diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 11bad4b893..7fbbafce4f 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -2531,9 +2531,9 @@
       "redirect_document_id": true
     },
     {
-      "source_path": "windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md",
+      "source_path": "windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md",
       "redirect_url": "https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/",
-      "redirect_document_id": true
+      "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-defender-application-control.md",
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index fb69460ed8..39b81e1e82 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -9,7 +9,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 06/03/2020
+ms.date: 09/18/2020
 ---
 
 # Configuration service provider reference
@@ -1108,7 +1108,8 @@ Additional lists:
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" />
+<a href="https://docs.microsoft.com/windows/client-management/mdm/implement-server-side-mobile-application-management#supported-csps">Only for mobile application management (MAM)</td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
 	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -2747,7 +2748,6 @@ The following list shows the CSPs supported in HoloLens devices:
 -   [Accounts CSP](accounts-csp.md)<sup>9</sup> **Note:** Support in Surface Hub is limited to **Domain\ComputerName**.
 -   [AccountManagement CSP](accountmanagement-csp.md)
 -   [APPLICATION CSP](application-csp.md)
--   [Bitlocker-CSP](bitlocker-csp.md)<sup>9</sup> 
 -   [CertificateStore CSP](certificatestore-csp.md)
 -   [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
 -   [Defender CSP](defender-csp.md)
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 8707f69961..fc80d55002 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -68,7 +68,7 @@ Drivers are automatically enabled because they are beneficial to device systems.
 #### I want to receive pre-release versions of the next feature update
 
 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. 
-2. Use Group Policy Management Console to go to: C**omputer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds.
+2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds.
 3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation.
 4. Select **OK**. 
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 25d125585e..cdf9c3ec9a 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -98,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve
 | Hardware: **Trusted Platform Module (TPM)**  |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.<br>[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. |
 | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
 | Firmware: **Secure firmware update process**  | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
-| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
+| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 or Windows Server 2016.<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
 
 > [!IMPORTANT]
 > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide.
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index d4c919784d..4486823bc5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -145,6 +145,9 @@ Windows Server 2012 or later domain controllers support Group Managed Service Ac
 
 GMSA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers.  Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GMSA.  Before you can create a GMSA, you must first create a root key for the service.  You can skip this if your environment already uses GMSA.
 
+>[!NOTE]
+> If the [default object creation quota for security principles](https://docs.microsoft.com/openspecs/windows_protocols/ms-adts/d55ca655-109b-4175-902a-3e9d60833012) is set, you will need to change it for the Group Managed Service Account in order to be able to register new devices. 
+
 #### Create KDS Root Key
 
 Sign-in a domain controller with _Enterprise Admin_ equivalent credentials.
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index 13c1e99b51..f3f064b1d1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -52,7 +52,7 @@ The trust model determines how you want users to authenticate to the on-premises
 * The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
 
 > [!NOTE]
-> Remote Desktop Protocol (RDP) does not support authentication with Windows Hello for Business key trust deployments. RDP is only supported with certificate trust deployments at this time. See [Remote Desktop](hello-feature-remote-desktop.md) to learn more.
+> RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 Following are the various deployment guides and models included in this topic:
 - [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md
index 390355cb33..e6d36e6967 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.md
@@ -28,7 +28,7 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10.
 Microsoft is committed to its vision of a <u>world without passwords.</u> We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication.  Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business.  New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs.  Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. 
 
 ## Can I use Windows Hello for Business key trust and RDP?
-RDP currently does not support key based authentication and does not support self signed certificates. RDP with Windows Hello for Business is currently only supported with certificate based deployments.
+RDP currently does not support using key based authentication and self signed certificates as supplied credentials. RDP with supplied credentials Windows Hello for Business is currently only supported with certificate based deployments. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 ## Can I deploy Windows Hello for Business using Microsoft Endpoint Configuration Manager?
 Windows Hello for Business deployments using Configuration Manager should use the hybrid deployment model that uses Active Directory Federation Services. Starting in Configuration Manager version 1910, certificate-based authentication with Windows Hello for Business settings isn't supported. Key-based authentication is still valid with Configuration Manager. For more information, see [Windows Hello for Business settings in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-hello-for-business-settings).
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index e1cf05225a..0ebcd33ec5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 09/09/2019
+ms.date: 09/16/2020
 ms.reviewer: 
 ---
 
@@ -27,9 +27,9 @@ ms.reviewer:
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments
 
-Windows Hello for Business supports using a certificate deployed to a WHFB container to a remote desktop to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol.
+Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
-Microsoft continues to investigate supporting this feature for key trust deployments in a future release.
+Microsoft continues to investigate supporting using keys trust for supplied credentials in a future release.
 
 ## Remote Desktop with Biometrics
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index 7576402a17..efeaaacd05 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -65,6 +65,9 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 > [!NOTE]
 > If your AD forest has multiple domains, make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest.
 
+> [!NOTE]
+> Transfer the PDC emulator FSMO role to a domain controller running Windows Server 2016 (or later) to be able to search the Key Admins and Enterprise Key Admins groups (domain controllers running previous versions of Windows Server cannot translate the security identifier to a name for these groups).
+
 ### Section Review
 
 > [!div class="checklist"]
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 5d10205e13..80d8f81611 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -94,8 +94,7 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md).
 
 Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing end user certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing user certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust.
 
-Windows Hello for Business with a key does not support RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments.
-
+Windows Hello for Business with a key does not support supplied credentials for RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments as a supplied credential. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 ## Learn more
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 3fff407e34..ea3430b5dd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: conceptual
-ms.date: 08/19/2018
+ms.date: 09/16/2020
 ms.reviewer: 
 ---
 # Planning a Windows Hello for Business Deployment
@@ -25,6 +25,8 @@ Congratulations! You are taking the first step forward in helping move your orga
 
 This guide explains the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of the infrastructure. Armed with your planning worksheet, you'll use that information to select the correct deployment guide for your needs.
 
+If you have an Azure tenant, you can use our online, interactive Passwordless Wizard which walks through the same choices instead of using our manual guide below. The Passwordless Wizard is available in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/modernonboarding/passwordlesssetup).
+
 ## Using this guide
 
 There are many options from which you can choose when deploying Windows Hello for Business. Providing multiple options ensures nearly every organization can deploy Windows Hello for Business. Providing many options makes the deployment appear complex, however, most organization will realize they've already implemented most of the infrastructure on which the Windows Hello for Business deployment depends. It is important to understand that Windows Hello for Business is a distributed system and does take proper planning across multiple teams within an organization.
@@ -91,7 +93,7 @@ The key trust type does not require issuing authentication certificates to end u
 The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 or later Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)).  Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.
 
 > [!NOTE]
-> RDP does not support authentication with Windows Hello for Business key trust deployments. RDP is only supported with certificate trust deployments at this time.
+> RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 #### Device registration
 
@@ -166,16 +168,13 @@ Choose the deployment model based on the resources your users access.  Use the f
 
 If your organization does not have on-premises resources, write **Cloud Only** in box **1a** on your planning worksheet.
 
-If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users' access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet.
+If your organization is federated with Azure or uses any service, such as AD Connect, Office365 or OneDrive, or your users access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet.
 
 If your organization does not have cloud resources, write **On-Premises** in box **1a** on your planning worksheet.
 > [!NOTE]
-> If you're unsure if your organization is federated, run the following Active Directory Windows PowerShell command from an elevated Windows PowerShell prompt and evaluate the results.  
-> ```Get-AdObject "CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com" -Properties keywords```
-> * If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS.  Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**.  If the object truly does not exist, then your environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type.
-> * If the command returns a value, compare that value with the values below.  The value indicates the deployment model you should implement
->   * If the value begins with **azureADName:**  – write **Hybrid** in box **1a**on your planning worksheet.
->     * If the value begins with **enterpriseDrsName:** – write **On-Premises** in box **1a** on your planning worksheet.
+>  * Main use case of On-Premises deployment is for "Enhanced Security Administrative Environments" also known as "Red Forests". 
+>  * Migration from on-premise to hybrid deployment will require redeployment.
+
 
 ### Trust type
 
diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md
index 3fe33458fc..8ec19c126f 100644
--- a/windows/security/identity-protection/hello-for-business/toc.md
+++ b/windows/security/identity-protection/hello-for-business/toc.md
@@ -16,10 +16,10 @@
 
 ## [How Windows Hello for Business works](hello-how-it-works.md)
 ### [Technical Deep Dive](hello-how-it-works.md#technical-deep-dive)
-#### [Technology and Terminology](hello-how-it-works-technology.md)
 #### [Device Registration](hello-how-it-works-device-registration.md)
 #### [Provisioning](hello-how-it-works-provisioning.md)
 #### [Authentication](hello-how-it-works-authentication.md)
+#### [Technology and Terminology](hello-how-it-works-technology.md)
 
 ## [Planning a Windows Hello for Business Deployment](hello-planning-guide.md)
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index f537134414..5c7b1190b1 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -313,7 +313,7 @@ To turn off the unlock server, the PXE provider can be unregistered from the WDS
 To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate Group Policy setting on the domain controller.
 
 > [!NOTE]
-> Machines that do not get the GPO will ask for the PIN when booting. In this case one needs to investigate and understand why the machine could not get the GPO and update the certificate.
+> Servers that do not receive the Group Policy Object (GPO) will require a PIN when booting. In such cases, the reason why the server did not receive the GPO to update the certificate needs to be investigated.
 
 ## <a href="" id="bkmk-troubleshoot"></a>Troubleshoot Network Unlock
 
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index fafb19e85a..1f04609088 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -9,6 +9,7 @@
 ### [Overview of Microsoft Defender Security Center](microsoft-defender-atp/use.md)
 ### [Portal overview](microsoft-defender-atp/portal-overview.md)
 ### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
+### [Microsoft Defender ATP for non-Windows platforms](microsoft-defender-atp/non-windows.md)
 
 ## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
 
@@ -223,7 +224,13 @@
 
 #### [Deploy]()
 ##### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
-##### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
+##### [JAMF Pro-based deployment]()
+###### [Deploying Microsoft Defender ATP for macOS using Jamf Pro](microsoft-defender-atp/mac-install-with-jamf.md)
+###### [Login to Jamf Pro](microsoft-defender-atp/mac-install-jamfpro-login.md)
+###### [Set up device groups](microsoft-defender-atp/mac-jamfpro-device-groups.md)
+###### [Set up policies](microsoft-defender-atp/mac-jamfpro-policies.md)
+###### [Enroll devices](microsoft-defender-atp/mac-jamfpro-enroll-devices.md)
+
 ##### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
 ##### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
 #### [Update](microsoft-defender-atp/mac-updates.md)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
index 8b91ba2fde..956266b212 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
@@ -11,8 +11,8 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/03/2018
-ms.reviewer: 
+ms.date: 09/17/2018
+ms.reviewer: pahuijbr
 manager: dansimp
 ---
 
@@ -82,7 +82,7 @@ You can use Group Policy to force Microsoft Defender Antivirus to check and down
 
 3. Click **Policies** then **Administrative templates**.
 
-4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**.
+4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates**.
 
 5. Double-click **Check for the latest virus and spyware definitions on startup** and set the option to **Enabled**. 
 
@@ -140,16 +140,16 @@ If you have enabled cloud-delivered protection, Microsoft Defender AV will send
 
 3. Click **Policies** then **Administrative templates**.
 
-4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**.
+4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates**.
 
 5. Double-click **Allow real-time security intelligence updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Then click **OK**.
 
 6. **Allow notifications to disable definitions-based reports to Microsoft MAPS** and set the option to **Enabled**. Then click **OK**.
     
 > [!NOTE]
-> "Allow notifications to disable definitions based reports" enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work.
+> **Allow notifications to disable definitions based reports** enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work.
 
