Merged PR 4874: 12/7 PM Publish

windows/access-protection/credential-guard/credential-guard-manage.md

@@ -27,10 +27,10 @@ The same set of procedures used to enable Windows Defender Credential Guard on p
 
 You can use Group Policy to enable Windows Defender Credential Guard. This will add and enable the virtualization-based security features for you if needed.
 
-1.  From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Windows Defender Device Guard**.
+1.  From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard**.
 2.  Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option.
-3.  **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**.
-4.  In the **Windows Defender Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Windows Defender Credential Guard remotely, choose **Enabled without lock**.
+3.  In the **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**.
+4.  In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Windows Defender Credential Guard remotely, choose **Enabled without lock**.
 
     ![Windows Defender Credential Guard Group Policy setting](images/credguard-gp.png)
     
@@ -109,7 +109,7 @@ You can view System Information to check that Windows Defender Credential Guard
 
 1.  Click **Start**, type **msinfo32.exe**, and then click **System Information**.
 2.  Click **System Summary**.
-3.  Confirm that **Windows Defender Credential Guard** is shown next to **Windows Defender Device Guard Security Services Running**.
+3.  Confirm that **Credential Guard** is shown next to **Virtualization-based security**.
 
     Here's an example:
     

windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md

@@ -40,6 +40,7 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
 >[!TIP]
 > After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
+
 ### Turn on Server monitoring from the Windows Defender Security Center portal
 
 1. In the navigation pane, select **Endpoint management** > **Servers**. 
@@ -48,7 +49,7 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
 
     ![Image of server onboarding](images/atp-server-onboarding.png)
 
-
+<span id="server-mma"/>
 ### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP 
 
 1.	Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
@@ -62,6 +63,7 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
 
 Once completed, you should see onboarded servers in the portal within an hour.
 
+<span id="server-proxy"/>
 ### Configure server endpoint proxy and Internet connectivity settings 
 - Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway).
 - If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:

windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md

@@ -17,11 +17,9 @@ ms.date: 11/21/2017
 
 **Applies to:**
 
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- Windows Server 2012 R2
+- Windows Server 2016
 
 
 
@@ -265,6 +263,31 @@ If the verification fails and your environment is using a proxy to connect to th
 
     ![Image of registry key for Windows Defender Antivirus](images/atp-disableantispyware-regkey.png)
 
+
+## Troubleshoot onboarding issues on a server
+If you encounter issues while onboarding a server, go through the following verification steps to address possible issues.
+
+- [Ensure Microsoft Monitoring Agent (MMA) is installed and configured to report sensor data to the service](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-mma)
+- [Ensure that the server endpoint proxy and Internet connectivity settings are configured properly](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-proxy)
+
+You might also need to check the following:
+- Check that there is a Windows Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example:
+
+    ![Image of process view with Windows Defender Advanced Threat Protection Service running](images/atp-task-manager.png)
+
+- Check **Event Viewer** > **Applications and Services Logs** > **Operation Manager** to see if there are any errors.
+
+- In **Services**, check if the **Microsoft Monitoring Agent** is running on the server. For example, 
+
+    ![Image of Services](images/atp-services.png)
+
+- In **Microsoft Monitoring Agent** > **Azure Log Analytics (OMS)**, check the Workspaces and verify that the status is running. 
+
+    ![Image of Microsoft Monitoring Agent Properties](images/atp-mma-properties.png)
+
+- Check to see that machines are reflected in the **Machines list** in the portal. 
+
+
 ## Licensing requirements
 Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: