From c741449916f8bae8da2d59f7c9106e63b10cf887 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Fri, 5 May 2023 16:38:41 -0400
Subject: [PATCH 1/3] Add tamper protection note to Defender CSP

---
 windows/client-management/mdm/defender-csp.md |  2 ++
 ...icy-csp-admx-microsoftdefenderantivirus.md | 30 +++++++++++++++++++
 .../mdm/policy-csp-defender.md                | 24 +++++++++++++++
 3 files changed, 56 insertions(+)

diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 7550924275..a036a0332b 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -2212,6 +2212,8 @@ Tamper protection helps protect important security features from unwanted change
 
 <!-- Device-Configuration-TamperProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Device-Configuration-TamperProtection-Editable-End -->
 
 <!-- Device-Configuration-TamperProtection-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 07eef1894d..0a138841a5 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -115,6 +115,8 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
 
 <!-- DisableAntiSpywareDefender-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableAntiSpywareDefender-Editable-End -->
 
 <!-- DisableAntiSpywareDefender-DFProperties-Begin -->
@@ -244,6 +246,8 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy
 
 <!-- DisableBlockAtFirstSeen-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableBlockAtFirstSeen-Editable-End -->
 
 <!-- DisableBlockAtFirstSeen-DFProperties-Begin -->
@@ -366,6 +370,8 @@ Real-time protection consists of always-on scanning with file and process behavi
 
 <!-- DisableRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableRealtimeMonitoring-Editable-End -->
 
 <!-- DisableRealtimeMonitoring-DFProperties-Begin -->
@@ -426,6 +432,8 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus
 
 <!-- DisableRoutinelyTakingAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableRoutinelyTakingAction-Editable-End -->
 
 <!-- DisableRoutinelyTakingAction-DFProperties-Begin -->
@@ -482,6 +490,8 @@ This policy setting allows you specify a list of file types that should be exclu
 
 <!-- Exclusions_Extensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Extensions-Editable-End -->
 
 <!-- Exclusions_Extensions-DFProperties-Begin -->
@@ -538,6 +548,8 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 
 <!-- Exclusions_Paths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Paths-Editable-End -->
 
 <!-- Exclusions_Paths-DFProperties-Begin -->
@@ -594,6 +606,8 @@ This policy setting allows you to disable real-time scanning for any file opened
 
 <!-- Exclusions_Processes-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Processes-Editable-End -->
 
 <!-- Exclusions_Processes-DFProperties-Begin -->
@@ -1577,6 +1591,8 @@ This policy setting allows you to configure behavior monitoring.
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-End -->
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-DFProperties-Begin -->
@@ -1637,6 +1653,8 @@ This policy setting allows you to configure scanning for all downloaded files an
 
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableIOAVProtection-DFProperties-Begin -->
@@ -1697,6 +1715,8 @@ This policy setting allows you to configure monitoring for file and program acti
 
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableOnAccessProtection-DFProperties-Begin -->
@@ -1817,6 +1837,8 @@ This policy setting allows you to configure process scanning when real-time prot
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-End -->
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-DFProperties-Begin -->
@@ -2540,6 +2562,8 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha
 
 <!-- Reporting_DisableEnhancedNotifications-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Reporting_DisableEnhancedNotifications-Editable-End -->
 
 <!-- Reporting_DisableEnhancedNotifications-DFProperties-Begin -->
@@ -3069,6 +3093,8 @@ This policy setting allows you to configure scans for malicious software and unw
 
 <!-- Scan_DisableArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Scan_DisableArchiveScanning-Editable-End -->
 
 <!-- Scan_DisableArchiveScanning-DFProperties-Begin -->
@@ -5551,6 +5577,8 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti
 
 <!-- UX_Configuration_Notification_Suppress-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- UX_Configuration_Notification_Suppress-Editable-End -->
 
 <!-- UX_Configuration_Notification_Suppress-DFProperties-Begin -->
@@ -5609,6 +5637,8 @@ If you enable this setting AM UI won't show reboot notifications.
 
 <!-- UX_Configuration_SuppressRebootNotification-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- UX_Configuration_SuppressRebootNotification-Editable-End -->
 
 <!-- UX_Configuration_SuppressRebootNotification-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 1f26de308e..77b56fa11d 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -46,6 +46,8 @@ This policy setting allows you to configure scans for malicious software and unw
 
 <!-- AllowArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowArchiveScanning-Editable-End -->
 
 <!-- AllowArchiveScanning-DFProperties-Begin -->
@@ -113,6 +115,8 @@ This policy setting allows you to configure behavior monitoring.
 
 <!-- AllowBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowBehaviorMonitoring-Editable-End -->
 
 <!-- AllowBehaviorMonitoring-DFProperties-Begin -->
@@ -193,6 +197,8 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 
 <!-- AllowCloudProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowCloudProtection-Editable-End -->
 
 <!-- AllowCloudProtection-DFProperties-Begin -->
@@ -457,6 +463,8 @@ Allows or disallows Windows Defender Intrusion Prevention functionality.
 
 <!-- AllowIntrusionPreventionSystem-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowIntrusionPreventionSystem-Editable-End -->
 
 <!-- AllowIntrusionPreventionSystem-DFProperties-Begin -->
@@ -510,6 +518,8 @@ This policy setting allows you to configure scanning for all downloaded files an
 
 <!-- AllowIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowIOAVProtection-Editable-End -->
 
 <!-- AllowIOAVProtection-DFProperties-Begin -->
@@ -577,6 +587,8 @@ This policy setting allows you to configure monitoring for file and program acti
 
 <!-- AllowOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowOnAccessProtection-Editable-End -->
 
 <!-- AllowOnAccessProtection-DFProperties-Begin -->
@@ -640,6 +652,8 @@ Allows or disallows Windows Defender Realtime Monitoring functionality.
 
 <!-- AllowRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowRealtimeMonitoring-Editable-End -->
 
 <!-- AllowRealtimeMonitoring-DFProperties-Begin -->
@@ -769,6 +783,8 @@ Allows or disallows Windows Defender Script Scanning functionality.
 
 <!-- AllowScriptScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowScriptScanning-Editable-End -->
 
 <!-- AllowScriptScanning-DFProperties-Begin -->
@@ -1891,6 +1907,8 @@ This policy setting allows you specify a list of file types that should be exclu
 
 <!-- ExcludedExtensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedExtensions-Editable-End -->
 
 <!-- ExcludedExtensions-DFProperties-Begin -->
@@ -1945,6 +1963,8 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 
 <!-- ExcludedPaths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedPaths-Editable-End -->
 
 <!-- ExcludedPaths-DFProperties-Begin -->
@@ -1999,6 +2019,8 @@ This policy setting allows you to disable real-time scanning for any file opened
 
 <!-- ExcludedProcesses-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedProcesses-Editable-End -->
 
 <!-- ExcludedProcesses-DFProperties-Begin -->
@@ -2790,6 +2812,8 @@ Valid remediation action values are:
 
 <!-- ThreatSeverityDefaultAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- ThreatSeverityDefaultAction-Editable-End -->
 
 <!-- ThreatSeverityDefaultAction-DFProperties-Begin -->

From 285f0ae0c2411e12dec42a504787e2b09321495f Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Wed, 10 May 2023 10:21:20 -0400
Subject: [PATCH 2/3] Change link

---
 .../mdm/policy-csp-admx-microsoftdefenderantivirus.md    | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 0a138841a5..5ab458d27a 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -491,7 +491,7 @@ This policy setting allows you specify a list of file types that should be exclu
 <!-- Exclusions_Extensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- Exclusions_Extensions-Editable-End -->
 
 <!-- Exclusions_Extensions-DFProperties-Begin -->
@@ -549,7 +549,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 <!-- Exclusions_Paths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- Exclusions_Paths-Editable-End -->
 
 <!-- Exclusions_Paths-DFProperties-Begin -->
@@ -607,7 +607,7 @@ This policy setting allows you to disable real-time scanning for any file opened
 <!-- Exclusions_Processes-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- Exclusions_Processes-Editable-End -->
 
 <!-- Exclusions_Processes-DFProperties-Begin -->
@@ -5732,6 +5732,9 @@ If you enable this setting AM UI won't be available to users.
 