-## Related articles
+## See also
 
 - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
 - [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/04245db47e1456f22d473980089ca69e.png b/windows/security/threat-protection/microsoft-defender-atp/images/04245db47e1456f22d473980089ca69e.png
new file mode 100644
index 0000000000..9a854aad6a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/04245db47e1456f22d473980089ca69e.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/099eb1b3e2d9a4fed03e9b7ef1de9765.png b/windows/security/threat-protection/microsoft-defender-atp/images/099eb1b3e2d9a4fed03e9b7ef1de9765.png
new file mode 100644
index 0000000000..33da3dde26
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/099eb1b3e2d9a4fed03e9b7ef1de9765.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/09a275e321268e5e3ac0c0865d3e2db5.png b/windows/security/threat-protection/microsoft-defender-atp/images/09a275e321268e5e3ac0c0865d3e2db5.png
new file mode 100644
index 0000000000..b033d8f6b8
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/09a275e321268e5e3ac0c0865d3e2db5.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0adb21c13206861ba9b30a879ade93d3.png b/windows/security/threat-protection/microsoft-defender-atp/images/0adb21c13206861ba9b30a879ade93d3.png
new file mode 100644
index 0000000000..b4a524f421
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0adb21c13206861ba9b30a879ade93d3.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0add8019b85a453b47fa5c402c72761b.png b/windows/security/threat-protection/microsoft-defender-atp/images/0add8019b85a453b47fa5c402c72761b.png
new file mode 100644
index 0000000000..2e663efc76
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0add8019b85a453b47fa5c402c72761b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0dde8a4c41110dbc398c485433a81359.png b/windows/security/threat-protection/microsoft-defender-atp/images/0dde8a4c41110dbc398c485433a81359.png
new file mode 100644
index 0000000000..1933fdec00
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0dde8a4c41110dbc398c485433a81359.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0df36fc308ba569db204ee32db3fb40a.png b/windows/security/threat-protection/microsoft-defender-atp/images/0df36fc308ba569db204ee32db3fb40a.png
new file mode 100644
index 0000000000..cb2c5784fd
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0df36fc308ba569db204ee32db3fb40a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/10ab98358b2d602f3f67618735fa82fb.png b/windows/security/threat-protection/microsoft-defender-atp/images/10ab98358b2d602f3f67618735fa82fb.png
new file mode 100644
index 0000000000..30b0d05525
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/10ab98358b2d602f3f67618735fa82fb.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1213872db5833aa8be535da57653219f.png b/windows/security/threat-protection/microsoft-defender-atp/images/1213872db5833aa8be535da57653219f.png
new file mode 100644
index 0000000000..211267d73d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1213872db5833aa8be535da57653219f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1359fbfdd8bd9ee74c3bb487a05b956c.png b/windows/security/threat-protection/microsoft-defender-atp/images/1359fbfdd8bd9ee74c3bb487a05b956c.png
new file mode 100644
index 0000000000..ebba81f9c4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1359fbfdd8bd9ee74c3bb487a05b956c.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1626d138e6309c6e87bfaab64f5ccf7b.png b/windows/security/threat-protection/microsoft-defender-atp/images/1626d138e6309c6e87bfaab64f5ccf7b.png
new file mode 100644
index 0000000000..e9ad710109
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1626d138e6309c6e87bfaab64f5ccf7b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1aa5aaa0a387f4e16ce55b66facc77d1.png b/windows/security/threat-protection/microsoft-defender-atp/images/1aa5aaa0a387f4e16ce55b66facc77d1.png
new file mode 100644
index 0000000000..b0fb764d52
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1aa5aaa0a387f4e16ce55b66facc77d1.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png b/windows/security/threat-protection/microsoft-defender-atp/images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png
new file mode 100644
index 0000000000..2da3d1c9ca
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1c08d097829863778d562c10c5f92b67.png b/windows/security/threat-protection/microsoft-defender-atp/images/1c08d097829863778d562c10c5f92b67.png
new file mode 100644
index 0000000000..9604e5fc29
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1c08d097829863778d562c10c5f92b67.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1c9bd3f68db20b80193dac18f33c22d0.png b/windows/security/threat-protection/microsoft-defender-atp/images/1c9bd3f68db20b80193dac18f33c22d0.png
new file mode 100644
index 0000000000..00a6103e30
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1c9bd3f68db20b80193dac18f33c22d0.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1f72e9c15eaafcabf1504397e99be311.png b/windows/security/threat-protection/microsoft-defender-atp/images/1f72e9c15eaafcabf1504397e99be311.png
new file mode 100644
index 0000000000..a4a5bb1008
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1f72e9c15eaafcabf1504397e99be311.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/20e33b98eb54447881dc6c89e58b890f.png b/windows/security/threat-protection/microsoft-defender-atp/images/20e33b98eb54447881dc6c89e58b890f.png
new file mode 100644
index 0000000000..c8722ddd31
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/20e33b98eb54447881dc6c89e58b890f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/216253cbfb6ae738b9f13496b9c799fd.png b/windows/security/threat-protection/microsoft-defender-atp/images/216253cbfb6ae738b9f13496b9c799fd.png
new file mode 100644
index 0000000000..35f0fdcd33
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/216253cbfb6ae738b9f13496b9c799fd.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/219bef7e5ebfdd0e2078f4a27535296a.png b/windows/security/threat-protection/microsoft-defender-atp/images/219bef7e5ebfdd0e2078f4a27535296a.png
new file mode 100644
index 0000000000..ae40584eb5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/219bef7e5ebfdd0e2078f4a27535296a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/21de3658bf58b1b767a17358a3f06341.png b/windows/security/threat-protection/microsoft-defender-atp/images/21de3658bf58b1b767a17358a3f06341.png
new file mode 100644
index 0000000000..f50308e890
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/21de3658bf58b1b767a17358a3f06341.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/22cb439de958101c0a12f3038f905b27.png b/windows/security/threat-protection/microsoft-defender-atp/images/22cb439de958101c0a12f3038f905b27.png
new file mode 100644
index 0000000000..0ee45bfe4d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/22cb439de958101c0a12f3038f905b27.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/24e290f5fc309932cf41f3a280d22c14.png b/windows/security/threat-protection/microsoft-defender-atp/images/24e290f5fc309932cf41f3a280d22c14.png
new file mode 100644
index 0000000000..38c794c2e4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/24e290f5fc309932cf41f3a280d22c14.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/253274b33e74f3f5b8d475cf8692ce4e.png b/windows/security/threat-protection/microsoft-defender-atp/images/253274b33e74f3f5b8d475cf8692ce4e.png
new file mode 100644
index 0000000000..940d23f8e7
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/253274b33e74f3f5b8d475cf8692ce4e.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/264493cd01e62c7085659d6fdc26dc91.png b/windows/security/threat-protection/microsoft-defender-atp/images/264493cd01e62c7085659d6fdc26dc91.png
new file mode 100644
index 0000000000..f5e8adcd57
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/264493cd01e62c7085659d6fdc26dc91.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/26f0f7a5f3a6d95aa32a9e3d6d1a38a4.png b/windows/security/threat-protection/microsoft-defender-atp/images/26f0f7a5f3a6d95aa32a9e3d6d1a38a4.png
new file mode 100644
index 0000000000..e887ffeb72
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/26f0f7a5f3a6d95aa32a9e3d6d1a38a4.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/2bda9244ec25d1526811da4ea91b1c86.png b/windows/security/threat-protection/microsoft-defender-atp/images/2bda9244ec25d1526811da4ea91b1c86.png
new file mode 100644
index 0000000000..ef1fa51714
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/2bda9244ec25d1526811da4ea91b1c86.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/2c49b16cd112729b3719724f581e6882.png b/windows/security/threat-protection/microsoft-defender-atp/images/2c49b16cd112729b3719724f581e6882.png
new file mode 100644
index 0000000000..4b2410ad5e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/2c49b16cd112729b3719724f581e6882.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/30be88b63abc5e8dde11b73f1b1ade6a.png b/windows/security/threat-protection/microsoft-defender-atp/images/30be88b63abc5e8dde11b73f1b1ade6a.png
new file mode 100644
index 0000000000..af749f43cc
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/30be88b63abc5e8dde11b73f1b1ade6a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3160906404bc5a2edf84d1d015894e3b.png b/windows/security/threat-protection/microsoft-defender-atp/images/3160906404bc5a2edf84d1d015894e3b.png
new file mode 100644
index 0000000000..b7ab38e50d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3160906404bc5a2edf84d1d015894e3b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/321ba245f14743c1d5d51c15e99deecc.png b/windows/security/threat-protection/microsoft-defender-atp/images/321ba245f14743c1d5d51c15e99deecc.png
new file mode 100644
index 0000000000..14d3cfb8dd
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/321ba245f14743c1d5d51c15e99deecc.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/335aff58950ce62d1dabc289ecdce9ed.png b/windows/security/threat-protection/microsoft-defender-atp/images/335aff58950ce62d1dabc289ecdce9ed.png
new file mode 100644
index 0000000000..b536944e24
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/335aff58950ce62d1dabc289ecdce9ed.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/33e2b2a1611fdddf6b5b79e54496e3bb.png b/windows/security/threat-protection/microsoft-defender-atp/images/33e2b2a1611fdddf6b5b79e54496e3bb.png
new file mode 100644
index 0000000000..1a95f07037
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/33e2b2a1611fdddf6b5b79e54496e3bb.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/33f1ecdc7d4872555418bbc3efe4b7a3.png b/windows/security/threat-protection/microsoft-defender-atp/images/33f1ecdc7d4872555418bbc3efe4b7a3.png
new file mode 100644
index 0000000000..06aed3038e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/33f1ecdc7d4872555418bbc3efe4b7a3.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/368d35b3d6179af92ffdbfd93b226b69.png b/windows/security/threat-protection/microsoft-defender-atp/images/368d35b3d6179af92ffdbfd93b226b69.png
new file mode 100644
index 0000000000..dea45e1206
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/368d35b3d6179af92ffdbfd93b226b69.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/38c67ee1905c4747c3b26c8eba57726b.png b/windows/security/threat-protection/microsoft-defender-atp/images/38c67ee1905c4747c3b26c8eba57726b.png
new file mode 100644
index 0000000000..fbb8656f8b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/38c67ee1905c4747c3b26c8eba57726b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/39cf120d3ac3652292d8d1b6d057bd60.png b/windows/security/threat-protection/microsoft-defender-atp/images/39cf120d3ac3652292d8d1b6d057bd60.png
new file mode 100644
index 0000000000..6d201f5e90
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/39cf120d3ac3652292d8d1b6d057bd60.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3c0a231f83cfb5a256d99ae575400d9b.png b/windows/security/threat-protection/microsoft-defender-atp/images/3c0a231f83cfb5a256d99ae575400d9b.png
new file mode 100644
index 0000000000..ebe69e0005
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3c0a231f83cfb5a256d99ae575400d9b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3ced5383a6be788486d89d407d042f28.png b/windows/security/threat-protection/microsoft-defender-atp/images/3ced5383a6be788486d89d407d042f28.png
new file mode 100644
index 0000000000..4ff3e0fb7c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3ced5383a6be788486d89d407d042f28.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4139848399185472abaa0ce2f34a883a.png b/windows/security/threat-protection/microsoft-defender-atp/images/4139848399185472abaa0ce2f34a883a.png
new file mode 100644
index 0000000000..de3cbeb5bb
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4139848399185472abaa0ce2f34a883a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4239ca0528efb0734e4ca0b490bfb22d.png b/windows/security/threat-protection/microsoft-defender-atp/images/4239ca0528efb0734e4ca0b490bfb22d.png
new file mode 100644
index 0000000000..8bd862cd66
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4239ca0528efb0734e4ca0b490bfb22d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/441aa2ecd36abadcdd8aed03556080b5.png b/windows/security/threat-protection/microsoft-defender-atp/images/441aa2ecd36abadcdd8aed03556080b5.png
new file mode 100644
index 0000000000..9d1b985470
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/441aa2ecd36abadcdd8aed03556080b5.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/45156aa74077fc82cd4223f3dcb8cd76.png b/windows/security/threat-protection/microsoft-defender-atp/images/45156aa74077fc82cd4223f3dcb8cd76.png
new file mode 100644
index 0000000000..041e7d946c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/45156aa74077fc82cd4223f3dcb8cd76.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4922c0fcdde4c7f73242b13bf5e35c19.png b/windows/security/threat-protection/microsoft-defender-atp/images/4922c0fcdde4c7f73242b13bf5e35c19.png
new file mode 100644
index 0000000000..3e31d5e244
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4922c0fcdde4c7f73242b13bf5e35c19.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4bac6ce277aedfb4a674f2d9fcb2599a.png b/windows/security/threat-protection/microsoft-defender-atp/images/4bac6ce277aedfb4a674f2d9fcb2599a.png
new file mode 100644
index 0000000000..15c5639231
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4bac6ce277aedfb4a674f2d9fcb2599a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4cc3cfc683ae36ff906562a61908d132.png b/windows/security/threat-protection/microsoft-defender-atp/images/4cc3cfc683ae36ff906562a61908d132.png
new file mode 100644
index 0000000000..6aee2fb1b1
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4cc3cfc683ae36ff906562a61908d132.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4d2d1d4ee13d3f840f425924c3df0d51.png b/windows/security/threat-protection/microsoft-defender-atp/images/4d2d1d4ee13d3f840f425924c3df0d51.png
new file mode 100644
index 0000000000..83ef8509be
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4d2d1d4ee13d3f840f425924c3df0d51.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4ec20e72c8aed9a4c16912e01692436a.png b/windows/security/threat-protection/microsoft-defender-atp/images/4ec20e72c8aed9a4c16912e01692436a.png
new file mode 100644
index 0000000000..e3d3692c75
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4ec20e72c8aed9a4c16912e01692436a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/526b83fbdbb31265b3d0c1e5fbbdc33a.png b/windows/security/threat-protection/microsoft-defender-atp/images/526b83fbdbb31265b3d0c1e5fbbdc33a.png
new file mode 100644
index 0000000000..6b4bd29da7
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/526b83fbdbb31265b3d0c1e5fbbdc33a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/526e978761fc571cca06907da7b01fd6.png b/windows/security/threat-protection/microsoft-defender-atp/images/526e978761fc571cca06907da7b01fd6.png
new file mode 100644
index 0000000000..2ee505158e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/526e978761fc571cca06907da7b01fd6.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/54be9c6ed5b24cebe628dc3cd9ca4089.png b/windows/security/threat-protection/microsoft-defender-atp/images/54be9c6ed5b24cebe628dc3cd9ca4089.png
new file mode 100644
index 0000000000..b809759dcb
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/54be9c6ed5b24cebe628dc3cd9ca4089.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/56dac54634d13b2d3948ab50e8d3ef21.png b/windows/security/threat-protection/microsoft-defender-atp/images/56dac54634d13b2d3948ab50e8d3ef21.png
new file mode 100644
index 0000000000..23770e3a97
