a security intelligence update     |`mdatp --definition-update`                                            |
+|Protection   |Cancel an ongoing on-demand scan           |`mdatp scan cancel`                                                    |
 |Protection   |Request a security intelligence update     |`mdatp definitions update`                                             |
 ## Microsoft Defender ATP portal information
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
@ -29,7 +29,7 @@ ms.topic: conceptual
 To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line:
 ```bash
-$ mdatp --connectivity-test
+$ mdatp connectivity test
 ```
 If the connectivity test fails, check if the machine has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall.
@ -84,7 +84,7 @@ $ sudo systemctl daemon-reload; sudo systemctl restart mdatp
 Upon success, attempt another connectivity test from the command line:
 ```bash
-$ mdatp --connectivity-test
+$ mdatp connectivity test
 ```
 If the problem persists, contact customer support.
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
@ -116,6 +116,7 @@ and try again.
 If none of the above steps help, collect the diagnostic logs:
 ```bash
-$ sudo mdatp --diagnostic --create
+$ sudo mdatp diagnostic create
 Diagnostic file created: <path to file>
 ```
 Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
@ -36,7 +36,8 @@ The following steps can be used to troubleshoot and mitigate these issues:
    If your device is not managed by your organization, real-time protection can be disabled from the command line:
    ```bash
-    $ mdatp --config realTimeProtectionEnabled false
+    $ mdatp config real-time-protection --value disabled
    Configuration property updated
    ```
    If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md).
@ -49,19 +50,20 @@ The following steps can be used to troubleshoot and mitigate these issues:
    This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
    ```bash
-    $ mdatp config real_time_protection_statistics_enabled on
+    $ mdatp config real-time-protection-statistics --value enabled
    ```
    This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command:
    ```bash
-    $ mdatp health
+    $ mdatp health --field real_time_protection_enabled
    ```
    Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it:
    ```bash
-    $ mdatp --config realTimeProtectionEnabled true
+    $ mdatp config real-time-protection --value enabled
    Configuration property updated
    ```
    To collect current statistics, run:
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md
@ -26,6 +26,12 @@ ms.topic: conceptual
 Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
 > [!WARNING]
 > Each version of Microsoft Defender ATP for Linux has an expiration date, after which it will no longer continue to protect your device. You must update the product prior to this date. To check the expiration date, run the following command:
 > ```bash
 > mdatp health --field product_expiration
 > ```
 To update Microsoft Defender ATP for Linux manually, execute one of the following commands:
 ## RHEL and variants (CentOS and Oracle Linux)
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
@ -19,6 +19,12 @@ ms.topic: conceptual
 # What's new in Microsoft Defender Advanced Threat Protection for Linux
 ## 101.00.75
 - Added support for the following file system types: `ecryptfs`, `fuse`, `fuseblk`, `jfs`, `nfs`, `overlay`, `ramfs`, `reiserfs`, `udf`, and `vfat`
 - New syntax for the command-line tool. For more information, see [this page](linux-resources.md#configure-from-the-command-line).
 - Performance improvements & bug fixes
 ## 100.90.70
 > [!WARNING]
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@ -66,10 +66,10 @@ To complete this process, you must have admin privileges on the machine.
    ![Security and privacy window screenshot](../microsoft-defender-antivirus/images/MDATP-31-SecurityPrivacySettings.png)
-The installation proceeds.
+   The installation proceeds.
-> [!CAUTION]
+   > [!CAUTION]
-> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
+   > If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
 > [!NOTE]
 > macOS may request to reboot the machine upon the first installation of Microsoft Defender. Real-time protection will not be available until the machine is rebooted.
@ -81,21 +81,19 @@ The installation proceeds.
    The client machine is not associated with orgId. Note that the *orgId* attribute is blank.
    ```bash
-    $ mdatp --health orgId
+    mdatp --health orgId
    ```
 2. Run the Python script to install the configuration file:
    ```bash
-    $ /usr/bin/python MicrosoftDefenderATPOnboardingMacOs.py
+    /usr/bin/python MicrosoftDefenderATPOnboardingMacOs.py
    Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
    ```
 3. Verify that the machine is now associated with your organization and reports a valid *orgId*:
    ```bash
-    $ mdatp --health orgId
+    mdatp --health orgId
    E6875323-A6C0-4C60-87AD-114BBE7439B8
    ```
 After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@ -91,12 +91,22 @@ If you experience any installation failures, refer to [Troubleshooting installat
 - Disk space: 650 MB
 - The solution currently provides real-time protection for the following file system types:
-  - btrfs
+  - `btrfs`
-  - ext2
+  - `ecryptfs`
-  - ext3
+  - `ext2`
-  - ext4
+  - `ext3`
-  - tmpfs
+  - `ext4`
-  - xfs
+  - `fuse`
  - `fuseblk`
  - `jfs`
  - `nfs`
  - `overlay`
  - `ramfs`
  - `reiserfs`
  - `tmpfs`
  - `udf`
  - `vfat`
  - `xfs`
  More file system types will be added in the future.