 <!-- ADMX_MicrosoftDefenderAntivirus-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!--links-->
+[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+[TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions
 <!-- ADMX_MicrosoftDefenderAntivirus-CspMoreInfo-End -->
 
 <!-- ADMX_MicrosoftDefenderAntivirus-End -->

From 59ff3435b68c4b2749763caf3cd2e919441f33d0 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Wed, 10 May 2023 10:28:51 -0400
Subject: [PATCH 3/3] Update all links

---
 windows/client-management/mdm/defender-csp.md |  4 ++-
 ...icy-csp-admx-microsoftdefenderantivirus.md | 26 +++++++++---------
 .../mdm/policy-csp-defender.md                | 27 ++++++++++---------
 3 files changed, 31 insertions(+), 26 deletions(-)

diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 6a1e494ea6..a94f1eed2e 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -2263,7 +2263,7 @@ Tamper protection helps protect important security features from unwanted change
 <!-- Device-Configuration-TamperProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- Device-Configuration-TamperProtection-Editable-End -->
 
 <!-- Device-Configuration-TamperProtection-DFProperties-Begin -->
@@ -3880,6 +3880,8 @@ Node that can be used to perform signature updates for Windows Defender.
 
 <!-- Defender-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- Links -->
+[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
 <!-- Defender-CspMoreInfo-End -->
 
 <!-- Defender-End -->
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 5ab458d27a..8e1f7925f0 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -116,7 +116,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
 <!-- DisableAntiSpywareDefender-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- DisableAntiSpywareDefender-Editable-End -->
 
 <!-- DisableAntiSpywareDefender-DFProperties-Begin -->
@@ -247,7 +247,7 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy
 <!-- DisableBlockAtFirstSeen-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- DisableBlockAtFirstSeen-Editable-End -->
 
 <!-- DisableBlockAtFirstSeen-DFProperties-Begin -->
@@ -371,7 +371,7 @@ Real-time protection consists of always-on scanning with file and process behavi
 <!-- DisableRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- DisableRealtimeMonitoring-Editable-End -->
 
 <!-- DisableRealtimeMonitoring-DFProperties-Begin -->
@@ -433,7 +433,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus
 <!-- DisableRoutinelyTakingAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- DisableRoutinelyTakingAction-Editable-End -->
 
 <!-- DisableRoutinelyTakingAction-DFProperties-Begin -->
@@ -1592,7 +1592,7 @@ This policy setting allows you to configure behavior monitoring.
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-End -->
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-DFProperties-Begin -->
@@ -1654,7 +1654,7 @@ This policy setting allows you to configure scanning for all downloaded files an
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableIOAVProtection-DFProperties-Begin -->
@@ -1716,7 +1716,7 @@ This policy setting allows you to configure monitoring for file and program acti
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableOnAccessProtection-DFProperties-Begin -->
@@ -1838,7 +1838,7 @@ This policy setting allows you to configure process scanning when real-time prot
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-End -->
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-DFProperties-Begin -->
@@ -2563,7 +2563,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha
 <!-- Reporting_DisableEnhancedNotifications-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- Reporting_DisableEnhancedNotifications-Editable-End -->
 
 <!-- Reporting_DisableEnhancedNotifications-DFProperties-Begin -->
@@ -3094,7 +3094,7 @@ This policy setting allows you to configure scans for malicious software and unw
 <!-- Scan_DisableArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- Scan_DisableArchiveScanning-Editable-End -->
 
 <!-- Scan_DisableArchiveScanning-DFProperties-Begin -->
@@ -5578,7 +5578,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti
 <!-- UX_Configuration_Notification_Suppress-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- UX_Configuration_Notification_Suppress-Editable-End -->
 