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/56dac54634d13b2d3948ab50e8d3ef21.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/56e6f6259b9ce3c1706ed8d666ae4947.png b/windows/security/threat-protection/microsoft-defender-atp/images/56e6f6259b9ce3c1706ed8d666ae4947.png
new file mode 100644
index 0000000000..163da50934
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/56e6f6259b9ce3c1706ed8d666ae4947.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/57aa4d21e2ccc65466bf284701d4e961.png b/windows/security/threat-protection/microsoft-defender-atp/images/57aa4d21e2ccc65466bf284701d4e961.png
new file mode 100644
index 0000000000..d2c3a2f2e5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/57aa4d21e2ccc65466bf284701d4e961.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/57cef926d1b9260fb74a5f460cee887a.png b/windows/security/threat-protection/microsoft-defender-atp/images/57cef926d1b9260fb74a5f460cee887a.png
new file mode 100644
index 0000000000..e3897c4cbe
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/57cef926d1b9260fb74a5f460cee887a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/5856b765a6ce677caacb130ca36b1a62.png b/windows/security/threat-protection/microsoft-defender-atp/images/5856b765a6ce677caacb130ca36b1a62.png
new file mode 100644
index 0000000000..2e85b376b2
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/5856b765a6ce677caacb130ca36b1a62.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/625ba6d19e8597f05e4907298a454d28.png b/windows/security/threat-protection/microsoft-defender-atp/images/625ba6d19e8597f05e4907298a454d28.png
new file mode 100644
index 0000000000..b63b06e529
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/625ba6d19e8597f05e4907298a454d28.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/632aaab79ae18d0d2b8e0c16b6ba39e2.png b/windows/security/threat-protection/microsoft-defender-atp/images/632aaab79ae18d0d2b8e0c16b6ba39e2.png
new file mode 100644
index 0000000000..8d43285b82
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/632aaab79ae18d0d2b8e0c16b6ba39e2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/633ad26b8bf24ec683c98b2feb884bdf.png b/windows/security/threat-protection/microsoft-defender-atp/images/633ad26b8bf24ec683c98b2feb884bdf.png
new file mode 100644
index 0000000000..e71d428536
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/633ad26b8bf24ec683c98b2feb884bdf.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/644e0f3af40c29e80ca1443535b2fe32.png b/windows/security/threat-protection/microsoft-defender-atp/images/644e0f3af40c29e80ca1443535b2fe32.png
new file mode 100644
index 0000000000..b37ef7c8b5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/644e0f3af40c29e80ca1443535b2fe32.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/68bdbc5754dfc80aa1a024dde0fce7b0.png b/windows/security/threat-protection/microsoft-defender-atp/images/68bdbc5754dfc80aa1a024dde0fce7b0.png
new file mode 100644
index 0000000000..774f727137
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/68bdbc5754dfc80aa1a024dde0fce7b0.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6c8b406ee224335a8c65d06953dc756e.png b/windows/security/threat-protection/microsoft-defender-atp/images/6c8b406ee224335a8c65d06953dc756e.png
new file mode 100644
index 0000000000..65870c57ee
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6c8b406ee224335a8c65d06953dc756e.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6de50b4a897408ddc6ded56a09c09fe2.png b/windows/security/threat-protection/microsoft-defender-atp/images/6de50b4a897408ddc6ded56a09c09fe2.png
new file mode 100644
index 0000000000..4251c7b374
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6de50b4a897408ddc6ded56a09c09fe2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6eda18a64a660fa149575454e54e7156.png b/windows/security/threat-protection/microsoft-defender-atp/images/6eda18a64a660fa149575454e54e7156.png
new file mode 100644
index 0000000000..edf5e96a06
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6eda18a64a660fa149575454e54e7156.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6f093e42856753a3955cab7ee14f12d9.png b/windows/security/threat-protection/microsoft-defender-atp/images/6f093e42856753a3955cab7ee14f12d9.png
new file mode 100644
index 0000000000..8bb38c4958
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6f093e42856753a3955cab7ee14f12d9.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6f85269276b2278eca4bce84f935f87b.png b/windows/security/threat-protection/microsoft-defender-atp/images/6f85269276b2278eca4bce84f935f87b.png
new file mode 100644
index 0000000000..11d8c78bcf
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6f85269276b2278eca4bce84f935f87b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6fd0cb2bbb0e60a623829c91fd0826ab.png b/windows/security/threat-protection/microsoft-defender-atp/images/6fd0cb2bbb0e60a623829c91fd0826ab.png
new file mode 100644
index 0000000000..32d1b991bd
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6fd0cb2bbb0e60a623829c91fd0826ab.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/715ae7ec8d6a262c489f94d14e1e51bb.png b/windows/security/threat-protection/microsoft-defender-atp/images/715ae7ec8d6a262c489f94d14e1e51bb.png
new file mode 100644
index 0000000000..bfe95454d9
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/715ae7ec8d6a262c489f94d14e1e51bb.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/718b9d609f9f77c8b13ba88c4c0abe5d.png b/windows/security/threat-protection/microsoft-defender-atp/images/718b9d609f9f77c8b13ba88c4c0abe5d.png
new file mode 100644
index 0000000000..46b0e010bd
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/718b9d609f9f77c8b13ba88c4c0abe5d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/7697c33b9fd376ae5a8023d01f9d3857.png b/windows/security/threat-protection/microsoft-defender-atp/images/7697c33b9fd376ae5a8023d01f9d3857.png
new file mode 100644
index 0000000000..a037ed737b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/7697c33b9fd376ae5a8023d01f9d3857.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/770827925b3f572fc027e7d50dcc415d.png b/windows/security/threat-protection/microsoft-defender-atp/images/770827925b3f572fc027e7d50dcc415d.png
new file mode 100644
index 0000000000..82bd4898af
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/770827925b3f572fc027e7d50dcc415d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/77d14ea36bea97c4607af0f70c88b812.png b/windows/security/threat-protection/microsoft-defender-atp/images/77d14ea36bea97c4607af0f70c88b812.png
new file mode 100644
index 0000000000..a3ce68e15e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/77d14ea36bea97c4607af0f70c88b812.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/7acc1b24846d3388d3b29c1d7a2dd141.png b/windows/security/threat-protection/microsoft-defender-atp/images/7acc1b24846d3388d3b29c1d7a2dd141.png
new file mode 100644
index 0000000000..4ef3ad1831
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/7acc1b24846d3388d3b29c1d7a2dd141.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/7f9138053dbcbf928e5182ee7b295ebe.png b/windows/security/threat-protection/microsoft-defender-atp/images/7f9138053dbcbf928e5182ee7b295ebe.png
new file mode 100644
index 0000000000..474e281699
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/7f9138053dbcbf928e5182ee7b295ebe.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/809cef630281b64b8f07f20913b0039b.png b/windows/security/threat-protection/microsoft-defender-atp/images/809cef630281b64b8f07f20913b0039b.png
new file mode 100644
index 0000000000..b31c48693d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/809cef630281b64b8f07f20913b0039b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/846ca6a7a4be5be7111744091d539cba.png b/windows/security/threat-protection/microsoft-defender-atp/images/846ca6a7a4be5be7111744091d539cba.png
new file mode 100644
index 0000000000..b0dd1554ef
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/846ca6a7a4be5be7111744091d539cba.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/847b70e54ed04787e415f5180414b310.png b/windows/security/threat-protection/microsoft-defender-atp/images/847b70e54ed04787e415f5180414b310.png
new file mode 100644
index 0000000000..884a5e815e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/847b70e54ed04787e415f5180414b310.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8c3bdc3924488542295f29c93af3881f.png b/windows/security/threat-protection/microsoft-defender-atp/images/8c3bdc3924488542295f29c93af3881f.png
new file mode 100644
index 0000000000..f0b6205a1f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8c3bdc3924488542295f29c93af3881f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8d80fe378a31143db9be0bacf7ddc5a3.png b/windows/security/threat-protection/microsoft-defender-atp/images/8d80fe378a31143db9be0bacf7ddc5a3.png
new file mode 100644
index 0000000000..943ede3988
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8d80fe378a31143db9be0bacf7ddc5a3.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8dde76b5463047423f8637c86b05c29d.png b/windows/security/threat-protection/microsoft-defender-atp/images/8dde76b5463047423f8637c86b05c29d.png
new file mode 100644
index 0000000000..b15631e21b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8dde76b5463047423f8637c86b05c29d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8e69f867664668796a3b2904896f0436.png b/windows/security/threat-protection/microsoft-defender-atp/images/8e69f867664668796a3b2904896f0436.png
new file mode 100644
index 0000000000..aba654cde9
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8e69f867664668796a3b2904896f0436.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8fb4cc03721e1efb4a15867d5241ebfb.png b/windows/security/threat-protection/microsoft-defender-atp/images/8fb4cc03721e1efb4a15867d5241ebfb.png
new file mode 100644
index 0000000000..df6134c572
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8fb4cc03721e1efb4a15867d5241ebfb.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/95313facfdd5e1ea361981e0a2478fec.png b/windows/security/threat-protection/microsoft-defender-atp/images/95313facfdd5e1ea361981e0a2478fec.png
new file mode 100644
index 0000000000..d4638f0643
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/95313facfdd5e1ea361981e0a2478fec.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/98acea3750113b8dbab334296e833003.png b/windows/security/threat-protection/microsoft-defender-atp/images/98acea3750113b8dbab334296e833003.png
new file mode 100644
index 0000000000..12867aecde
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/98acea3750113b8dbab334296e833003.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/990742cd9a15ca9fdd37c9f695d1b9f4.png b/windows/security/threat-protection/microsoft-defender-atp/images/990742cd9a15ca9fdd37c9f695d1b9f4.png
new file mode 100644
index 0000000000..0de20fa301
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/990742cd9a15ca9fdd37c9f695d1b9f4.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/99679a7835b0d27d0a222bc3fdaf7f3b.png b/windows/security/threat-protection/microsoft-defender-atp/images/99679a7835b0d27d0a222bc3fdaf7f3b.png
new file mode 100644
index 0000000000..fd2706aa68
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/99679a7835b0d27d0a222bc3fdaf7f3b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9970046795448057693973a976da3d1d.png b/windows/security/threat-protection/microsoft-defender-atp/images/9970046795448057693973a976da3d1d.png
new file mode 100644
index 0000000000..b4e92a0f51
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9970046795448057693973a976da3d1d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9d6e5386e652e00715ff348af72671c6.png b/windows/security/threat-protection/microsoft-defender-atp/images/9d6e5386e652e00715ff348af72671c6.png
new file mode 100644
index 0000000000..7c4bf5f298
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9d6e5386e652e00715ff348af72671c6.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9e31ba00bcdd0bd8c1d1e53808581a2d.png b/windows/security/threat-protection/microsoft-defender-atp/images/9e31ba00bcdd0bd8c1d1e53808581a2d.png
new file mode 100644
index 0000000000..a604180a07
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9e31ba00bcdd0bd8c1d1e53808581a2d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9f09cc4cd841559dd389fba7dc57e5e0.png b/windows/security/threat-protection/microsoft-defender-atp/images/9f09cc4cd841559dd389fba7dc57e5e0.png
new file mode 100644
index 0000000000..c636679f40
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9f09cc4cd841559dd389fba7dc57e5e0.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9fc17529e5577eefd773c658ec576a7d.png b/windows/security/threat-protection/microsoft-defender-atp/images/9fc17529e5577eefd773c658ec576a7d.png
new file mode 100644
index 0000000000..f352977ac3
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9fc17529e5577eefd773c658ec576a7d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a26bd4967cd54bb113a2c8d32894c3de.png b/windows/security/threat-protection/microsoft-defender-atp/images/a26bd4967cd54bb113a2c8d32894c3de.png
new file mode 100644
index 0000000000..4ec19ffeb2
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a26bd4967cd54bb113a2c8d32894c3de.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a347307458d6a9bbfa88df7dbe15398f.png b/windows/security/threat-protection/microsoft-defender-atp/images/a347307458d6a9bbfa88df7dbe15398f.png
new file mode 100644
index 0000000000..bfcfa8f717
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a347307458d6a9bbfa88df7dbe15398f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a422e57fe8d45689227e784443e51bd1.png b/windows/security/threat-protection/microsoft-defender-atp/images/a422e57fe8d45689227e784443e51bd1.png
new file mode 100644
index 0000000000..c734a1763a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a422e57fe8d45689227e784443e51bd1.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a43bdc97f961de41946baca0e7405138.png b/windows/security/threat-protection/microsoft-defender-atp/images/a43bdc97f961de41946baca0e7405138.png
new file mode 100644
index 0000000000..1c78719148
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a43bdc97f961de41946baca0e7405138.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a657018ab7c25284f0a631e83fc63c20.png b/windows/security/threat-protection/microsoft-defender-atp/images/a657018ab7c25284f0a631e83fc63c20.png
new file mode 100644
index 0000000000..3aea41c5e9
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a657018ab7c25284f0a631e83fc63c20.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a790e02892e09857213331be078b9c28.png b/windows/security/threat-protection/microsoft-defender-atp/images/a790e02892e09857213331be078b9c28.png
new file mode 100644
index 0000000000..6221e07cb5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a790e02892e09857213331be078b9c28.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/aa9f8f0f5772b7032e0f5606a9094c79.png b/windows/security/threat-protection/microsoft-defender-atp/images/aa9f8f0f5772b7032e0f5606a9094c79.png
new file mode 100644
index 0000000000..ef720de702
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/aa9f8f0f5772b7032e0f5606a9094c79.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/abccba0b620cec06b03d219832667fe1.png b/windows/security/threat-protection/microsoft-defender-atp/images/abccba0b620cec06b03d219832667fe1.png
new file mode 100644
index 0000000000..d7d0f281c2
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/abccba0b620cec06b03d219832667fe1.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ae3597247b6bc7c5347cf56ab1e820c0.png b/windows/security/threat-protection/microsoft-defender-atp/images/ae3597247b6bc7c5347cf56ab1e820c0.png
new file mode 100644
index 0000000000..0dab513560
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ae3597247b6bc7c5347cf56ab1e820c0.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b334974590d1a1fa4bc034b6190663ea.png b/windows/security/threat-protection/microsoft-defender-atp/images/b334974590d1a1fa4bc034b6190663ea.png
new file mode 100644
index 0000000000..778c97d70a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b334974590d1a1fa4bc034b6190663ea.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b64986618ecc9eec016a7e4c504d9d27.png b/windows/security/threat-protection/microsoft-defender-atp/images/b64986618ecc9eec016a7e4c504d9d27.png
new file mode 100644
index 0000000000..55aced9e5e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b64986618ecc9eec016a7e4c504d9d27.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b6c7ad56d50f497c38fc14c1e315456c.png b/windows/security/threat-protection/microsoft-defender-atp/images/b6c7ad56d50f497c38fc14c1e315456c.png
new file mode 100644
index 0000000000..cb1009d9ab
