Merge branch 'master' into symantec-mdatp

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md

@@ -29,7 +29,9 @@ ms.topic: article
 
 Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. 
 
-You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. 
+You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. For more information, see:
+- [Microsoft Defender ATP for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements)  
+- [Microsoft Defender ATP for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements).
 
 ## Onboarding non-Windows machines
 You'll need to take the following steps to onboard non-Windows machines:

windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md

@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 06/27/2019
+ms.date: 05/29/2020
 ---
 
 # Domain member: Maximum machine account password age
@@ -42,8 +42,7 @@ For more information, see [Machine Account Password Process](https://techcommuni
 
 ### Best practices
 
-1. We recommend that you set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and affect domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would affect domain controllers in large organizations that have many computers or slow links between sites. 
-2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer is turned on after being offline more than 30 days, the Netlogon service notices the password age and initiates a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer does not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and then configure the value for this policy setting to a greater number of days.
+We recommend that you set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and affect domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would affect domain controllers in large organizations that have many computers or slow links between sites. 
 
 ### Location
 

windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md

@@ -14,7 +14,7 @@ author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 05/14/2019
+ms.date: 05/29/2020
 ---
 
 # Manage Packaged Apps with Windows Defender Application Control 
@@ -65,8 +65,10 @@ Below are the list of steps you can follow to block one or more packaged apps in
 1. Get the app identifier for an installed package
 
    ```powershell
-   $package = Get-AppxPackage -name <example_app>
+   $package = Get-AppxPackage -name *<example_app>*
    ```
+   Where the name of the app is surrounded by asterisks, for example &ast;windowsstore&ast;
+   
 2. Make a rule by using the New-CIPolicyRule cmdlet
 
    ```powershell   
@@ -119,9 +121,9 @@ If the app you intend to block is not installed on the system you are using the
 
 3. Copy the GUID in the URL for the app
     - Example: the GUID for the Microsoft To-Do app is 9nblggh5r558
-    - https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab 
+    - `https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab` 
 4. Use the GUID in the following REST query URL to retrieve the identifiers for the app
-   - Example: for the Microsoft To-Do app, the URL would be https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata
+   - Example: for the Microsoft To-Do app, the URL would be `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata`
    - The URL will return:
    
    ```
@@ -141,4 +143,4 @@ The method for allowing specific packaged apps is similar to the method outlined
 $Rule = New-CIPolicyRule -Package $package -allow
 ```
 
-Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in C:\Windows\schemas\CodeIntegrity\ExamplePolicies to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. 
+Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules.