Merge pull request #1505 from MicrosoftDocs/atp-mac

Microsoft Defender ATP for Mac content updates

.openpublishing.redirection.json

@@ -15337,9 +15337,79 @@
 "redirect_document_id": false
 },
 {
-    "source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md",
+"source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md",
-    "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create",
-    "redirect_document_id": false
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew",
+"redirect_document_id": true
+},
+{
+"source_path": "windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-exclusions.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-pua",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-support-perf.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-support-kext.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-privacy",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-resources",
+"redirect_document_id": true
 }
 ]
 }

education/developers.yml

@@ -8,7 +8,7 @@ metadata:
   description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
   ms.service: help
   ms.topic: hub-page
-  author: v-lamoyn
+  author: LaurenMoynihan
   ms.author: v-lamoyn
   ms.date: 10/24/2019
 

education/index.yml

@@ -8,7 +8,7 @@ metadata:
   description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
   ms.service: help
   ms.topic: hub-page
-  author: v-lamoyn
+  author: LaurenMoynihan
   ms.author: v-lamoyn
   ms.date: 10/24/2019
 

education/itadmins.yml

@@ -8,26 +8,26 @@ metadata:
   description: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
   ms.service: help
   ms.topic: hub-page
-  author: v-lamoyn
+  author: LaurenMoynihan
   ms.author: v-lamoyn
   ms.date: 10/24/2019
 
 productDirectory:
-  summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. Check out at https://edujourney.microsoft.com/. Find help now at https://docs.microsoft.com/en-us/microsoft-365/education/deploy/find-deployment-help.
+  summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. Check out at https://edujourney.microsoft.com/. Find help now at https://docs.microsoft.com/microsoft-365/education/deploy/find-deployment-help.
   items:
     # Card    
     - title: Phase 1 - Cloud deployment
       imageSrc: ./images/EDU-Deploy.svg
       links:
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/create-your-office-365-tenant
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/create-your-office-365-tenant
           text: 1. Create your Office 365 tenant
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/secure-and-configure-your-network
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/secure-and-configure-your-network
           text: 2. Secure and configure your network
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/aad-connect-and-adfs
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/aad-connect-and-adfs
           text: 3. Sync your active directory
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/school-data-sync
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/school-data-sync
           text: 4. Sync you SIS using School Data Sync
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/license-users
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/license-users
           text: 5. License users
     # Card
     - title: Phase 2 - Device management
@@ -35,11 +35,11 @@ productDirectory:
       links:
         - url: https://docs.microsoft.com/en-us/education/windows/
           text: 1. Get started with Windows 10 for Education
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/set-up-windows-10-education-devices
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/set-up-windows-10-education-devices
           text: 2. Set up Windows 10 devices
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/intune-for-education
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/intune-for-education
           text: 3. Get started with Intune for Education
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/use-intune-for-education
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/use-intune-for-education
           text: 4. Use Intune to manage groups, apps, and settings
         - url: https://docs.microsoft.com/en-us/intune/enrollment/enrollment-autopilot
           text: 5. Enroll devices using Windows Autopilot
@@ -47,28 +47,28 @@ productDirectory:
     - title: Phase 3 - Apps management
       imageSrc: ./images/EDU-Apps-Mgmt.svg
       links:
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/configure-admin-settings
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/configure-admin-settings
           text: 1. Configure admin settings
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/set-up-teams-for-education
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/set-up-teams-for-education
           text: 2. Set up Teams for Education
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/deploy-office-365
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-office-365
           text: 3. Set up Office 365
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/microsoft-store-for-education     
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/microsoft-store-for-education     
           text: 4. Install apps from Microsoft Store for Education
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/minecraft-for-education
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/minecraft-for-education
           text: 5. Install Minecraft - Education Edition
     # Card    
     - title: Complete your deployment
       # imageSrc should be square in ratio with no whitespace
       imageSrc: ./images/EDU-Tasks.svg
       links:
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/deploy-exchange-online
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-exchange-online
           text: Deploy Exchange Online
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive
           text: Deploy SharePoint Online and OneDrive
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/deploy-exchange-server-hybrid
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-exchange-server-hybrid
           text: Deploy Exchange Server hybrid
-        - url: https://docs.microsoft.com/en-us/microsoft-365/education/deploy/deploy-sharepoint-server-hybrid
+        - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-sharepoint-server-hybrid
           text: Deploy SharePoint Server Hybrid
     # Card
     - title: Security & Compliance
@@ -80,9 +80,9 @@ productDirectory:
           text: Azure information protection deployment acceleration guide
         - url: https://docs.microsoft.com/en-us/cloud-app-security/getting-started-with-cloud-app-security
           text: Microsoft Cloud app security
-        - url: https://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy
+        - url: https://docs.microsoft.com/microsoft-365/compliance/create-test-tune-dlp-policy
           text: Office 365 data loss prevention
-        - url: https://docs.microsoft.com/en-us/microsoft-365/compliance/
+        - url: https://docs.microsoft.com/microsoft-365/compliance/
           text: Office 365 advanced compliance
         - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
           text: Deploying Lockbox

education/partners.yml

@@ -8,7 +8,7 @@ metadata:
   description: Looking for resources available to Microsoft Education partners? Start here.
   ms.service: help
   ms.topic: hub-page
-  author: v-lamoyn
+  author: LaurenMoynihan
   ms.author: v-lamoyn
   ms.date: 10/24/2019
 

windows/security/threat-protection/TOC.md

@@ -311,25 +311,23 @@
 ##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
 
 
-### [Microsoft Defender Advanced Threat Protection for Mac](windows-defender-antivirus/microsoft-defender-atp-mac.md)
+### [Microsoft Defender Advanced Threat Protection for Mac](microsoft-defender-atp/microsoft-defender-atp-mac.md)
-#### [What's New in Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md)
+#### [What's New](microsoft-defender-atp/mac-whatsnew.md)
-#### [Deploy Microsoft Defender Advanced Threat Protection for Mac]()
+#### [Deploy]()
-##### [Microsoft Intune-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md)
+##### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
-##### [JAMF-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md)
+##### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
-##### [Deployment with a different Mobile Device Management (MDM) system](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md)
+##### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
-##### [Manual deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md)
+##### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
-#### [Update Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-updates.md)
+#### [Update](microsoft-defender-atp/mac-updates.md)
-#### [Configure Microsoft Defender ATP for Mac]()
+#### [Configure]()
-##### [Configure and validate exclusions](windows-defender-antivirus/microsoft-defender-atp-mac-exclusions.md)
+##### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
-##### [Set preferences for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md)
+##### [Set preferences](microsoft-defender-atp/mac-preferences.md)
-##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/microsoft-defender-atp-mac-pua.md)
+##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
-#### [Troubleshoot Microsoft Defender ATP for Mac]()
+#### [Troubleshoot]()
-##### [Troubleshoot performance issues](windows-defender-antivirus/microsoft-defender-atp-mac-support-perf.md)
+##### [Troubleshoot performance issues](microsoft-defender-atp/mac-support-perf.md)
-##### [Troubleshoot kernel extension issues](windows-defender-antivirus/microsoft-defender-atp-mac-support-kext.md)
+##### [Troubleshoot kernel extension issues](microsoft-defender-atp/mac-support-kext.md)
-#### [Privacy for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md)
+#### [Privacy](microsoft-defender-atp/mac-privacy.md)
-#### [Resources for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-resources.md)
+#### [Resources](microsoft-defender-atp/mac-resources.md)
-
-
 
 
 ### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)

windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

@@ -0,0 +1,154 @@
+---
+title: Microsoft Defender ATP for Mac
+ms.reviewer:
+description: Describes how to install and use Microsoft Defender ATP for Mac.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Enable Microsoft Defender ATP Insider Machine
+
+The following instructions specify how to configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine. For scale deployment we recommend using Jamf, or Intune.
+
+>[!IMPORTANT]
+>Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
+
+## Enable the Insider program with Jamf
+
+a. Create configuration profile com.microsoft.wdav.plist with the following content:
+
+```XML
+    <?xml version="1.0" encoding="UTF-8"?>
+    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+    <plist version="1.0">
+    <dict>
+        <key>edr</key>
+        <dict>
+            <key>earlyPreview</key>
+            <true/>
+        </dict>
+    </dict>
+    </plist>
+```
+
+b. From the JAMF console, navigate to **Computers > Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**.
+
+c. Create an entry with com.microsoft.wdav as the preference domain and upload the .plist created earlier.
+
+>[!WARNING]
+>You must enter the correct preference domain (com.microsoft.wdav), otherwise the preferences will not be recognized by the product
+
+## Enable the Insider program with Intune
+
+a. Create configuration profile com.microsoft.wdav.plist with the following content:
+
+ ```XML
+    <?xml version="1.0" encoding="utf-8"?>
+    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+    <plist version="1">
+        <dict>
+            <key>PayloadUUID</key>
+            <string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
+            <key>PayloadType</key>
+            <string>Configuration</string>
+            <key>PayloadOrganization</key>
+            <string>Microsoft</string>
+            <key>PayloadIdentifier</key>
+            <string>com.microsoft.wdav</string>
+            <key>PayloadDisplayName</key>
+            <string>Microsoft Defender ATP settings</string>
+            <key>PayloadDescription</key>
+            <string>Microsoft Defender ATP configuration settings</string>
+            <key>PayloadVersion</key>
+            <integer>1</integer>
+            <key>PayloadEnabled</key>
+            <true/>
+            <key>PayloadRemovalDisallowed</key>
+            <true/>
+            <key>PayloadScope</key>
+            <string>System</string>
+            <key>PayloadContent</key>
+            <array>
+                <dict>
+                    <key>PayloadUUID</key>
+                    <string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
+                    <key>PayloadType</key>
+                    <string>com.microsoft.wdav</string>
+                    <key>PayloadOrganization</key>
+                    <string>Microsoft</string>
+                    <key>PayloadIdentifier</key>
+                    <string>com.microsoft.wdav</string>
+                    <key>PayloadDisplayName</key>
+                    <string>Microsoft Defender ATP configuration settings</string>
+                    <key>PayloadDescription</key>
+                    <string/>
+                    <key>PayloadVersion</key>
+                    <integer>1</integer>
+                    <key>PayloadEnabled</key>
+                    <true/>
+                    <key>edr</key>
+                    <dict>
+                        <key>earlyPreview</key>
+                        <true/>
+                    </dict>
+                </dict>
+            </array>
+        </dict>
+    </plist>
+```
+
+b. Open **Manage > Device configuration**. Select **Manage > Profiles > Create Profile**.
+
+c. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select **Configure**.
+
+d. Save the .plist created earlier as com.microsoft.wdav.xml.
+
+e. Enter com.microsoft.wdav as the custom configuration profile name.
+
+f. Open the configuration profile and upload com.microsoft.wdav.xml. This file was created in step 1.
+
+g. Select **OK**.
+
+h. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
+
+>[!WARNING]
+>You must enter the correct custom configuration profile name, otherwise these preferences will not be recognized by the product.
+
+## Enable the Insider program manually on a single machine
+
+In the command prompt, run:
+
+```bash
+    mdatp --edr --early-preview true
+ ```
+
+## Troubleshooting
+
+### Verify you are running the correct version
+
+To verify you are running the correct version, run ‘mdatp --health’ on the machine.
+
+* The required version is 100.72.15 or later.
+* If the version is not as expected, verify that Microsoft Auto Update is set to automatically download and install updates by running ‘defaults read com.microsoft.autoupdate2’ from terminal.
+* To change update settings use documentation in Update Office for Mac automatically.
+* If you are not using Office for Mac, download and run the AutoUpdate tool.
+
+### A machine still does not appear on Microsoft Defender Security Center
+
+After a successful deployment and onboarding of the correct version, check that the machine has connectivity to the cloud service by running ‘mdatp --connectivity-test’.
+
+* Check that you enabled the early preview flag. In terminal run “mdatp –health” and look for the value of “edrEarlyPreviewEnabled”. It should be “Enabled”.
+
+If you followed the manual deployment instructions, you were prompted to enable Kernel Extensions. Pay attention to the “System Extension note” in the manual deployment documentation and use the “Manual Deployment” section in the troubleshoot kernel extension documentation.

windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md

@@ -1,7 +1,6 @@
 ---
 title: Configure and validate exclusions for Microsoft Defender ATP for Mac
-ms.reviewer:
+description: Provide and validate exclusions for Microsoft Defender ATP for Mac. Exclusions can be set for files, folders, and processes.
-description: Describes how to provide and validate exclusions for Microsoft Defender ATP for Mac. Exclusions can be set for files, folders, and processes.
 keywords: microsoft, defender, atp, mac, exclusions, scans, antivirus
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -51,13 +50,13 @@ Process | A specific process (specified either by the full path or file name) an
 
 ### From the management console
 
-For more information on how to configure exclusions from JAMF, Intune, or another management console, see [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
+For more information on how to configure exclusions from JAMF, Intune, or another management console, see [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
 
 ### From the user interface
 
 Open the Microsoft Defender ATP application and navigate to **Manage settings** > **Add or Remove Exclusion...**, as shown in the following screenshot:
 
-![Manage exclusions screenshot](images/mdatp-37-Exclusions.png)
+![[Manage exclusions screenshot](../windows-defender-antivirus/images/mdatp-37-exclusions.png)
 
 Select the type of exclusion that you wish to add and follow the prompts.
 

windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md

@@ -1,7 +1,6 @@
 ---
-title: Installing Microsoft Defender ATP for Mac manually
+title: Manual deployment for Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Install Microsoft Defender ATP for Mac manually, from the command line.
-description: Describes how to install Microsoft Defender ATP for Mac manually, from the command line.
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Manual deployment
+# Manual deployment for Microsoft Defender ATP for Mac
 
 **Applies to:**
 
@@ -42,7 +41,7 @@ Download the installation and onboarding packages from Windows Defender Security
 3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
 4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
 
-    ![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_page.png)
+    ![Windows Defender Security Center screenshot](../windows-defender-antivirus/images/ATP-Portal-Onboarding-page.png)
 
 5. From a command prompt, verify that you have the two files.
     Extract the contents of the .zip files:
@@ -63,25 +62,25 @@ To complete this process, you must have admin privileges on the machine.
 
 1. Navigate to the downloaded wdav.pkg in Finder and open it.
 
-    ![App install screenshot](images/MDATP_28_AppInstall.png)
+    ![App install screenshot](../windows-defender-antivirus/images/MDATP-28-AppInstall.png)
 
 2. Select **Continue**, agree with the License terms, and enter the password when prompted.
 
-    ![App install screenshot](images/MDATP_29_AppInstallLogin.png)
+    ![App install screenshot](../windows-defender-antivirus/images/MDATP-29-AppInstallLogin.png)
 
    > [!IMPORTANT]
    > You will be prompted to allow a driver from Microsoft to be installed (either "System Extension Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed.
 
-   ![App install screenshot](images/MDATP_30_SystemExtension.png)
+   ![App install screenshot](../windows-defender-antivirus/images/MDATP-30-SystemExtension.png)
 
 3. Select **Open Security Preferences**  or **Open System Preferences > Security & Privacy**. Select **Allow**:
 
-    ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png)
+    ![Security and privacy window screenshot](../windows-defender-antivirus/images/MDATP-31-SecurityPrivacySettings.png)
 
 The installation proceeds.
 
 > [!CAUTION]
-> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](microsoft-defender-atp-mac-support-kext.md) for information on how to resolve this.
+> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
 
 > [!NOTE]
 > macOS may request to reboot the machine upon the first installation of Microsoft Defender. Real-time protection will not be available until the machine is rebooted.
@@ -112,7 +111,7 @@ The installation proceeds.
 
 After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
 
-   ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
+   ![Microsoft Defender icon in status bar screenshot](../windows-defender-antivirus/images/MDATP-Icon-Bar.png)
 
 ## How to Allow Full Disk Access
 
@@ -123,8 +122,8 @@ To grant consent, open System Preferences -> Security & Privacy -> Privacy -> Fu
 
 ## Logging installation issues
 
-See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+See [Logging installation issues](mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
 
 ## Uninstallation
 
-See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices.
+See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices.

windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md

@@ -1,7 +1,6 @@
 ---
-title: Installing Microsoft Defender ATP for Mac with Microsoft Intune
+title: Intune-based deployment for Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Install Microsoft Defender ATP for Mac, using Microsoft Intune.
-description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune.
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Microsoft Intune-based deployment
+# Intune-based deployment for Microsoft Defender ATP for Mac
 
 **Applies to:**
 
@@ -44,7 +43,7 @@ Download the installation and onboarding packages from Microsoft Defender Securi
 4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
 5. Download **IntuneAppUtil** from [https://docs.microsoft.com/intune/lob-apps-macos](https://docs.microsoft.com/intune/lob-apps-macos).
 
-    ![Windows Defender Security Center screenshot](images/MDATP_2_DownloadPackages.png)
+    ![Windows Defender Security Center screenshot](../windows-defender-antivirus/images/MDATP-2-DownloadPackages.png)
 
 6. From a command prompt, verify that you have the three files.
     Extract the contents of the .zip files:
@@ -91,11 +90,11 @@ You need no special provisioning for a Mac device beyond a standard [Company Por
 
 1. You are asked to confirm device management.
 
-![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png)
+![Confirm device management screenshot](../windows-defender-antivirus/images/MDATP-3-ConfirmDeviceMgmt.png)
 
 Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**:
 
-![Management profile screenshot](images/MDATP_4_ManagementProfile.png)
+![Management profile screenshot](../windows-defender-antivirus/images/MDATP-4-ManagementProfile.png)
 
 2. Select **Continue** and complete the enrollment.
 
@@ -103,7 +102,7 @@ You may now enroll more devices. You can also enroll them later, after you have
 
 3. In Intune, open **Manage** > **Devices** > **All devices**. Here you can see your device among those listed:
 
-![Add Devices screenshot](images/MDATP_5_allDevices.png)
+![Add Devices screenshot](../windows-defender-antivirus/images/MDATP-5-allDevices.png)
 
 ## Create System Configuration profiles
 
@@ -112,7 +111,7 @@ You may now enroll more devices. You can also enroll them later, after you have
 3. Open the configuration profile and upload intune/kext.xml. This file was created in one of the preceding sections.
 4. Select **OK**.
 
-    ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png)
+    ![System configuration profiles screenshot](../windows-defender-antivirus/images/MDATP-6-SystemConfigurationProfiles.png)
 
 5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
 6. Repeat steps 1 through 5 for more profiles.
@@ -287,7 +286,7 @@ You may now enroll more devices. You can also enroll them later, after you have
 
 Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**:
 
-![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png)
+![System configuration profiles screenshot](../windows-defender-antivirus/images/MDATP-7-DeviceStatusBlade.png)
 
 ## Publish application
 
@@ -298,40 +297,40 @@ Once the Intune changes are propagated to the enrolled devices, you can see them
 5. Use **macOS High Sierra 10.13** as the minimum OS and set *Ignore app version* to **Yes**. Other settings can be any arbitrary value.
 
     > [!CAUTION]
-    > Failure to set *Ignore app version* to **Yes** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-updates.md) for additional information about how the product is updated.
+    > Failure to set *Ignore app version* to **Yes** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated.
 
-    ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png)
+    ![Device status blade screenshot](../windows-defender-antivirus/images/MDATP-8-IntuneAppInfo.png)
 
 6. Select **OK** and **Add**.
 
-    ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png)
+    ![Device status blade screenshot](../windows-defender-antivirus/images/MDATP-9-IntunePkgInfo.png)
 
 7. It may take a few moments to upload the package. After it's done, select the package from the list and go to **Assignments** and **Add group**.
 
-    ![Client apps screenshot](images/MDATP_10_ClientApps.png)
+    ![Client apps screenshot](../windows-defender-antivirus/images/MDATP-10-ClientApps.png)
 
 8. Change **Assignment type** to **Required**.
 9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
 
-    ![Intune assignments info screenshot](images/MDATP_11_Assignments.png)
+    ![Intune assignments info screenshot](../windows-defender-antivirus/images/MDATP-11-Assignments.png)
 
 10. After some time the application will be published to all enrolled devices. You can see it listed in **Monitor** > **Device**, under **Device install status**:
 
-    ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png)
+    ![Intune device status screenshot](../windows-defender-antivirus/images/MDATP-12-DeviceInstall.png)
 
 ## Verify client device state
 
 1. After the configuration profiles are deployed to your devices, open **System Preferences** > **Profiles** on your Mac device.
 
-    ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png)
+    ![System Preferences screenshot](../windows-defender-antivirus/images/MDATP-13-SystemPreferences.png)<br/>
-    ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png)
+    ![System Preferences Profiles screenshot](../windows-defender-antivirus/images/MDATP-14-SystemPreferencesProfiles.png)
 
 2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that were added in Intune:
-    ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png)
+    ![Profiles screenshot](../windows-defender-antivirus/images/MDATP-15-ManagementProfileConfig.png)
 
 3. You should also see the Microsoft Defender icon in the top-right corner:
 
-    ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
+    ![Microsoft Defender icon in status bar screenshot](../windows-defender-antivirus/images/MDATP-Icon-Bar.png)
 
 ## Troubleshooting
 
@@ -341,8 +340,8 @@ Solution: Follow the steps above to create a device profile using WindowsDefende
 
 ## Logging installation issues
 
-For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) .
+For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Logging installation issues](mac-resources.md#logging-installation-issues) .
 
 ## Uninstallation
 
-See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices.
+See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices.

windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md

@@ -1,7 +1,6 @@
 ---
-title: Installing Microsoft Defender ATP for Mac with JAMF
+title: JAMF-based deployment for Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Install Microsoft Defender ATP for Mac, using JAMF.
-description: Describes how to install Microsoft Defender ATP for Mac, using JAMF.
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# JAMF-based deployment
+# JAMF-based deployment for Microsoft Defender ATP for Mac
 
 **Applies to:**
 
@@ -46,7 +45,7 @@ Download the installation and onboarding packages from Windows Defender Security
 3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
 4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
 
-    ![Windows Defender Security Center screenshot](images/MDATP_2_DownloadPackages.png)
+    ![Windows Defender Security Center screenshot](../windows-defender-antivirus/images/MDATP-2-DownloadPackages.png)
 
 5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so:
 
@@ -79,7 +78,7 @@ To set the onboarding information, add a property list file with the name, _jamf
   >[!IMPORTANT]
   > You must set the Preference Domain as "com.microsoft.wdav.atp"
 
-![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png)
+![Configuration profile screenshot](../windows-defender-antivirus/images/MDATP-16-PreferenceDomain.png)
 
 ### Approved Kernel Extension
 
@@ -88,7 +87,7 @@ To approve the kernel extension:
 1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
 2. Use **UBF8T346G9** for Team Id.
 