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b6c7ad56d50f497c38fc14c1e315456c.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b6d671b2f18b89d96c1c8e2ea1991242.png b/windows/security/threat-protection/microsoft-defender-atp/images/b6d671b2f18b89d96c1c8e2ea1991242.png
new file mode 100644
index 0000000000..168b4103a5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b6d671b2f18b89d96c1c8e2ea1991242.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b7b677c6b06dfa9a00223ec6c58685d6.png b/windows/security/threat-protection/microsoft-defender-atp/images/b7b677c6b06dfa9a00223ec6c58685d6.png
new file mode 100644
index 0000000000..f889ed6a06
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b7b677c6b06dfa9a00223ec6c58685d6.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ba3d40399e1a6d09214ecbb2b341923f.png b/windows/security/threat-protection/microsoft-defender-atp/images/ba3d40399e1a6d09214ecbb2b341923f.png
new file mode 100644
index 0000000000..3effc79498
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ba3d40399e1a6d09214ecbb2b341923f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ba44cdb77e4781aa8b940fb83e3c21f7.png b/windows/security/threat-protection/microsoft-defender-atp/images/ba44cdb77e4781aa8b940fb83e3c21f7.png
new file mode 100644
index 0000000000..9d9988e39f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ba44cdb77e4781aa8b940fb83e3c21f7.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bcd4920afadbc158f8d7de88c11096fb.png b/windows/security/threat-protection/microsoft-defender-atp/images/bcd4920afadbc158f8d7de88c11096fb.png
new file mode 100644
index 0000000000..cdf08c8f7b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bcd4920afadbc158f8d7de88c11096fb.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bd93e78b74c2660a0541af4690dd9485.png b/windows/security/threat-protection/microsoft-defender-atp/images/bd93e78b74c2660a0541af4690dd9485.png
new file mode 100644
index 0000000000..b30f65c374
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bd93e78b74c2660a0541af4690dd9485.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bf187f62ea1ae024d87a933cf97a00d3.png b/windows/security/threat-protection/microsoft-defender-atp/images/bf187f62ea1ae024d87a933cf97a00d3.png
new file mode 100644
index 0000000000..2bd24757a9
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bf187f62ea1ae024d87a933cf97a00d3.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c1022b886c359a2969b9a3fea4bcc6ed.png b/windows/security/threat-protection/microsoft-defender-atp/images/c1022b886c359a2969b9a3fea4bcc6ed.png
new file mode 100644
index 0000000000..e0c1d3c59c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c1022b886c359a2969b9a3fea4bcc6ed.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c254c437d5bdb4c28df8b25ba0a5e4a2.png b/windows/security/threat-protection/microsoft-defender-atp/images/c254c437d5bdb4c28df8b25ba0a5e4a2.png
new file mode 100644
index 0000000000..f973186aa0
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c254c437d5bdb4c28df8b25ba0a5e4a2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c9820a5ff84aaf21635c04a23a97ca93.png b/windows/security/threat-protection/microsoft-defender-atp/images/c9820a5ff84aaf21635c04a23a97ca93.png
new file mode 100644
index 0000000000..a33cc304f5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c9820a5ff84aaf21635c04a23a97ca93.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c9f85bba3e96d627fe00fc5a8363b83a.png b/windows/security/threat-protection/microsoft-defender-atp/images/c9f85bba3e96d627fe00fc5a8363b83a.png
new file mode 100644
index 0000000000..d01d4b01da
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c9f85bba3e96d627fe00fc5a8363b83a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ce580aec080512d44a37ff8e82e5c2ac.png b/windows/security/threat-protection/microsoft-defender-atp/images/ce580aec080512d44a37ff8e82e5c2ac.png
new file mode 100644
index 0000000000..1b3179853c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ce580aec080512d44a37ff8e82e5c2ac.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cf30438b5512ac89af1d11cbf35219a6.png b/windows/security/threat-protection/microsoft-defender-atp/images/cf30438b5512ac89af1d11cbf35219a6.png
new file mode 100644
index 0000000000..ac3ffa8237
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/cf30438b5512ac89af1d11cbf35219a6.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/contoso-machine-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/contoso-machine-group.png
new file mode 100644
index 0000000000..954724e574
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/contoso-machine-group.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/d0e0bee1e23464ab729191bbea5c2604.png b/windows/security/threat-protection/microsoft-defender-atp/images/d0e0bee1e23464ab729191bbea5c2604.png
new file mode 100644
index 0000000000..2f8b727669
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/d0e0bee1e23464ab729191bbea5c2604.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/d8254adf4bd30290f9a8a0c131830a1f.png b/windows/security/threat-protection/microsoft-defender-atp/images/d8254adf4bd30290f9a8a0c131830a1f.png
new file mode 100644
index 0000000000..82131ac913
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/d8254adf4bd30290f9a8a0c131830a1f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/db15f147dd959e872a044184711d7d46.png b/windows/security/threat-protection/microsoft-defender-atp/images/db15f147dd959e872a044184711d7d46.png
new file mode 100644
index 0000000000..a8cd37acf4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/db15f147dd959e872a044184711d7d46.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/dc9f016cf649f8baaa89eaa0511ebb85.png b/windows/security/threat-protection/microsoft-defender-atp/images/dc9f016cf649f8baaa89eaa0511ebb85.png
new file mode 100644
index 0000000000..dd86cc8585
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/dc9f016cf649f8baaa89eaa0511ebb85.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/dd55405106da0dfc2f50f8d4525b01c8.png b/windows/security/threat-protection/microsoft-defender-atp/images/dd55405106da0dfc2f50f8d4525b01c8.png
new file mode 100644
index 0000000000..6e5f3fa9dc
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/dd55405106da0dfc2f50f8d4525b01c8.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/de180771f31278a2a6225857f73caf0d.png b/windows/security/threat-protection/microsoft-defender-atp/images/de180771f31278a2a6225857f73caf0d.png
new file mode 100644
index 0000000000..89a9591408
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/de180771f31278a2a6225857f73caf0d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/e1cc1e48ec9d5d688087b4d771e668d2.png b/windows/security/threat-protection/microsoft-defender-atp/images/e1cc1e48ec9d5d688087b4d771e668d2.png
new file mode 100644
index 0000000000..d730bb042b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/e1cc1e48ec9d5d688087b4d771e668d2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/e925142786fa5c0e9309fafc128a5ef7.png b/windows/security/threat-protection/microsoft-defender-atp/images/e925142786fa5c0e9309fafc128a5ef7.png
new file mode 100644
index 0000000000..f47188ab2e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/e925142786fa5c0e9309fafc128a5ef7.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/eaba2a23dd34f73bf59e826217ba6f15.png b/windows/security/threat-protection/microsoft-defender-atp/images/eaba2a23dd34f73bf59e826217ba6f15.png
new file mode 100644
index 0000000000..790aae6d4d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/eaba2a23dd34f73bf59e826217ba6f15.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/f504b2ae0a28a10778b0fa70378c355c.png b/windows/security/threat-protection/microsoft-defender-atp/images/f504b2ae0a28a10778b0fa70378c355c.png
new file mode 100644
index 0000000000..b4da9a44be
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/f504b2ae0a28a10778b0fa70378c355c.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/f624de59b3cc86e3e2d32ae5de093e02.png b/windows/security/threat-protection/microsoft-defender-atp/images/f624de59b3cc86e3e2d32ae5de093e02.png
new file mode 100644
index 0000000000..314479f578
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/f624de59b3cc86e3e2d32ae5de093e02.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/f878f8efa5ebc92d069f4b8f79f62c7f.png b/windows/security/threat-protection/microsoft-defender-atp/images/f878f8efa5ebc92d069f4b8f79f62c7f.png
new file mode 100644
index 0000000000..7bf897ae75
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/f878f8efa5ebc92d069f4b8f79f62c7f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/fb2220fed3a530f4b3ef36f600da0c27.png b/windows/security/threat-protection/microsoft-defender-atp/images/fb2220fed3a530f4b3ef36f600da0c27.png
new file mode 100644
index 0000000000..b16f4b9326
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/fb2220fed3a530f4b3ef36f600da0c27.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-login1.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-login1.png
new file mode 100644
index 0000000000..4668be81df
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-login1.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-configure-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-configure-profile.png
new file mode 100644
index 0000000000..879ecf9575
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-configure-profile.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-dashboard.png
new file mode 100644
index 0000000000..c54729166f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-dashboard.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-portal1.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-portal1.png
new file mode 100644
index 0000000000..a3f59fcea3
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-portal1.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-static-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-static-group.png
new file mode 100644
index 0000000000..062a297f8c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-static-group.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-ca-certificate.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-ca-certificate.png
new file mode 100644
index 0000000000..89a3a9fa29
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-ca-certificate.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-configuration-policies.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-configuration-policies.png
new file mode 100644
index 0000000000..0c14cc2d3a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-configuration-policies.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-deployment-target.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-deployment-target.png
new file mode 100644
index 0000000000..c533d9000c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-deployment-target.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-download.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-download.png
new file mode 100644
index 0000000000..a3c7524472
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-download.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm-profile.png
new file mode 100644
index 0000000000..b543f8a02a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm-profile.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm.png
new file mode 100644
index 0000000000..4377bc50e3
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mac-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mac-profile.png
new file mode 100644
index 0000000000..ea36ebff47
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mac-profile.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-machine-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-machine-group.png
new file mode 100644
index 0000000000..eaea373077
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-machine-group.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-profile.png
new file mode 100644
index 0000000000..bf5017bdbd
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-profile.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-unverified.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-unverified.png
new file mode 100644
index 0000000000..0900e110f6
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-unverified.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file-onboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file-onboard.png
new file mode 100644
index 0000000000..76b784f0fa
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file-onboard.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file.png
new file mode 100644
index 0000000000..b3e820638e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-upload.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-upload.png
new file mode 100644
index 0000000000..62422eaa2d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-upload.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist.png
new file mode 100644
index 0000000000..53fd89f311
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-policies.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-policies.png
new file mode 100644
index 0000000000..bf7d34f9d9
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-policies.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-scope-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-scope-tab.png
new file mode 100644
index 0000000000..5850b5fc1f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-scope-tab.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-settings.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-settings.png
new file mode 100644
index 0000000000..8c390217ba
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-settings.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-computer.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-computer.png
new file mode 100644
index 0000000000..0f85e9a99d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-computer.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-group.png
new file mode 100644
index 0000000000..6073a576d5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-group.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-selected.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-selected.png
new file mode 100644
index 0000000000..6bedad674d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-selected.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-targets.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-targets.png
new file mode 100644
index 0000000000..75eb399e74
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-targets.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-upload-plist.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-upload-plist.png
new file mode 100644
index 0000000000..b8c139d6f7
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-upload-plist.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/onboarding-macos.png b/windows/security/threat-protection/microsoft-defender-atp/images/onboarding-macos.png
new file mode 100644
index 0000000000..e0cbad4ba1
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/onboarding-macos.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/plist-onboarding-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/plist-onboarding-file.png
new file mode 100644
index 0000000000..6c87d56c5f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/plist-onboarding-file.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md
new file mode 100644
index 0000000000..a997600a11
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md
@@ -0,0 +1,41 @@
+---
+title: Log in to Jamf Pro
+description: Log in to Jamf Pro
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Log in to Jamf Pro
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+1. Enter your credentials.
+
+    ![Image of Jamf Pro dashboard](images/jamf-pro-portal1.png)
+
+2. Select **Computers**.
+
+    ![Image of Jamf Pro dashboard](images/jamf-pro-dashboard.png)
+
+3. You will see the settings that are available.
+
+     ![Image of Jamf Pro dashboard](images/jamfpro-settings.png)
+
+
+## Next step
+[Setup the device groups in Jamf Pro](mac-jamfpro-device-groups.md)
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
index efdb013295..931ca38827 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
@@ -1,7 +1,7 @@
 ---
-title: JAMF-based deployment for Microsoft Defender ATP for Mac
-description: Learn about all the steps needed to deploy Microsoft Defender Advanced Threat Protection for Mac through JAMF.
-keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
+title: Deploying Microsoft Defender ATP for macOS with Jamf Pro
+description: Deploying Microsoft Defender ATP for macOS with Jamf Pro
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,361 +15,24 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 04/10/2020
 ---
 
-# JAMF-based deployment for Microsoft Defender ATP for Mac
+# Deploying Microsoft Defender ATP for macOS with Jamf Pro
 
 **Applies to:**
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
 
-This article describes how to deploy Microsoft Defender ATP for Mac through JAMF. A successful deployment requires the completion of all of the following steps:
+Learn how to deploy Microsoft Defender ATP for macOS with Jamf Pro.
 
-1. [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
-1. [Create JAMF policies](#create-jamf-policies)
-1. [Client device setup](#client-device-setup)
-1. [Deployment](#deployment)
-1. [Check onboarding status](#check-onboarding-status)
+This is a multi step process. You'll need to complete all of the following steps:
 
-## Prerequisites and system requirements
+- [Login to the Jamf Portal](mac-install-jamfpro-login.md)
+- [Setup the Microsoft Defender ATP for macOS device groups in Jamf Pro](mac-jamfpro-device-groups.md)
+- [Setup the Microsoft Defender ATP for macOS policies in Jamf Pro](mac-jamfpro-policies.md)
+- [Enroll the Microsoft Defender ATP for macOS devices into Jamf Pro](mac-jamfpro-enroll-devices.md)
 
-Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
 
-In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow.
 
-## Overview
 
-The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender ATP for Macs, via JAMF. More detailed steps are available below.
 
-| Step | Sample file names | BundleIdentifier |
-|-|-|-|
-| [Download installation and onboarding packages](#download-installation-and-onboarding-packages) | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp |
-| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#property-list-for-jamf-configuration-profile-1)<br/><br/> **Note:** If you are planning to run a third party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.plist | com.microsoft.wdav |
-| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#notification-settings) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.wdav.tray |
-| [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#jamf) | MDATP_Microsoft_AutoUpdate.mobileconfig | com.microsoft.autoupdate2 |
-| [Grant Full Disk Access to Microsoft Defender ATP](#privacy-preferences-policy-control) | Note: If there was one, MDATP_tcc_Catalina_or_newer.plist | com.microsoft.wdav.tcc |
-| [Approve Kernel Extension for Microsoft Defender ATP](#approved-kernel-extension) | Note: If there was one, MDATP_KExt.plist | N/A |
-
-## Download installation and onboarding packages
-
-Download the installation and onboarding packages from Microsoft Defender Security Center:
-
-1. In Microsoft Defender Security Center, go to **Settings > Device management > Onboarding**.
-2. Set the operating system to **macOS** and the deployment method to **Mobile Device Management / Microsoft Intune**.
-    ![Onboarding settings screenshot](images/atp-mac-install.png)
-
-    > [!NOTE]
-    > Jamf falls under **Mobile Device Management**.
-
-3. Select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
-4. Select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
-5. From the command prompt, verify that you have the two files. 
-
-    ```bash
-    ls -l
-    ```
-    ```Output
-    total 721160
-    -rw-r--r--  1 test  staff      11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
-    ```
-6. Extract the contents of the .zip files like so:
- 
-    ```bash
-    unzip WindowsDefenderATPOnboardingPackage.zip
-    ```
-    ```Output
-    Archive:  WindowsDefenderATPOnboardingPackage.zip
-    warning:  WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
-     inflating: intune/kext.xml
-     inflating: intune/WindowsDefenderATPOnboarding.xml
-     inflating: jamf/WindowsDefenderATPOnboarding.plist
-    ```
-
-## Create JAMF policies
-
-You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client devices.
-
-### Configuration Profile
-
-The configuration profile contains a custom settings payload that includes the following:
-
-- Microsoft Defender ATP for Mac onboarding information
-- Approved Kernel Extensions payload to enable running the Microsoft kernel driver
-
-To set the onboarding information, add a property list file that is named **jamf/WindowsDefenderATPOnboarding.plist** as a custom setting. To do this, select **Computers** > **Configuration Profiles** > **New**, and then select **Application & Custom Settings** > **Configure**. From there, you can upload the property list.
-
-
-  >[!IMPORTANT]
-  > You have to set the **Preference Domain** to **com.microsoft.wdav.atp**. There are some changes to the Custom Payloads and also to the Jamf Pro user interface in version 10.18 and later versions. For more information about the changes, see [Configuration Profile Payload Settings Specific to Jamf Pro](https://www.jamf.com/jamf-nation/articles/217/configuration-profile-payload-settings-specific-to-jamf-pro).
-
-![Configuration profile screenshot](./images/msdefender-mac-config-profile.png)
-
-### Approved Kernel Extension
-
-To approve the kernel extension:
-
-1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
-2. Use **UBF8T346G9** for Team Id.
-
-    ![Approved kernel extensions screenshot](../microsoft-defender-antivirus/images/MDATP-17-approvedKernelExtensions.png)
-
-### Privacy Preferences Policy Control
-
-> [!CAUTION]
-> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device.
->
-> If you previously configured Microsoft Defender ATP through JAMF, we recommend applying the following configuration.
-
-Add the following JAMF policy to grant Full Disk Access to Microsoft Defender ATP.
-
-1. Select **Options > Privacy Preferences Policy Control**.
-2. Use any identifier and identifier type = Bundle.
-3. Set Code Requirement to `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`.
-4. Set app or service to SystemPolicyAllFiles and access to Allow.
-
-    ![Privacy Preferences Policy Control](../microsoft-defender-antivirus/images/MDATP-35-JAMF-PrivacyPreferences.png)
-
-#### Configuration Profile's Scope
-
-Configure the appropriate scope to specify the devices that will receive the configuration profile.
-
-Open **Computers** > **Configuration Profiles**, and select **Scope > Targets**. From there, select the devices you want to target.
-
-![Configuration profile scope screenshot](../microsoft-defender-antivirus/images/MDATP-18-ConfigurationProfilesScope.png)
-
-Save the **Configuration Profile**.
-
-Use the **Logs** tab to monitor deployment status for each enrolled device.
-
-### Notification settings
-
-Starting in macOS 10.15 (Catalina) a user must manually allow to display notifications in UI. To auto-enable notifications from Defender and Auto Update, you can import the .mobileconfig below into a separate configuration profile and assign it to all devices with Defender:
-
-   ```xml
-<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-    <dict>
-        <key>PayloadContent</key>
-            <array>
-                <dict>
-                    <key>NotificationSettings</key>
-                    <array>
-                        <dict>
-                            <key>AlertType</key>
-                            <integer>2</integer>
-                            <key>BadgesEnabled</key>
-                            <true/>
-                            <key>BundleIdentifier</key>
-                            <string>com.microsoft.autoupdate2</string>
-                            <key>CriticalAlertEnabled</key>
-                            <false/><key>GroupingType</key>
-                            <integer>0</integer>
-                            <key>NotificationsEnabled</key>
-                            <true/>
-                            <key>ShowInLockScreen</key>
-                            <false/>
-                            <key>ShowInNotificationCenter</key>
-                            <true/>
-                            <key>SoundsEnabled</key>
-                            <true/>
-                        </dict>
-                        <dict>
-                            <key>AlertType</key>
-                            <integer>2</integer><key>BadgesEnabled</key>
-                            <true/><key>BundleIdentifier</key>
-                            <string>com.microsoft.wdav.tray</string>
-                            <key>CriticalAlertEnabled</key>
-                            <false/><key>GroupingType</key>
-                            <integer>0</integer>
-                            <key>NotificationsEnabled</key>
-                            <true/><key>ShowInLockScreen</key>
-                            <false/><key>ShowInNotificationCenter</key>
-                            <true/><key>SoundsEnabled</key>
-                            <true/>
-                        </dict>
-                    </array>
-                    <key>PayloadDescription</key>
-                    <string/><key>PayloadDisplayName</key>
-                    <string>notifications</string>
-                    <key>PayloadEnabled</key>
-                    <true/><key>PayloadIdentifier</key>
-                    <string>BB977315-E4CB-4915-90C7-8334C75A7C64</string>
-                    <key>PayloadOrganization</key>
-                    <string>Microsoft</string>
-                    <key>PayloadType</key>
-                    <string>com.apple.notificationsettings</string>
-                    <key>PayloadUUID</key>
-                    <string>BB977315-E4CB-4915-90C7-8334C75A7C64</string>
-                    <key>PayloadVersion</key>
-                    <integer>1</integer>
-                </dict>
-            </array>
-            <key>PayloadDescription</key>
-            <string/><key>PayloadDisplayName</key>
-            <string>mdatp - allow notifications</string>
-            <key>PayloadEnabled</key><true/>
-            <key>PayloadIdentifier</key>
-            <string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string>
-            <key>PayloadOrganization</key>
-            <string>Microsoft</string>
-            <key>PayloadRemovalDisallowed</key>
-            <false/><key>PayloadScope</key>
-            <string>System</string>
-            <key>PayloadType</key>
-            <string>Configuration</string>
-            <key>PayloadUUID</key>
-            <string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string>
-            <key>PayloadVersion</key>
-            <integer>1</integer>
-    </dict>
- </plist>   
-   ```
-
-### Package
-
-1. Create a package in **Settings > Computer Management > Packages**.
-
-    ![Computer management packages screenshot](../microsoft-defender-antivirus/images/MDATP-19-MicrosoftDefenderWDAVPKG.png)
-
-2. Upload the package to the Distribution Point.
-3. In the **filename** field, enter the name of the package. For example, _wdav.pkg_.
-
-### Policy
-
-Your policy should contain a single package for Microsoft Defender.
-
-![Microsoft Defender packages screenshot](../microsoft-defender-antivirus/images/MDATP-20-MicrosoftDefenderPackages.png)
-
-Configure the appropriate scope to specify the computers that will receive this policy.
-
-After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled device.
-
-## Client device setup
-
-You'll need no special provisioning for a macOS computer, beyond the standard JAMF Enrollment.
-
-> [!NOTE]
-> After a computer is enrolled, it will show up in the Computers inventory (All Computers).
-
- - Open **Device Profiles**, from the **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's currently set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
-
-    ![MDM approve button screenshot](../microsoft-defender-antivirus/images/MDATP-21-MDMProfile1.png)<br/>
-    ![MDM screenshot](../microsoft-defender-antivirus/images/MDATP-22-MDMProfileApproved.png)
-
-    After a moment, the device's User Approved MDM status will change to **Yes**.
-
-    ![MDM status screenshot](../microsoft-defender-antivirus/images/MDATP-23-MDMStatus.png)
-
-    You may now enroll additional devices. You may also enroll them later, after you have finished provisioning system configuration and application packages.
-
-## Deployment
-
-Enrolled client devices periodically poll the JAMF Server, and install new configuration profiles and policies as soon as they are detected.
-
-### Status on the server
-
-You can monitor deployment status in the **Logs** tab:
-
-- **Pending** means that the deployment is scheduled but has not yet happened
-- **Completed** means that the deployment succeeded and is no longer scheduled
-
-![Status on server screenshot](../microsoft-defender-antivirus/images/MDATP-24-StatusOnServer.png)
-
-### Status on client device
-
-After the Configuration Profile is deployed, you'll see the profile for the device in  **System Preferences** > **Profiles >**.
-
-![Status on client screenshot](../microsoft-defender-antivirus/images/MDATP-25-StatusOnClient.png)
-
-Once the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner.
-
-![Microsoft Defender icon in status bar screenshot](../microsoft-defender-antivirus/images/MDATP-Icon-Bar.png)
-
-You can monitor policy installation on a device by following the JAMF log file:
-
-```bash
-    tail -f /var/log/jamf.log
-```
-
-```Output
-    Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
-    Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
-    Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
-    Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender...
-    Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender.
-    Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches...
-    Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found.
-```
-
-You can also check the onboarding status:
-
-```bash
-mdatp --health
-```
-
-```Output
-...
-licensed                                : true
-orgId                                   : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45"
-...
-```
-
-- **licensed**: This confirms that the device has an ATP license.
-
-- **orgid**: Your Microsoft Defender ATP org id; it will be the same for your organization.
-
-## Check onboarding status
-
-You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status:
-
-```bash
-mdatp --health healthy
-```
-
-The above command prints "1" if the product is onboarded and functioning as expected.
-
-If the product is not healthy, the exit code (which can be checked through `echo $?`) indicates the problem:
-
-- 0 if the device is not yet onboarded
-- 3 if the connection to the daemon cannot be established—for example, if the daemon is not running
-
-## Logging installation issues
-
-See [Logging installation issues](mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
-
-## Uninstallation
-
-This method is based on the script described in [Uninstalling](mac-resources.md#uninstalling).
-
-### Script
-
-Create a script in **Settings > Computer Management > Scripts**.
-
-This script removes Microsoft Defender ATP from the /Applications directory:
-
-```bash
-   #!/bin/bash
-
-   echo "Is WDAV installed?"
-   ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
-
-   echo "Uninstalling WDAV..."
-   rm -rf '/Applications/Microsoft Defender ATP.app'
-
-   echo "Is WDAV still installed?"
-   ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
-
-   echo "Done!"
-```
-
-![Microsoft Defender uninstall screenshot](../microsoft-defender-antivirus/images/MDATP-26-Uninstall.png)
-
-### Policy
-
-Your policy should contain a single script:
-
-![Microsoft Defender uninstall script screenshot](../microsoft-defender-antivirus/images/MDATP-27-UninstallScript.png)
-
-Configure the appropriate scope in the **Scope** tab to specify the devices that will receive this policy.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
index 29dbf4fa14..41b9fea3dd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
@@ -53,17 +53,17 @@ Most MDM solutions use the same model for managing macOS devices, with similar t
 
 ### Package
 
-Configure deployment of a [required application package](mac-install-with-jamf.md#package), 
-with the installation package (wdav.pkg) downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md#download-installation-and-onboarding-packages).
+Configure deployment of a [required application package](mac-install-with-jamf.md), 
+with the installation package (wdav.pkg) downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md).
 
