diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md
index 4485b5e7e7..39f2e28ac0 100644
--- a/windows/configuration/manage-tips-and-suggestions.md
+++ b/windows/configuration/manage-tips-and-suggestions.md
@@ -44,7 +44,7 @@ Windows 10, version 1607 (also known as the Anniversary Update), provides organi
| Windows 10 Pro Education | Yes (default) | Yes | No (setting cannot be changed) |
| Windows 10 Education | Yes (default) | Yes | No (setting cannot be changed) |
-
+[Learn more about policy settings for Windows Spotlight.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)
## Related topics
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 5e3c80f9c4..8e3da008da 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -25,14 +25,18 @@ Update Compliance has the following requirements:
2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint:
-Service | Endpoint
---- | ---
-Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
settings-win.data.microsoft.com
-Windows Error Reporting | watson.telemetry.microsoft.com
-Online Crash Analysis | oca.telemetry.microsoft.com
+ Service | Endpoint
+ --- | ---
+ Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
settings-win.data.microsoft.com
+ Windows Error Reporting | watson.telemetry.microsoft.com
+ Online Crash Analysis | oca.telemetry.microsoft.com
- 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
+ 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct.
+
+ For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level).
+
+ See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
## Add Update Compliance to Microsoft Operations Management Suite
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 9daa1a5103..a49a7adb06 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -147,7 +147,10 @@ Devices are evaluated by OS Version (e.g., 1607) and the count of how many are C
You'll notice some new tiles in the Overview blade which provide a summary of Windows Defender AV-related issues, highlighted in the following screenshot.
-
+
+
+>[!IMPORTANT]
+>If your devices are not showing up in the Windows Defender AV assessment section, check the [Troublshoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting) topic for help.
The **AV Signature** chart shows the number of devices that either have up-to-date [protection updates (also known as signatures or definitions)](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus), while the **Windows Defender AV Status** tile indicates the percentage of all assessed devices that are not updated and do not have real-time protection enabled. The Windows Defender Antivirus Assessment section provides more information that lets you investigate potential issues.
diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md
index 9613e7592c..7213b01b6c 100644
--- a/windows/deployment/usmt/usmt-common-issues.md
+++ b/windows/deployment/usmt/usmt-common-issues.md
@@ -245,7 +245,7 @@ There are three typical causes for this issue.
Import-StartLayout –LayoutPath "C:\Layout\user1.xml" –MountPath %systemdrive%
```
-This workaround changed the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will logon to the device you should delete layoutmodification.xml from the Default user profile. Otherwise all users who logon to that device will get the imported Start layout.
+This workaround changes the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout.
## Offline Migration Problems
diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md
index c3b5a294aa..80a04ca0c3 100644
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@@ -143,6 +143,7 @@
#### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
#### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
+##### [Troublehsoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
#### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
diff --git a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
new file mode 100644
index 0000000000..bc96824baa
--- /dev/null
+++ b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
@@ -0,0 +1,77 @@
+---
+title: Collect diagnostic data for Update Compliance and Windows Defender AV
+description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender AV Assessment add in
+keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 09/06/2017
+---
+
+# Collect Update Compliance diagnostic data for Windows Defender AV Assessment
+
+**Applies to:**
+
+- Windows 10
+
+**Audience**
+
+- IT administrators
+
+This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
+
+Before attempting this process, ensure you have read the [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps.
+
+
+1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process:
+
+ 1. Open an administrator-level version of the command prompt:
+
+ 1. Open the **Start** menu.
+
+ 2. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
+
+ 3. Enter administrator credentials or approve the prompt.
+
+ 2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
+
+ ```Dos
+ cd c:\program files\windows\defender
+ ```
+
+ 3. Enter the following command and press **Enter**
+
+ ```Dos
+ mpcmdrun -getfiles
+ ```
+
+ 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab.
+
+2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
+
+3. Send an email using the Update Compliance support email template, and fill out the template with the following information:
+
+
+ ```
+ I am encountering the following issue when using Windows Defender AV in Update Compliance:
+
+ I have provided at least 2 support .cab files at the following location:
+
+ My OMS workspace ID is:
+
+ Please contact me at:
+ ```
+
+
+
+
+## Related topics
+
+- [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md)
+
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index cc04c936e3..f144ebfc04 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -147,7 +147,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t
Use the following argument with the Windows Defender AV command line utility (*mpcmdrun.exe*) to verify that your network can communicate with the Windows Defender AV cloud:
```DOS
-MpCmdRun - ValidateMapsConnection
+MpCmdRun -ValidateMapsConnection
```
> [!NOTE]
> You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703.
diff --git a/windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png b/windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png
new file mode 100644
index 0000000000..f9ef1da5f7
Binary files /dev/null and b/windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png differ
diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
new file mode 100644
index 0000000000..a723a79704
--- /dev/null
+++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
@@ -0,0 +1,70 @@
+---
+title: Troubleshoot problems with reporting tools for Windows Defender AV
+description: Identify and solve common problems when attempting to report in Windows Defender AV protection status in Update Compliance
+keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 09/06/2017
+---
+
+# Troubleshoot Windows Defender Antivirus reporting in Update Compliance
+
+**Applies to:**
+
+- Windows 10
+
+**Audience**
+
+- IT administrators
+
+When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues.
+
+Typically, the most common indicators of a problem are:
+- You only see a small number or subset of all the devices you were expecting to see
+- You do not see any devices at all
+- The reports and information you do see is outdated (older than a few days)
+
+For common error codes and event IDs related to the Windows Defender AV service that are not related to Update Compliance, see the [Windows Defender Antivirus events](troubleshoot-windows-defender-antivirus.md) topic.
+
+There are three steps to troubleshooting these problems:
+
+1. Confirm that you have met all pre-requisites
+2. Check your connectivity to the Windows Defender cloud-based service
+3. Submit support logs
+
+>[!IMPORTANT]
+>It typically takes 3 days for devices to start appearing in Update Compliance
+
+
+## Confirm pre-requisites
+
+In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender AV protection:
+
+>[!div class="checklist"]
+>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance.
+> - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md).
+> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud)
+> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level).
+> - It has been 3 days since all requirements have been met
+
+If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us.
+
+> [!div class="nextstepaction"]
+> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md)
+
+
+
+
+
+
+## Related topics
+
+- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
+- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 84504a1aae..1d49a1e634 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -1,6 +1,6 @@
---
-title: Windows Defender Antivirus and Windows Defender ATP
-description: Windows Defender AV and Windows Defender ATP work together to provide threat detection, remediation, and investigation.
+title: Windows Defender Antivirus compatibility with other security products
+description: Windows Defender AV operates in different ways depending on what other security products you have installed, and the operating system you are using.
keywords: windows defender, atp, advanced threat protection, compatibility, passive mode
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@@ -11,35 +11,75 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
-ms.date: 06/13/2017
+ms.date: 09/07/2017
---
-# Windows Defender Antivirus and Advanced Threat Protection: Better together
+# Windows Defender Antivirus and third party protection products
**Applies to:**
- Windows 10
+- Windows Server 2016
**Audience**
- Enterprise security administrators
+Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10.
-Windows Defender Advanced Threat Protection (ATP) is an additional service beyond Windows Defender Antivirus that helps enterprises detect, investigate, and respond to advanced persistent threats on their network.
-See the [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) topics for more information about the service.
+However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself.
-If you are enrolled in Windows Defender ATP, and you are not using Windows Defender AV as your real-time protection service on your endpoints, Windows Defender will automatically enter into a passive mode. On Windows Server 2016 SKUs, Windows Defender AV will not enter into the passive mode and will run alongside your other antivirus product.
+If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode.
-In passive mode, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
+On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. See [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) topic for key differences and management options for Windows Server installations.
-You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
+The following matrix illustrates how Windows Defender AV operates when third-party antivirus products or Windows Defender ATP are also used.
-If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
+Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state
+-|-|-|-
+Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode
+Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode
+Windows 10 | Windows Defender AV | Yes | Active mode
+Windows 10 | Windows Defender AV | No | Active mode
+Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode
+Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode
+Windows Server 2016 | Windows Defender AV | Yes | Active mode
+Windows Server 2016 | Windows Defender AV | No | Active mode
+>[!IMPORTANT]
+>Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016.
+>
+>In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/en-us/library/hh508760.aspx), which is managed through System Center Configuration Manager.
+>
+>Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations).
+
+
+
+
+In the passive and automatic disabled modes, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
+
+The reasons for this are twofold:
+
+1. If you are enrolled in Windows Defender ATP, [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
+2. If the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, then Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint.
+
+ Therefore, the Windows Defender AV service needs to update itself to ensure it has up-to-date protection coverage in case it needs to automatically enable itself.
+
+ You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
+
+ If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
+
+>[!WARNING]
+>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Defender Security Center app.
+>
+>This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks.
+
+
## Related topics
-- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
\ No newline at end of file
+- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
+- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
index 91520bc734..77b79508b8 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
-ms.date: 08/25/2017
+ms.date: 09/07/2017
---
@@ -56,21 +56,56 @@ This topic includes the following instructions for setting up and running Window
- [Configure automatic exclusions](#BKMK_DefExclusions)
-## Enable the interface
-By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs.
+## Enable or disable the interface on Windows Server 2016
+By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
-You can enable or disable the interface by using the **Add Roles and Features Wizard** or PowerShellCmdlets, as described in the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic.
+If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
-The following PowerShell cmdlet will enable the interface:
+
+
+See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard.
+
+The following PowerShell cmdlet will also enable the interface:
```PowerShell
Install-WindowsFeature -Name Windows-Defender-GUI
```
-The following cmdlet will disable the interface:
+To hide the interface, use the **Remove Roles and Features Wizard** and deselect the **GUI for Windows Defender** option at the **Features** step, or use the following PowerShell cmdlet:
+
+
+```PowerShell
+Uninstall-WindowsFeature -Name Windows-Defender-GUI
+```
+
+
+>[!IMPORTANT]
+> Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature.
+
+## Install or uninstall Windows Defender AV on Windows Server 2016
+
+
+You can also uninstall Windows Defender AV completely with the **Remove Roles and Features Wizard** by deselecting the **Windows Defender Features** option at the **Features** step in the wizard.
+
+>[!NOTE]
+>Deselecting **Windows Defender** on its own under the **Windows Defender Features** section will automatically prompt you to remove the interface option **GUI for Windows Defender**.
+
+
+
+
+The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016:
+
```PS
-Uninstall-WindowsFeature -Name Windows-Server-Antimalware
+Uninstall-WindowsFeature -Name Windows-Defender
+```
+
+To install Windows Defender AV again, use the **Add Roles and Features Wizard** and ensure the **Windows Defender** feature is selected. You can also enable the interface by selecting the **GUID for Windows Defender** option.
+
+You can also use the following PowerShell cmdlet to install Windows Defender AV:
+
+```PS
+Install-WindowsFeature -Name Windows-Defender
```
> [!TIP]
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
index dc8b0b0597..495cc05eec 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
@@ -38,11 +38,11 @@ In Windows 10, version 1703 (also known as the Creators Update), the Windows Def
Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703.
> [!IMPORTANT]
-> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date.
+> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
> [!WARNING]
> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed.
+>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
>This will significantly lower the protection of your device and could lead to malware infection.
diff --git a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 00470f7842..804c2d9152 100644
--- a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -1,6 +1,6 @@
---
title: Windows Defender Security Center
-description: The Windows Defender Security Center brings together common Windows security features into one place
+description: The Windows Defender Security Center app brings together common Windows security features into one place
keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@@ -22,17 +22,17 @@ ms.date: 08/25/2017
**Applies to**
-- Windows 10, version 1703
+- Windows 10, version 1709
-In Windows 10, version 1703 we introduced the new Windows Defender Security Center, which brings together common Windows security features into one, easy-to-use app.
+In Windows 10, version 1703 we introduced the new Windows Defender Security Center app, which brings together common Windows security features into one easy-to-use app.
-
+
@@ -41,60 +41,71 @@ Many settings that were previously part of the individual features and main Wind
The app includes the settings and status for the following security features:
-- Virus & threat protection, including settings for Windows Defender Antivirus
+- Virus & threat protection, including settings for Windows Defender Antivirus and Controlled folder access
- Device performance & health, which includes information about drivers, storage space, and general Windows Update issues
- Firewall & network protection, including Windows Firewall
-- App & browser control, covering Windows Defender SmartScreen settings
+- App & browser control, covering Windows Defender SmartScreen settings and Exploit protection mitigations
- Family options, which include a number of parental controls along with tips and information for keeping kids safe online
-The Windows Defender Security Center uses the [Windows Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on 3rd party antivirus and firewall products that are installed on the device.
+The Windows Defender Security Center app uses the [Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on third-party antivirus and firewall products that are installed on the device.
-> [!IMPORTANT]
-> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date.
+
+>[!IMPORTANT]
+>Windows Defender AV and the Windows Defender Security Center app use similarly named services for specific purposes.
+>
+>The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Firewall, and other security protection.
+>
+>These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.
+>
+>Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
+>
+>Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).
> [!WARNING]
-> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed.
->This will significantly lower the protection of your device and could lead to malware infection.
+> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
+>
+>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
+>
+>This will significantly lower the protection of your device and could lead to malware infection.
-## Open the Windows Defender Security Center
+
+
+## Open the Windows Defender Security Center app
- Right-click the icon in the notification area on the taskbar and click **Open**.
- 
+ 
- Search the Start menu for **Windows Defender Security Center**.
- 
+ 
> [!NOTE]
> Settings configured with management tools, such as Group Policy, Microsoft Intune, or System Center Configuration Manager, will generally take precedence over the settings in the Windows Defender Security Center. Review the settings for each feature in its appropriate library. Links for both home user and enterprise or commercial audiences are listed below.
-## How the Windows Defender Security Center works with Windows security features
+## How the Windows Defender Security Center app works with Windows security features
-
-
-The Windows Defender Security Center operates as a separate app or process from each of the individual features, and will display notifications through the Action Center.
+The Windows Defender Security Center app operates as a separate app or process from each of the individual features, and will display notifications through the Action Center.
It acts as a collector or single place to see the status and perform some configuration for each of the features.
-Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center. The Windows Defender Security Center itself will still run and show status for the other security features.
+Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center app. The Windows Defender Security Center app itself will still run and show status for the other security features.
> [!IMPORTANT]
-> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center itself.
+> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center app.
-For example, [using a 3rd party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
+For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
-The presence of the 3rd party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center.
+The presence of the third-party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center app.
## More information
-See the following links for more information on the features in the Windows Defender Security Center:
+See the following links for more information on the features in the Windows Defender Security Center app:
- Windows Defender Antivirus
- IT administrators and IT pros can get configuration guidance from the [Windows Defender Antivirus in the Windows Defender Security Center topic](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) and the [Windows Defender Antivirus documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
- Home users can learn more at the [Virus & threat protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012987/windows-10-virus-threat-protection-windows-defender-security-center)