-![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png)
+![Approved kernel extensions screenshot](../windows-defender-antivirus/images/MDATP-17-approvedKernelExtensions.png)
 
 ### Privacy Preferences Policy Control
 
@@ -104,7 +103,7 @@ Add the following JAMF policy to grant Full Disk Access to Microsoft Defender AT
 3. Set Code Requirement to `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`.
 4. Set app or service to SystemPolicyAllFiles and access to Allow.
 
-![Privacy Preferences Policy Control](images/MDATP_35_JAMF_PrivacyPreferences.png)
+![Privacy Preferences Policy Control](../windows-defender-antivirus/images/MDATP-35-JAMF-PrivacyPreferences.png)
 
 #### Configuration Profile's Scope
 
@@ -112,7 +111,7 @@ Configure the appropriate scope to specify the devices that will receive the con
 
 Open **Computers** > **Configuration Profiles**, and select **Scope > Targets**. From there, select the devices you want to target.
 
-![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png)
+![Configuration profile scope screenshot](../windows-defender-antivirus/images/MDATP-18-ConfigurationProfilesScope.png)
 
 Save the **Configuration Profile**.
 
@@ -132,7 +131,7 @@ Starting in macOS 10.15 (Catalina) a user must manually allow to display notific
 
 1. Create a package in **Settings > Computer Management > Packages**.
 
-    ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png)
+    ![Computer management packages screenshot](../windows-defender-antivirus/images/MDATP-19-MicrosoftDefenderWDAVPKG.png)
 
 2. Upload the package to the Distribution Point.
 3. In the **filename** field, enter the name of the package. For example, _wdav.pkg_.
@@ -141,7 +140,7 @@ Starting in macOS 10.15 (Catalina) a user must manually allow to display notific
 
 Your policy should contain a single package for Microsoft Defender.
 
-![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png)
+![Microsoft Defender packages screenshot](../windows-defender-antivirus/images/MDATP-20-MicrosoftDefenderPackages.png)
 
 Configure the appropriate scope to specify the computers that will receive this policy.
 
@@ -156,12 +155,12 @@ You'll need no special provisioning for a macOS computer, beyond the standard JA
 
 1. Open **Device Profiles**, from the **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's currently set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
 
-![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png)
+![MDM approve button screenshot](../windows-defender-antivirus/images/MDATP-21-MDMProfile1.png)<br/>
-![MDM screenshot](images/MDATP_22_MDMProfileApproved.png)
+![MDM screenshot](../windows-defender-antivirus/images/MDATP-22-MDMProfileApproved.png)
 
 After a moment, the device's User Approved MDM status will change to **Yes**.
 
-![MDM status screenshot](images/MDATP_23_MDMStatus.png)
+![MDM status screenshot](../windows-defender-antivirus/images/MDATP-23-MDMStatus.png)
 
 You may now enroll additional devices. You may also enroll them later, after you have finished provisioning system configuration and application packages.
 
@@ -176,17 +175,17 @@ You can monitor deployment status in the **Logs** tab:
 - **Pending** means that the deployment is scheduled but has not yet happened
 - **Completed** means that the deployment succeeded and is no longer scheduled
 
-![Status on server screenshot](images/MDATP_24_StatusOnServer.png)
+![Status on server screenshot](../windows-defender-antivirus/images/MDATP-24-StatusOnServer.png)
 
 ### Status on client device
 
 After the Configuration Profile is deployed, you'll see the profile for the device in  **System Preferences** > **Profiles >**.
 
-![Status on client screenshot](images/MDATP_25_StatusOnClient.png)
+![Status on client screenshot](../windows-defender-antivirus/images/MDATP-25-StatusOnClient.png)
 
 Once the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner.
 
-![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
+![Microsoft Defender icon in status bar screenshot](../windows-defender-antivirus/images/MDATP-Icon-Bar.png)
 
 You can monitor policy installation on a device by following the JAMF log file:
 
@@ -231,11 +230,11 @@ If the product is not healthy, the exit code (which can be checked through `echo
 
 ## Logging installation issues
 
-See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+See [Logging installation issues](mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
 
 ## Uninstallation
 
-This method is based on the script described in [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling).
+This method is based on the script described in [Uninstalling](mac-resources.md#uninstalling).
 