 In order to deploy the package to your enterprise, use the instructions associated with your MDM solution.
 
 ### License settings
 
-Set up [a system configuration profile](mac-install-with-jamf.md#configuration-profile). 
+Set up [a system configuration profile](mac-install-with-jamf.md). 
 Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender ATP for Mac is not part of macOS.
 
-Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md#download-installation-and-onboarding-packages).
+Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md).
 Your system may support an arbitrary property list in XML format. You can upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case.
 Alternatively, it may require you to convert the property list to a different format first.
 
@@ -76,4 +76,4 @@ Set up a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to
 
 ## Check installation status
 
-Run [mdatp](mac-install-with-jamf.md#check-onboarding-status) on a client device to check the onboarding status.
+Run [mdatp](mac-install-with-jamf.md) on a client device to check the onboarding status.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
new file mode 100644
index 0000000000..0ca541fd88
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
@@ -0,0 +1,43 @@
+---
+title: Set up device groups in Jamf Pro
+description: Learn how to set up device groups in Jamf Pro for Microsoft Defender ATP for macOS
+keywords: device, group, microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Set up Microsoft Defender ATP for macOS device groups in Jamf Pro
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+Set up the device groups similar to Group policy  organizational unite (OUs), Microsoft Endpoint Configuration Manager's device collection, and Intune's device groups.
+
+1. Navigate to **Static Computer Groups**.
+
+2. Select **New**. 
+
+    ![Image of Jamf Pro](images/jamf-pro-static-group.png)
+
+3. Provide a display name and select **Save**.
+
+    ![Image of Jamf Pro](images/jamfpro-machine-group.png)
+
+4. Now you will see the **Contoso's Machine Group** under **Static Computer Groups**.
+
+    ![Image of Jamf Pro](images/contoso-machine-group.png)
+
+## Next step
+- [Set up Microsoft Defender ATP for macOS policies in Jamf Pro](mac-jamfpro-policies.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md
new file mode 100644
index 0000000000..58f9b6e536
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md
@@ -0,0 +1,100 @@
+---
+title: Enroll Microsoft Defender ATP for macOS devices into Jamf Pro 
+description: Enroll Microsoft Defender ATP for macOS devices into Jamf Pro 
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Enroll Microsoft Defender ATP for macOS devices into Jamf Pro 
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+## Enroll macOS devices
+
+There are multiple methods of getting enrolled to JamF.
+
+This article will guide you on two methods:
+
+- [Method 1:  Enrollment Invitations](#enrollment-method-1-enrollment-invitations)
+- [Method 2:  Prestage Enrollments](#enrollment-method-2-prestage-enrollments)
+
+For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/casper-suite/administrator-guide/About_Computer_Enrollment.html).
+
+
+## Enrollment Method 1: Enrollment Invitations
+
+1. In the Jamf Pro dashboard, navigate to **Enrollment invitations**.
+
+    ![Image of configuration settings](images/a347307458d6a9bbfa88df7dbe15398f.png)
+
+2. Select **+ New**.
+
+    ![A close up of a logo Description automatically generated](images/b6c7ad56d50f497c38fc14c1e315456c.png)
+
+3. In **Specify Recipients for the Invitation** > under **Email Addresses** enter the e-mail address(es) of the recipients.
+
+    ![Image of configuration settings](images/718b9d609f9f77c8b13ba88c4c0abe5d.png)
+
+    ![Image of configuration settings](images/ae3597247b6bc7c5347cf56ab1e820c0.png)
+
+    For example: janedoe@contoso.com
+
+    ![Image of configuration settings](images/4922c0fcdde4c7f73242b13bf5e35c19.png)
+
+4. Configure the message for the invitation.
+
+    ![Image of configuration settings](images/ce580aec080512d44a37ff8e82e5c2ac.png)
+
+    ![Image of configuration settings](images/5856b765a6ce677caacb130ca36b1a62.png)
+
+    ![Image of configuration settings](images/3ced5383a6be788486d89d407d042f28.png)
+
+    ![Image of configuration settings](images/54be9c6ed5b24cebe628dc3cd9ca4089.png)
+
+## Enrollment Method 2: Prestage Enrollments
+
+1. In the Jamf Pro dashboard, navigate to **Prestage enrollments**.
+
+    ![Image of configuration settings](images/6fd0cb2bbb0e60a623829c91fd0826ab.png)
+
+2. Follow the instructions in [Computer PreStage Enrollments](https://docs.jamf.com/9.9/casper-suite/administrator-guide/Computer_PreStage_Enrollments.html).
+
+## Enroll macOS device
+
+1. Select **Continue** and install the CA certificate from a **System Preferences** window.
+
+    ![Image of Jamf Pro enrollment](images/jamfpro-ca-certificate.png)
+
+2. Once CA certificate is installed, return to the browser window and select **Continue** and install the MDM profile. 
+
+    ![Image of Jamf Pro enrollment](images/jamfpro-install-mdm-profile.png)
+
+3. Select **Allow** to downloads from JAMF.
+
+    ![Image of Jamf Pro enrollment](images/jamfpro-download.png)
+
+4. Select **Continue** to proceed with the MDM Profile installation. 
+
+    ![Image of Jamf Pro enrollment](images/jamfpro-install-mdm.png)
+
+5. Select **Continue** to install the MDM Profile.
+
+    ![Image of Jamf Pro enrollment](images/jamfpro-mdm-unverified.png)
+
+6. Select **Continue**  to complete the configuration. 
+
+    ![Image of Jamf Pro enrollment](images/jamfpro-mdm-profile.png)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
new file mode 100644
index 0000000000..12fa6f22ca
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -0,0 +1,791 @@
+---
+title: Set up the Microsoft Defender ATP for macOS policies in Jamf Pro
+description: Learn how to set up the Microsoft Defender ATP for macOS policies in Jamf Pro
+keywords: policies, microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Set up the Microsoft Defender ATP for macOS policies in Jamf Pro
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+This page will guide you through the steps you need to take to set up macOS policies in Jamf Pro.
+
+You'll need to take the following steps:
+
+1. [Get the Microsoft Defender ATP onboarding package](#step-1-get-the-microsoft-defender-atp-onboarding-package)
+
+2. [Create a configuration profile in Jamf Pro using the onboarding package](#step-2-create-a-configuration-profile-in-jamf-pro-using-the-onboarding-package)
+
+3. [Configure Microsoft  Defender ATP settings](#step-3-configure-microsoft-defender-atp-settings)
+
+4. [Configure Microsoft Defender ATP notification settings](#step-4-configure-notifications-settings)
+
+5. [Configure Microsoft AutoUpdate (MAU)](#step-5-configure-microsoft-autoupdate-mau)
+
+6. [Grant full disk access to Microsoft Defender ATP](#step-6-grant-full-disk-access-to-microsoft-defender-atp)
+
+7. [Approve Kernel extension for Microsoft Defender ATP](#step-7-approve-kernel-extension-for-microsoft-defender-atp)
+
+8. [Schedule scans with Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp)
+
+9. [Deploy Microsoft Defender ATP for macOS](#step-9-deploy-microsoft-defender-atp-for-macos)
+
+
+## Step 1: Get the Microsoft Defender ATP onboarding package
+
+1. In [Microsoft Defender Security Center](https://securitycenter.microsoft.com ), navigate to **Settings > Onboarding**. 
+
+2. Select macOS as the operating system and Mobile Device Management / Microsoft Intune as the deployment method.
+
+    ![Image of Microsoft Defender Security Center](images/onboarding-macos.png)
+
+3. Select **Download onboarding package** (WindowsDefenderATPOnboardingPackage.zip).
+
+4. Extract `WindowsDefenderATPOnboardingPackage.zip`.
+
+5. Copy the file to your preferred location. For example,  `C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist`.
+
+
+## Step 2: Create a configuration profile in Jamf Pro using the onboarding package
+
+1. Locate the file `WindowsDefenderATPOnboarding.plist` from the previous section.
+
+   ![Image of file](images/plist-onboarding-file.png)
+
+ 
+2. In the Jamf Pro dashboard, select **New**.
+
+    ![Image of Jamf Pro dashboard](images/jamf-pro-configure-profile.png)
+
+3. Enter the following details:
+
+   **General**
+   - Name: MDATP onboarding for macOS
+   - Description: MDATP EDR onboarding for macOS
+   - Category: None
+   - Distribution Method: Install Automatically
+   - Level: Computer Level
+
+4. In **Application & Custom Settings** select **Configure**.
+
+    ![Image of configuration profile](images/jamfpro-mac-profile.png)
+
+5. Select **Upload File (PLIST file)** then in **Preference Domain** enter: `com.microsoft.wdav.atp`. 
+
+    ![Image of upload file](images/jamfpro-plist-upload.png)
+
+    ![Image of upload file](images/jamfpro-plist-file.png)
+
+7. Select **Open** and select the onboarding file.
+
+    ![Image of onboarding file](images/jamfpro-plist-file-onboard.png)
+
+8. Select **Upload**. 
+
+    ![Image of uploading plist file](images/jamfpro-upload-plist.png)
+
+
+9. Select the **Scope** tab.
+
+    ![Image of scope tab](images/jamfpro-scope-tab.png)
+
+10. Select the target computers.
+
+    ![Image of target computers](images/jamfpro-target-computer.png)
+
+    ![Image of target computers](images/jamfpro-targets.png) 
+
+11. Select **Save**.
+
+    ![Image of target computers](images/jamfpro-deployment-target.png)
+
+    ![Image of target computers selected](images/jamfpro-target-selected.png)
+
+12. Select **Done**.
+
+    ![Image of target computers](images/jamfpro-target-group.png)
+
+    ![List of configuration profiles](images/jamfpro-configuration-policies.png)
+
+## Step 3: Configure Microsoft Defender ATP settings
+
+1.  Use the following Microsoft Defender ATP configuration settings:
+
+    - enableRealTimeProtection
+    - passiveMode
+    
+    >[!NOTE]
+    >Not turned on by default, if you are planning to run a third-party AV for macOS, set it to `true`.
+
+    - exclusions
+    - excludedPath
+    - excludedFileExtension
+    - excludedFileName
+    - exclusionsMergePolicy
+    - allowedThreats
+    
+    >[!NOTE]
+    >EICAR is on the sample, if you are going through a proof-of-concept, remove it especially if you are testing EICAR.
+        
+    - disallowedThreatActions
+    - potentially_unwanted_application
+    - archive_bomb
+    - cloudService
+    - automaticSampleSubmission
+    - tags
+    - hideStatusMenuIcon
+    
+     For information, see [Property list for Jamf configuration profile](mac-preferences.md#property-list-for-jamf-configuration-profile).
+
+```XML
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>antivirusEngine</key>
+    <dict>
+        <key>enableRealTimeProtection</key>
+        <true/>
+        <key>passiveMode</key>
+        <false/>
+        <key>exclusions</key>
+        <array>
+            <dict>
+                <key>$type</key>
+                <string>excludedPath</string>
+                <key>isDirectory</key>
+                <false/>
+                <key>path</key>
+                <string>/var/log/system.log</string>
+            </dict>
+            <dict>
+                <key>$type</key>
+                <string>excludedPath</string>
+                <key>isDirectory</key>
+                <true/>
+                <key>path</key>
+                <string>/home</string>
+            </dict>
+            <dict>
+                <key>$type</key>
+                <string>excludedFileExtension</string>
+                <key>extension</key>
+                <string>pdf</string>
+            </dict>
+            <dict>
+                <key>$type</key>
+                <string>excludedFileName</string>
+                <key>name</key>
+                <string>cat</string>
+            </dict>
+        </array>
+        <key>exclusionsMergePolicy</key>
+        <string>merge</string>
+        <key>allowedThreats</key>
+        <array>
+            <string>EICAR-Test-File (not a virus)</string>
+        </array>
+        <key>disallowedThreatActions</key>
+        <array>
+            <string>allow</string>
+            <string>restore</string>
+        </array>
+        <key>threatTypeSettings</key>
+        <array>
+            <dict>
+                <key>key</key>
+                <string>potentially_unwanted_application</string>
+                <key>value</key>
+                <string>block</string>
+            </dict>
+            <dict>
+                <key>key</key>
+                <string>archive_bomb</string>
+                <key>value</key>
+                <string>audit</string>
+            </dict>
+        </array>
+        <key>threatTypeSettingsMergePolicy</key>
+        <string>merge</string>
+    </dict>
+    <key>cloudService</key>
+    <dict>
+        <key>enabled</key>
+        <true/>
+        <key>diagnosticLevel</key>
+        <string>optional</string>
+        <key>automaticSampleSubmission</key>
+        <true/>
+    </dict>
+    <key>edr</key>
+    <dict>
+        <key>tags</key>
+        <array>
+            <dict>
+                <key>key</key>
+                <string>GROUP</string>
+                <key>value</key>
+                <string>ExampleTag</string>
+            </dict>
+        </array>
+    </dict>
+    <key>userInterface</key>
+    <dict>
+        <key>hideStatusMenuIcon</key>
+        <false/>
+    </dict>
+</dict>
+</plist>
+```
+
+2. Save the file as `MDATP_MDAV_configuration_settings.plist`.
+
+
+3.  In the Jamf Pro dashboard, select **General**.
+
+    ![Image of Jamf Pro dashboard](images/644e0f3af40c29e80ca1443535b2fe32.png)
+
+4. Enter the following details:
+
+    **General**
+  - Name: MDATP MDAV configuration settings
+  - Description:\<blank\>
+  - Category: None (default)
+  - Distribution Method: Install Automatically(default)
+  - Level: Computer Level(default)