 <!-- UX_Configuration_Notification_Suppress-DFProperties-Begin -->
@@ -5638,7 +5638,7 @@ If you enable this setting AM UI won't show reboot notifications.
 <!-- UX_Configuration_SuppressRebootNotification-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- UX_Configuration_SuppressRebootNotification-Editable-End -->
 
 <!-- UX_Configuration_SuppressRebootNotification-DFProperties-Begin -->
@@ -5732,7 +5732,7 @@ If you enable this setting AM UI won't be available to users.
 
 <!-- ADMX_MicrosoftDefenderAntivirus-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
-<!--links-->
+<!-- Links -->
 [TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
 [TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions
 <!-- ADMX_MicrosoftDefenderAntivirus-CspMoreInfo-End -->
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 87429df941..3e6b64b062 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -47,7 +47,7 @@ This policy setting allows you to configure scans for malicious software and unw
 <!-- AllowArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowArchiveScanning-Editable-End -->
 
 <!-- AllowArchiveScanning-DFProperties-Begin -->
@@ -116,7 +116,7 @@ This policy setting allows you to configure behavior monitoring.
 <!-- AllowBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowBehaviorMonitoring-Editable-End -->
 
 <!-- AllowBehaviorMonitoring-DFProperties-Begin -->
@@ -198,7 +198,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 <!-- AllowCloudProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowCloudProtection-Editable-End -->
 
 <!-- AllowCloudProtection-DFProperties-Begin -->
@@ -464,7 +464,7 @@ Allows or disallows Windows Defender Intrusion Prevention functionality.
 <!-- AllowIntrusionPreventionSystem-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowIntrusionPreventionSystem-Editable-End -->
 
 <!-- AllowIntrusionPreventionSystem-DFProperties-Begin -->
@@ -519,7 +519,7 @@ This policy setting allows you to configure scanning for all downloaded files an
 <!-- AllowIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowIOAVProtection-Editable-End -->
 
 <!-- AllowIOAVProtection-DFProperties-Begin -->
@@ -588,7 +588,7 @@ This policy setting allows you to configure monitoring for file and program acti
 <!-- AllowOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowOnAccessProtection-Editable-End -->
 
 <!-- AllowOnAccessProtection-DFProperties-Begin -->
@@ -653,7 +653,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality.
 <!-- AllowRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowRealtimeMonitoring-Editable-End -->
 
 <!-- AllowRealtimeMonitoring-DFProperties-Begin -->
@@ -784,7 +784,7 @@ Allows or disallows Windows Defender Script Scanning functionality.
 <!-- AllowScriptScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowScriptScanning-Editable-End -->
 
 <!-- AllowScriptScanning-DFProperties-Begin -->
@@ -1908,7 +1908,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri
 <!-- ExcludedExtensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- ExcludedExtensions-Editable-End -->
 
 <!-- ExcludedExtensions-DFProperties-Begin -->
@@ -1964,7 +1964,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
 <!-- ExcludedPaths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- ExcludedPaths-Editable-End -->
 
 <!-- ExcludedPaths-DFProperties-Begin -->
@@ -2023,7 +2023,7 @@ Allows an administrator to specify a list of files opened by processes to ignore
 <!-- ExcludedProcesses-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- ExcludedProcesses-Editable-End -->
 
 <!-- ExcludedProcesses-DFProperties-Begin -->
@@ -2816,7 +2816,7 @@ Valid remediation action values are:
 <!-- ThreatSeverityDefaultAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- ThreatSeverityDefaultAction-Editable-End -->
 
 <!-- ThreatSeverityDefaultAction-DFProperties-Begin -->
@@ -2850,6 +2850,9 @@ Valid remediation action values are:
 
 <!-- Defender-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- Links -->
+[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+[TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions
 <!-- Defender-CspMoreInfo-End -->
 
 <!-- Defender-End -->