 ### Script
 
@@ -258,12 +257,12 @@ This script removes Microsoft Defender ATP from the /Applications directory:
    echo "Done!"
 ```
 
-![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png)
+![Microsoft Defender uninstall screenshot](../windows-defender-antivirus/images/MDATP-26-Uninstall.png)
 
 ### Policy
 
 Your policy should contain a single script:
 
-![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png)
+![Microsoft Defender uninstall script screenshot](../windows-defender-antivirus/images/MDATP-27-UninstallScript.png)
 
 Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.

windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md

@@ -1,6 +1,6 @@
 ---
-title: Installing Microsoft Defender ATP for Mac with different MDM product
+title: Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender ATP for Mac
-description: Describes how to install Microsoft Defender ATP for Mac on other management solutions.
+description: Install Microsoft Defender ATP for Mac on other management solutions.
 keywords: microsoft, defender, atp, mac, installation, deploy, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Deployment with a different Mobile Device Management (MDM) system
+# Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender ATP for Mac
 
 **Applies to:**
 
@@ -49,21 +49,21 @@ You can deploy Defender without the last requirement from the preceding list, ho
 
 ## Deployment
 
-Most MDM solutions use the same model for managing macOS machines, with similar terminology. Use [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) as a template.
+Most MDM solutions use the same model for managing macOS machines, with similar terminology. Use [JAMF-based deployment](mac-install-with-jamf.md) as a template.
 
 ### Package
 
-Configure deployment of a [required application package](microsoft-defender-atp-mac-install-with-jamf.md#package), 
+Configure deployment of a [required application package](mac-install-with-jamf.md#package), 
-with the installation package (wdav.pkg) downloaded from [Microsoft Defender Security Center](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
+with the installation package (wdav.pkg) downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md#download-installation-and-onboarding-packages).
 
 In order to deploy the package to your enterprise, use the instructions associated with your MDM solution.
 
 ### License settings
 
-Set up [a system configuration profile](microsoft-defender-atp-mac-install-with-jamf.md#configuration-profile). 
+Set up [a system configuration profile](mac-install-with-jamf.md#configuration-profile). 
 Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender ATP for Mac is not part of macOS.
 
-Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
+Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md#download-installation-and-onboarding-packages).
 Your system may support an arbitrary property list in XML format. You can upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case.
 Alternatively, it may require you to convert the property list to a different format first.
 
@@ -76,4 +76,4 @@ Set up a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to
 
 ## Check installation status
 
-Run [mdatp](microsoft-defender-atp-mac-install-with-jamf.md#check-onboarding-status) on a client machine to check the onboarding status.
+Run [mdatp](mac-install-with-jamf.md#check-onboarding-status) on a client machine to check the onboarding status.

windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md

@@ -1,7 +1,6 @@
 ---
 title: Set preferences for Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Configure Microsoft Defender ATP for Mac in enterprises.
-description: Describes how to configure Microsoft Defender ATP for Mac in enterprises.
 keywords: microsoft, defender, atp, mac, management, preferences, enterprise, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -25,7 +24,7 @@ ms.topic: conceptual
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
 
 >[!IMPORTANT]
->This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page.
+>This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](mac-resources.md#configuring-from-the-command-line) page.
 
 In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile. This profile is deployed from management tool of your choice. Preferences managed by the enterprise take precedence over the ones set locally on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile.
 
@@ -262,6 +261,28 @@ Whether the status menu icon (shown in the top-right corner of the screen) is hi
 | **Data type** | Boolean |
 | **Possible values** | false (default) <br/> true |
 
+### EDR preferences
+
+The *edr* section of the configuration profile is used to manage the preferences of the EDR component of the product.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | edr |
+| **Data type** | Dictionary (nested preference) |
+| **Comments** | See the following sections for a description of the dictionary contents. |
+
+#### Enable / disable early preview
+
+Whether EDR early preview features are enabled or not.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.wdav |
+| **Key** | earlyPreview |
+| **Data type** | Boolean |
+| **Possible values** | true (default) <br/> false |
+
 ## Recommended configuration profile
 
 To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.

windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md

@@ -1,7 +1,6 @@
 ---
 title: Privacy for Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender ATP for Mac.
-description: Describes privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, privacy, diagnostic
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -62,7 +61,7 @@ When this feature is enabled and the sample that is collected is likely to conta
 
 If you're an IT administrator, you might want to configure these controls at the enterprise level. 
 
-The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
+The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
 
 As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings that you configure have the desired effect before you implement the policy settings more widely in your organization.
 

windows/security/threat-protection/microsoft-defender-atp/mac-pua.md

@@ -1,7 +1,6 @@
 ---
-title: Detect and block potentially unwanted applications
+title: Detect and block potentially unwanted applications with Microsoft Defender ATP for Mac
-ms.reviewer:
+description: Detect and block Potentially Unwanted Applications (PUA) using Microsoft Defender ATP for Mac.
-description: Describes how to detect and block Potentially Unwanted Applications (PUA) using Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, pua, pus
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Detect and block potentially unwanted applications
+# Detect and block potentially unwanted applications with Microsoft Defender ATP for Mac
 
 **Applies to:**
 
@@ -59,8 +58,8 @@ $ mdatp --threat --type-handling potentially_unwanted_application [off|audit|blo
 
 ### Use the management console to configure PUA protection:
 
-In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, see the [Threat type settings](microsoft-defender-atp-mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) topic.
+In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, see the [Threat type settings](mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md) topic.
 
 ## Related topics
 
-- [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md)
+- [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md)

