diff --git a/windows/access-protection/credential-guard/credential-guard-manage.md b/windows/access-protection/credential-guard/credential-guard-manage.md
index a1806267f1..619efaea4c 100644
--- a/windows/access-protection/credential-guard/credential-guard-manage.md
+++ b/windows/access-protection/credential-guard/credential-guard-manage.md
@@ -27,10 +27,10 @@ The same set of procedures used to enable Windows Defender Credential Guard on p
You can use Group Policy to enable Windows Defender Credential Guard. This will add and enable the virtualization-based security features for you if needed.
-1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Windows Defender Device Guard**.
+1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard**.
2. Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option.
-3. **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**.
-4. In the **Windows Defender Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Windows Defender Credential Guard remotely, choose **Enabled without lock**.
+3. In the **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**.
+4. In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Windows Defender Credential Guard remotely, choose **Enabled without lock**.
@@ -109,7 +109,7 @@ You can view System Information to check that Windows Defender Credential Guard
1. Click **Start**, type **msinfo32.exe**, and then click **System Information**.
2. Click **System Summary**.
-3. Confirm that **Windows Defender Credential Guard** is shown next to **Windows Defender Device Guard Security Services Running**.
+3. Confirm that **Credential Guard** is shown next to **Virtualization-based security**.
Here's an example:
diff --git a/windows/access-protection/credential-guard/images/credguard-msinfo32.png b/windows/access-protection/credential-guard/images/credguard-msinfo32.png
index 56a43ce2db..d9af0e8fc4 100644
Binary files a/windows/access-protection/credential-guard/images/credguard-msinfo32.png and b/windows/access-protection/credential-guard/images/credguard-msinfo32.png differ
diff --git a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index f47622ced4..576adf3128 100644
--- a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -40,6 +40,7 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
>[!TIP]
> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+
### Turn on Server monitoring from the Windows Defender Security Center portal
1. In the navigation pane, select **Endpoint management** > **Servers**.
@@ -48,7 +49,7 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
-
+
### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
@@ -62,6 +63,7 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
Once completed, you should see onboarded servers in the portal within an hour.
+
### Configure server endpoint proxy and Internet connectivity settings
- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway).
- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mma-properties.png b/windows/threat-protection/windows-defender-atp/images/atp-mma-properties.png
new file mode 100644
index 0000000000..bf34e1b075
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-mma-properties.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-services.png b/windows/threat-protection/windows-defender-atp/images/atp-services.png
new file mode 100644
index 0000000000..8d9b11ab1b
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-services.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-task-manager.png b/windows/threat-protection/windows-defender-atp/images/atp-task-manager.png
new file mode 100644
index 0000000000..4c4e057756
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-task-manager.png differ
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 0f91b101aa..dd929d6bbf 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -17,11 +17,9 @@ ms.date: 11/21/2017
**Applies to:**
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- Windows Server 2012 R2
+- Windows Server 2016
@@ -265,6 +263,31 @@ If the verification fails and your environment is using a proxy to connect to th
+
+## Troubleshoot onboarding issues on a server
+If you encounter issues while onboarding a server, go through the following verification steps to address possible issues.
+
+- [Ensure Microsoft Monitoring Agent (MMA) is installed and configured to report sensor data to the service](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-mma)
+- [Ensure that the server endpoint proxy and Internet connectivity settings are configured properly](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-proxy)
+
+You might also need to check the following:
+- Check that there is a Windows Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example:
+
+ 
+
+- Check **Event Viewer** > **Applications and Services Logs** > **Operation Manager** to see if there are any errors.
+
+- In **Services**, check if the **Microsoft Monitoring Agent** is running on the server. For example,
+
+ 
+
+- In **Microsoft Monitoring Agent** > **Azure Log Analytics (OMS)**, check the Workspaces and verify that the status is running.
+
+ 
+
+- Check to see that machines are reflected in the **Machines list** in the portal.
+
+
## Licensing requirements
Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: