mdatp_confmgmt_ga

windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md

@@ -40,7 +40,7 @@ The **Onboarding** card provides a high-level overview of your onboarding rate b
 
 >[!NOTE]
 >- If you used Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to your machines.
->- During preview, you might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune.
+>- You might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune.
 
 ## Onboard more machines with Intune profiles
 

windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md

@@ -42,7 +42,8 @@ The Windows Intune security baseline provides a comprehensive set of recommended
 Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls.
 
 >[!NOTE]
->The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
+>- The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
+>- The Microsoft Defender ATP security baseline currently doesn’t cover settings for all Microsoft Defender ATP security controls, including settings for exploit protection and Application Guard.
 
 ## Get permissions to manage security baselines in Intune
 
@@ -101,10 +102,10 @@ Machine configuration management monitors baseline compliance only of Windows 10
    ![Security baseline profiles on Intune](images/secconmgmt_baseline_intuneprofile3.png)<br>
    *Assigning the security baseline profile on Intune*
 
-5. Save the profile and deploy it to the assigned machine group.
+5. Create the profile to save it and deploy it to the assigned machine group.
 
    ![Assigning the security baseline on Intune](images/secconmgmt_baseline_intuneprofile4.png)<br>
-   *Saving and deploying the security baseline profile on Intune*
+   *Creating the security baseline profile on Intune*
 
 >[!TIP]
 >Security baselines on Intune provide a convenient way to comprehensively secure and protect your machines. [Learn more about security baselines on Intune](https://docs.microsoft.com/intune/security-baselines).

windows/security/threat-protection/microsoft-defender-atp/configure-machines.md

@@ -22,8 +22,6 @@ ms.topic: conceptual
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-[!include[Prerelease information](prerelease.md)]
-
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
 With properly configured machines, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your machines:
@@ -55,12 +53,13 @@ Before you can ensure your machines are configured properly, enroll them to Intu
 >[!TIP] 
 >To optimize machine management through Intune, [connect Intune to Microsoft Defender ATP](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
 
-## Known issues and limitations in this preview 
+## Obtain required ppermissions
-During preview, you might encounter a few known limitations:
+- **Onboarding machines** — To onboard devices to Microsoft Defender ATP using Intune, you need to be able to deploy a device configuration profile and track compliance to that profile. By default, only... **DRAFT**
-- You might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune.
-- The count of onboarded machines tracked by machine configuration management might not include machines onboarded using Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles. To include these machines, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to these machines.
-- The Microsoft Defender ATP security baseline currently doesn’t cover settings for all Microsoft Defender ATP security controls, including settings for exploit protection and Application Guard.
 
+- **Managing security baselines** — By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you haven’t been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create and assign a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with:
+
+    - Read permissions to the organization
+    - Full permissions to security baselines
 
 ## In this section
 Topic | Description