+
+    ![Image of configuration settings](images/3160906404bc5a2edf84d1d015894e3b.png)
+
+5. In **Application & Custom Settings** select **Configure**.
+
+    ![Image of configuration settings](images/e1cc1e48ec9d5d688087b4d771e668d2.png)
+
+6. Select **Upload File (PLIST file)**.
+
+    ![Image of configuration settings](images/6f85269276b2278eca4bce84f935f87b.png)
+
+7. In **Preferences Domain**, enter `com.microsoft.wdav`, then select  **Upload PLIST File**.
+
+    ![Image of configuration settings](images/db15f147dd959e872a044184711d7d46.png)
+
+8. Select **Choose File**.
+
+    ![Image of configuration settings](images/526e978761fc571cca06907da7b01fd6.png)
+
+9. Select the **MDATP_MDAV_configuration_settings.plist**, then select **Open**.
+
+    ![Image of configuration settings](images/98acea3750113b8dbab334296e833003.png)
+
+10. Select **Upload**.
+
+    ![Image of configuration settings](images/0adb21c13206861ba9b30a879ade93d3.png)
+
+    ![Image of configuration settings](images/f624de59b3cc86e3e2d32ae5de093e02.png)
+
+    >[!NOTE]
+    >If you happen to upload the Intune file, you'll get the following error:<br>
+    >![Image of configuration settings](images/8e69f867664668796a3b2904896f0436.png)
+
+
+11. Select **Save**. 
+
+    ![Image of configuration settings](images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png)
+
+12. The file is uploaded.
+
+    ![Image of configuration settings](images/33e2b2a1611fdddf6b5b79e54496e3bb.png)
+
+    ![Image of configuration settings](images/a422e57fe8d45689227e784443e51bd1.png)
+
+13. Select the **Scope** tab.
+
+    ![Image of configuration settings](images/9fc17529e5577eefd773c658ec576a7d.png)
+
+14. Select **Contoso's Machine Group**. 
+
+15. Select **Add**, then select **Save**.
+
+    ![Image of configuration settings](images/cf30438b5512ac89af1d11cbf35219a6.png)
+
+    ![Image of configuration settings](images/6f093e42856753a3955cab7ee14f12d9.png)
+
+16. Select **Done**. You'll see the new **Configuration profile**.
+
+    ![Image of configuration settings](images/dd55405106da0dfc2f50f8d4525b01c8.png)
+
+
+## Step 4: Configure notifications settings
+
+These steps are applicable of macOS 10.15 (Catalina) or newer.
+
+1. Use the following Microsoft Defender ATP notification configuration settings:
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>PayloadContent</key>
+            <array>
+                <dict>
+                    <key>NotificationSettings</key>
+                    <array>
+                        <dict>
+                            <key>AlertType</key>
+                            <integer>2</integer>
+                            <key>BadgesEnabled</key>
+                            <true/>
+                            <key>BundleIdentifier</key>
+                            <string>com.microsoft.autoupdate2</string>
+                            <key>CriticalAlertEnabled</key>
+                            <false/><key>GroupingType</key>
+                            <integer>0</integer>
+                            <key>NotificationsEnabled</key>
+                            <true/>
+                            <key>ShowInLockScreen</key>
+                            <false/>
+                            <key>ShowInNotificationCenter</key>
+                            <true/>
+                            <key>SoundsEnabled</key>
+                            <true/>
+                        </dict>
+                        <dict>
+                            <key>AlertType</key>
+                            <integer>2</integer><key>BadgesEnabled</key>
+                            <true/><key>BundleIdentifier</key>
+                            <string>com.microsoft.wdav.tray</string>
+                            <key>CriticalAlertEnabled</key>
+                            <false/><key>GroupingType</key>
+                            <integer>0</integer>
+                            <key>NotificationsEnabled</key>
+                            <true/><key>ShowInLockScreen</key>
+                            <false/><key>ShowInNotificationCenter</key>
+                            <true/><key>SoundsEnabled</key>
+                            <true/>
+                        </dict>
+                    </array>
+                    <key>PayloadDescription</key>
+                    <string/><key>PayloadDisplayName</key>
+                    <string>notifications</string>
+                    <key>PayloadEnabled</key>
+                    <true/><key>PayloadIdentifier</key>
+                    <string>BB977315-E4CB-4915-90C7-8334C75A7C64</string>
+                    <key>PayloadOrganization</key>
+                    <string>Microsoft</string>
+                    <key>PayloadType</key>
+                    <string>com.apple.notificationsettings</string>
+                    <key>PayloadUUID</key>
+                    <string>BB977315-E4CB-4915-90C7-8334C75A7C64</string>
+                    <key>PayloadVersion</key>
+                    <integer>1</integer>
+                </dict>
+            </array>
+            <key>PayloadDescription</key>
+            <string/><key>PayloadDisplayName</key>
+            <string>mdatp - allow notifications</string>
+            <key>PayloadEnabled</key><true/>
+            <key>PayloadIdentifier</key>
+            <string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string>
+            <key>PayloadOrganization</key>
+            <string>Microsoft</string>
+            <key>PayloadRemovalDisallowed</key>
+            <false/><key>PayloadScope</key>
+            <string>System</string>
+            <key>PayloadType</key>
+            <string>Configuration</string>
+            <key>PayloadUUID</key>
+            <string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string>
+            <key>PayloadVersion</key>
+            <integer>1</integer>
+    </dict>
+ </plist>   
+   ```
+
+2.  Save it as `MDATP_MDAV_notification_settings.plist`.
+
+3. In the Jamf Pro dashboard, select **General**. 
+       
+4. Enter the following details:
+
+    **General** 
+  - Name: MDATP MDAV Notification settings
+  - Description: macOS 10.15 (Catalina) or newer
+  - Category: None (default)
+  - Distribution Method: Install Automatically(default)
+  - Level: Computer Level(default)
+
+    ![Image of configuration settings](images/c9820a5ff84aaf21635c04a23a97ca93.png)
+
+
+5. Select **Upload File (PLIST file)**.
+
+    ![Image of configuration settings](images/7f9138053dbcbf928e5182ee7b295ebe.png)
+ 
+
+6. Select **Choose File** > **MDATP_MDAV_Notification_Settings.plist**.
+
+
+    ![Image of configuration settings](images/4bac6ce277aedfb4a674f2d9fcb2599a.png)
+
+
+    ![Image of configuration settings](images/20e33b98eb54447881dc6c89e58b890f.png)
+
+7. Select **Open** > **Upload**.
+
+    ![Image of configuration settings](images/7697c33b9fd376ae5a8023d01f9d3857.png)
+
+
+    ![Image of configuration settings](images/2bda9244ec25d1526811da4ea91b1c86.png)
+
+8. Select the **Scope** tab, then select **Add**.
+
+    ![Image of configuration settings](images/441aa2ecd36abadcdd8aed03556080b5.png)
+
+
+9. Select **Contoso's Machine Group**. 
+
+10. Select **Add**, then select **Save**.
+    
+    ![Image of configuration settings](images/09a275e321268e5e3ac0c0865d3e2db5.png)
+
+    
+    ![Image of configuration settings](images/4d2d1d4ee13d3f840f425924c3df0d51.png)
+
+11. Select **Done**. You'll see the new **Configuration profile**.
+    ![Image of configuration setting](images/633ad26b8bf24ec683c98b2feb884bdf.png)
+
+## Step 5: Configure Microsoft AutoUpdate (MAU)
+
+1. Use the following Microsoft Defender ATP configuration settings:
+
+```XML
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>ChannelName</key>
+	<string>Production</string>
+	<key>HowToCheck</key>
+	<string>AutomaticDownload</string>
+	<key>EnableCheckForUpdatesButton</key>
+	<true/>
+    <key>DisableInsiderCheckbox</key>
+    <false/>
+	<key>SendAllTelemetryEnabled</key>
+	<true/>
+</dict>
+</plist>
+```
+
+2. Save it as `MDATP_MDAV_MAU_settings.plist`.
+
+3. In the Jamf Pro dashboard, select **General**. 
+
+    ![Image of configuration setting](images/eaba2a23dd34f73bf59e826217ba6f15.png)
+
+4. Enter the following details:
+
+    **General** 
+  - Name: MDATP MDAV MAU settings
+  - Description: Microsoft AutoUpdate settings for MDATP for macOS
+  - Category: None (default)
+  - Distribution Method: Install Automatically(default)
+  - Level: Computer Level(default)
+
+5. In **Application & Custom Settings** select **Configure**.
+
+    ![Image of configuration setting](images/1f72e9c15eaafcabf1504397e99be311.png)
+
+6. Select **Upload File (PLIST file)**.
+
+    ![Image of configuration setting](images/1213872db5833aa8be535da57653219f.png)  
+
+7. In **Preference Domain** enter: `com.microsoft.autoupdate2`, then select **Upload PLIST File**.
+
+    ![Image of configuration setting](images/1213872db5833aa8be535da57653219f.png)
+
+8. Select **Choose File**.
+
+    ![Image of configuration setting](images/335aff58950ce62d1dabc289ecdce9ed.png)
+
+9. Select **MDATP_MDAV_MAU_settings.plist**.
+
+    ![Image of configuration setting](images/a26bd4967cd54bb113a2c8d32894c3de.png)
+
+10. Select **Upload**.
+    ![Image of configuration setting](images/4239ca0528efb0734e4ca0b490bfb22d.png)
+
+    ![Image of configuration setting](images/4ec20e72c8aed9a4c16912e01692436a.png)
+
+11. Select **Save**.
+
+    ![Image of configuration setting](images/253274b33e74f3f5b8d475cf8692ce4e.png)
+
+12. Select the **Scope** tab.
+   
+     ![Image of configuration setting](images/10ab98358b2d602f3f67618735fa82fb.png)
+
+13. Select **Add**.
+    
+    ![Image of configuration setting](images/56e6f6259b9ce3c1706ed8d666ae4947.png)
+
+    ![Image of configuration setting](images/38c67ee1905c4747c3b26c8eba57726b.png)
+
+    ![Image of configuration setting](images/321ba245f14743c1d5d51c15e99deecc.png)
+
+14. Select **Done**.
+    
+    ![Image of configuration setting](images/ba44cdb77e4781aa8b940fb83e3c21f7.png)
+
+## Step 6: Grant full disk access to Microsoft Defender ATP
+
+1. In the Jamf Pro dashboard, select **Configuration Profiles**.
+
+    ![Image of configuration setting](images/264493cd01e62c7085659d6fdc26dc91.png)
+
+2. Select **+ New**. 
+
+3. Enter the following details:
+
+    **General** 
+    - Name: MDATP MDAV - grant Full Disk Access to EDR and AV
+    - Description: On macOS Catalina or newer, the new Privacy Preferences Policy Control
+    - Category: None
+    - Distribution method: Install Automatically
+    - Level: Computer level
+
+
+    ![Image of configuration setting](images/ba3d40399e1a6d09214ecbb2b341923f.png)
+
+4. In **Configure Privacy Preferences Policy Control** select **Configure**.
+
+    ![Image of configuration setting](images/715ae7ec8d6a262c489f94d14e1e51bb.png)
+
+5. In **Privacy Preferences Policy Control**, enter the following details:
+
+    - Identifier: `com.microsoft.wdav`
+    - Identifier Type: Bundle ID
+    - Code Requirement: identifier `com.microsoft.wdav` and anchor apple generic and
+certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists \*/ and certificate
+leaf[field.1.2.840.113635.100.6.1.13] /\* exists \*/ and certificate
+leaf[subject.OU] = UBF8T346G9
+
+
+    ![Image of configuration setting](images/22cb439de958101c0a12f3038f905b27.png)
+
+6. Select **+ Add**.
+
+    ![Image of configuration setting](images/bd93e78b74c2660a0541af4690dd9485.png)
+
+
+  - Under App or service: Set to **SystemPolicyAllFiles**
+
+  - Under "access": Set to **Allow**
+
+7. Select **Save** (not the one at the bottom right).
+
+    ![Image of configuration setting](images/6de50b4a897408ddc6ded56a09c09fe2.png)
+
+8. Select the **Scope** tab.
+
+    ![Image of configuration setting](images/2c49b16cd112729b3719724f581e6882.png)
+
+ 9. Select **+ Add**.
+
+    ![Image of configuration setting](images/57cef926d1b9260fb74a5f460cee887a.png)
+
+10. Select **Computer Groups** > under **Group Name** > select **Contoso's MachineGroup**. 
+
+    ![Image of configuration setting](images/368d35b3d6179af92ffdbfd93b226b69.png)
+
+11. Select **Add**. 
+
+12. Select **Save**. 
+    
+13. Select **Done**.
+    
+    ![Image of configuration setting](images/809cef630281b64b8f07f20913b0039b.png)
+    
+    ![Image of configuration setting](images/6c8b406ee224335a8c65d06953dc756e.png)
+
+
+## Step 7: Approve Kernel extension for Microsoft Defender ATP
+
+1. In the **Configuration Profiles**, select **+ New**.
+
+    ![A screenshot of a social media post Description automatically generated](images/6c8b406ee224335a8c65d06953dc756e.png)
+
+2. Enter the following details:
+
+    **General** 
+  - Name: MDATP MDAV Kernel Extension
+  - Description: MDATP kernel extension (kext)
+  - Category: None
+  - Distribution Method: Install Automatically
+  - Level: Computer Level
+
+    ![Image of configuration settings](images/24e290f5fc309932cf41f3a280d22c14.png)
+
+3. In **Configure Approved Kernel Extensions** select **Configure**.
+
+    ![Image of configuration settings](images/30be88b63abc5e8dde11b73f1b1ade6a.png)
+
+   
+
+4. In **Approved Kernel Extensions** Enter the following details:
+
+  - Display Name: Microsoft Corp.
+  - Team ID: UBF8T346G9
+
+    ![Image of configuration settings](images/39cf120d3ac3652292d8d1b6d057bd60.png)
+
+5. Select the **Scope** tab.
+
+    ![Image of configuration settings](images/0df36fc308ba569db204ee32db3fb40a.png)
+
+6. Select **+ Add**.
+
+7. Select **Computer Groups** > under **Group Name** > select **Contoso's Machine Group**.
+
+8. Select **+ Add**.
+
+    ![Image of configuration settings](images/0dde8a4c41110dbc398c485433a81359.png)
+
+9. Select **Save**.
+
+    ![Image of configuration settings](images/0add8019b85a453b47fa5c402c72761b.png)
+
+10. Select **Done**.
+
+    ![Image of configuration settings](images/1c9bd3f68db20b80193dac18f33c22d0.png)
+
+
+## Step 8: Schedule scans with Microsoft Defender ATP for Mac