windows/security/threat-protection/microsoft-defender-atp/mac-resources.md

@@ -1,7 +1,6 @@
 ---
-title: Microsoft Defender ATP for Mac Resources
+title: Resources for Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product.
-description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product.
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Resources
+# Resources for Microsoft Defender ATP for Mac
 
 **Applies to:**
 
@@ -95,18 +94,24 @@ Important tasks, such as controlling product settings and triggering on-demand s
 |Protection   |Do a full scan                             |`mdatp --scan --full`                                                  |
 |Protection   |Cancel an ongoing on-demand scan           |`mdatp --scan --cancel`                                                |
 |Protection   |Request a security intelligence update     |`mdatp --definition-update`                                            |
+|EDR          |Turn on/off EDR preview for Mac            |`mdatp --early-preview [true/false]`                                   |
+|EDR          |Add group tag to machine. EDR tags are used for managing machine groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp --set-tag GROUP [name]` |
+|EDR          |Remove group tag from machine              |`mdatp --remove-tag [name]`                                            |
 
 ## Microsoft Defender ATP portal information
 
-In the Microsoft Defender ATP portal, you'll see two categories of information:
+In the Microsoft Defender ATP portal, you'll see two categories of information.
+
+Antivirus alerts, including:
 
-- Antivirus alerts, including:
   - Severity
   - Scan type
   - Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
   - File information (name, path, size, and hash)
   - Threat information (name, type, and state)
-- Device information, including:
+
+Device information, including:
+
   - Machine identifier
   - Tenant identifier
   - App version

windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md

@@ -1,7 +1,6 @@
 ---
 title: Troubleshoot kernel extension issues in Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Troubleshoot kernel extension-related issues in Microsoft Defender ATP for Mac.
-description: Describes how to troubleshoot kernel extension-related issues in Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, kernel, extension
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Troubleshoot kernel extension issues
+# Troubleshoot kernel extension issues in Microsoft Defender ATP for Mac
 
 **Applies to:**
 
@@ -30,7 +29,7 @@ Starting with macOS High Sierra (10.13), macOS requires all kernel extensions to
 
 If you did not approve the kernel extension during the deployment / installation of Microsoft Defender ATP for Mac, then the application displays a banner prompting you to enable it:
 
-   ![RTP disabled screenshot](images/MDATP_32_Main_App_Fix.png)
+   ![RTP disabled screenshot](../windows-defender-antivirus/images/MDATP-32-Main-App-Fix.png)
 
 You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This is an indication that the kernel extension is not approved to run on your device.
 
@@ -48,8 +47,8 @@ The following sections provide guidance on how to address this issue, depending
 
 See the instructions corresponding to the management tool that you used to deploy the product:
 
-- [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md#configuration-profile)
+- [JAMF-based deployment](mac-install-with-jamf.md#configuration-profile)
-- [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md#create-system-configuration-profiles)
+- [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles)
 
 ## Manual deployment
 
@@ -57,7 +56,7 @@ If less than 30 minutes have passed since the product was installed, navigate to
 
 If you don't see this prompt, it means that 30 or more minutes have passed, and the kernel extension still not been approved to run on your device:
 
-![Security and privacy window after prompt expired screenshot](images/MDATP_33_SecurityPrivacySettings_NoPrompt.png)
+![Security and privacy window after prompt expired screenshot](../windows-defender-antivirus/images/MDATP-33-SecurityPrivacySettings-NoPrompt.png)
 
 In this case, you need to perform the following steps to trigger the approval flow again.
 

windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md

@@ -1,7 +1,6 @@
 ---
-title: Troubleshoot performance issues
+title: Troubleshoot performance issues for Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Troubleshoot performance issues in Microsoft Defender ATP for Mac.
-description: Describes how to troubleshoot performance issues in Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, performance
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Troubleshoot performance issues
+# Troubleshoot performance issues for Microsoft Defender ATP for Mac
 
 **Applies to:**
 
@@ -38,7 +37,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
 
     - From the user interface. Open Microsoft Defender ATP for Mac and navigate to **Manage settings**.
 
-    ![Manage real-time protection screenshot](images/mdatp-36-RTP.png)
+    ![Manage real-time protection screenshot](../windows-defender-antivirus/images/mdatp-36-rtp.png)
 
     - From the Terminal. For security purposes, this operation requires elevation.
 
@@ -46,10 +45,10 @@ The following steps can be used to troubleshoot and mitigate these issues:
     $ mdatp --config realTimeProtectionEnabled false
     ```
 
-    If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
+    If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
 
 2. Open Finder and navigate to **Applications** > **Utilities**. Open **Activity Monitor** and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers.
 
 3. Configure Microsoft Defender ATP for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
 
-    See [Configure and validate exclusions for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-exclusions.md) for details.
+    See [Configure and validate exclusions for Microsoft Defender ATP for Mac](mac-exclusions.md) for details.

windows/security/threat-protection/microsoft-defender-atp/mac-updates.md

@@ -1,7 +1,6 @@
 ---
 title: Deploy updates for Microsoft Defender ATP for Mac
-ms.reviewer: 
+description: Control updates for Microsoft Defender ATP for Mac in enterprise environments.
-description: Describes how to control updates for Microsoft Defender ATP for Mac in enterprise environments.
 keywords: microsoft, defender, atp, mac, updates, deploy
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -28,7 +27,7 @@ Microsoft regularly publishes software updates to improve performance, security,
 
 To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
 
-![MAU screenshot](images/MDATP_34_MAU.png)
+![MAU screenshot](../windows-defender-antivirus/images/MDATP-34-MAU.png)
 
 If you decide to deploy updates by using your software distribution tools, you should configure MAU to manually check for software updates. You can deploy preferences to configure how and when MAU checks for updates for the Macs in your organization.
 

windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md

@@ -1,6 +1,5 @@
 ---
-title: Microsoft Defender ATP for Mac What's New
+title: What's new in Microsoft Defender Advanced Threat Protection for Mac
-ms.reviewer: 
 description: List of major changes for Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, installation, macos, whatsnew
 search.product: eADQiWindows 10XVcnh
@@ -30,7 +29,7 @@ ms.topic: conceptual
 
