moved what to expect from mdatp-mac to mdatp-mac resources

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md

@@ -104,6 +104,25 @@ If you are running JAMF, your policy should contain a single script:
 
 Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.
 
+## What to expect in the ATP portal
+
+- AV alerts:
+  - Severity
+  - Scan type
+  - Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
+  - File information (name, path, size, and hash)
+  - Threat information (name, type, and state)
+- Device information:
+  - Machine identifier
+  - Tenant identifier
+  - App version
+  - Hostname
+  - OS type
+  - OS version
+  - Computer model
+  - Processor architecture
+  - Whether the device is a virtual machine
+
 ## Known issues
 
 - Not fully optimized for performance or disk space yet.

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md

@@ -81,26 +81,3 @@ To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/ap
 
 We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines.
 SIP is a built-in macOS security feature that prevents low-level tampering with the OS.
-
-
-
-
-
-## What to expect in the ATP portal
-
-- AV alerts:
-  - Severity
-  - Scan type
-  - Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
-  - File information (name, path, size, and hash)
-  - Threat information (name, type, and state)
-- Device information:
-  - Machine identifier
-  - Tenant identifier
-  - App version
-  - Hostname
-  - OS type
-  - OS version
-  - Computer model
-  - Processor architecture
-  - Whether the device is a virtual machine