+Follow the instructions on [Schedule scans with Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp).
+
+## Step 9: Deploy Microsoft Defender ATP for macOS
+
+1. Navigate to where you saved `wdav.pkg`.
+
+    ![Image of file explorer](images/8dde76b5463047423f8637c86b05c29d.png)
+
+2. Rename it to `wdav_MDM_Contoso_200329.pkg`.
+
+    ![Image of file explorer](images/fb2220fed3a530f4b3ef36f600da0c27.png)
+
+3. Open the Jamf Pro dashboard.
+
+    ![Image of configuration settings](images/990742cd9a15ca9fdd37c9f695d1b9f4.png)
+
+4. Navigate to **Advanced Computer Searches**.
+    
+    ![A screenshot of a social media post Description automatically generated](images/95313facfdd5e1ea361981e0a2478fec.png)
+
+5. Select **Computer Management**. 
+
+    ![Image of configuration settings](images/b6d671b2f18b89d96c1c8e2ea1991242.png)
+
+6. In **Packages**, select **+ New**. 
+    ![A picture containing bird Description automatically generated](images/57aa4d21e2ccc65466bf284701d4e961.png)
+
+7. In **New Package** Enter the following details:
+
+    **General tab**
+    - Display Name: Leave it blank for now. Because it will be reset when you choose your pkg.
+    - Category: None (default)
+    - Filename: Choose File
+
+    ![Image of configuration settings](images/21de3658bf58b1b767a17358a3f06341.png)
+
+    Open the file and point it to `wdav.pkg` or `wdav_MDM_Contoso_200329.pkg`.
+    
+    ![A screenshot of a computer screen Description automatically generated](images/1aa5aaa0a387f4e16ce55b66facc77d1.png)
+
+8. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
+
+    - Manifest File: Select **Upload Manifest File**. 
+
+    **Options tab**<br> Keep default values.
+
+    **Limitations tab**<br> Keep default values.
+    
+     ![Image of configuration settings](images/56dac54634d13b2d3948ab50e8d3ef21.png)
+   
+9. Select **Save**. The package is uploaded to Jamf Pro. 
+    ![Image of configuration settings](images/33f1ecdc7d4872555418bbc3efe4b7a3.png)
+
+    It can take a few minutes for the package to be available for deployment.
+    ![Image of configuration settings](images/1626d138e6309c6e87bfaab64f5ccf7b.png)
+
+10. Navigate to the **Policies** page.
+
+    ![Image of configuration settings](images/f878f8efa5ebc92d069f4b8f79f62c7f.png)
+
+11. Select **+ New** to create a new policy.
+
+    ![Image of configuration settings](images/847b70e54ed04787e415f5180414b310.png)
+
+
+12. In **General** Enter the following details:
+
+    - Display name: MDATP Onboarding Contoso 200329 v100.86.92 or later
+
+    ![Image of configuration settings](images/625ba6d19e8597f05e4907298a454d28.png)
+
+13. Select **Recurring Check-in**. 
+    
+    ![Image of configuration settings](images/68bdbc5754dfc80aa1a024dde0fce7b0.png)
+
+  
+14. Select **Save**. 
+ 
+15. Select **Packages > Configure**.
+ 
+    ![Image of configuration settings](images/8fb4cc03721e1efb4a15867d5241ebfb.png)
+
+16. Select the **Add** button next to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
+
+    ![Image of configuration settings](images/526b83fbdbb31265b3d0c1e5fbbdc33a.png)
+
+17. Select **Save**.
+    ![Image of configuration settings](images/9d6e5386e652e00715ff348af72671c6.png)
+
+18. Select the **Scope** tab.   
+    ![Image of configuration settings](images/8d80fe378a31143db9be0bacf7ddc5a3.png)
+
+19. Select the target computers.
+
+    ![Image of configuration settings](images/6eda18a64a660fa149575454e54e7156.png)
+
+    **Scope**<br>
+    Select **Add**.
+    ![Image of configuration settings](images/1c08d097829863778d562c10c5f92b67.png)
+
+    ![Image of configuration settings](images/216253cbfb6ae738b9f13496b9c799fd.png)
+
+    **Self-Service** <br>
+    ![Image of configuration settings](images/c9f85bba3e96d627fe00fc5a8363b83a.png)
+
+20. Select **Done**. 
+    ![Image of configuration settings](images/99679a7835b0d27d0a222bc3fdaf7f3b.png)
+
+    ![Image of configuration settings](images/632aaab79ae18d0d2b8e0c16b6ba39e2.png)
+
+
+
+
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
index e8edd981e3..fa1d4aa4bf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
@@ -49,7 +49,7 @@ The following sections provide guidance on how to address this issue, depending
 
 See the instructions corresponding to the management tool that you used to deploy the product:
 
-- [JAMF-based deployment](mac-install-with-jamf.md#configuration-profile)
+- [JAMF-based deployment](mac-install-with-jamf.md)
 - [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles)
 
 ## Manual deployment
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 869b785877..a7ef7409a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -157,6 +157,6 @@ ms.topic: conceptual
   > The mechanism for granting this consent depends on how you deployed Microsoft Defender ATP:
   >
   > - For manual deployments, see the updated instructions in the [Manual deployment](mac-install-manually.md#how-to-allow-full-disk-access) topic.
-  > - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md#privacy-preferences-policy-control) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
+  > - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
 
 - Performance improvements & bug fixes
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 93be6e31f7..2b613f1c5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -1,5 +1,5 @@
 ---
-title: Review and approve actions following automated investigations in the Microsoft Defender Security Center
+title: Review and approve remediation actions following automated investigations in the Microsoft Defender Security Center
 description: Review and approve (or reject) remediation actions following an automated investigation.
 keywords: autoir, automated, investigation, detection, dashboard, source, threat types, id, tags, devices, duration, filter export
 search.product: eADQiWindows 10XVcnh
@@ -18,21 +18,29 @@ ms.topic: conceptual
 ms.date: 09/15/2020
 ---
 
-# Review and approve actions following an automated investigation
+# Review and approve remediation actions following an automated investigation
 
 ## Remediation actions
 
 When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
 
-Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples:
+Depending on
 
-- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
+- the type of threat, 
+- the resulting verdict, and 
+- how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, 
 
-- Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).)
+remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
+
+Here are a few examples:
+
+- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious following an automated investigation. (See [Review completed actions](#review-completed-actions).)
+
+- Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions following an automated investigation. (See [Review pending actions](#review-pending-actions).)
 
 - Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. (See [Manage device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups#manage-device-groups))
 
-Whether taken automatically or upon approval, remediation actions include the following:
+Whether taken automatically or upon approval, remediation actions following an automated investigation include the following:
 - Quarantine a file
 - Remove a registry key 
 - Kill a process 
@@ -47,14 +55,15 @@ The following table summarizes remediation actions following an automated invest
 
 |Device group setting | Automated investigation results | What to do |
 |:---|:---|:---|
-|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions). |
-|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions). |
+|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions) |
+|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions) |
+|**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions) |
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions)<br/><br/>2. [Review completed actions](#review-completed-actions) |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  |
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).  | 
-|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions)<br/><br/>2. [Review completed actions](#review-completed-actions)  |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions)  | 
+|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center) |
+|**No automated response** (this is not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
new file mode 100644
index 0000000000..e7fa908f28
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
@@ -0,0 +1,107 @@
+---
+title: Microsoft Defender ATP for non-Windows platforms
+description: Learn about Microsoft Defender ATP capabilities  for non-Windows platforms
+keywords: non windows, mac, macos, linux, android
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- M365-security-compliance 
+- m365solution-evalutatemtp
+ms.topic: article
+---
+
+# Microsoft Defender ATP for non-Windows platforms
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+Microsoft has been on a journey to extend its industry leading endpoint security
+capabilities beyond Windows and Windows Server to macOS, Linux, Android, and
+soon iOS.
+
+Organizations face threats across a variety of platforms and devices. Our teams
+have committed to building security solutions not just *for* Microsoft, but also
+*from* Microsoft to enable our customers to protect and secure their
+heterogenous environments. We're listening to customer feedback and partnering
+closely with our customers to build solutions that meet their needs.
+
+With Microsoft Defender ATP, customers benefit from a unified view of all
+threats and alerts in the Microsoft Defender Security Center, across Windows and
+non-Windows platforms, enabling them to get a full picture of what's happening
+in their environment, which empowers them to more quickly assess and respond to
+threats.
+
+## Microsoft Defender ATP for Mac 
+
+Microsoft Defender ATP for Mac offers AV and EDR capabilities for the three
+latest released versions of macOS. Customers can deploy and manage the solution
+through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office
+applications on macOS, Microsoft Auto Update is used to manage Microsoft
+Defender ATP for Mac updates. For information about the key features and
+benefits, read our
+[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/macOS).
+
+For more details on how to get started, visit the Microsoft Defender ATP for Mac
+[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
+
+## Microsoft Defender ATP for Linux
+
+Microsoft Defender ATP for Linux offers preventative (AV) capabilities for Linux
+servers. This includes a full command line experience to configure and manage
+the agent, initiate scans, and manage threats. We support recent versions of the
+six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu
+16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft
+Defender ATP for Linux can be deployed and configured using Puppet, Ansible, or
+using your existing Linux configuration management tool. For information about
+the key features and benefits, read our
+[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Linux).
+
+For more details on how to get started, visit the Microsoft Defender ATP for
+Linux
+[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux).
+
+## Microsoft Defender ATP for Android
+
+Microsoft Defender ATP for Android is our mobile threat defense solution for
+devices running Android 6.0 and higher. Both Android Enterprise (Work Profile)
+and Device Administrator modes are supported. On Android, we offer web
+protection, which includes anti-phishing, blocking of unsafe connections, and
+setting of custom indicators. The solution scans for malware and potentially
+unwanted applications (PUA) and offers additional breach prevention capabilities
+through integration with Microsoft Endpoint Manager and Conditional Access. For
+information about the key features and benefits, read our
+[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Android).
+
+For more details on how to get started, visit the Microsoft Defender ATP for
+Android
+[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android).
+
+
+
+## Licensing requirements 
+
+Eligible Licensed Users may use Microsoft Defender ATP on up to five concurrent
+devices. Microsoft Defender ATP is also available for purchase from a Cloud
+Solution Provider (CSP).
+
+Customers can obtain Microsoft Defender ATP for Mac through a standalone
+Microsoft Defender ATP license, as part of Microsoft 365 A5/E5, or Microsoft 365
+Security.
+
+Recently announced capabilities of Microsoft Defender ATP for Android and soon
+iOS are included in the above mentioned offers as part of the five qualified
+devices for eligible licensed users.
+
+Microsoft Defender ATP for Linux is available through the Microsoft Defender ATP
+for Server SKU that is available for both commercial and education customers.
+
+Please contact your account team or CSP for pricing and additional eligibility
+requirements.
\ No newline at end of file
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
index 9fef84e4b2..14f67ae3d2 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
@@ -83,6 +83,8 @@ Set this policy to *Disabled* or don't configure this security policy for domain
 
 If you don't set or you disable this policy, the PKU2U protocol won't be used to authenticate between peer devices, which forces users to follow domain-defined access control policies. If you enable this policy, you allow your users to authenticate by using local certificates between systems that aren't part of a domain that uses PKU2U. This configuration allows users to share resources between devices.
 
+Please be aware that some roles/features (such as Failover Clustering) do not utilize a domain account for its PKU2U authentication and will cease to function properly when disabling this policy.
+
 ## Related topics
 
 - [Security options](security-options.md)