 ## 100.68.99
 
-- Added the ability to configure the antivirus functionality to run in [passive mode](microsoft-defender-atp-mac-preferences.md#enable--disable-passive-mode)
+- Added the ability to configure the antivirus functionality to run in [passive mode](mac-preferences.md#enable--disable-passive-mode)
 - Performance improvements & bug fixes
 
 ## 100.65.28
@@ -42,7 +41,7 @@ ms.topic: conceptual
 >
 > The mechanism for granting this consent depends on how you deployed Microsoft Defender ATP:
 >
-> - For manual deployments, see the updated instructions in the [Manual deployment](microsoft-defender-atp-mac-install-manually.md#how-to-allow-full-disk-access) topic.
+> - For manual deployments, see the updated instructions in the [Manual deployment](mac-install-manually.md#how-to-allow-full-disk-access) topic.
-> - For managed deployments, see the updated instructions in the [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md#privacy-preferences-policy-control) and [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md#create-system-configuration-profiles) topics.
+> - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md#privacy-preferences-policy-control) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
 
 - Performance improvements & bug fixes

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md

@@ -27,38 +27,53 @@ This topic describes how to install, configure, update, and use Microsoft Defend
 
 ## What’s new in the latest release
 
-[What's new](microsoft-defender-atp-mac-whatsnew.md)
+[What's new](mac-whatsnew.md)
 
 If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
 
+To learn how to configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine, go to [Enable Microsoft Defender ATP Insider Machine](endpoint-detection-response-mac-preview.md)
+
 ## How to install Microsoft Defender ATP for Mac
 
 ### Prerequisites
 
-- Access to the Microsoft Defender Security Center portal
+- A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
 - Beginner-level experience in macOS and BASH scripting
 - Administrative privileges on the device (in case of manual deployment)
 
+### Installation instructions
+
+There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+
+* Third-party management tools:
+    * [Microsoft Intune-based deployment](mac-install-with-intune.md)
+    * [JAMF-based deployment](mac-install-with-jamf.md)
+    * [Other MDM products](mac-install-with-other-mdm.md)
+
+* Command-line tool:
+    * [Manual deployment](mac-install-manually.md)
+
 ### System requirements
 
-> [!CAUTION]
+The three most recent major releases of macOS are supported.
-> The three most recent major releases of macOS are supported. Beta versions of macOS are not supported.
->
-> macOS Sierra (10.12) support will end on January 1, 2020.
 
-- Supported macOS versions: 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
+- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
 - Disk space: 650 MB
 
+Beta versions of macOS are not supported. macOS Sierra (10.12) support will end on January 1, 2020.
+
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
+### Network connections
+
 The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
 
 | Service location                         | DNS record              |
 | ---------------------------------------- | ----------------------- |
-| Common URLs for all locations            |  x.cp.wd.microsoft.com <br/> cdn.x.cp.wd.microsoft.com <br/> eu-cdn.x.cp.wd.microsoft.com <br/> wu-cdn.x.cp.wd.microsoft.com <br/> *.blob.core.windows.net <br/> officecdn-microsoft-com.akamaized.net |
+| Common URLs for all locations            |  x.cp.wd.microsoft.com <br/> cdn.x.cp.wd.microsoft.com <br/> eu-cdn.x.cp.wd.microsoft.com <br/> wu-cdn.x.cp.wd.microsoft.com <br/> *.blob.core.windows.net <br/> officecdn-microsoft-com.akamaized.net <br/> crl.microsoft.com <br/>  events.data.microsoft.com |
-| European Union                           | europe.x.cp.wd.microsoft.com |
+| European Union                           | europe.x.cp.wd.microsoft.com <br/> eu-v20.events.data.microsoft.com |
-| United Kingdom                           | unitedkingdom.x.cp.wd.microsoft.com |
+| United Kingdom                           | unitedkingdom.x.cp.wd.microsoft.com <br/> uk-v20.events.data.microsoft.com |
-| United States                            | unitedstates.x.cp.wd.microsoft.com |
+| United States                            | unitedstates.x.cp.wd.microsoft.com  <br/> us-v20.events.data.microsoft.com |
 
 Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
 - Web Proxy Auto-discovery Protocol (WPAD)
@@ -83,33 +98,23 @@ The output from this command should be similar to the following:
 > [!CAUTION]
 > We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
 
-### Installation instructions
+Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:
-
+```bash
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+$ mdatp --connectivity-test
-
+```
-In general you need to take the following steps:
-
-- Ensure that you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal
-- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
-  - Via third-party management tools:
-    - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md)
-    - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md)
-    - [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md)
-  - Via the command-line tool:
-    - [Manual deployment](microsoft-defender-atp-mac-install-manually.md)
 
 ## How to update Microsoft Defender ATP for Mac
 
 Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used.
 
-To read more on how to configure MAU in enterprise environments, refer to [Deploy updates for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-updates.md)
+To read more on how to configure MAU in enterprise environments, refer to [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md)
 
 ## How to configure Microsoft Defender ATP for Mac
 
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
 
 ## Resources
 
-- For more information about logging, uninstalling, or other topics, see the [Resources](microsoft-defender-atp-mac-resources.md) page.
+- For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page.
 
-- [Privacy for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-privacy.md)
+- [Privacy for Microsoft Defender ATP for Mac](mac-privacy.md)

windows/security/threat-protection/microsoft-defender-atp/preview.md

@@ -42,8 +42,6 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 ## Preview features
 The following features are included in the preview release:
 
-- [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac) <BR> Microsoft Defender ATP for Mac brings the next-generation protection, and endpoint detection and response coverage to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices.
-
 - [Threat & Vulnerability Management Report inaccuracy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy) <BR> You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy), [software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory#report-inaccuracy), and [discovered vulnerabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses#report-inaccuracy).  
  
 - [Threat & Vulnerability Management Advanced Hunting Schemas](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table) <BR> You can now use the Threat & Vulnerability Management tables in the Advanced hunting schema to query about software inventory, vulnerability knowledgebase, security configuration assessment, and security configuration knowledgebase.