diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/149cbfdf221cdbde8159d0ab72644cd0.png b/windows/security/threat-protection/microsoft-defender-atp/images/149cbfdf221cdbde8159d0ab72644cd0.png
index d99ee97c15..e1003dbe5c 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/149cbfdf221cdbde8159d0ab72644cd0.png and b/windows/security/threat-protection/microsoft-defender-atp/images/149cbfdf221cdbde8159d0ab72644cd0.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/48318a51adee06bff3908e8ad4944dc9.png b/windows/security/threat-protection/microsoft-defender-atp/images/48318a51adee06bff3908e8ad4944dc9.png
index 6b6a7f8175..d0679c71a7 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/48318a51adee06bff3908e8ad4944dc9.png and b/windows/security/threat-protection/microsoft-defender-atp/images/48318a51adee06bff3908e8ad4944dc9.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
index 973bf3d169..886a37dca6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@@ -23,11 +23,11 @@ ms.topic: article
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-In this section we will be using Microsoft Endpoint Manager (MEM) to deploy
+In this section, we will be using Microsoft Endpoint Manager (MEM) to deploy
Microsoft Defender ATP to your endpoints.
-For more information about MEM, check out the following:
-- [Microsoft Entpoint Manager page](https://docs.microsoft.com/en-us/mem/)
+For more information about MEM, check out these resources:
+- [Microsoft Endpoint Manager page](https://docs.microsoft.com/en-us/mem/)
- [Blog post on convergence of Intune and ConfigMgr](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/)
- [Introduction video on MEM](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace)
@@ -36,11 +36,11 @@ This process is a multi-step process, you'll need to:
- Identify target devices or users
- - Create an AAD group (User or Device)
+ - Create an Azure Active Directory group (User or Device)
- Create a Configuration Profile
- - In MEM we'll guide you in creating a separate policy for each feature
+ - In MEM, we'll guide you in creating a separate policy for each feature
## Resources
@@ -54,7 +54,7 @@ Here are the links you'll need for the rest of the process:
- [Intune Security baselines](https://docs.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-defender-atp#microsoft-defender)
## Identify target devices or users
-In this section we will create a test group to assign your configurations on.
+In this section, we will create a test group to assign your configurations on.
>[!NOTE]
>Intune uses Azure Active Directory (Azure AD) groups to manage devices and
@@ -81,7 +81,7 @@ needs.
5. From the **Groups > All groups** pane, open your new group.
-6. Click on **Members > Add members**.
+6. Select **Members > Add members**.
7. Find your test user or device and select it.
@@ -93,7 +93,7 @@ needs.
In the following section, you'll create a number of configuration policies.
First is a configuration policy to select which groups of users or devices will
be onboarded to Microsoft Defender ATP. Then you will continue by creating several
-different types of Endpoint Security policies.
+different types of Endpoint security policies.
### Endpoint detection and response
@@ -107,31 +107,31 @@ different types of Endpoint Security policies.
3. Under **Platform, select Windows 10 and Later, Profile - Endpoint detection
and response > Create**.
-4. Enter name and description, then click **Next**.
+4. Enter a name and description, then select **Next**.
-5. Select settings as required, then click **Next**.
+5. Select settings as required, then select **Next**.
>[!NOTE]
>In this instance, this has been auto populated as Microsoft Defender ATP has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender ATP in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection#enable-microsoft-defender-atp-in-intune).
- >If you have not integrated Microsoft Defender ATP h and Intune, complete [these
+ >If you have not integrated Microsoft Defender ATP and Intune, complete [these
steps](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm#onboard-machines-using-microsoft-intune)
to create and upload an onboarding blob.
-6. Add scope tags if required, then click **Next**.
+6. Add scope tags if required, then select **Next**.
-7. Add test group by clicking on **Select groups to include** and choose your group, then click **Next**.
+7. Add test group by clicking on **Select groups to include** and choose your group, then select **Next**.
-8. Review and accept, then click **Create**.
+8. Review and accept, then select **Create**.
@@ -150,29 +150,29 @@ different types of Endpoint Security policies.
3. Select **Platform - Windows 10 and Later - Windows and Profile – Microsoft
Defender Antivirus > Create**.
-4. Enter name and description, then click **Next**.
+4. Enter name and description, then select **Next**.
-5. In the Configuration settings page: Set the configurations you require for
- Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real Time
+5. In the **Configuration settings page**: Set the configurations you require for
+ Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time
Protection, and Remediation).
-6. Add scope tags if required, then click **Next**.
+6. Add scope tags if required, then select **Next**.
-7. Select groups to include, assign to your test group > Next
+7. Select groups to include, assign to your test group, then select **Next**.
-8. Review and create, then click **Create**.
+8. Review and create, then select **Create**.
-9. You can see the configuration policy you created as per below
+9. You'll see the configuration policy you created.
@@ -182,22 +182,22 @@ different types of Endpoint Security policies.
2. Navigate to **Endpoint security > Attack surface reduction**.
-3. Click on **Create Policy**.
+3. Select **Create Policy**.
>[!NOTE]
>We will be setting these as Audit.
-5. Select **Platform - Windows 10 and Later – Profile - Attack surface reduction
+4. Select **Platform - Windows 10 and Later – Profile - Attack surface reduction
rules > Create**.
-6. Enter a name and description, then click **Next**.
+5. Enter a name and description, then select **Next**.
-7. In the Configuration settings page: Set the configurations you require for
- Attack surface reduction rules, then click **Next**.
+6. In the **Configuration settings page**: Set the configurations you require for
+ Attack surface reduction rules, then select **Next**.
>[!NOTE]
>We will be configuring all of the Attack surface reduction rules to Audit.
@@ -206,19 +206,19 @@ different types of Endpoint Security policies.
-8. Add Scope Tags as required, then click **Next**.
+7. Add Scope Tags as required, then select **Next**.
-9. Select groups to include and assign to test group, then click **Next**.
+8. Select groups to include and assign to test group, then select **Next**.
-10. Review the details, then click **Create**.
+9. Review the details, then select **Create**.
-11. View the policy.
+10. View the policy.
@@ -228,18 +228,18 @@ different types of Endpoint Security policies.
2. Navigate to **Endpoint security > Attack surface reduction**.
-3. Click on **Create Policy**.
+3. Select **Create Policy**.
4. Select **Windows 10 and Later – Web protection > Create**.
-5. Enter name and description, then click **Next**.
+5. Enter a name and description, then select **Next**.
-6. In the Configuration settings page: Set the configurations you require for
- Web Protection, then click **Next**.
+6. In the **Configuration settings page**: Set the configurations you require for
+ Web Protection, then select **Next**.
>[!NOTE]
>We are configuring Web Protection to Block.
@@ -270,38 +270,37 @@ different types of Endpoint Security policies.
### Confirm Policies have applied
-Once the Configuration policy has been assigned it will take some time to apply.
+Once the Configuration policy has been assigned, it will take some time to apply.
For information on timing, see [Intune configuration information](https://docs.microsoft.com/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
-To confirm that the configuration policy has been applied to your test device
-follow the following process for each configuration policy.
+To confirm that the configuration policy has been applied to your test device, follow the following process for each configuration policy.
1. Open the MEM portal and navigate to the relevant policy as shown in the
steps above. The following example shows the next generation protection settings.
-2. Click on the **Configuration Policy** to view the policy status.
+2. Select the **Configuration Policy** to view the policy status.
-3. Click on **Device Status** to see the status.
+3. Select **Device Status** to see the status.
-4. Click on **User Status** to see the status.
+4. Select **User Status** to see the status.
-5. Click on **Per-setting status** to see the status.
+5. Select **Per-setting status** to see the status.
>[!TIP]
>This view is very useful to identify any settings that conflict with another policy.
-### Endpoint Detection and Response
+### Endpoint detection and response
1. Before applying the configuration, the Microsoft Defender ATP
@@ -314,7 +313,7 @@ follow the following process for each configuration policy.
-3. After the services is running on the device, the device appears in Microsoft
+3. After the services are running on the device, the device appears in Microsoft
Defender Security Center.
@@ -342,11 +341,11 @@ follow the following process for each configuration policy.
2. This should respond with the following lines with no content
- 1. AttackSurfaceReductionOnlyExclusions :
+ 1. AttackSurfaceReductionOnlyExclusions:
- 2. AttackSurfaceReductionRules_Actions :
+ 2. AttackSurfaceReductionRules_Actions:
- 3. AttackSurfaceReductionRules_Ids :
+ 3. AttackSurfaceReductionRules_Ids:
