diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index 9d367e1757..17eef91e09 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -56,15 +56,145 @@ You'll need to take the following steps:
4. Extract `WindowsDefenderATPOnboardingPackage.zip` such as `WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso`.
-5. Copy the file from `C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist`.
+5. Copy the file from `C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist` to your preferred location.
## Step 2: Create a configuration profile in Jamf Pro using the onboarding package
-1. Locate the file `WindowsDefenderATPOnboarding.plist`.
+1. Locate the file `WindowsDefenderATPOnboarding.plist` from the previous section.
- 
+ 
+2. Use the following Microsoft Defender ATP configuration settings:
+
+ - enableRealTimeProtection
+ - passiveMode
+
+ >[!NOTE]
+ >Not turned on by default, if you are planning to run a third-party AV for macOS, set it to `true`.
+
+ - exclusions
+ - excludedPath
+ - excludedFileExtension
+ - excludedFileName
+ - exclusionsMergePolicy
+ - allowedThreats
+
+ >[!NOTE]
+ >EICAR is on the sample, if you are going through a proof-of-concept, remove it especially if you are testing EICAR.
+
+ - disallowedThreatActions
+ - potentially_unwanted_application
+ - archive_bomb
+ - cloudService
+ - automaticSampleSubmission
+ - tags
+ - hideStatusMenuIcon
+
+ For information, see [Property list for Jamf configuration profile](mac-preferences.md#property-list-for-jamf-configuration-profile).
+
+```XML
+
+
+
+
+ antivirusEngine
+
+ enableRealTimeProtection
+
+ passiveMode
+
+ exclusions
+
+
+ $type
+ excludedPath
+ isDirectory
+
+ path
+ /var/log/system.log
+
+
+ $type
+ excludedPath
+ isDirectory
+
+ path
+ /home
+
+
+ $type
+ excludedFileExtension
+ extension
+ pdf
+
+
+ $type
+ excludedFileName
+ name
+ cat
+
+
+ exclusionsMergePolicy
+ merge
+ allowedThreats
+
+ EICAR-Test-File (not a virus)
+
+ disallowedThreatActions
+
+ allow
+ restore
+
+ threatTypeSettings
+
+
+ key
+ potentially_unwanted_application
+ value
+ block
+
+
+ key
+ archive_bomb
+ value
+ audit
+
+
+ threatTypeSettingsMergePolicy
+ merge
+
+ cloudService
+
+ enabled
+
+ diagnosticLevel
+ optional
+ automaticSampleSubmission
+
+
+ edr
+
+ tags
+
+
+ key
+ GROUP
+ value
+ ExampleTag
+
+
+
+ userInterface
+
+ hideStatusMenuIcon
+
+
+
+
+```
+
+
2. In the Jamf Pro dashboard, select **New**.
@@ -121,11 +251,39 @@ You'll need to take the following steps:
## Step 3: Configure Microsoft Defender ATP settings
-1. In the Jamf Pro dashboard, select **General**.
+1. Use the following Microsoft Defender ATP notification configuration settings:
+
+```xml
+
+
+PayloadContentNotificationSettingsAlertType2BadgesEnabledBundleIdentifiercom.microsoft.autoupdate2CriticalAlertEnabledGroupingType0NotificationsEnabledShowInLockScreenShowInNotificationCenterSoundsEnabledAlertType2BadgesEnabledBundleIdentifiercom.microsoft.wdavtrayCriticalAlertEnabledGroupingType0NotificationsEnabledShowInLockScreenShowInNotificationCenterSoundsEnabledPayloadDescriptionPayloadDisplayNamenotificationsPayloadEnabledPayloadIdentifierBB977315-E4CB-4915-90C7-8334C75A7C64PayloadOrganizationMicrosoftPayloadTypecom.apple.notificationsettingsPayloadUUIDBB977315-E4CB-4915-90C7-8334C75A7C64PayloadVersion1PayloadDescriptionPayloadDisplayNamemdatp - allow notificationsPayloadEnabledPayloadIdentifier85F6805B-0106-4D23-9101-7F1DFD5EA6D6PayloadOrganizationMicrosoftPayloadRemovalDisallowedPayloadScopeSystemPayloadTypeConfigurationPayloadUUID85F6805B-0106-4D23-9101-7F1DFD5EA6D6PayloadVersion1
+
+
+
+
+ ChannelName
+ InsiderFast
+ HowToCheck
+ AutomaticDownload
+ EnableCheckForUpdatesButton
+
+ DisableInsiderCheckbox
+
+ SendAllTelemetryEnabled
+
+
+
+
+```
+
+2. Save it as `AutoEnable_notifications_for_MDATP_AutoUpdate.mobileconfig` or `MDATP_MDAV_notification_settings.plist`.
+
+
+3. In the Jamf Pro dashboard, select **General**.
-2. Enter the following details:
+4. Enter the following details:
**General**
- Name: MDATP MDAV configuration settings
@@ -136,27 +294,27 @@ You'll need to take the following steps:
-3. In **Application & Custom Settings** select **Configure**.
+5. In **Application & Custom Settings** select **Configure**.
-4. Select **Upload File (PLIST file)**.
+6. Select **Upload File (PLIST file)**.
-5. In **Preferences Domain**, enter `com.microsoft.wdav`, then select **Upload PLIST File**.
+7. In **Preferences Domain**, enter `com.microsoft.wdav`, then select **Upload PLIST File**.
-6. Select **Choose File**.
+8. Select **Choose File**.
-7. Select the **MDATP_MDAV_configuration_settings.plist**, then select **Open**.
+9. Select the **MDATP_MDAV_configuration_settings.plist**, then select **Open**.
-9. Select **Upload**.
+10. Select **Upload**.
@@ -167,29 +325,29 @@ You'll need to take the following steps:
>
-10. Select **Save**.
+11. Select **Save**.
-11. The file is uploaded.
+12. The file is uploaded.
-12. Select the **Scope** tab.
+13. Select the **Scope** tab.
-13. Select **Contoso's Machine Group**.
+14. Select **Contoso's Machine Group**.
-14. Select **Add**, then select **Save**.
+15. Select **Add**, then select **Save**.
-15. Select **Done**. You'll see the new **Configuration profile**.
+16. Select **Done**. You'll see the new **Configuration profile**.
